Repo permission bug fixes (#513)
This commit is contained in:
Ethan Koenig
Lunny Xiao
parent
ac51caa517
commit
6f4ba6884c
3 changed files with 7 additions and 35 deletions
|
|
@ -75,36 +75,6 @@ func APIContexter() macaron.Handler {
|
|||
}
|
||||
}
|
||||
|
||||
// ExtractOwnerAndRepo returns a handler that populates the `Repo.Owner` and
|
||||
// `Repo.Repository` fields of an APIContext
|
||||
func ExtractOwnerAndRepo() macaron.Handler {
|
||||
return func(ctx *APIContext) {
|
||||
owner, err := models.GetUserByName(ctx.Params(":username"))
|
||||
if err != nil {
|
||||
if models.IsErrUserNotExist(err) {
|
||||
ctx.Error(422, "", err)
|
||||
} else {
|
||||
ctx.Error(500, "GetUserByName", err)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
repo, err := models.GetRepositoryByName(owner.ID, ctx.Params(":reponame"))
|
||||
if err != nil {
|
||||
if models.IsErrRepoNotExist(err) {
|
||||
ctx.Status(404)
|
||||
} else {
|
||||
ctx.Error(500, "GetRepositoryByName", err)
|
||||
}
|
||||
return
|
||||
}
|
||||
ctx.Repo.Owner = owner
|
||||
ctx.Data["Owner"] = owner
|
||||
ctx.Repo.Repository = repo
|
||||
ctx.Data["Repository"] = repo
|
||||
}
|
||||
}
|
||||
|
||||
// ReferencesGitRepo injects the GitRepo into the Context
|
||||
func ReferencesGitRepo() macaron.Handler {
|
||||
return func(ctx *APIContext) {
|
||||
|
|
|
|||
|
|
@ -239,7 +239,7 @@ func RegisterRoutes(m *macaron.Macaron) {
|
|||
m.Get("", user.IsStarring)
|
||||
m.Put("", user.Star)
|
||||
m.Delete("", user.Unstar)
|
||||
}, context.ExtractOwnerAndRepo())
|
||||
}, repoAssignment())
|
||||
})
|
||||
|
||||
m.Get("/subscriptions", user.GetMyWatchedRepos)
|
||||
|
|
@ -258,11 +258,9 @@ func RegisterRoutes(m *macaron.Macaron) {
|
|||
|
||||
m.Group("/repos", func() {
|
||||
m.Post("/migrate", bind(auth.MigrateRepoForm{}), repo.Migrate)
|
||||
m.Combo("/:username/:reponame", context.ExtractOwnerAndRepo()).
|
||||
Get(repo.Get).
|
||||
Delete(repo.Delete)
|
||||
|
||||
m.Group("/:username/:reponame", func() {
|
||||
m.Combo("").Get(repo.Get).Delete(repo.Delete)
|
||||
m.Group("/hooks", func() {
|
||||
m.Combo("").Get(repo.ListHooks).
|
||||
Post(bind(api.CreateHookOption{}), repo.CreateHook)
|
||||
|
|
@ -330,7 +328,7 @@ func RegisterRoutes(m *macaron.Macaron) {
|
|||
m.Get("", user.IsWatching)
|
||||
m.Put("", user.Watch)
|
||||
m.Delete("", user.Unwatch)
|
||||
}, context.ExtractOwnerAndRepo())
|
||||
})
|
||||
m.Get("/editorconfig/:filename", context.RepoRef(), repo.GetEditorconfig)
|
||||
m.Group("/pulls", func() {
|
||||
m.Combo("").Get(bind(api.ListPullRequestsOptions{}), repo.ListPullRequests).Post(reqRepoWriter(), bind(api.CreatePullRequestOption{}), repo.CreatePullRequest)
|
||||
|
|
|
|||
|
|
@ -275,6 +275,10 @@ func GetByID(ctx *context.APIContext) {
|
|||
// Delete one repository
|
||||
// see https://github.com/gogits/go-gogs-client/wiki/Repositories#delete
|
||||
func Delete(ctx *context.APIContext) {
|
||||
if !ctx.Repo.IsAdmin() {
|
||||
ctx.Error(403, "", "Must have admin rights")
|
||||
return
|
||||
}
|
||||
owner := ctx.Repo.Owner
|
||||
repo := ctx.Repo.Repository
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue