summaryrefslogtreecommitdiffstats
path: root/routers/api/v1/api.go
diff options
context:
space:
mode:
Diffstat (limited to 'routers/api/v1/api.go')
-rw-r--r--routers/api/v1/api.go22
1 files changed, 13 insertions, 9 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index eb15acc313..ffbfce893a 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -110,6 +110,15 @@ func reqAdmin() macaron.Handler {
}
}
+func reqRepoWriter() macaron.Handler {
+ return func(ctx *context.Context) {
+ if !ctx.Repo.IsWriter() {
+ ctx.Error(403)
+ return
+ }
+ }
+}
+
func orgAssignment(args ...bool) macaron.Handler {
var (
assignOrg bool
@@ -259,11 +268,6 @@ func RegisterRoutes(m *macaron.Macaron) {
Delete(repo.ClearIssueLabels)
m.Delete("/:id", repo.DeleteIssueLabel)
})
- m.Group("/milestone", func() {
- m.Combo("").Get(repo.GetIssueMilestone).
- Post(bind(api.SetIssueMilestoneOption{}), repo.SetIssueMilestone).
- Delete(repo.DeleteIssueMilestone)
- })
})
}, mustEnableIssues)
@@ -275,10 +279,10 @@ func RegisterRoutes(m *macaron.Macaron) {
})
m.Group("/milestones", func() {
m.Combo("").Get(repo.ListMilestones).
- Post(bind(api.CreateMilestoneOption{}), repo.CreateMilestone)
- m.Combo("/:id").Get(repo.GetMilestone).Patch(bind(api.EditMilestoneOption{}), repo.EditMilestone).
- Delete(repo.DeleteMilestone)
- m.Post("/:id/:action", repo.ChangeMilestoneStatus)
+ Post(reqRepoWriter(), bind(api.CreateMilestoneOption{}), repo.CreateMilestone)
+ m.Combo("/:id").Get(repo.GetMilestone).
+ Patch(reqRepoWriter(), bind(api.EditMilestoneOption{}), repo.EditMilestone).
+ Delete(reqRepoWriter(), repo.DeleteMilestone)
})
}, repoAssignment())
}, reqToken())