diff options
| author | Ethan Koenig <ethantkoenig@gmail.com> | 2017-12-20 23:43:26 -0800 |
|---|---|---|
| committer | Lauris BH <lauris@nix.lv> | 2017-12-21 09:43:26 +0200 |
| commit | 515cdaa85d6087d91a61ebe74fae39e0c4bdf1c4 (patch) | |
| tree | 3a7143fc376af4402ca9008876be3afdc0c18efc /routers/api/v1/repo | |
| parent | 529482135c8e9304dd7cdf08772eaba61d903894 (diff) | |
| download | gitea-515cdaa85d6087d91a61ebe74fae39e0c4bdf1c4.tar.gz gitea-515cdaa85d6087d91a61ebe74fae39e0c4bdf1c4.zip | |
Fix ignored errors when checking if organization, team member (#3177)
Diffstat (limited to 'routers/api/v1/repo')
| -rw-r--r-- | routers/api/v1/repo/fork.go | 6 | ||||
| -rw-r--r-- | routers/api/v1/repo/repo.go | 39 |
2 files changed, 37 insertions, 8 deletions
diff --git a/routers/api/v1/repo/fork.go b/routers/api/v1/repo/fork.go index 90301cc35e..ec1b37b91a 100644 --- a/routers/api/v1/repo/fork.go +++ b/routers/api/v1/repo/fork.go @@ -89,7 +89,11 @@ func CreateFork(ctx *context.APIContext, form api.CreateForkOption) { } return } - if !org.IsOrgMember(ctx.User.ID) { + isMember, err := org.IsOrgMember(ctx.User.ID) + if err != nil { + ctx.Handle(500, "IsOrgMember", err) + return + } else if !isMember { ctx.Status(403) return } diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go index b154d50a05..c9c7aa805d 100644 --- a/routers/api/v1/repo/repo.go +++ b/routers/api/v1/repo/repo.go @@ -108,8 +108,19 @@ func Search(ctx *context.APIContext) { } // Check visibility. - if ctx.IsSigned && (ctx.User.ID == repoOwner.ID || (repoOwner.IsOrganization() && repoOwner.IsOwnedBy(ctx.User.ID))) { - opts.Private = true + if ctx.IsSigned { + if ctx.User.ID == repoOwner.ID { + opts.Private = true + } else if repoOwner.IsOrganization() { + opts.Private, err = repoOwner.IsOwnedBy(ctx.User.ID) + if err != nil { + ctx.JSON(500, api.SearchError{ + OK: false, + Error: err.Error(), + }) + return + } + } } } @@ -245,7 +256,11 @@ func CreateOrgRepo(ctx *context.APIContext, opt api.CreateRepoOption) { return } - if !org.IsOwnedBy(ctx.User.ID) { + isOwner, err := org.IsOwnedBy(ctx.User.ID) + if err != nil { + ctx.Handle(500, "IsOwnedBy", err) + return + } else if !isOwner { ctx.Error(403, "", "Given user is not owner of organization.") return } @@ -292,7 +307,11 @@ func Migrate(ctx *context.APIContext, form auth.MigrateRepoForm) { if ctxUser.IsOrganization() && !ctx.User.IsAdmin { // Check ownership of organization. - if !ctxUser.IsOwnedBy(ctx.User.ID) { + isOwner, err := ctxUser.IsOwnedBy(ctx.User.ID) + if err != nil { + ctx.Error(500, "IsOwnedBy", err) + return + } else if !isOwner { ctx.Error(403, "", "Given user is not owner of organization.") return } @@ -431,9 +450,15 @@ func Delete(ctx *context.APIContext) { owner := ctx.Repo.Owner repo := ctx.Repo.Repository - if owner.IsOrganization() && !owner.IsOwnedBy(ctx.User.ID) { - ctx.Error(403, "", "Given user is not owner of organization.") - return + if owner.IsOrganization() { + isOwner, err := owner.IsOwnedBy(ctx.User.ID) + if err != nil { + ctx.Error(500, "IsOwnedBy", err) + return + } else if !isOwner { + ctx.Error(403, "", "Given user is not owner of organization.") + return + } } if err := models.DeleteRepository(ctx.User, owner.ID, repo.ID); err != nil { |