aboutsummaryrefslogtreecommitdiffstats
path: root/routers/api/v1/api.go
diff options
context:
space:
mode:
Diffstat (limited to 'routers/api/v1/api.go')
-rw-r--r--routers/api/v1/api.go76
1 files changed, 43 insertions, 33 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 14a8d59855..8dda892955 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -42,6 +42,7 @@ import (
"code.gitea.io/gitea/routers/api/v1/org"
"code.gitea.io/gitea/routers/api/v1/repo"
"code.gitea.io/gitea/routers/api/v1/user"
+ "code.gitea.io/gitea/routers/api/v1/utils"
)
func repoAssignment() macaron.Handler {
@@ -92,7 +93,7 @@ func repoAssignment() macaron.Handler {
if ctx.IsSigned && ctx.User.IsAdmin {
ctx.Repo.AccessMode = models.AccessModeOwner
} else {
- mode, err := models.AccessLevel(ctx.User.ID, repo)
+ mode, err := models.AccessLevel(utils.UserID(ctx), repo)
if err != nil {
ctx.Error(500, "AccessLevel", err)
return
@@ -341,27 +342,27 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Combo("/repositories/:id", reqToken()).Get(repo.GetByID)
m.Group("/repos", func() {
- m.Post("/migrate", bind(auth.MigrateRepoForm{}), repo.Migrate)
+ m.Post("/migrate", reqToken(), bind(auth.MigrateRepoForm{}), repo.Migrate)
m.Group("/:username/:reponame", func() {
- m.Combo("").Get(repo.Get).Delete(repo.Delete)
+ m.Combo("").Get(repo.Get).Delete(reqToken(), repo.Delete)
m.Group("/hooks", func() {
m.Combo("").Get(repo.ListHooks).
Post(bind(api.CreateHookOption{}), repo.CreateHook)
m.Combo("/:id").Get(repo.GetHook).
Patch(bind(api.EditHookOption{}), repo.EditHook).
Delete(repo.DeleteHook)
- }, reqRepoWriter())
+ }, reqToken(), reqRepoWriter())
m.Group("/collaborators", func() {
m.Get("", repo.ListCollaborators)
m.Combo("/:collaborator").Get(repo.IsCollaborator).
Put(bind(api.AddCollaboratorOption{}), repo.AddCollaborator).
Delete(repo.DeleteCollaborator)
- })
+ }, reqToken())
m.Get("/raw/*", context.RepoRef(), repo.GetRawFile)
m.Get("/archive/*", repo.GetArchive)
m.Combo("/forks").Get(repo.ListForks).
- Post(bind(api.CreateForkOption{}), repo.CreateFork)
+ Post(reqToken(), bind(api.CreateForkOption{}), repo.CreateFork)
m.Group("/branches", func() {
m.Get("", repo.ListBranches)
m.Get("/*", context.RepoRef(), repo.GetBranch)
@@ -371,78 +372,87 @@ func RegisterRoutes(m *macaron.Macaron) {
Post(bind(api.CreateKeyOption{}), repo.CreateDeployKey)
m.Combo("/:id").Get(repo.GetDeployKey).
Delete(repo.DeleteDeploykey)
- })
+ }, reqToken())
m.Group("/issues", func() {
- m.Combo("").Get(repo.ListIssues).Post(bind(api.CreateIssueOption{}), repo.CreateIssue)
+ m.Combo("").Get(repo.ListIssues).
+ Post(reqToken(), bind(api.CreateIssueOption{}), repo.CreateIssue)
m.Group("/comments", func() {
m.Get("", repo.ListRepoIssueComments)
- m.Combo("/:id").Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueComment)
+ m.Combo("/:id", reqToken()).
+ Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueComment)
})
m.Group("/:index", func() {
- m.Combo("").Get(repo.GetIssue).Patch(bind(api.EditIssueOption{}), repo.EditIssue)
+ m.Combo("").Get(repo.GetIssue).
+ Patch(reqToken(), bind(api.EditIssueOption{}), repo.EditIssue)
m.Group("/comments", func() {
- m.Combo("").Get(repo.ListIssueComments).Post(bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment)
- m.Combo("/:id").Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueComment).
+ m.Combo("").Get(repo.ListIssueComments).
+ Post(reqToken(), bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment)
+ m.Combo("/:id", reqToken()).Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueComment).
Delete(repo.DeleteIssueComment)
})
m.Group("/labels", func() {
m.Combo("").Get(repo.ListIssueLabels).
- Post(bind(api.IssueLabelsOption{}), repo.AddIssueLabels).
- Put(bind(api.IssueLabelsOption{}), repo.ReplaceIssueLabels).
- Delete(repo.ClearIssueLabels)
- m.Delete("/:id", repo.DeleteIssueLabel)
+ Post(reqToken(), bind(api.IssueLabelsOption{}), repo.AddIssueLabels).
+ Put(reqToken(), bind(api.IssueLabelsOption{}), repo.ReplaceIssueLabels).
+ Delete(reqToken(), repo.ClearIssueLabels)
+ m.Delete("/:id", reqToken(), repo.DeleteIssueLabel)
})
})
}, mustEnableIssues)
m.Group("/labels", func() {
m.Combo("").Get(repo.ListLabels).
- Post(bind(api.CreateLabelOption{}), repo.CreateLabel)
- m.Combo("/:id").Get(repo.GetLabel).Patch(bind(api.EditLabelOption{}), repo.EditLabel).
- Delete(repo.DeleteLabel)
+ Post(reqToken(), bind(api.CreateLabelOption{}), repo.CreateLabel)
+ m.Combo("/:id").Get(repo.GetLabel).
+ Patch(reqToken(), bind(api.EditLabelOption{}), repo.EditLabel).
+ Delete(reqToken(), repo.DeleteLabel)
})
m.Group("/milestones", func() {
m.Combo("").Get(repo.ListMilestones).
- Post(reqRepoWriter(), bind(api.CreateMilestoneOption{}), repo.CreateMilestone)
+ Post(reqToken(), reqRepoWriter(), bind(api.CreateMilestoneOption{}), repo.CreateMilestone)
m.Combo("/:id").Get(repo.GetMilestone).
- Patch(reqRepoWriter(), bind(api.EditMilestoneOption{}), repo.EditMilestone).
- Delete(reqRepoWriter(), repo.DeleteMilestone)
+ Patch(reqToken(), reqRepoWriter(), bind(api.EditMilestoneOption{}), repo.EditMilestone).
+ Delete(reqToken(), reqRepoWriter(), repo.DeleteMilestone)
})
m.Get("/stargazers", repo.ListStargazers)
m.Get("/subscribers", repo.ListSubscribers)
m.Group("/subscription", func() {
m.Get("", user.IsWatching)
- m.Put("", user.Watch)
- m.Delete("", user.Unwatch)
+ m.Put("", reqToken(), user.Watch)
+ m.Delete("", reqToken(), user.Unwatch)
})
m.Group("/releases", func() {
m.Combo("").Get(repo.ListReleases).
- Post(bind(api.CreateReleaseOption{}), repo.CreateRelease)
+ Post(reqToken(), bind(api.CreateReleaseOption{}), repo.CreateRelease)
m.Combo("/:id").Get(repo.GetRelease).
- Patch(bind(api.EditReleaseOption{}), repo.EditRelease).
- Delete(repo.DeleteRelease)
+ Patch(reqToken(), bind(api.EditReleaseOption{}), repo.EditRelease).
+ Delete(reqToken(), repo.DeleteRelease)
})
- m.Post("/mirror-sync", repo.MirrorSync)
+ m.Post("/mirror-sync", reqToken(), repo.MirrorSync)
m.Get("/editorconfig/:filename", context.RepoRef(), repo.GetEditorconfig)
m.Group("/pulls", func() {
- m.Combo("").Get(bind(api.ListPullRequestsOptions{}), repo.ListPullRequests).Post(reqRepoWriter(), bind(api.CreatePullRequestOption{}), repo.CreatePullRequest)
+ m.Combo("").Get(bind(api.ListPullRequestsOptions{}), repo.ListPullRequests).
+ Post(reqToken(), reqRepoWriter(), bind(api.CreatePullRequestOption{}), repo.CreatePullRequest)
m.Group("/:index", func() {
- m.Combo("").Get(repo.GetPullRequest).Patch(reqRepoWriter(), bind(api.EditPullRequestOption{}), repo.EditPullRequest)
- m.Combo("/merge").Get(repo.IsPullRequestMerged).Post(reqRepoWriter(), repo.MergePullRequest)
+ m.Combo("").Get(repo.GetPullRequest).
+ Patch(reqToken(), reqRepoWriter(), bind(api.EditPullRequestOption{}), repo.EditPullRequest)
+ m.Combo("/merge").Get(repo.IsPullRequestMerged).
+ Post(reqToken(), reqRepoWriter(), repo.MergePullRequest)
})
}, mustAllowPulls, context.ReferencesGitRepo())
m.Group("/statuses", func() {
- m.Combo("/:sha").Get(repo.GetCommitStatuses).Post(reqRepoWriter(), bind(api.CreateStatusOption{}), repo.NewCommitStatus)
+ m.Combo("/:sha").Get(repo.GetCommitStatuses).
+ Post(reqToken(), reqRepoWriter(), bind(api.CreateStatusOption{}), repo.NewCommitStatus)
})
m.Group("/commits/:ref", func() {
m.Get("/status", repo.GetCombinedCommitStatus)
m.Get("/statuses", repo.GetCommitStatuses)
})
}, repoAssignment())
- }, reqToken())
+ })
// Organizations
m.Get("/user/orgs", reqToken(), org.ListMyOrgs)