summaryrefslogtreecommitdiffstats
path: root/routers/repo
diff options
context:
space:
mode:
authorUnknwon <u@gogs.io>2016-03-05 20:45:23 -0500
committerUnknwon <u@gogs.io>2016-03-05 20:45:23 -0500
commita5b0400be7c8868b685403e0718bdd66149c3e84 (patch)
tree6db3f4999fa43e0b8a384ca4da8885aa00a4de8f /routers/repo
parent045f14fbd0e3553521f5092cf839be363c74a090 (diff)
downloadgitea-a5b0400be7c8868b685403e0718bdd66149c3e84.tar.gz
gitea-a5b0400be7c8868b685403e0718bdd66149c3e84.zip
#1146 finish new access rights for collaborators
Diffstat (limited to 'routers/repo')
-rw-r--r--routers/repo/issue.go18
-rw-r--r--routers/repo/pull.go2
-rw-r--r--routers/repo/setting.go18
3 files changed, 28 insertions, 10 deletions
diff --git a/routers/repo/issue.go b/routers/repo/issue.go
index 5c7615054c..02ccd2f9db 100644
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@@ -273,7 +273,7 @@ func RetrieveRepoMilestonesAndAssignees(ctx *middleware.Context, repo *models.Re
}
func RetrieveRepoMetas(ctx *middleware.Context, repo *models.Repository) []*models.Label {
- if !ctx.Repo.IsAdmin() {
+ if !ctx.Repo.IsWriter() {
return nil
}
@@ -356,7 +356,7 @@ func ValidateRepoMetas(ctx *middleware.Context, form auth.CreateIssueForm) ([]in
return nil, 0, 0
}
- if !ctx.Repo.IsAdmin() {
+ if !ctx.Repo.IsWriter() {
return nil, 0, 0
}
@@ -624,7 +624,7 @@ func ViewIssue(ctx *middleware.Context) {
ctx.Data["Labels"] = labels
// Check milestone and assignee.
- if ctx.Repo.IsAdmin() {
+ if ctx.Repo.IsWriter() {
RetrieveRepoMilestonesAndAssignees(ctx, repo)
if ctx.Written() {
return
@@ -664,8 +664,8 @@ func ViewIssue(ctx *middleware.Context) {
if repo.IsOwnedBy(comment.PosterID) ||
(repo.Owner.IsOrganization() && repo.Owner.IsOwnedBy(comment.PosterID)) {
comment.ShowTag = models.COMMENT_TAG_OWNER
- } else if comment.Poster.IsAdminOfRepo(repo) {
- comment.ShowTag = models.COMMENT_TAG_ADMIN
+ } else if comment.Poster.IsWriterOfRepo(repo) {
+ comment.ShowTag = models.COMMENT_TAG_WRITER
} else if comment.PosterID == issue.PosterID {
comment.ShowTag = models.COMMENT_TAG_POSTER
}
@@ -688,7 +688,7 @@ func ViewIssue(ctx *middleware.Context) {
ctx.Data["Participants"] = participants
ctx.Data["NumParticipants"] = len(participants)
ctx.Data["Issue"] = issue
- ctx.Data["IsIssueOwner"] = ctx.Repo.IsAdmin() || (ctx.IsSigned && issue.IsPoster(ctx.User.Id))
+ ctx.Data["IsIssueOwner"] = ctx.Repo.IsWriter() || (ctx.IsSigned && (issue.IsPoster(ctx.User.Id) || ctx.User.IsAdmin))
ctx.Data["SignInLink"] = setting.AppSubUrl + "/user/login"
ctx.Data["RequireHighlightJS"] = true
@@ -715,7 +715,7 @@ func UpdateIssueTitle(ctx *middleware.Context) {
return
}
- if !ctx.IsSigned || (ctx.User.Id != issue.PosterID && !ctx.Repo.IsAdmin()) {
+ if !ctx.IsSigned || (ctx.User.Id != issue.PosterID && !ctx.Repo.IsWriter() && !ctx.User.IsAdmin) {
ctx.Error(403)
return
}
@@ -742,7 +742,7 @@ func UpdateIssueContent(ctx *middleware.Context) {
return
}
- if !ctx.IsSigned || (ctx.User.Id != issue.PosterID && !ctx.Repo.IsAdmin()) {
+ if !ctx.IsSigned || (ctx.User.Id != issue.PosterID && !ctx.Repo.IsWriter() && !ctx.User.IsAdmin) {
ctx.Error(403)
return
}
@@ -883,7 +883,7 @@ func NewComment(ctx *middleware.Context, form auth.CreateCommentForm) {
var comment *models.Comment
defer func() {
// Check if issue admin/poster changes the status of issue.
- if (ctx.Repo.IsAdmin() || (ctx.IsSigned && issue.IsPoster(ctx.User.Id))) &&
+ if (ctx.Repo.IsWriter() || (ctx.IsSigned && issue.IsPoster(ctx.User.Id))) &&
(form.Status == "reopen" || form.Status == "close") &&
!(issue.IsPull && issue.HasMerged) {
diff --git a/routers/repo/pull.go b/routers/repo/pull.go
index a5eec2a5bd..c9d92297f6 100644
--- a/routers/repo/pull.go
+++ b/routers/repo/pull.go
@@ -490,7 +490,7 @@ func ParseCompareInfo(ctx *middleware.Context) (*models.User, *models.Repository
}
}
- if !ctx.User.CanWriteTo(headRepo) && !ctx.User.IsAdmin {
+ if !ctx.User.IsWriterOfRepo(headRepo) && !ctx.User.IsAdmin {
log.Trace("ParseCompareInfo[%d]: does not have write access or site admin", baseRepo.ID)
ctx.Handle(404, "ParseCompareInfo", nil)
return nil, nil, nil, nil, "", ""
diff --git a/routers/repo/setting.go b/routers/repo/setting.go
index e6b3580a1c..cf6f6a11c7 100644
--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -142,6 +142,10 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
ctx.Redirect(ctx.Repo.RepoLink + "/settings")
case "convert":
+ if !ctx.Repo.IsOwner() {
+ ctx.Error(404)
+ return
+ }
if repo.Name != form.RepoName {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil)
return
@@ -172,6 +176,10 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
ctx.Redirect(setting.AppSubUrl + "/" + ctx.Repo.Owner.Name + "/" + repo.Name)
case "transfer":
+ if !ctx.Repo.IsOwner() {
+ ctx.Error(404)
+ return
+ }
if repo.Name != form.RepoName {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil)
return
@@ -205,7 +213,12 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
log.Trace("Repository transfered: %s/%s -> %s", ctx.Repo.Owner.Name, repo.Name, newOwner)
ctx.Flash.Success(ctx.Tr("repo.settings.transfer_succeed"))
ctx.Redirect(setting.AppSubUrl + "/" + newOwner + "/" + repo.Name)
+
case "delete":
+ if !ctx.Repo.IsOwner() {
+ ctx.Error(404)
+ return
+ }
if repo.Name != form.RepoName {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil)
return
@@ -226,7 +239,12 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
ctx.Flash.Success(ctx.Tr("repo.settings.deletion_success"))
ctx.Redirect(ctx.Repo.Owner.DashboardLink())
+
case "delete-wiki":
+ if !ctx.Repo.IsOwner() {
+ ctx.Error(404)
+ return
+ }
if repo.Name != form.RepoName {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil)
return