aboutsummaryrefslogtreecommitdiffstats
path: root/routers/api/v1
diff options
context:
space:
mode:
Diffstat (limited to 'routers/api/v1')
-rw-r--r--routers/api/v1/api.go26
-rw-r--r--routers/api/v1/repo/pull.go12
2 files changed, 35 insertions, 3 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 58ae8ec90a..b98863b418 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -64,6 +64,7 @@
package v1
import (
+ gocontext "context"
"errors"
"fmt"
"net/http"
@@ -211,11 +212,20 @@ func repoAssignment() func(ctx *context.APIContext) {
}
ctx.Repo.Permission.SetUnitsWithDefaultAccessMode(ctx.Repo.Repository.Units, ctx.Repo.Permission.AccessMode)
} else {
- ctx.Repo.Permission, err = access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+ needTwoFactor, err := doerNeedTwoFactorAuth(ctx, ctx.Doer)
if err != nil {
ctx.APIErrorInternal(err)
return
}
+ if needTwoFactor {
+ ctx.Repo.Permission = access_model.PermissionNoAccess()
+ } else {
+ ctx.Repo.Permission, err = access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+ if err != nil {
+ ctx.APIErrorInternal(err)
+ return
+ }
+ }
}
if !ctx.Repo.Permission.HasAnyUnitAccess() {
@@ -225,6 +235,20 @@ func repoAssignment() func(ctx *context.APIContext) {
}
}
+func doerNeedTwoFactorAuth(ctx gocontext.Context, doer *user_model.User) (bool, error) {
+ if !setting.TwoFactorAuthEnforced {
+ return false, nil
+ }
+ if doer == nil {
+ return false, nil
+ }
+ has, err := auth_model.HasTwoFactorOrWebAuthn(ctx, doer.ID)
+ if err != nil {
+ return false, err
+ }
+ return !has, nil
+}
+
func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.APIContext) {
return func(ctx *context.APIContext) {
if ctx.Package.AccessMode < accessMode && !ctx.IsUserSiteAdmin() {
diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index c0b1810191..04d9b10787 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -202,6 +202,10 @@ func GetPullRequest(ctx *context.APIContext) {
ctx.APIErrorInternal(err)
return
}
+
+ // Consider API access a view for delayed checking.
+ pull_service.StartPullRequestCheckOnView(ctx, pr)
+
ctx.JSON(http.StatusOK, convert.ToAPIPullRequest(ctx, pr, ctx.Doer))
}
@@ -287,6 +291,10 @@ func GetPullRequestByBaseHead(ctx *context.APIContext) {
ctx.APIErrorInternal(err)
return
}
+
+ // Consider API access a view for delayed checking.
+ pull_service.StartPullRequestCheckOnView(ctx, pr)
+
ctx.JSON(http.StatusOK, convert.ToAPIPullRequest(ctx, pr, ctx.Doer))
}
@@ -921,7 +929,7 @@ func MergePullRequest(ctx *context.APIContext) {
if err := pull_service.CheckPullMergeable(ctx, ctx.Doer, &ctx.Repo.Permission, pr, mergeCheckType, form.ForceMerge); err != nil {
if errors.Is(err, pull_service.ErrIsClosed) {
ctx.APIErrorNotFound()
- } else if errors.Is(err, pull_service.ErrUserNotAllowedToMerge) {
+ } else if errors.Is(err, pull_service.ErrNoPermissionToMerge) {
ctx.APIError(http.StatusMethodNotAllowed, "User not allowed to merge PR")
} else if errors.Is(err, pull_service.ErrHasMerged) {
ctx.APIError(http.StatusMethodNotAllowed, "")
@@ -929,7 +937,7 @@ func MergePullRequest(ctx *context.APIContext) {
ctx.APIError(http.StatusMethodNotAllowed, "Work in progress PRs cannot be merged")
} else if errors.Is(err, pull_service.ErrNotMergeableState) {
ctx.APIError(http.StatusMethodNotAllowed, "Please try again later")
- } else if pull_service.IsErrDisallowedToMerge(err) {
+ } else if errors.Is(err, pull_service.ErrNotReadyToMerge) {
ctx.APIError(http.StatusMethodNotAllowed, err)
} else if asymkey_service.IsErrWontSign(err) {
ctx.APIError(http.StatusMethodNotAllowed, err)
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-29 09:04:42 +0000