diff options
| author | Ethan Koenig <etk39@cornell.edu> | 2017-01-19 22:16:10 -0700 |
|---|---|---|
| committer | Lunny Xiao <xiaolunwen@gmail.com> | 2017-01-20 13:16:10 +0800 |
| commit | 74bbec3bf9f5e306248bf80808f93e116c232306 (patch) | |
| tree | 6d3ec9edd609e5cb2d90dd892f308761633cd2d2 /routers/api/v1/api.go | |
| parent | fcf02e4961beb98cf1bc0f60537589e41a871369 (diff) | |
| download | gitea-74bbec3bf9f5e306248bf80808f93e116c232306.tar.gz gitea-74bbec3bf9f5e306248bf80808f93e116c232306.zip | |
Fix permission bugs in team API (#647)
Diffstat (limited to 'routers/api/v1/api.go')
| -rw-r--r-- | routers/api/v1/api.go | 34 |
1 files changed, 15 insertions, 19 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 29f268d6bc..b83cb36a70 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -405,7 +405,8 @@ func RegisterRoutes(m *macaron.Macaron) { Put(org.PublicizeMember). Delete(org.ConcealMember) }) - m.Combo("/teams").Get(org.ListTeams) + m.Combo("/teams").Get(org.ListTeams). + Post("", bind(api.CreateTeamOption{}), org.CreateTeam) m.Group("/hooks", func() { m.Combo("").Get(org.ListHooks). Post(bind(api.CreateHookOption{}), org.CreateHook) @@ -415,9 +416,19 @@ func RegisterRoutes(m *macaron.Macaron) { }, reqOrgMembership()) }, orgAssignment(true)) m.Group("/teams/:teamid", func() { - m.Get("", org.GetTeam) - m.Get("/members", org.GetTeamMembers) - m.Get("/repos", org.GetTeamRepos) + m.Combo("").Get(org.GetTeam). + Patch(bind(api.EditTeamOption{}), org.EditTeam). + Delete(org.DeleteTeam) + m.Group("/members", func() { + m.Get("", org.GetTeamMembers) + m.Combo("/:username").Put(org.AddTeamMember). + Delete(org.RemoveTeamMember) + }) + m.Group("/repos", func() { + m.Get("", org.GetTeamRepos) + m.Combo("/:reponame").Put(admin.AddTeamRepository). + Delete(admin.RemoveTeamRepository) + }) }, orgAssignment(false, true)) m.Any("/*", func(ctx *context.Context) { @@ -427,7 +438,6 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("/admin", func() { m.Group("/users", func() { m.Post("", bind(api.CreateUserOption{}), admin.CreateUser) - m.Group("/:username", func() { m.Combo("").Patch(bind(api.EditUserOption{}), admin.EditUser). Delete(admin.DeleteUser) @@ -436,20 +446,6 @@ func RegisterRoutes(m *macaron.Macaron) { m.Post("/repos", bind(api.CreateRepoOption{}), admin.CreateRepo) }) }) - - m.Group("/orgs/:orgname", func() { - m.Group("/teams", func() { - m.Post("", orgAssignment(true), bind(api.CreateTeamOption{}), admin.CreateTeam) - }) - }) - m.Group("/teams", func() { - m.Group("/:teamid", func() { - m.Combo("").Patch(bind(api.EditTeamOption{}), admin.EditTeam). - Delete(admin.DeleteTeam) - m.Combo("/members/:username").Put(admin.AddTeamMember).Delete(admin.RemoveTeamMember) - m.Combo("/repos/:reponame").Put(admin.AddTeamRepository).Delete(admin.RemoveTeamRepository) - }, orgAssignment(false, true)) - }) }, reqAdmin()) }, context.APIContexter()) } |