diff options
| author | Ethan Koenig <etk39@cornell.edu> | 2016-12-29 08:17:32 -0500 |
|---|---|---|
| committer | Lunny Xiao <xiaolunwen@gmail.com> | 2016-12-29 21:17:32 +0800 |
| commit | 6f4ba6884c85e5603e7510c0e0d114bc9f86965f (patch) | |
| tree | 429afe6210a210e1c3c53e539a447240fd1f47ae /routers | |
| parent | ac51caa517579ca9b495bff031b2affe297ebd25 (diff) | |
| download | gitea-6f4ba6884c85e5603e7510c0e0d114bc9f86965f.tar.gz gitea-6f4ba6884c85e5603e7510c0e0d114bc9f86965f.zip | |
Repo permission bug fixes (#513)
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/api/v1/api.go | 8 | ||||
| -rw-r--r-- | routers/api/v1/repo/repo.go | 4 |
2 files changed, 7 insertions, 5 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index cfba8d7130..547dbceb4e 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -239,7 +239,7 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("", user.IsStarring) m.Put("", user.Star) m.Delete("", user.Unstar) - }, context.ExtractOwnerAndRepo()) + }, repoAssignment()) }) m.Get("/subscriptions", user.GetMyWatchedRepos) @@ -258,11 +258,9 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("/repos", func() { m.Post("/migrate", bind(auth.MigrateRepoForm{}), repo.Migrate) - m.Combo("/:username/:reponame", context.ExtractOwnerAndRepo()). - Get(repo.Get). - Delete(repo.Delete) m.Group("/:username/:reponame", func() { + m.Combo("").Get(repo.Get).Delete(repo.Delete) m.Group("/hooks", func() { m.Combo("").Get(repo.ListHooks). Post(bind(api.CreateHookOption{}), repo.CreateHook) @@ -330,7 +328,7 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("", user.IsWatching) m.Put("", user.Watch) m.Delete("", user.Unwatch) - }, context.ExtractOwnerAndRepo()) + }) m.Get("/editorconfig/:filename", context.RepoRef(), repo.GetEditorconfig) m.Group("/pulls", func() { m.Combo("").Get(bind(api.ListPullRequestsOptions{}), repo.ListPullRequests).Post(reqRepoWriter(), bind(api.CreatePullRequestOption{}), repo.CreatePullRequest) diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go index 35e6554273..fea625fbe7 100644 --- a/routers/api/v1/repo/repo.go +++ b/routers/api/v1/repo/repo.go @@ -275,6 +275,10 @@ func GetByID(ctx *context.APIContext) { // Delete one repository // see https://github.com/gogits/go-gogs-client/wiki/Repositories#delete func Delete(ctx *context.APIContext) { + if !ctx.Repo.IsAdmin() { + ctx.Error(403, "", "Must have admin rights") + return + } owner := ctx.Repo.Owner repo := ctx.Repo.Repository |