diff options
Diffstat (limited to 'routers/routes/routes.go')
| -rw-r--r-- | routers/routes/routes.go | 79 |
1 files changed, 44 insertions, 35 deletions
diff --git a/routers/routes/routes.go b/routers/routes/routes.go index 1c1bcd8f95..eb5841f593 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -393,7 +393,16 @@ func RegisterRoutes(m *macaron.Macaron) { } reqRepoAdmin := context.RequireRepoAdmin() - reqRepoWriter := context.RequireRepoWriter() + reqRepoCodeWriter := context.RequireRepoWriter(models.UnitTypeCode) + reqRepoCodeReader := context.RequireRepoReader(models.UnitTypeCode) + reqRepoReleaseWriter := context.RequireRepoWriter(models.UnitTypeReleases) + reqRepoReleaseReader := context.RequireRepoReader(models.UnitTypeReleases) + reqRepoWikiWriter := context.RequireRepoWriter(models.UnitTypeWiki) + reqRepoIssueReader := context.RequireRepoReader(models.UnitTypeIssues) + reqRepoPullsWriter := context.RequireRepoWriter(models.UnitTypePullRequests) + reqRepoPullsReader := context.RequireRepoReader(models.UnitTypePullRequests) + reqRepoIssuesOrPullsWriter := context.RequireRepoWriterOr(models.UnitTypeIssues, models.UnitTypePullRequests) + reqRepoIssuesOrPullsReader := context.RequireRepoReaderOr(models.UnitTypeIssues, models.UnitTypePullRequests) // ***** START: Organization ***** m.Group("/org", func() { @@ -463,7 +472,7 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("/fork", func() { m.Combo("/:repoid").Get(repo.Fork). Post(bindIgnErr(auth.CreateRepoForm{}), repo.ForkPost) - }, context.RepoIDAssignment(), context.UnitTypes(), context.LoadRepoUnits(), context.CheckUnit(models.UnitTypeCode)) + }, context.RepoIDAssignment(), context.UnitTypes(), reqRepoCodeReader) }, reqSignIn) m.Group("/:username/:reponame", func() { @@ -514,7 +523,7 @@ func RegisterRoutes(m *macaron.Macaron) { }, func(ctx *context.Context) { ctx.Data["PageIsSettings"] = true }) - }, reqSignIn, context.RepoAssignment(), reqRepoAdmin, context.UnitTypes(), context.LoadRepoUnits(), context.RepoRef()) + }, reqSignIn, context.RepoAssignment(), reqRepoAdmin, context.UnitTypes(), context.RepoRef()) m.Get("/:username/:reponame/action/:action", reqSignIn, context.RepoAssignment(), repo.Action) @@ -522,7 +531,7 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("/issues", func() { m.Combo("/new").Get(context.RepoRef(), repo.NewIssue). Post(bindIgnErr(auth.CreateIssueForm{}), repo.NewIssuePost) - }, context.CheckUnit(models.UnitTypeIssues)) + }, reqRepoIssueReader) // FIXME: should use different URLs but mostly same logic for comments of issue and pull reuqest. // So they can apply their own enable/disable logic on routers. m.Group("/issues", func() { @@ -545,22 +554,22 @@ func RegisterRoutes(m *macaron.Macaron) { m.Post("/reactions/:action", bindIgnErr(auth.ReactionForm{}), repo.ChangeIssueReaction) }) - m.Post("/labels", reqRepoWriter, repo.UpdateIssueLabel) - m.Post("/milestone", reqRepoWriter, repo.UpdateIssueMilestone) - m.Post("/assignee", reqRepoWriter, repo.UpdateIssueAssignee) - m.Post("/status", reqRepoWriter, repo.UpdateIssueStatus) + m.Post("/labels", reqRepoIssuesOrPullsWriter, repo.UpdateIssueLabel) + m.Post("/milestone", reqRepoIssuesOrPullsWriter, repo.UpdateIssueMilestone) + m.Post("/assignee", reqRepoIssuesOrPullsWriter, repo.UpdateIssueAssignee) + m.Post("/status", reqRepoIssuesOrPullsWriter, repo.UpdateIssueStatus) }) m.Group("/comments/:id", func() { m.Post("", repo.UpdateCommentContent) m.Post("/delete", repo.DeleteComment) m.Post("/reactions/:action", bindIgnErr(auth.ReactionForm{}), repo.ChangeCommentReaction) - }, context.CheckAnyUnit(models.UnitTypeIssues, models.UnitTypePullRequests)) + }) m.Group("/labels", func() { m.Post("/new", bindIgnErr(auth.CreateLabelForm{}), repo.NewLabel) m.Post("/edit", bindIgnErr(auth.CreateLabelForm{}), repo.UpdateLabel) m.Post("/delete", repo.DeleteLabel) m.Post("/initialize", bindIgnErr(auth.InitializeLabelsForm{}), repo.InitializeLabels) - }, reqRepoWriter, context.RepoRef(), context.CheckAnyUnit(models.UnitTypeIssues, models.UnitTypePullRequests)) + }, reqRepoIssuesOrPullsWriter, context.RepoRef()) m.Group("/milestones", func() { m.Combo("/new").Get(repo.NewMilestone). Post(bindIgnErr(auth.CreateMilestoneForm{}), repo.NewMilestonePost) @@ -568,9 +577,9 @@ func RegisterRoutes(m *macaron.Macaron) { m.Post("/:id/edit", bindIgnErr(auth.CreateMilestoneForm{}), repo.EditMilestonePost) m.Get("/:id/:action", repo.ChangeMilestonStatus) m.Post("/delete", repo.DeleteMilestone) - }, reqRepoWriter, context.RepoRef(), context.CheckAnyUnit(models.UnitTypeIssues, models.UnitTypePullRequests)) + }, reqRepoIssuesOrPullsWriter, context.RepoRef()) - m.Combo("/compare/*", repo.MustAllowPulls, repo.SetEditorconfigIfExists). + m.Combo("/compare/*", reqRepoCodeReader, reqRepoPullsReader, repo.MustAllowPulls, repo.SetEditorconfigIfExists). Get(repo.SetDiffViewStyle, repo.CompareAndPullRequest). Post(bindIgnErr(auth.CreateIssueForm{}), repo.CompareAndPullRequestPost) @@ -591,7 +600,7 @@ func RegisterRoutes(m *macaron.Macaron) { m.Post("/upload-file", repo.UploadFileToServer) m.Post("/upload-remove", bindIgnErr(auth.RemoveUploadFileForm{}), repo.RemoveUploadFileFromServer) }, context.RepoRef(), repo.MustBeEditable, repo.MustBeAbleToUpload) - }, repo.MustBeNotBare, reqRepoWriter) + }, reqRepoCodeWriter, repo.MustBeNotBare) m.Group("/branches", func() { m.Group("/_new/", func() { @@ -601,9 +610,9 @@ func RegisterRoutes(m *macaron.Macaron) { }, bindIgnErr(auth.NewBranchForm{})) m.Post("/delete", repo.DeleteBranchPost) m.Post("/restore", repo.RestoreBranchPost) - }, reqRepoWriter, repo.MustBeNotBare, context.CheckUnit(models.UnitTypeCode)) + }, reqRepoCodeWriter, repo.MustBeNotBare) - }, reqSignIn, context.RepoAssignment(), context.UnitTypes(), context.LoadRepoUnits()) + }, reqSignIn, context.RepoAssignment(), context.UnitTypes()) // Releases m.Group("/:username/:reponame", func() { @@ -614,11 +623,11 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("/new", repo.NewRelease) m.Post("/new", bindIgnErr(auth.NewReleaseForm{}), repo.NewReleasePost) m.Post("/delete", repo.DeleteRelease) - }, reqSignIn, repo.MustBeNotBare, reqRepoWriter, context.RepoRef()) + }, reqSignIn, repo.MustBeNotBare, reqRepoReleaseWriter, context.RepoRef()) m.Group("/releases", func() { m.Get("/edit/*", repo.EditRelease) m.Post("/edit/*", bindIgnErr(auth.EditReleaseForm{}), repo.EditReleasePost) - }, reqSignIn, repo.MustBeNotBare, reqRepoWriter, func(ctx *context.Context) { + }, reqSignIn, repo.MustBeNotBare, reqRepoReleaseWriter, func(ctx *context.Context) { var err error ctx.Repo.Commit, err = ctx.Repo.GitRepo.GetBranchCommit(ctx.Repo.Repository.DefaultBranch) if err != nil { @@ -632,7 +641,7 @@ func RegisterRoutes(m *macaron.Macaron) { } ctx.Data["CommitsCount"] = ctx.Repo.CommitsCount }) - }, context.RepoAssignment(), context.UnitTypes(), context.LoadRepoUnits(), context.CheckUnit(models.UnitTypeReleases)) + }, context.RepoAssignment(), context.UnitTypes(), reqRepoReleaseReader) m.Group("/:username/:reponame", func() { m.Post("/topics", repo.TopicsPost) @@ -642,8 +651,8 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("", func() { m.Get("/^:type(issues|pulls)$", repo.RetrieveLabels, repo.Issues) m.Get("/^:type(issues|pulls)$/:index", repo.ViewIssue) - m.Get("/labels/", context.CheckAnyUnit(models.UnitTypeIssues, models.UnitTypePullRequests), repo.RetrieveLabels, repo.Labels) - m.Get("/milestones", context.CheckAnyUnit(models.UnitTypeIssues, models.UnitTypePullRequests), repo.Milestones) + m.Get("/labels/", reqRepoIssuesOrPullsReader, repo.RetrieveLabels, repo.Labels) + m.Get("/milestones", reqRepoIssuesOrPullsReader, repo.Milestones) }, context.RepoRef()) m.Group("/wiki", func() { @@ -656,7 +665,7 @@ func RegisterRoutes(m *macaron.Macaron) { m.Combo("/:page/_edit").Get(repo.EditWiki). Post(bindIgnErr(auth.NewWikiForm{}), repo.EditWikiPost) m.Post("/:page/delete", repo.DeleteWikiPagePost) - }, reqSignIn, reqRepoWriter) + }, reqSignIn, reqRepoWikiWriter) }, repo.MustEnableWiki, context.RepoRef()) m.Group("/wiki", func() { @@ -666,19 +675,19 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("/activity", func() { m.Get("", repo.Activity) m.Get("/:period", repo.Activity) - }, context.RepoRef(), repo.MustBeNotBare, context.CheckAnyUnit(models.UnitTypePullRequests, models.UnitTypeIssues, models.UnitTypeReleases)) + }, context.RepoRef(), repo.MustBeNotBare, context.RequireRepoReaderOr(models.UnitTypePullRequests, models.UnitTypeIssues, models.UnitTypeReleases)) - m.Get("/archive/*", repo.MustBeNotBare, context.CheckUnit(models.UnitTypeCode), repo.Download) + m.Get("/archive/*", repo.MustBeNotBare, reqRepoCodeReader, repo.Download) m.Group("/branches", func() { m.Get("", repo.Branches) - }, repo.MustBeNotBare, context.RepoRef(), context.CheckUnit(models.UnitTypeCode)) + }, repo.MustBeNotBare, context.RepoRef(), reqRepoCodeReader) m.Group("/pulls/:index", func() { m.Get(".diff", repo.DownloadPullDiff) m.Get(".patch", repo.DownloadPullPatch) m.Get("/commits", context.RepoRef(), repo.ViewPullCommits) - m.Post("/merge", reqRepoWriter, bindIgnErr(auth.MergePullRequestForm{}), repo.MergePullRequest) + m.Post("/merge", reqRepoPullsWriter, bindIgnErr(auth.MergePullRequestForm{}), repo.MergePullRequest) m.Post("/cleanup", context.RepoRef(), repo.CleanUpPullRequest) m.Group("/files", func() { m.Get("", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.ViewPullFiles) @@ -696,7 +705,7 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("/blob/:sha", context.RepoRefByType(context.RepoRefBlob), repo.DownloadByID) // "/*" route is deprecated, and kept for backward compatibility m.Get("/*", context.RepoRefByType(context.RepoRefLegacy), repo.SingleDownload) - }, repo.MustBeNotBare, context.CheckUnit(models.UnitTypeCode)) + }, repo.MustBeNotBare, reqRepoCodeReader) m.Group("/commits", func() { m.Get("/branch/*", context.RepoRefByType(context.RepoRefBranch), repo.RefCommits) @@ -704,12 +713,12 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("/commit/*", context.RepoRefByType(context.RepoRefCommit), repo.RefCommits) // "/*" route is deprecated, and kept for backward compatibility m.Get("/*", context.RepoRefByType(context.RepoRefLegacy), repo.RefCommits) - }, repo.MustBeNotBare, context.CheckUnit(models.UnitTypeCode)) + }, repo.MustBeNotBare, reqRepoCodeReader) m.Group("", func() { m.Get("/graph", repo.Graph) m.Get("/commit/:sha([a-f0-9]{7,40})$", repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.Diff) - }, repo.MustBeNotBare, context.RepoRef(), context.CheckUnit(models.UnitTypeCode)) + }, repo.MustBeNotBare, context.RepoRef(), reqRepoCodeReader) m.Group("/src", func() { m.Get("/branch/*", context.RepoRefByType(context.RepoRefBranch), repo.Home) @@ -721,24 +730,24 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("", func() { m.Get("/forks", repo.Forks) - }, context.RepoRef(), context.CheckUnit(models.UnitTypeCode)) + }, context.RepoRef(), reqRepoCodeReader) m.Get("/commit/:sha([a-f0-9]{7,40})\\.:ext(patch|diff)", - repo.MustBeNotBare, context.CheckUnit(models.UnitTypeCode), repo.RawDiff) + repo.MustBeNotBare, reqRepoCodeReader, repo.RawDiff) m.Get("/compare/:before([a-z0-9]{40})\\.\\.\\.:after([a-z0-9]{40})", repo.SetEditorconfigIfExists, - repo.SetDiffViewStyle, repo.MustBeNotBare, context.CheckUnit(models.UnitTypeCode), repo.CompareDiff) - }, ignSignIn, context.RepoAssignment(), context.UnitTypes(), context.LoadRepoUnits()) + repo.SetDiffViewStyle, repo.MustBeNotBare, reqRepoCodeReader, repo.CompareDiff) + }, ignSignIn, context.RepoAssignment(), context.UnitTypes()) m.Group("/:username/:reponame", func() { m.Get("/stars", repo.Stars) m.Get("/watchers", repo.Watchers) - m.Get("/search", context.CheckUnit(models.UnitTypeCode), repo.Search) - }, ignSignIn, context.RepoAssignment(), context.RepoRef(), context.UnitTypes(), context.LoadRepoUnits()) + m.Get("/search", reqRepoCodeReader, repo.Search) + }, ignSignIn, context.RepoAssignment(), context.RepoRef(), context.UnitTypes()) m.Group("/:username", func() { m.Group("/:reponame", func() { m.Get("", repo.SetEditorconfigIfExists, repo.Home) m.Get("\\.git$", repo.SetEditorconfigIfExists, repo.Home) - }, ignSignIn, context.RepoAssignment(), context.RepoRef(), context.UnitTypes(), context.LoadRepoUnits()) + }, ignSignIn, context.RepoAssignment(), context.RepoRef(), context.UnitTypes()) m.Group("/:reponame", func() { m.Group("\\.git/info/lfs", func() { |