aboutsummaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorwxiaoguang <wxiaoguang@gmail.com>2024-10-15 14:47:07 +0800
committerGitHub <noreply@github.com>2024-10-15 06:47:07 +0000
commit5242e520c499bf72ec21a8df2dbdee825f98ed78 (patch)
treede2e5977609b5dc4f56bcf9690153b4a10944b0c /routers
parentc4b2808b896dd86323c6a0d119c8cf24752d4d8a (diff)
downloadgitea-5242e520c499bf72ec21a8df2dbdee825f98ed78.tar.gz
gitea-5242e520c499bf72ec21a8df2dbdee825f98ed78.zip
Make `owner/repo/pulls` handlers use "PR reader" permission (#32254)
Fix #32253 (partially)
Diffstat (limited to 'routers')
-rw-r--r--routers/web/web.go55
1 files changed, 29 insertions, 26 deletions
diff --git a/routers/web/web.go b/routers/web/web.go
index 80399ec499..f28ec82c8f 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1462,6 +1462,35 @@ func registerRoutes(m *web.Router) {
// end "/{username}/{reponame}/activity"
m.Group("/{username}/{reponame}", func() {
+ m.Group("/pulls/{index}", func() {
+ m.Get("", repo.SetWhitespaceBehavior, repo.GetPullDiffStats, repo.ViewIssue)
+ m.Get(".diff", repo.DownloadPullDiff)
+ m.Get(".patch", repo.DownloadPullPatch)
+ m.Group("/commits", func() {
+ m.Get("", context.RepoRef(), repo.SetWhitespaceBehavior, repo.GetPullDiffStats, repo.ViewPullCommits)
+ m.Get("/list", context.RepoRef(), repo.GetPullCommits)
+ m.Get("/{sha:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForSingleCommit)
+ })
+ m.Post("/merge", context.RepoMustNotBeArchived(), web.Bind(forms.MergePullRequestForm{}), repo.MergePullRequest)
+ m.Post("/cancel_auto_merge", context.RepoMustNotBeArchived(), repo.CancelAutoMergePullRequest)
+ m.Post("/update", repo.UpdatePullRequest)
+ m.Post("/set_allow_maintainer_edit", web.Bind(forms.UpdateAllowEditsForm{}), repo.SetAllowEdits)
+ m.Post("/cleanup", context.RepoMustNotBeArchived(), context.RepoRef(), repo.CleanUpPullRequest)
+ m.Group("/files", func() {
+ m.Get("", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForAllCommitsOfPr)
+ m.Get("/{sha:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesStartingFromCommit)
+ m.Get("/{shaFrom:[a-f0-9]{7,40}}..{shaTo:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForRange)
+ m.Group("/reviews", func() {
+ m.Get("/new_comment", repo.RenderNewCodeCommentForm)
+ m.Post("/comments", web.Bind(forms.CodeCommentForm{}), repo.SetShowOutdatedComments, repo.CreateCodeComment)
+ m.Post("/submit", web.Bind(forms.SubmitReviewForm{}), repo.SubmitReview)
+ }, context.RepoMustNotBeArchived())
+ })
+ })
+ }, ignSignIn, context.RepoAssignment, repo.MustAllowPulls, reqRepoPullsReader)
+ // end "/{username}/{reponame}/pulls/{index}": repo pull request
+
+ m.Group("/{username}/{reponame}", func() {
m.Group("/activity_author_data", func() {
m.Get("", repo.ActivityAuthors)
m.Get("/{period}", repo.ActivityAuthors)
@@ -1499,32 +1528,6 @@ func registerRoutes(m *web.Router) {
return cancel
})
- m.Group("/pulls/{index}", func() {
- m.Get("", repo.SetWhitespaceBehavior, repo.GetPullDiffStats, repo.ViewIssue)
- m.Get(".diff", repo.DownloadPullDiff)
- m.Get(".patch", repo.DownloadPullPatch)
- m.Group("/commits", func() {
- m.Get("", context.RepoRef(), repo.SetWhitespaceBehavior, repo.GetPullDiffStats, repo.ViewPullCommits)
- m.Get("/list", context.RepoRef(), repo.GetPullCommits)
- m.Get("/{sha:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForSingleCommit)
- })
- m.Post("/merge", context.RepoMustNotBeArchived(), web.Bind(forms.MergePullRequestForm{}), repo.MergePullRequest)
- m.Post("/cancel_auto_merge", context.RepoMustNotBeArchived(), repo.CancelAutoMergePullRequest)
- m.Post("/update", repo.UpdatePullRequest)
- m.Post("/set_allow_maintainer_edit", web.Bind(forms.UpdateAllowEditsForm{}), repo.SetAllowEdits)
- m.Post("/cleanup", context.RepoMustNotBeArchived(), context.RepoRef(), repo.CleanUpPullRequest)
- m.Group("/files", func() {
- m.Get("", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForAllCommitsOfPr)
- m.Get("/{sha:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesStartingFromCommit)
- m.Get("/{shaFrom:[a-f0-9]{7,40}}..{shaTo:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForRange)
- m.Group("/reviews", func() {
- m.Get("/new_comment", repo.RenderNewCodeCommentForm)
- m.Post("/comments", web.Bind(forms.CodeCommentForm{}), repo.SetShowOutdatedComments, repo.CreateCodeComment)
- m.Post("/submit", web.Bind(forms.SubmitReviewForm{}), repo.SubmitReview)
- }, context.RepoMustNotBeArchived())
- })
- }, repo.MustAllowPulls)
-
m.Group("/media", func() {
m.Get("/branch/*", context.RepoRefByType(context.RepoRefBranch), repo.SingleDownloadOrLFS)
m.Get("/tag/*", context.RepoRefByType(context.RepoRefTag), repo.SingleDownloadOrLFS)