diff options
| author | Ethan Koenig <etk39@cornell.edu> | 2017-01-13 21:14:48 -0500 |
|---|---|---|
| committer | Lunny Xiao <xiaolunwen@gmail.com> | 2017-01-14 10:14:48 +0800 |
| commit | 27fcf8d30a8c8dda281739c84af4033c93d96faf (patch) | |
| tree | 83c4c03b76539fc1907977e6ef8f32a08846a78d /routers | |
| parent | 87ad4961f62c24cf75377f3055e9769e269c80d9 (diff) | |
| download | gitea-27fcf8d30a8c8dda281739c84af4033c93d96faf.tar.gz gitea-27fcf8d30a8c8dda281739c84af4033c93d96faf.zip | |
Bug fixes for webhook API (#650)
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/api/v1/api.go | 44 | ||||
| -rw-r--r-- | routers/api/v1/org/hook.go | 6 | ||||
| -rw-r--r-- | routers/api/v1/repo/hook.go | 7 |
3 files changed, 51 insertions, 6 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 69b9a272e0..c30db1a33a 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -119,6 +119,44 @@ func reqRepoWriter() macaron.Handler { } } +func reqOrgMembership() macaron.Handler { + return func(ctx *context.APIContext) { + var orgID int64 + if ctx.Org.Organization != nil { + orgID = ctx.Org.Organization.ID + } else if ctx.Org.Team != nil { + orgID = ctx.Org.Team.OrgID + } else { + ctx.Error(500, "", "reqOrgMembership: unprepared context") + return + } + + if !models.IsOrganizationMember(orgID, ctx.User.ID) { + ctx.Error(403, "", "Must be an organization member") + return + } + } +} + +func reqOrgOwnership() macaron.Handler { + return func(ctx *context.APIContext) { + var orgID int64 + if ctx.Org.Organization != nil { + orgID = ctx.Org.Organization.ID + } else if ctx.Org.Team != nil { + orgID = ctx.Org.Team.OrgID + } else { + ctx.Error(500, "", "reqOrgOwnership: unprepared context") + return + } + + if !models.IsOrganizationOwner(orgID, ctx.User.ID) { + ctx.Error(403, "", "Must be an organization member") + return + } + } +} + func orgAssignment(args ...bool) macaron.Handler { var ( assignOrg bool @@ -362,9 +400,9 @@ func RegisterRoutes(m *macaron.Macaron) { m.Combo("").Get(org.ListHooks). Post(bind(api.CreateHookOption{}), org.CreateHook) m.Combo("/:id").Get(org.GetHook). - Patch(bind(api.EditHookOption{}), org.EditHook). - Delete(org.DeleteHook) - }) + Patch(reqOrgOwnership(), bind(api.EditHookOption{}), org.EditHook). + Delete(reqOrgOwnership(), org.DeleteHook) + }, reqOrgMembership()) }, orgAssignment(true)) m.Group("/teams/:teamid", func() { m.Get("", org.GetTeam) diff --git a/routers/api/v1/org/hook.go b/routers/api/v1/org/hook.go index ebea13e56a..3a0b74ac21 100644 --- a/routers/api/v1/org/hook.go +++ b/routers/api/v1/org/hook.go @@ -58,7 +58,11 @@ func DeleteHook(ctx *context.APIContext) { org := ctx.Org.Organization hookID := ctx.ParamsInt64(":id") if err := models.DeleteWebhookByOrgID(org.ID, hookID); err != nil { - ctx.Error(500, "DeleteWebhookByOrgID", err) + if models.IsErrWebhookNotExist(err) { + ctx.Status(404) + } else { + ctx.Error(500, "DeleteWebhookByOrgID", err) + } return } ctx.Status(204) diff --git a/routers/api/v1/repo/hook.go b/routers/api/v1/repo/hook.go index 51f64e3452..2e3b655a12 100644 --- a/routers/api/v1/repo/hook.go +++ b/routers/api/v1/repo/hook.go @@ -59,9 +59,12 @@ func EditHook(ctx *context.APIContext, form api.EditHookOption) { // DeleteHook delete a hook of a repository func DeleteHook(ctx *context.APIContext) { if err := models.DeleteWebhookByRepoID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id")); err != nil { - ctx.Error(500, "DeleteWebhookByRepoID", err) + if models.IsErrWebhookNotExist(err) { + ctx.Status(404) + } else { + ctx.Error(500, "DeleteWebhookByRepoID", err) + } return } - ctx.Status(204) } |