diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2023-07-03 22:17:30 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-07-03 16:17:30 +0200 |
| commit | 13ffa287b1a2edd788fa21cfef447766dbd77821 (patch) | |
| tree | 65e4afcb9f004e4e383ab37ae7e3de7243d8db1d /routers | |
| parent | e5b684e567410e341d798753f564bdd438198a9b (diff) | |
| download | gitea-13ffa287b1a2edd788fa21cfef447766dbd77821.tar.gz gitea-13ffa287b1a2edd788fa21cfef447766dbd77821.zip | |
Fix bug of branches API with tests(#25578) (#25579)
Backport #25578
This PR added a repository's check when creating/deleting branches via
API. Mirror repository and archive repository cannot do that.
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/api/v1/repo/branch.go | 37 |
1 files changed, 35 insertions, 2 deletions
diff --git a/routers/api/v1/repo/branch.go b/routers/api/v1/repo/branch.go index 5336ccb797..04d179dfaa 100644 --- a/routers/api/v1/repo/branch.go +++ b/routers/api/v1/repo/branch.go @@ -116,6 +116,21 @@ func DeleteBranch(ctx *context.APIContext) { // "404": // "$ref": "#/responses/notFound" + if ctx.Repo.Repository.IsEmpty { + ctx.Error(http.StatusNotFound, "", "Git Repository is empty.") + return + } + + if ctx.Repo.Repository.IsArchived { + ctx.Error(http.StatusForbidden, "", "Git Repository is archived.") + return + } + + if ctx.Repo.Repository.IsMirror { + ctx.Error(http.StatusForbidden, "", "Git Repository is a mirror.") + return + } + branchName := ctx.Params("*") if err := repo_service.DeleteBranch(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.GitRepo, branchName); err != nil { @@ -162,17 +177,30 @@ func CreateBranch(ctx *context.APIContext) { // responses: // "201": // "$ref": "#/responses/Branch" + // "403": + // description: The branch is archived or a mirror. // "404": // description: The old branch does not exist. // "409": // description: The branch with the same name already exists. - opt := web.GetForm(ctx).(*api.CreateBranchRepoOption) if ctx.Repo.Repository.IsEmpty { ctx.Error(http.StatusNotFound, "", "Git Repository is empty.") return } + if ctx.Repo.Repository.IsArchived { + ctx.Error(http.StatusForbidden, "", "Git Repository is archived.") + return + } + + if ctx.Repo.Repository.IsMirror { + ctx.Error(http.StatusForbidden, "", "Git Repository is a mirror.") + return + } + + opt := web.GetForm(ctx).(*api.CreateBranchRepoOption) + var oldCommit *git.Commit var err error @@ -280,7 +308,12 @@ func ListBranches(ctx *context.APIContext) { listOptions := utils.GetListOptions(ctx) - if !ctx.Repo.Repository.IsEmpty && ctx.Repo.GitRepo != nil { + if !ctx.Repo.Repository.IsEmpty { + if ctx.Repo.GitRepo == nil { + ctx.Error(http.StatusInternalServerError, "Load git repository failed", nil) + return + } + rules, err := git_model.FindRepoProtectedBranchRules(ctx, ctx.Repo.Repository.ID) if err != nil { ctx.Error(http.StatusInternalServerError, "FindMatchedProtectedBranchRules", err) |