diff options
| author | wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf <61180606+wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf@users.noreply.github.com> | 2020-08-22 08:58:59 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-08-22 02:58:59 -0400 |
| commit | d4e35b9dc61779559fe28a7537d28bef2938a443 (patch) | |
| tree | 833e669f014fc661fec2b1842e268bcda119462f /routers | |
| parent | a0484890c11a088330db0e3a0c03474ee2408b13 (diff) | |
| download | gitea-d4e35b9dc61779559fe28a7537d28bef2938a443.tar.gz gitea-d4e35b9dc61779559fe28a7537d28bef2938a443.zip | |
Hide 'New Project board' button for users that are not signed in (#12547)
* hide: 'New Project board' button
* there is no reason to show the button for users that are not signed in
* update template: specifies the condition together with another one
as per lafriks' suggestion in the comment
* chore: add proper user authorization check
* chore: also hide button if repo is archived
* chore: show project board edit/delete menu to authorized users only
* chore: drop the redundant IsSigned check
* CanWriteIssues and CanWritePulls implies (and requires) signed in user
* Add CanWriteProjects and properly assert permissions
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/repo/projects.go | 17 | ||||
| -rw-r--r-- | routers/routes/routes.go | 37 |
2 files changed, 32 insertions, 22 deletions
diff --git a/routers/repo/projects.go b/routers/repo/projects.go index daa94a308d..948f88375e 100644 --- a/routers/repo/projects.go +++ b/routers/repo/projects.go @@ -95,6 +95,7 @@ func Projects(ctx *context.Context) { pager.AddParam(ctx, "state", "State") ctx.Data["Page"] = pager + ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects) ctx.Data["IsShowClosed"] = isShowClosed ctx.Data["IsProjectsPage"] = true ctx.Data["SortType"] = sortType @@ -106,16 +107,17 @@ func Projects(ctx *context.Context) { func NewProject(ctx *context.Context) { ctx.Data["Title"] = ctx.Tr("repo.projects.new") ctx.Data["ProjectTypes"] = models.GetProjectsConfig() - + ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects) ctx.HTML(200, tplProjectsNew) } -// NewRepoProjectPost creates a new project -func NewRepoProjectPost(ctx *context.Context, form auth.CreateProjectForm) { - +// NewProjectPost creates a new project +func NewProjectPost(ctx *context.Context, form auth.CreateProjectForm) { ctx.Data["Title"] = ctx.Tr("repo.projects.new") if ctx.HasError() { + ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects) + ctx.Data["ProjectTypes"] = models.GetProjectsConfig() ctx.HTML(200, tplProjectsNew) return } @@ -192,6 +194,7 @@ func EditProject(ctx *context.Context) { ctx.Data["Title"] = ctx.Tr("repo.projects.edit") ctx.Data["PageIsProjects"] = true ctx.Data["PageIsEditProjects"] = true + ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects) p, err := models.GetProjectByID(ctx.ParamsInt64(":id")) if err != nil { @@ -218,9 +221,10 @@ func EditProjectPost(ctx *context.Context, form auth.CreateProjectForm) { ctx.Data["Title"] = ctx.Tr("repo.projects.edit") ctx.Data["PageIsProjects"] = true ctx.Data["PageIsEditProjects"] = true + ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects) if ctx.HasError() { - ctx.HTML(200, tplMilestoneNew) + ctx.HTML(200, tplProjectsNew) return } @@ -287,6 +291,7 @@ func ViewProject(ctx *context.Context) { return } + ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects) ctx.Data["Project"] = project ctx.Data["Boards"] = allBoards ctx.Data["PageIsProjects"] = true @@ -551,6 +556,7 @@ func MoveIssueAcrossBoards(ctx *context.Context) { func CreateProject(ctx *context.Context) { ctx.Data["Title"] = ctx.Tr("repo.projects.new") ctx.Data["ProjectTypes"] = models.GetProjectsConfig() + ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects) ctx.HTML(200, tplGenericProjectsNew) } @@ -566,6 +572,7 @@ func CreateProjectPost(ctx *context.Context, form auth.UserCreateProjectForm) { ctx.Data["ContextUser"] = user if ctx.HasError() { + ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects) ctx.HTML(200, tplGenericProjectsNew) return } diff --git a/routers/routes/routes.go b/routers/routes/routes.go index 27af9275ed..bdb82db6f5 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -535,6 +535,7 @@ func RegisterRoutes(m *macaron.Macaron) { reqRepoIssuesOrPullsWriter := context.RequireRepoWriterOr(models.UnitTypeIssues, models.UnitTypePullRequests) reqRepoIssuesOrPullsReader := context.RequireRepoReaderOr(models.UnitTypeIssues, models.UnitTypePullRequests) reqRepoProjectsReader := context.RequireRepoReader(models.UnitTypeProjects) + reqRepoProjectsWriter := context.RequireRepoWriter(models.UnitTypeProjects) // ***** START: Organization ***** m.Group("/org", func() { @@ -858,24 +859,26 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("/projects", func() { m.Get("", repo.Projects) - m.Get("/new", repo.NewProject) - m.Post("/new", bindIgnErr(auth.CreateProjectForm{}), repo.NewRepoProjectPost) - m.Group("/:id", func() { - m.Get("", repo.ViewProject) - m.Post("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.AddBoardToProjectPost) - m.Post("/delete", repo.DeleteProject) - - m.Get("/edit", repo.EditProject) - m.Post("/edit", bindIgnErr(auth.CreateProjectForm{}), repo.EditProjectPost) - m.Post("/^:action(open|close)$", repo.ChangeProjectStatus) - - m.Group("/:boardID", func() { - m.Put("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.EditProjectBoardTitle) - m.Delete("", repo.DeleteProjectBoard) - - m.Post("/:index", repo.MoveIssueAcrossBoards) + m.Get("/:id", repo.ViewProject) + m.Group("", func() { + m.Get("/new", repo.NewProject) + m.Post("/new", bindIgnErr(auth.CreateProjectForm{}), repo.NewProjectPost) + m.Group("/:id", func() { + m.Post("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.AddBoardToProjectPost) + m.Post("/delete", repo.DeleteProject) + + m.Get("/edit", repo.EditProject) + m.Post("/edit", bindIgnErr(auth.CreateProjectForm{}), repo.EditProjectPost) + m.Post("/^:action(open|close)$", repo.ChangeProjectStatus) + + m.Group("/:boardID", func() { + m.Put("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.EditProjectBoardTitle) + m.Delete("", repo.DeleteProjectBoard) + + m.Post("/:index", repo.MoveIssueAcrossBoards) + }) }) - }) + }, reqRepoProjectsWriter, context.RepoMustNotBeArchived()) }, reqRepoProjectsReader, repo.MustEnableProjects) m.Group("/wiki", func() { |