diff options
| author | Unknown <joe2010xtmf@163.com> | 2014-07-04 01:23:11 -0400 |
|---|---|---|
| committer | Unknown <joe2010xtmf@163.com> | 2014-07-04 01:23:11 -0400 |
| commit | cdffdeddc90a69e88fab92487ff5ccf90eb47c08 (patch) | |
| tree | 13669ab33280da25770d648c3775ae74fe8bcf58 /modules/middleware/repo.go | |
| parent | 465dc962b5e1febdfc988419d4d03e98f777019f (diff) | |
| download | gitea-cdffdeddc90a69e88fab92487ff5ccf90eb47c08.tar.gz gitea-cdffdeddc90a69e88fab92487ff5ccf90eb47c08.zip | |
Fix bug that collaborators are able to modify settings of repository
Diffstat (limited to 'modules/middleware/repo.go')
| -rw-r--r-- | modules/middleware/repo.go | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/modules/middleware/repo.go b/modules/middleware/repo.go index 7ba211c71f..1cfae0b771 100644 --- a/modules/middleware/repo.go +++ b/modules/middleware/repo.go @@ -35,9 +35,8 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler { } var ( - user *models.User - err error - isTrueOwner bool + user *models.User + err error ) userName := params["username"] @@ -52,10 +51,10 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler { ctx.Handle(500, "RepoAssignment(HasAccess)", err) return } - isTrueOwner = ctx.User.LowerName == strings.ToLower(userName) + ctx.Repo.IsTrueOwner = ctx.User.LowerName == strings.ToLower(userName) } - if !isTrueOwner { + if !ctx.Repo.IsTrueOwner { user, err = models.GetUserByName(userName) if err != nil { if err == models.ErrUserNotExist { @@ -82,6 +81,11 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler { } ctx.Repo.Owner = user + // Organization owner team members are true owners as well. + if ctx.Repo.Owner.IsOrganization() && ctx.Repo.Owner.IsOrgOwner(ctx.User.Id) { + ctx.Repo.IsTrueOwner = true + } + // get repository repo, err := models.GetRepositoryByName(user.Id, repoName) if err != nil { @@ -154,6 +158,7 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler { ctx.Data["Owner"] = user ctx.Data["RepoLink"] = ctx.Repo.RepoLink ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner + ctx.Data["IsRepositoryTrueOwner"] = ctx.Repo.IsTrueOwner ctx.Data["BranchName"] = "" if setting.SshPort != 22 { @@ -257,7 +262,7 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler { func RequireOwner() martini.Handler { return func(ctx *Context) { - if !ctx.Repo.IsOwner { + if !ctx.Repo.IsTrueOwner { if !ctx.IsSigned { ctx.SetCookie("redirect_to", "/"+url.QueryEscape(ctx.Req.RequestURI)) ctx.Redirect("/user/login") |