diff options
Diffstat (limited to 'routers/api/v1/api.go')
-rw-r--r-- | routers/api/v1/api.go | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index eb15acc313..ffbfce893a 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -110,6 +110,15 @@ func reqAdmin() macaron.Handler { } } +func reqRepoWriter() macaron.Handler { + return func(ctx *context.Context) { + if !ctx.Repo.IsWriter() { + ctx.Error(403) + return + } + } +} + func orgAssignment(args ...bool) macaron.Handler { var ( assignOrg bool @@ -259,11 +268,6 @@ func RegisterRoutes(m *macaron.Macaron) { Delete(repo.ClearIssueLabels) m.Delete("/:id", repo.DeleteIssueLabel) }) - m.Group("/milestone", func() { - m.Combo("").Get(repo.GetIssueMilestone). - Post(bind(api.SetIssueMilestoneOption{}), repo.SetIssueMilestone). - Delete(repo.DeleteIssueMilestone) - }) }) }, mustEnableIssues) @@ -275,10 +279,10 @@ func RegisterRoutes(m *macaron.Macaron) { }) m.Group("/milestones", func() { m.Combo("").Get(repo.ListMilestones). - Post(bind(api.CreateMilestoneOption{}), repo.CreateMilestone) - m.Combo("/:id").Get(repo.GetMilestone).Patch(bind(api.EditMilestoneOption{}), repo.EditMilestone). - Delete(repo.DeleteMilestone) - m.Post("/:id/:action", repo.ChangeMilestoneStatus) + Post(reqRepoWriter(), bind(api.CreateMilestoneOption{}), repo.CreateMilestone) + m.Combo("/:id").Get(repo.GetMilestone). + Patch(reqRepoWriter(), bind(api.EditMilestoneOption{}), repo.EditMilestone). + Delete(reqRepoWriter(), repo.DeleteMilestone) }) }, repoAssignment()) }, reqToken()) |