diff options
author | Unknwon <u@gogs.io> | 2016-03-05 20:45:23 -0500 |
---|---|---|
committer | Unknwon <u@gogs.io> | 2016-03-05 20:45:23 -0500 |
commit | a5b0400be7c8868b685403e0718bdd66149c3e84 (patch) | |
tree | 6db3f4999fa43e0b8a384ca4da8885aa00a4de8f /routers/repo | |
parent | 045f14fbd0e3553521f5092cf839be363c74a090 (diff) | |
download | gitea-a5b0400be7c8868b685403e0718bdd66149c3e84.tar.gz gitea-a5b0400be7c8868b685403e0718bdd66149c3e84.zip |
#1146 finish new access rights for collaborators
Diffstat (limited to 'routers/repo')
-rw-r--r-- | routers/repo/issue.go | 18 | ||||
-rw-r--r-- | routers/repo/pull.go | 2 | ||||
-rw-r--r-- | routers/repo/setting.go | 18 |
3 files changed, 28 insertions, 10 deletions
diff --git a/routers/repo/issue.go b/routers/repo/issue.go index 5c7615054c..02ccd2f9db 100644 --- a/routers/repo/issue.go +++ b/routers/repo/issue.go @@ -273,7 +273,7 @@ func RetrieveRepoMilestonesAndAssignees(ctx *middleware.Context, repo *models.Re } func RetrieveRepoMetas(ctx *middleware.Context, repo *models.Repository) []*models.Label { - if !ctx.Repo.IsAdmin() { + if !ctx.Repo.IsWriter() { return nil } @@ -356,7 +356,7 @@ func ValidateRepoMetas(ctx *middleware.Context, form auth.CreateIssueForm) ([]in return nil, 0, 0 } - if !ctx.Repo.IsAdmin() { + if !ctx.Repo.IsWriter() { return nil, 0, 0 } @@ -624,7 +624,7 @@ func ViewIssue(ctx *middleware.Context) { ctx.Data["Labels"] = labels // Check milestone and assignee. - if ctx.Repo.IsAdmin() { + if ctx.Repo.IsWriter() { RetrieveRepoMilestonesAndAssignees(ctx, repo) if ctx.Written() { return @@ -664,8 +664,8 @@ func ViewIssue(ctx *middleware.Context) { if repo.IsOwnedBy(comment.PosterID) || (repo.Owner.IsOrganization() && repo.Owner.IsOwnedBy(comment.PosterID)) { comment.ShowTag = models.COMMENT_TAG_OWNER - } else if comment.Poster.IsAdminOfRepo(repo) { - comment.ShowTag = models.COMMENT_TAG_ADMIN + } else if comment.Poster.IsWriterOfRepo(repo) { + comment.ShowTag = models.COMMENT_TAG_WRITER } else if comment.PosterID == issue.PosterID { comment.ShowTag = models.COMMENT_TAG_POSTER } @@ -688,7 +688,7 @@ func ViewIssue(ctx *middleware.Context) { ctx.Data["Participants"] = participants ctx.Data["NumParticipants"] = len(participants) ctx.Data["Issue"] = issue - ctx.Data["IsIssueOwner"] = ctx.Repo.IsAdmin() || (ctx.IsSigned && issue.IsPoster(ctx.User.Id)) + ctx.Data["IsIssueOwner"] = ctx.Repo.IsWriter() || (ctx.IsSigned && (issue.IsPoster(ctx.User.Id) || ctx.User.IsAdmin)) ctx.Data["SignInLink"] = setting.AppSubUrl + "/user/login" ctx.Data["RequireHighlightJS"] = true @@ -715,7 +715,7 @@ func UpdateIssueTitle(ctx *middleware.Context) { return } - if !ctx.IsSigned || (ctx.User.Id != issue.PosterID && !ctx.Repo.IsAdmin()) { + if !ctx.IsSigned || (ctx.User.Id != issue.PosterID && !ctx.Repo.IsWriter() && !ctx.User.IsAdmin) { ctx.Error(403) return } @@ -742,7 +742,7 @@ func UpdateIssueContent(ctx *middleware.Context) { return } - if !ctx.IsSigned || (ctx.User.Id != issue.PosterID && !ctx.Repo.IsAdmin()) { + if !ctx.IsSigned || (ctx.User.Id != issue.PosterID && !ctx.Repo.IsWriter() && !ctx.User.IsAdmin) { ctx.Error(403) return } @@ -883,7 +883,7 @@ func NewComment(ctx *middleware.Context, form auth.CreateCommentForm) { var comment *models.Comment defer func() { // Check if issue admin/poster changes the status of issue. - if (ctx.Repo.IsAdmin() || (ctx.IsSigned && issue.IsPoster(ctx.User.Id))) && + if (ctx.Repo.IsWriter() || (ctx.IsSigned && issue.IsPoster(ctx.User.Id))) && (form.Status == "reopen" || form.Status == "close") && !(issue.IsPull && issue.HasMerged) { diff --git a/routers/repo/pull.go b/routers/repo/pull.go index a5eec2a5bd..c9d92297f6 100644 --- a/routers/repo/pull.go +++ b/routers/repo/pull.go @@ -490,7 +490,7 @@ func ParseCompareInfo(ctx *middleware.Context) (*models.User, *models.Repository } } - if !ctx.User.CanWriteTo(headRepo) && !ctx.User.IsAdmin { + if !ctx.User.IsWriterOfRepo(headRepo) && !ctx.User.IsAdmin { log.Trace("ParseCompareInfo[%d]: does not have write access or site admin", baseRepo.ID) ctx.Handle(404, "ParseCompareInfo", nil) return nil, nil, nil, nil, "", "" diff --git a/routers/repo/setting.go b/routers/repo/setting.go index e6b3580a1c..cf6f6a11c7 100644 --- a/routers/repo/setting.go +++ b/routers/repo/setting.go @@ -142,6 +142,10 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) { ctx.Redirect(ctx.Repo.RepoLink + "/settings") case "convert": + if !ctx.Repo.IsOwner() { + ctx.Error(404) + return + } if repo.Name != form.RepoName { ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil) return @@ -172,6 +176,10 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) { ctx.Redirect(setting.AppSubUrl + "/" + ctx.Repo.Owner.Name + "/" + repo.Name) case "transfer": + if !ctx.Repo.IsOwner() { + ctx.Error(404) + return + } if repo.Name != form.RepoName { ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil) return @@ -205,7 +213,12 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) { log.Trace("Repository transfered: %s/%s -> %s", ctx.Repo.Owner.Name, repo.Name, newOwner) ctx.Flash.Success(ctx.Tr("repo.settings.transfer_succeed")) ctx.Redirect(setting.AppSubUrl + "/" + newOwner + "/" + repo.Name) + case "delete": + if !ctx.Repo.IsOwner() { + ctx.Error(404) + return + } if repo.Name != form.RepoName { ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil) return @@ -226,7 +239,12 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) { ctx.Flash.Success(ctx.Tr("repo.settings.deletion_success")) ctx.Redirect(ctx.Repo.Owner.DashboardLink()) + case "delete-wiki": + if !ctx.Repo.IsOwner() { + ctx.Error(404) + return + } if repo.Name != form.RepoName { ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil) return |