#1511 Allow local import only for admin users

1 files changed, 16 insertions, 17 deletions

diff --git a/routers/api/v1/repo.go b/routers/api/v1/repo.go
index 5a00267778..2341e28878 100644
--- a/routers/api/v1/repo.go
+++ b/routers/api/v1/repo.go
@@ -5,9 +5,7 @@
 package v1
 
 import (
-	"net/url"
 	"path"
-	"strings"
 
 	"github.com/Unknwon/com"
 
@@ -218,22 +216,23 @@ func MigrateRepo(ctx *middleware.Context, form auth.MigrateRepoForm) {
 		}
 	}
 
-	// Remote address can be HTTP/HTTPS/Git URL or local path.
-	remoteAddr := form.CloneAddr
-	if strings.HasPrefix(form.CloneAddr, "http://") ||
-		strings.HasPrefix(form.CloneAddr, "https://") ||
-		strings.HasPrefix(form.CloneAddr, "git://") {
-		u, err := url.Parse(form.CloneAddr)
-		if err != nil {
-			ctx.APIError(422, "", err)
-			return
-		}
-		if len(form.AuthUsername) > 0 || len(form.AuthPassword) > 0 {
-			u.User = url.UserPassword(form.AuthUsername, form.AuthPassword)
+	remoteAddr, err := form.ParseRemoteAddr(ctx.User)
+	if err != nil {
+		if models.IsErrInvalidCloneAddr(err) {
+			addrErr := err.(models.ErrInvalidCloneAddr)
+			switch {
+			case addrErr.IsURLError:
+				ctx.APIError(422, "", err)
+			case addrErr.IsPermissionDenied:
+				ctx.APIError(422, "", "You are not allowed to import local repositories.")
+			case addrErr.IsInvalidPath:
+				ctx.APIError(422, "", "Invalid local path, it does not exist or not a directory.")
+			default:
+				ctx.APIError(500, "ParseRemoteAddr", "Unknown error type (ErrInvalidCloneAddr): "+err.Error())
+			}
+		} else {
+			ctx.APIError(500, "ParseRemoteAddr", err)
 		}
-		remoteAddr = u.String()
-	} else if !com.IsDir(remoteAddr) {
-		ctx.APIError(422, "", "Invalid local path, it does not exist or not a directory.")
 		return
 	}