You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

api.go 19KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644
  1. // Copyright 2015 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. // Package v1 Gitea API.
  5. //
  6. // This documentation describes the Gitea API.
  7. //
  8. // Schemes: http, https
  9. // BasePath: /api/v1
  10. // Version: 1.1.1
  11. // License: MIT http://opensource.org/licenses/MIT
  12. //
  13. // Consumes:
  14. // - application/json
  15. // - text/plain
  16. //
  17. // Produces:
  18. // - application/json
  19. // - text/html
  20. //
  21. // Security:
  22. // - BasicAuth :
  23. // - Token :
  24. // - AccessToken :
  25. // - AuthorizationHeaderToken :
  26. // - SudoParam :
  27. // - SudoHeader :
  28. //
  29. // SecurityDefinitions:
  30. // BasicAuth:
  31. // type: basic
  32. // Token:
  33. // type: apiKey
  34. // name: token
  35. // in: query
  36. // AccessToken:
  37. // type: apiKey
  38. // name: access_token
  39. // in: query
  40. // AuthorizationHeaderToken:
  41. // type: apiKey
  42. // name: Authorization
  43. // in: header
  44. // SudoParam:
  45. // type: apiKey
  46. // name: sudo
  47. // in: query
  48. // description: Sudo API request as the user provided as the key. Admin privileges are required.
  49. // SudoHeader:
  50. // type: apiKey
  51. // name: Sudo
  52. // in: header
  53. // description: Sudo API request as the user provided as the key. Admin privileges are required.
  54. //
  55. // swagger:meta
  56. package v1
  57. import (
  58. "strings"
  59. "code.gitea.io/gitea/models"
  60. "code.gitea.io/gitea/modules/auth"
  61. "code.gitea.io/gitea/modules/context"
  62. "code.gitea.io/gitea/modules/log"
  63. "code.gitea.io/gitea/modules/setting"
  64. "code.gitea.io/gitea/routers/api/v1/admin"
  65. "code.gitea.io/gitea/routers/api/v1/misc"
  66. "code.gitea.io/gitea/routers/api/v1/org"
  67. "code.gitea.io/gitea/routers/api/v1/repo"
  68. _ "code.gitea.io/gitea/routers/api/v1/swagger" // for swagger generation
  69. "code.gitea.io/gitea/routers/api/v1/user"
  70. "code.gitea.io/gitea/routers/api/v1/utils"
  71. api "code.gitea.io/sdk/gitea"
  72. "github.com/go-macaron/binding"
  73. "gopkg.in/macaron.v1"
  74. )
  75. func sudo() macaron.Handler {
  76. return func(ctx *context.APIContext) {
  77. sudo := ctx.Query("sudo")
  78. if len(sudo) == 0 {
  79. sudo = ctx.Req.Header.Get("Sudo")
  80. }
  81. if len(sudo) > 0 {
  82. if ctx.User.IsAdmin {
  83. user, err := models.GetUserByName(sudo)
  84. if err != nil {
  85. if models.IsErrUserNotExist(err) {
  86. ctx.Status(404)
  87. } else {
  88. ctx.Error(500, "GetUserByName", err)
  89. }
  90. return
  91. }
  92. log.Trace("Sudo from (%s) to: %s", ctx.User.Name, user.Name)
  93. ctx.User = user
  94. } else {
  95. ctx.JSON(403, map[string]string{
  96. "message": "Only administrators allowed to sudo.",
  97. })
  98. return
  99. }
  100. }
  101. }
  102. }
  103. func repoAssignment() macaron.Handler {
  104. return func(ctx *context.APIContext) {
  105. userName := ctx.Params(":username")
  106. repoName := ctx.Params(":reponame")
  107. var (
  108. owner *models.User
  109. err error
  110. )
  111. // Check if the user is the same as the repository owner.
  112. if ctx.IsSigned && ctx.User.LowerName == strings.ToLower(userName) {
  113. owner = ctx.User
  114. } else {
  115. owner, err = models.GetUserByName(userName)
  116. if err != nil {
  117. if models.IsErrUserNotExist(err) {
  118. ctx.Status(404)
  119. } else {
  120. ctx.Error(500, "GetUserByName", err)
  121. }
  122. return
  123. }
  124. }
  125. ctx.Repo.Owner = owner
  126. // Get repository.
  127. repo, err := models.GetRepositoryByName(owner.ID, repoName)
  128. if err != nil {
  129. if models.IsErrRepoNotExist(err) {
  130. redirectRepoID, err := models.LookupRepoRedirect(owner.ID, repoName)
  131. if err == nil {
  132. context.RedirectToRepo(ctx.Context, redirectRepoID)
  133. } else if models.IsErrRepoRedirectNotExist(err) {
  134. ctx.Status(404)
  135. } else {
  136. ctx.Error(500, "LookupRepoRedirect", err)
  137. }
  138. } else {
  139. ctx.Error(500, "GetRepositoryByName", err)
  140. }
  141. return
  142. }
  143. repo.Owner = owner
  144. if ctx.IsSigned && ctx.User.IsAdmin {
  145. ctx.Repo.AccessMode = models.AccessModeOwner
  146. } else {
  147. mode, err := models.AccessLevel(utils.UserID(ctx), repo)
  148. if err != nil {
  149. ctx.Error(500, "AccessLevel", err)
  150. return
  151. }
  152. ctx.Repo.AccessMode = mode
  153. }
  154. if !ctx.Repo.HasAccess() {
  155. ctx.Status(404)
  156. return
  157. }
  158. ctx.Repo.Repository = repo
  159. }
  160. }
  161. // Contexter middleware already checks token for user sign in process.
  162. func reqToken() macaron.Handler {
  163. return func(ctx *context.Context) {
  164. if true != ctx.Data["IsApiToken"] {
  165. ctx.Error(401)
  166. return
  167. }
  168. }
  169. }
  170. func reqBasicAuth() macaron.Handler {
  171. return func(ctx *context.Context) {
  172. if !ctx.IsBasicAuth {
  173. ctx.Error(401)
  174. return
  175. }
  176. }
  177. }
  178. func reqAdmin() macaron.Handler {
  179. return func(ctx *context.Context) {
  180. if !ctx.IsSigned || !ctx.User.IsAdmin {
  181. ctx.Error(403)
  182. return
  183. }
  184. }
  185. }
  186. func reqRepoWriter() macaron.Handler {
  187. return func(ctx *context.Context) {
  188. if !ctx.Repo.IsWriter() {
  189. ctx.Error(403)
  190. return
  191. }
  192. }
  193. }
  194. func reqOrgMembership() macaron.Handler {
  195. return func(ctx *context.APIContext) {
  196. var orgID int64
  197. if ctx.Org.Organization != nil {
  198. orgID = ctx.Org.Organization.ID
  199. } else if ctx.Org.Team != nil {
  200. orgID = ctx.Org.Team.OrgID
  201. } else {
  202. ctx.Error(500, "", "reqOrgMembership: unprepared context")
  203. return
  204. }
  205. if isMember, err := models.IsOrganizationMember(orgID, ctx.User.ID); err != nil {
  206. ctx.Error(500, "IsOrganizationMember", err)
  207. return
  208. } else if !isMember {
  209. if ctx.Org.Organization != nil {
  210. ctx.Error(403, "", "Must be an organization member")
  211. } else {
  212. ctx.Status(404)
  213. }
  214. return
  215. }
  216. }
  217. }
  218. func reqOrgOwnership() macaron.Handler {
  219. return func(ctx *context.APIContext) {
  220. var orgID int64
  221. if ctx.Org.Organization != nil {
  222. orgID = ctx.Org.Organization.ID
  223. } else if ctx.Org.Team != nil {
  224. orgID = ctx.Org.Team.OrgID
  225. } else {
  226. ctx.Error(500, "", "reqOrgOwnership: unprepared context")
  227. return
  228. }
  229. isOwner, err := models.IsOrganizationOwner(orgID, ctx.User.ID)
  230. if err != nil {
  231. ctx.Error(500, "IsOrganizationOwner", err)
  232. } else if !isOwner {
  233. if ctx.Org.Organization != nil {
  234. ctx.Error(403, "", "Must be an organization owner")
  235. } else {
  236. ctx.Status(404)
  237. }
  238. return
  239. }
  240. }
  241. }
  242. func orgAssignment(args ...bool) macaron.Handler {
  243. var (
  244. assignOrg bool
  245. assignTeam bool
  246. )
  247. if len(args) > 0 {
  248. assignOrg = args[0]
  249. }
  250. if len(args) > 1 {
  251. assignTeam = args[1]
  252. }
  253. return func(ctx *context.APIContext) {
  254. ctx.Org = new(context.APIOrganization)
  255. var err error
  256. if assignOrg {
  257. ctx.Org.Organization, err = models.GetOrgByName(ctx.Params(":orgname"))
  258. if err != nil {
  259. if models.IsErrOrgNotExist(err) {
  260. ctx.Status(404)
  261. } else {
  262. ctx.Error(500, "GetOrgByName", err)
  263. }
  264. return
  265. }
  266. }
  267. if assignTeam {
  268. ctx.Org.Team, err = models.GetTeamByID(ctx.ParamsInt64(":teamid"))
  269. if err != nil {
  270. if models.IsErrUserNotExist(err) {
  271. ctx.Status(404)
  272. } else {
  273. ctx.Error(500, "GetTeamById", err)
  274. }
  275. return
  276. }
  277. }
  278. }
  279. }
  280. func mustEnableIssues(ctx *context.APIContext) {
  281. if !ctx.Repo.Repository.UnitEnabled(models.UnitTypeIssues) {
  282. ctx.Status(404)
  283. return
  284. }
  285. }
  286. func mustAllowPulls(ctx *context.Context) {
  287. if !ctx.Repo.Repository.AllowsPulls() {
  288. ctx.Status(404)
  289. return
  290. }
  291. }
  292. func mustEnableIssuesOrPulls(ctx *context.Context) {
  293. if !ctx.Repo.Repository.UnitEnabled(models.UnitTypeIssues) &&
  294. !ctx.Repo.Repository.AllowsPulls() {
  295. ctx.Status(404)
  296. return
  297. }
  298. }
  299. func mustEnableUserHeatmap(ctx *context.Context) {
  300. if !setting.Service.EnableUserHeatmap {
  301. ctx.Status(404)
  302. return
  303. }
  304. }
  305. // RegisterRoutes registers all v1 APIs routes to web application.
  306. // FIXME: custom form error response
  307. func RegisterRoutes(m *macaron.Macaron) {
  308. bind := binding.Bind
  309. if setting.API.EnableSwagger {
  310. m.Get("/swagger", misc.Swagger) //Render V1 by default
  311. }
  312. m.Group("/v1", func() {
  313. // Miscellaneous
  314. if setting.API.EnableSwagger {
  315. m.Get("/swagger", misc.Swagger)
  316. }
  317. m.Get("/version", misc.Version)
  318. m.Post("/markdown", bind(api.MarkdownOption{}), misc.Markdown)
  319. m.Post("/markdown/raw", misc.MarkdownRaw)
  320. // Users
  321. m.Group("/users", func() {
  322. m.Get("/search", user.Search)
  323. m.Group("/:username", func() {
  324. m.Get("", user.GetInfo)
  325. m.Get("/heatmap", mustEnableUserHeatmap, user.GetUserHeatmapData)
  326. m.Get("/repos", user.ListUserRepos)
  327. m.Group("/tokens", func() {
  328. m.Combo("").Get(user.ListAccessTokens).
  329. Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken)
  330. m.Combo("/:id").Delete(user.DeleteAccessToken)
  331. }, reqBasicAuth())
  332. })
  333. })
  334. m.Group("/users", func() {
  335. m.Group("/:username", func() {
  336. m.Get("/keys", user.ListPublicKeys)
  337. m.Get("/gpg_keys", user.ListGPGKeys)
  338. m.Get("/followers", user.ListFollowers)
  339. m.Group("/following", func() {
  340. m.Get("", user.ListFollowing)
  341. m.Get("/:target", user.CheckFollowing)
  342. })
  343. m.Get("/starred", user.GetStarredRepos)
  344. m.Get("/subscriptions", user.GetWatchedRepos)
  345. })
  346. }, reqToken())
  347. m.Group("/user", func() {
  348. m.Get("", user.GetAuthenticatedUser)
  349. m.Combo("/emails").Get(user.ListEmails).
  350. Post(bind(api.CreateEmailOption{}), user.AddEmail).
  351. Delete(bind(api.DeleteEmailOption{}), user.DeleteEmail)
  352. m.Get("/followers", user.ListMyFollowers)
  353. m.Group("/following", func() {
  354. m.Get("", user.ListMyFollowing)
  355. m.Combo("/:username").Get(user.CheckMyFollowing).Put(user.Follow).Delete(user.Unfollow)
  356. })
  357. m.Group("/keys", func() {
  358. m.Combo("").Get(user.ListMyPublicKeys).
  359. Post(bind(api.CreateKeyOption{}), user.CreatePublicKey)
  360. m.Combo("/:id").Get(user.GetPublicKey).
  361. Delete(user.DeletePublicKey)
  362. })
  363. m.Group("/gpg_keys", func() {
  364. m.Combo("").Get(user.ListMyGPGKeys).
  365. Post(bind(api.CreateGPGKeyOption{}), user.CreateGPGKey)
  366. m.Combo("/:id").Get(user.GetGPGKey).
  367. Delete(user.DeleteGPGKey)
  368. })
  369. m.Combo("/repos").Get(user.ListMyRepos).
  370. Post(bind(api.CreateRepoOption{}), repo.Create)
  371. m.Group("/starred", func() {
  372. m.Get("", user.GetMyStarredRepos)
  373. m.Group("/:username/:reponame", func() {
  374. m.Get("", user.IsStarring)
  375. m.Put("", user.Star)
  376. m.Delete("", user.Unstar)
  377. }, repoAssignment())
  378. })
  379. m.Get("/times", repo.ListMyTrackedTimes)
  380. m.Get("/subscriptions", user.GetMyWatchedRepos)
  381. }, reqToken())
  382. // Repositories
  383. m.Post("/org/:org/repos", reqToken(), bind(api.CreateRepoOption{}), repo.CreateOrgRepo)
  384. m.Group("/repos", func() {
  385. m.Get("/search", repo.Search)
  386. })
  387. m.Combo("/repositories/:id", reqToken()).Get(repo.GetByID)
  388. m.Group("/repos", func() {
  389. m.Post("/migrate", reqToken(), bind(auth.MigrateRepoForm{}), repo.Migrate)
  390. m.Group("/:username/:reponame", func() {
  391. m.Combo("").Get(repo.Get).Delete(reqToken(), repo.Delete)
  392. m.Group("/hooks", func() {
  393. m.Combo("").Get(repo.ListHooks).
  394. Post(bind(api.CreateHookOption{}), repo.CreateHook)
  395. m.Group("/:id", func() {
  396. m.Combo("").Get(repo.GetHook).
  397. Patch(bind(api.EditHookOption{}), repo.EditHook).
  398. Delete(repo.DeleteHook)
  399. m.Post("/tests", context.RepoRef(), repo.TestHook)
  400. })
  401. }, reqToken(), reqRepoWriter())
  402. m.Group("/collaborators", func() {
  403. m.Get("", repo.ListCollaborators)
  404. m.Combo("/:collaborator").Get(repo.IsCollaborator).
  405. Put(bind(api.AddCollaboratorOption{}), repo.AddCollaborator).
  406. Delete(repo.DeleteCollaborator)
  407. }, reqToken())
  408. m.Get("/raw/*", context.RepoRefByType(context.RepoRefAny), repo.GetRawFile)
  409. m.Get("/archive/*", repo.GetArchive)
  410. m.Combo("/forks").Get(repo.ListForks).
  411. Post(reqToken(), bind(api.CreateForkOption{}), repo.CreateFork)
  412. m.Group("/branches", func() {
  413. m.Get("", repo.ListBranches)
  414. m.Get("/*", context.RepoRefByType(context.RepoRefBranch), repo.GetBranch)
  415. })
  416. m.Group("/keys", func() {
  417. m.Combo("").Get(repo.ListDeployKeys).
  418. Post(bind(api.CreateKeyOption{}), repo.CreateDeployKey)
  419. m.Combo("/:id").Get(repo.GetDeployKey).
  420. Delete(repo.DeleteDeploykey)
  421. }, reqToken(), reqRepoWriter())
  422. m.Group("/times", func() {
  423. m.Combo("").Get(repo.ListTrackedTimesByRepository)
  424. m.Combo("/:timetrackingusername").Get(repo.ListTrackedTimesByUser)
  425. }, mustEnableIssues)
  426. m.Group("/issues", func() {
  427. m.Combo("").Get(repo.ListIssues).
  428. Post(reqToken(), bind(api.CreateIssueOption{}), repo.CreateIssue)
  429. m.Group("/comments", func() {
  430. m.Get("", repo.ListRepoIssueComments)
  431. m.Combo("/:id", reqToken()).
  432. Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueComment).
  433. Delete(repo.DeleteIssueComment)
  434. })
  435. m.Group("/:index", func() {
  436. m.Combo("").Get(repo.GetIssue).
  437. Patch(reqToken(), bind(api.EditIssueOption{}), repo.EditIssue)
  438. m.Group("/comments", func() {
  439. m.Combo("").Get(repo.ListIssueComments).
  440. Post(reqToken(), bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment)
  441. m.Combo("/:id", reqToken()).Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueCommentDeprecated).
  442. Delete(repo.DeleteIssueCommentDeprecated)
  443. })
  444. m.Group("/labels", func() {
  445. m.Combo("").Get(repo.ListIssueLabels).
  446. Post(reqToken(), bind(api.IssueLabelsOption{}), repo.AddIssueLabels).
  447. Put(reqToken(), bind(api.IssueLabelsOption{}), repo.ReplaceIssueLabels).
  448. Delete(reqToken(), repo.ClearIssueLabels)
  449. m.Delete("/:id", reqToken(), repo.DeleteIssueLabel)
  450. })
  451. m.Group("/times", func() {
  452. m.Combo("").Get(repo.ListTrackedTimes).
  453. Post(reqToken(), bind(api.AddTimeOption{}), repo.AddTime)
  454. })
  455. m.Combo("/deadline").Post(reqToken(), bind(api.EditDeadlineOption{}), repo.UpdateIssueDeadline)
  456. })
  457. }, mustEnableIssuesOrPulls)
  458. m.Group("/labels", func() {
  459. m.Combo("").Get(repo.ListLabels).
  460. Post(reqToken(), bind(api.CreateLabelOption{}), repo.CreateLabel)
  461. m.Combo("/:id").Get(repo.GetLabel).
  462. Patch(reqToken(), bind(api.EditLabelOption{}), repo.EditLabel).
  463. Delete(reqToken(), repo.DeleteLabel)
  464. })
  465. m.Group("/milestones", func() {
  466. m.Combo("").Get(repo.ListMilestones).
  467. Post(reqToken(), reqRepoWriter(), bind(api.CreateMilestoneOption{}), repo.CreateMilestone)
  468. m.Combo("/:id").Get(repo.GetMilestone).
  469. Patch(reqToken(), reqRepoWriter(), bind(api.EditMilestoneOption{}), repo.EditMilestone).
  470. Delete(reqToken(), reqRepoWriter(), repo.DeleteMilestone)
  471. })
  472. m.Get("/stargazers", repo.ListStargazers)
  473. m.Get("/subscribers", repo.ListSubscribers)
  474. m.Group("/subscription", func() {
  475. m.Get("", user.IsWatching)
  476. m.Put("", reqToken(), user.Watch)
  477. m.Delete("", reqToken(), user.Unwatch)
  478. })
  479. m.Group("/releases", func() {
  480. m.Combo("").Get(repo.ListReleases).
  481. Post(reqToken(), reqRepoWriter(), context.ReferencesGitRepo(), bind(api.CreateReleaseOption{}), repo.CreateRelease)
  482. m.Group("/:id", func() {
  483. m.Combo("").Get(repo.GetRelease).
  484. Patch(reqToken(), reqRepoWriter(), context.ReferencesGitRepo(), bind(api.EditReleaseOption{}), repo.EditRelease).
  485. Delete(reqToken(), reqRepoWriter(), repo.DeleteRelease)
  486. m.Group("/assets", func() {
  487. m.Combo("").Get(repo.ListReleaseAttachments).
  488. Post(reqToken(), reqRepoWriter(), repo.CreateReleaseAttachment)
  489. m.Combo("/:asset").Get(repo.GetReleaseAttachment).
  490. Patch(reqToken(), reqRepoWriter(), bind(api.EditAttachmentOptions{}), repo.EditReleaseAttachment).
  491. Delete(reqToken(), reqRepoWriter(), repo.DeleteReleaseAttachment)
  492. })
  493. })
  494. })
  495. m.Post("/mirror-sync", reqToken(), reqRepoWriter(), repo.MirrorSync)
  496. m.Get("/editorconfig/:filename", context.RepoRef(), repo.GetEditorconfig)
  497. m.Group("/pulls", func() {
  498. m.Combo("").Get(bind(api.ListPullRequestsOptions{}), repo.ListPullRequests).
  499. Post(reqToken(), reqRepoWriter(), bind(api.CreatePullRequestOption{}), repo.CreatePullRequest)
  500. m.Group("/:index", func() {
  501. m.Combo("").Get(repo.GetPullRequest).
  502. Patch(reqToken(), reqRepoWriter(), bind(api.EditPullRequestOption{}), repo.EditPullRequest)
  503. m.Combo("/merge").Get(repo.IsPullRequestMerged).
  504. Post(reqToken(), reqRepoWriter(), bind(auth.MergePullRequestForm{}), repo.MergePullRequest)
  505. })
  506. }, mustAllowPulls, context.ReferencesGitRepo())
  507. m.Group("/statuses", func() {
  508. m.Combo("/:sha").Get(repo.GetCommitStatuses).
  509. Post(reqToken(), reqRepoWriter(), bind(api.CreateStatusOption{}), repo.NewCommitStatus)
  510. })
  511. m.Group("/commits/:ref", func() {
  512. m.Get("/status", repo.GetCombinedCommitStatusByRef)
  513. m.Get("/statuses", repo.GetCommitStatusesByRef)
  514. })
  515. }, repoAssignment())
  516. })
  517. // Organizations
  518. m.Get("/user/orgs", reqToken(), org.ListMyOrgs)
  519. m.Get("/users/:username/orgs", org.ListUserOrgs)
  520. m.Group("/orgs/:orgname", func() {
  521. m.Get("/repos", user.ListOrgRepos)
  522. m.Combo("").Get(org.Get).
  523. Patch(reqToken(), reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit)
  524. m.Group("/members", func() {
  525. m.Get("", org.ListMembers)
  526. m.Combo("/:username").Get(org.IsMember).
  527. Delete(reqToken(), reqOrgOwnership(), org.DeleteMember)
  528. })
  529. m.Group("/public_members", func() {
  530. m.Get("", org.ListPublicMembers)
  531. m.Combo("/:username").Get(org.IsPublicMember).
  532. Put(reqToken(), reqOrgMembership(), org.PublicizeMember).
  533. Delete(reqToken(), reqOrgMembership(), org.ConcealMember)
  534. })
  535. m.Combo("/teams", reqToken(), reqOrgMembership()).Get(org.ListTeams).
  536. Post(bind(api.CreateTeamOption{}), org.CreateTeam)
  537. m.Group("/hooks", func() {
  538. m.Combo("").Get(org.ListHooks).
  539. Post(bind(api.CreateHookOption{}), org.CreateHook)
  540. m.Combo("/:id").Get(org.GetHook).
  541. Patch(reqOrgOwnership(), bind(api.EditHookOption{}), org.EditHook).
  542. Delete(reqOrgOwnership(), org.DeleteHook)
  543. }, reqToken(), reqOrgMembership())
  544. }, orgAssignment(true))
  545. m.Group("/teams/:teamid", func() {
  546. m.Combo("").Get(org.GetTeam).
  547. Patch(reqOrgOwnership(), bind(api.EditTeamOption{}), org.EditTeam).
  548. Delete(reqOrgOwnership(), org.DeleteTeam)
  549. m.Group("/members", func() {
  550. m.Get("", org.GetTeamMembers)
  551. m.Combo("/:username").
  552. Put(reqOrgOwnership(), org.AddTeamMember).
  553. Delete(reqOrgOwnership(), org.RemoveTeamMember)
  554. })
  555. m.Group("/repos", func() {
  556. m.Get("", org.GetTeamRepos)
  557. m.Combo("/:orgname/:reponame").
  558. Put(org.AddTeamRepository).
  559. Delete(org.RemoveTeamRepository)
  560. })
  561. }, orgAssignment(false, true), reqToken(), reqOrgMembership())
  562. m.Any("/*", func(ctx *context.Context) {
  563. ctx.Error(404)
  564. })
  565. m.Group("/admin", func() {
  566. m.Group("/users", func() {
  567. m.Post("", bind(api.CreateUserOption{}), admin.CreateUser)
  568. m.Group("/:username", func() {
  569. m.Combo("").Patch(bind(api.EditUserOption{}), admin.EditUser).
  570. Delete(admin.DeleteUser)
  571. m.Group("/keys", func() {
  572. m.Post("", bind(api.CreateKeyOption{}), admin.CreatePublicKey)
  573. m.Delete("/:id", admin.DeleteUserPublicKey)
  574. })
  575. m.Post("/orgs", bind(api.CreateOrgOption{}), admin.CreateOrg)
  576. m.Post("/repos", bind(api.CreateRepoOption{}), admin.CreateRepo)
  577. })
  578. })
  579. }, reqAdmin())
  580. m.Group("/topics", func() {
  581. m.Get("/search", repo.TopicSearch)
  582. })
  583. }, context.APIContexter(), sudo())
  584. }