Browse Source
Prevent DeleteUser API abuse (#10125) (#10128)
* fix & co * word suggestions from @jolheisertags/v1.11.0
6543
4 years ago
2 changed files with 7 additions and 1 deletions
+ 6
- 0
routers/api/v1/admin/user.go
View File
| @@ -7,6 +7,7 @@ package admin | |||
| import ( | |||
| "errors" | |||
| "fmt" | |||
| "net/http" | |||
| "code.gitea.io/gitea/models" | |||
| @@ -226,6 +227,11 @@ func DeleteUser(ctx *context.APIContext) { | |||
| return | |||
| } | |||
| if u.IsOrganization() { | |||
| ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("%s is an organization not a user", u.Name)) | |||
| return | |||
| } | |||
| if err := models.DeleteUser(u); err != nil { | |||
| if models.IsErrUserOwnRepos(err) || | |||
| models.IsErrUserHasOrgs(err) { | |||
+ 1
- 1
routers/org/setting.go
View File
| @@ -115,7 +115,7 @@ func SettingsDeleteAvatar(ctx *context.Context) { | |||
| ctx.Redirect(ctx.Org.OrgLink + "/settings") | |||
| } | |||
| // SettingsDelete response for delete repository | |||
| // SettingsDelete response for deleting an organization | |||
| func SettingsDelete(ctx *context.Context) { | |||
| ctx.Data["Title"] = ctx.Tr("org.settings") | |||
| ctx.Data["PageIsSettingsDelete"] = true | |||
Loading…