From 34548369e1d78eb1141aecd4ab02acf59f2949ae Mon Sep 17 00:00:00 2001 From: Segev Finer Date: Wed, 17 Apr 2019 08:31:08 +0300 Subject: Add API for manipulating Git hooks (#6436) * Add API for manipulating Git hooks Signed-off-by: Segev Finer * Replace code.gitea.io/sdk with PR branch temporarily for CI * Switch back to code.gitea.io/sdk@master * Return 403 instead of 404 on no permission to edit hooks in API * Add tests for Git hooks API * Update models/repo_list_test.go Co-Authored-By: segevfiner * Update models/repo_list_test.go Co-Authored-By: segevfiner * empty line --- routers/api/v1/api.go | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'routers/api/v1/api.go') diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 4194d98db8..f5a1fd6d86 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -312,6 +312,15 @@ func reqOrgMembership() macaron.Handler { } } +func reqGitHook() macaron.Handler { + return func(ctx *context.APIContext) { + if !ctx.User.CanEditGitHook() { + ctx.Error(403, "", "must be allowed to edit Git hooks") + return + } + } +} + func orgAssignment(args ...bool) macaron.Handler { var ( assignOrg bool @@ -509,6 +518,14 @@ func RegisterRoutes(m *macaron.Macaron) { Delete(repo.DeleteHook) m.Post("/tests", context.RepoRef(), repo.TestHook) }) + m.Group("/git", func() { + m.Combo("").Get(repo.ListGitHooks) + m.Group("/:id", func() { + m.Combo("").Get(repo.GetGitHook). + Patch(bind(api.EditGitHookOption{}), repo.EditGitHook). + Delete(repo.DeleteGitHook) + }) + }, reqGitHook(), context.ReferencesGitRepo(true)) }, reqToken(), reqAdmin()) m.Group("/collaborators", func() { m.Get("", repo.ListCollaborators) @@ -602,10 +619,10 @@ func RegisterRoutes(m *macaron.Macaron) { }) m.Group("/releases", func() { m.Combo("").Get(repo.ListReleases). - Post(reqToken(), reqRepoWriter(models.UnitTypeReleases), context.ReferencesGitRepo(), bind(api.CreateReleaseOption{}), repo.CreateRelease) + Post(reqToken(), reqRepoWriter(models.UnitTypeReleases), context.ReferencesGitRepo(false), bind(api.CreateReleaseOption{}), repo.CreateRelease) m.Group("/:id", func() { m.Combo("").Get(repo.GetRelease). - Patch(reqToken(), reqRepoWriter(models.UnitTypeReleases), context.ReferencesGitRepo(), bind(api.EditReleaseOption{}), repo.EditRelease). + Patch(reqToken(), reqRepoWriter(models.UnitTypeReleases), context.ReferencesGitRepo(false), bind(api.EditReleaseOption{}), repo.EditRelease). Delete(reqToken(), reqRepoWriter(models.UnitTypeReleases), repo.DeleteRelease) m.Group("/assets", func() { m.Combo("").Get(repo.ListReleaseAttachments). @@ -627,7 +644,7 @@ func RegisterRoutes(m *macaron.Macaron) { m.Combo("/merge").Get(repo.IsPullRequestMerged). Post(reqToken(), mustNotBeArchived, reqRepoWriter(models.UnitTypePullRequests), bind(auth.MergePullRequestForm{}), repo.MergePullRequest) }) - }, mustAllowPulls, reqRepoReader(models.UnitTypeCode), context.ReferencesGitRepo()) + }, mustAllowPulls, reqRepoReader(models.UnitTypeCode), context.ReferencesGitRepo(false)) m.Group("/statuses", func() { m.Combo("/:sha").Get(repo.GetCommitStatuses). Post(reqToken(), bind(api.CreateStatusOption{}), repo.NewCommitStatus) -- cgit v1.2.3