mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6524 Commits
17 Branches
Tree: ef6813abc9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ef6813abc9'
${ noResults }
gitea/routers/api/v1/api.go

api.go 17KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585 
  1. // Copyright 2015 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. // Package v1 Gitea API.

  6. //

  7. // This documentation describes the Gitea API.

  8. //

  9. //     Schemes: http, https

  10. //     BasePath: /api/v1

  11. //     Version: 1.1.1

  12. //     License: MIT http://opensource.org/licenses/MIT

  13. //

  14. //     Consumes:

  15. //     - application/json

  16. //     - text/plain

  17. //

  18. //     Produces:

  19. //     - application/json

  20. //     - text/html

  21. //

  22. //     Security:

  23. //     - BasicAuth :

  24. //     - Token :

  25. //     - AccessToken :

  26. //     - AuthorizationHeaderToken :

  27. //

  28. //     SecurityDefinitions:

  29. //     BasicAuth:

  30. //          type: basic

  31. //     Token:

  32. //          type: apiKey

  33. //          name: token

  34. //          in: query

  35. //     AccessToken:

  36. //          type: apiKey

  37. //          name: access_token

  38. //          in: query

  39. //     AuthorizationHeaderToken:

  40. //          type: apiKey

  41. //          name: Authorization

  42. //          in: header

  43. //

  44. // swagger:meta

  45. package v1

  46. 

  47. import (

  48. 	"strings"

  49. 

  50. 	"code.gitea.io/gitea/models"

  51. 	"code.gitea.io/gitea/modules/auth"

  52. 	"code.gitea.io/gitea/modules/context"

  53. 	"code.gitea.io/gitea/modules/setting"

  54. 	"code.gitea.io/gitea/routers/api/v1/admin"

  55. 	"code.gitea.io/gitea/routers/api/v1/misc"

  56. 	"code.gitea.io/gitea/routers/api/v1/org"

  57. 	"code.gitea.io/gitea/routers/api/v1/repo"

  58. 	_ "code.gitea.io/gitea/routers/api/v1/swagger" // for swagger generation

  59. 	"code.gitea.io/gitea/routers/api/v1/user"

  60. 	"code.gitea.io/gitea/routers/api/v1/utils"

  61. 	api "code.gitea.io/sdk/gitea"

  62. 

  63. 	"github.com/go-macaron/binding"

  64. 	"gopkg.in/macaron.v1"

  65. )

  66. 

  67. func repoAssignment() macaron.Handler {

  68. 	return func(ctx *context.APIContext) {

  69. 		userName := ctx.Params(":username")

  70. 		repoName := ctx.Params(":reponame")

  71. 

  72. 		var (

  73. 			owner *models.User

  74. 			err   error

  75. 		)

  76. 

  77. 		// Check if the user is the same as the repository owner.

  78. 		if ctx.IsSigned && ctx.User.LowerName == strings.ToLower(userName) {

  79. 			owner = ctx.User

  80. 		} else {

  81. 			owner, err = models.GetUserByName(userName)

  82. 			if err != nil {

  83. 				if models.IsErrUserNotExist(err) {

  84. 					ctx.Status(404)

  85. 				} else {

  86. 					ctx.Error(500, "GetUserByName", err)

  87. 				}

  88. 				return

  89. 			}

  90. 		}

  91. 		ctx.Repo.Owner = owner

  92. 

  93. 		// Get repository.

  94. 		repo, err := models.GetRepositoryByName(owner.ID, repoName)

  95. 		if err != nil {

  96. 			if models.IsErrRepoNotExist(err) {

  97. 				redirectRepoID, err := models.LookupRepoRedirect(owner.ID, repoName)

  98. 				if err == nil {

  99. 					context.RedirectToRepo(ctx.Context, redirectRepoID)

  100. 				} else if models.IsErrRepoRedirectNotExist(err) {

  101. 					ctx.Status(404)

  102. 				} else {

  103. 					ctx.Error(500, "LookupRepoRedirect", err)

  104. 				}

  105. 			} else {

  106. 				ctx.Error(500, "GetRepositoryByName", err)

  107. 			}

  108. 			return

  109. 		}

  110. 		repo.Owner = owner

  111. 

  112. 		if ctx.IsSigned && ctx.User.IsAdmin {

  113. 			ctx.Repo.AccessMode = models.AccessModeOwner

  114. 		} else {

  115. 			mode, err := models.AccessLevel(utils.UserID(ctx), repo)

  116. 			if err != nil {

  117. 				ctx.Error(500, "AccessLevel", err)

  118. 				return

  119. 			}

  120. 			ctx.Repo.AccessMode = mode

  121. 		}

  122. 

  123. 		if !ctx.Repo.HasAccess() {

  124. 			ctx.Status(404)

  125. 			return

  126. 		}

  127. 

  128. 		ctx.Repo.Repository = repo

  129. 	}

  130. }

  131. 

  132. // Contexter middleware already checks token for user sign in process.

  133. func reqToken() macaron.Handler {

  134. 	return func(ctx *context.Context) {

  135. 		if !ctx.IsSigned {

  136. 			ctx.Error(401)

  137. 			return

  138. 		}

  139. 	}

  140. }

  141. 

  142. func reqBasicAuth() macaron.Handler {

  143. 	return func(ctx *context.Context) {

  144. 		if !ctx.IsBasicAuth {

  145. 			ctx.Error(401)

  146. 			return

  147. 		}

  148. 	}

  149. }

  150. 

  151. func reqAdmin() macaron.Handler {

  152. 	return func(ctx *context.Context) {

  153. 		if !ctx.IsSigned || !ctx.User.IsAdmin {

  154. 			ctx.Error(403)

  155. 			return

  156. 		}

  157. 	}

  158. }

  159. 

  160. func reqRepoWriter() macaron.Handler {

  161. 	return func(ctx *context.Context) {

  162. 		if !ctx.Repo.IsWriter() {

  163. 			ctx.Error(403)

  164. 			return

  165. 		}

  166. 	}

  167. }

  168. 

  169. func reqOrgMembership() macaron.Handler {

  170. 	return func(ctx *context.APIContext) {

  171. 		var orgID int64

  172. 		if ctx.Org.Organization != nil {

  173. 			orgID = ctx.Org.Organization.ID

  174. 		} else if ctx.Org.Team != nil {

  175. 			orgID = ctx.Org.Team.OrgID

  176. 		} else {

  177. 			ctx.Error(500, "", "reqOrgMembership: unprepared context")

  178. 			return

  179. 		}

  180. 

  181. 		if isMember, err := models.IsOrganizationMember(orgID, ctx.User.ID); err != nil {

  182. 			ctx.Error(500, "IsOrganizationMember", err)

  183. 			return

  184. 		} else if !isMember {

  185. 			if ctx.Org.Organization != nil {

  186. 				ctx.Error(403, "", "Must be an organization member")

  187. 			} else {

  188. 				ctx.Status(404)

  189. 			}

  190. 			return

  191. 		}

  192. 	}

  193. }

  194. 

  195. func reqOrgOwnership() macaron.Handler {

  196. 	return func(ctx *context.APIContext) {

  197. 		var orgID int64

  198. 		if ctx.Org.Organization != nil {

  199. 			orgID = ctx.Org.Organization.ID

  200. 		} else if ctx.Org.Team != nil {

  201. 			orgID = ctx.Org.Team.OrgID

  202. 		} else {

  203. 			ctx.Error(500, "", "reqOrgOwnership: unprepared context")

  204. 			return

  205. 		}

  206. 

  207. 		isOwner, err := models.IsOrganizationOwner(orgID, ctx.User.ID)

  208. 		if err != nil {

  209. 			ctx.Error(500, "IsOrganizationOwner", err)

  210. 		} else if !isOwner {

  211. 			if ctx.Org.Organization != nil {

  212. 				ctx.Error(403, "", "Must be an organization owner")

  213. 			} else {

  214. 				ctx.Status(404)

  215. 			}

  216. 			return

  217. 		}

  218. 	}

  219. }

  220. 

  221. func orgAssignment(args ...bool) macaron.Handler {

  222. 	var (

  223. 		assignOrg  bool

  224. 		assignTeam bool

  225. 	)

  226. 	if len(args) > 0 {

  227. 		assignOrg = args[0]

  228. 	}

  229. 	if len(args) > 1 {

  230. 		assignTeam = args[1]

  231. 	}

  232. 	return func(ctx *context.APIContext) {

  233. 		ctx.Org = new(context.APIOrganization)

  234. 

  235. 		var err error

  236. 		if assignOrg {

  237. 			ctx.Org.Organization, err = models.GetOrgByName(ctx.Params(":orgname"))

  238. 			if err != nil {

  239. 				if models.IsErrOrgNotExist(err) {

  240. 					ctx.Status(404)

  241. 				} else {

  242. 					ctx.Error(500, "GetOrgByName", err)

  243. 				}

  244. 				return

  245. 			}

  246. 		}

  247. 

  248. 		if assignTeam {

  249. 			ctx.Org.Team, err = models.GetTeamByID(ctx.ParamsInt64(":teamid"))

  250. 			if err != nil {

  251. 				if models.IsErrUserNotExist(err) {

  252. 					ctx.Status(404)

  253. 				} else {

  254. 					ctx.Error(500, "GetTeamById", err)

  255. 				}

  256. 				return

  257. 			}

  258. 		}

  259. 	}

  260. }

  261. 

  262. func mustEnableIssues(ctx *context.APIContext) {

  263. 	if !ctx.Repo.Repository.UnitEnabled(models.UnitTypeIssues) {

  264. 		ctx.Status(404)

  265. 		return

  266. 	}

  267. }

  268. 

  269. func mustAllowPulls(ctx *context.Context) {

  270. 	if !ctx.Repo.Repository.AllowsPulls() {

  271. 		ctx.Status(404)

  272. 		return

  273. 	}

  274. }

  275. 

  276. // RegisterRoutes registers all v1 APIs routes to web application.

  277. // FIXME: custom form error response

  278. func RegisterRoutes(m *macaron.Macaron) {

  279. 	bind := binding.Bind

  280. 

  281. 	if setting.API.EnableSwaggerEndpoint {

  282. 		m.Get("/swagger", misc.Swagger) //Render V1 by default

  283. 	}

  284. 

  285. 	m.Group("/v1", func() {

  286. 		// Miscellaneous

  287. 		if setting.API.EnableSwaggerEndpoint {

  288. 			m.Get("/swagger", misc.Swagger)

  289. 		}

  290. 		m.Get("/version", misc.Version)

  291. 		m.Post("/markdown", bind(api.MarkdownOption{}), misc.Markdown)

  292. 		m.Post("/markdown/raw", misc.MarkdownRaw)

  293. 

  294. 		// Users

  295. 		m.Group("/users", func() {

  296. 			m.Get("/search", user.Search)

  297. 

  298. 			m.Group("/:username", func() {

  299. 				m.Get("", user.GetInfo)

  300. 

  301. 				m.Get("/repos", user.ListUserRepos)

  302. 				m.Group("/tokens", func() {

  303. 					m.Combo("").Get(user.ListAccessTokens).

  304. 						Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken)

  305. 					m.Combo("/:id").Delete(user.DeleteAccessToken)

  306. 				}, reqBasicAuth())

  307. 			})

  308. 		})

  309. 

  310. 		m.Group("/users", func() {

  311. 			m.Group("/:username", func() {

  312. 				m.Get("/keys", user.ListPublicKeys)

  313. 				m.Get("/gpg_keys", user.ListGPGKeys)

  314. 

  315. 				m.Get("/followers", user.ListFollowers)

  316. 				m.Group("/following", func() {

  317. 					m.Get("", user.ListFollowing)

  318. 					m.Get("/:target", user.CheckFollowing)

  319. 				})

  320. 

  321. 				m.Get("/starred", user.GetStarredRepos)

  322. 

  323. 				m.Get("/subscriptions", user.GetWatchedRepos)

  324. 			})

  325. 		}, reqToken())

  326. 

  327. 		m.Group("/user", func() {

  328. 			m.Get("", user.GetAuthenticatedUser)

  329. 			m.Combo("/emails").Get(user.ListEmails).

  330. 				Post(bind(api.CreateEmailOption{}), user.AddEmail).

  331. 				Delete(bind(api.DeleteEmailOption{}), user.DeleteEmail)

  332. 

  333. 			m.Get("/followers", user.ListMyFollowers)

  334. 			m.Group("/following", func() {

  335. 				m.Get("", user.ListMyFollowing)

  336. 				m.Combo("/:username").Get(user.CheckMyFollowing).Put(user.Follow).Delete(user.Unfollow)

  337. 			})

  338. 

  339. 			m.Group("/keys", func() {

  340. 				m.Combo("").Get(user.ListMyPublicKeys).

  341. 					Post(bind(api.CreateKeyOption{}), user.CreatePublicKey)

  342. 				m.Combo("/:id").Get(user.GetPublicKey).

  343. 					Delete(user.DeletePublicKey)

  344. 			})

  345. 

  346. 			m.Group("/gpg_keys", func() {

  347. 				m.Combo("").Get(user.ListMyGPGKeys).

  348. 					Post(bind(api.CreateGPGKeyOption{}), user.CreateGPGKey)

  349. 				m.Combo("/:id").Get(user.GetGPGKey).

  350. 					Delete(user.DeleteGPGKey)

  351. 			})

  352. 

  353. 			m.Combo("/repos").Get(user.ListMyRepos).

  354. 				Post(bind(api.CreateRepoOption{}), repo.Create)

  355. 

  356. 			m.Group("/starred", func() {

  357. 				m.Get("", user.GetMyStarredRepos)

  358. 				m.Group("/:username/:reponame", func() {

  359. 					m.Get("", user.IsStarring)

  360. 					m.Put("", user.Star)

  361. 					m.Delete("", user.Unstar)

  362. 				}, repoAssignment())

  363. 			})

  364. 			m.Get("/times", repo.ListMyTrackedTimes)

  365. 

  366. 			m.Get("/subscriptions", user.GetMyWatchedRepos)

  367. 		}, reqToken())

  368. 

  369. 		// Repositories

  370. 		m.Post("/org/:org/repos", reqToken(), bind(api.CreateRepoOption{}), repo.CreateOrgRepo)

  371. 

  372. 		m.Group("/repos", func() {

  373. 			m.Get("/search", repo.Search)

  374. 		})

  375. 

  376. 		m.Combo("/repositories/:id", reqToken()).Get(repo.GetByID)

  377. 

  378. 		m.Group("/repos", func() {

  379. 			m.Post("/migrate", reqToken(), bind(auth.MigrateRepoForm{}), repo.Migrate)

  380. 

  381. 			m.Group("/:username/:reponame", func() {

  382. 				m.Combo("").Get(repo.Get).Delete(reqToken(), repo.Delete)

  383. 				m.Group("/hooks", func() {

  384. 					m.Combo("").Get(repo.ListHooks).

  385. 						Post(bind(api.CreateHookOption{}), repo.CreateHook)

  386. 					m.Group("/:id", func() {

  387. 						m.Combo("").Get(repo.GetHook).

  388. 							Patch(bind(api.EditHookOption{}), repo.EditHook).

  389. 							Delete(repo.DeleteHook)

  390. 						m.Post("/tests", context.RepoRef(), repo.TestHook)

  391. 					})

  392. 				}, reqToken(), reqRepoWriter())

  393. 				m.Group("/collaborators", func() {

  394. 					m.Get("", repo.ListCollaborators)

  395. 					m.Combo("/:collaborator").Get(repo.IsCollaborator).

  396. 						Put(bind(api.AddCollaboratorOption{}), repo.AddCollaborator).

  397. 						Delete(repo.DeleteCollaborator)

  398. 				}, reqToken())

  399. 				m.Get("/raw/*", context.RepoRefByType(context.RepoRefAny), repo.GetRawFile)

  400. 				m.Get("/archive/*", repo.GetArchive)

  401. 				m.Combo("/forks").Get(repo.ListForks).

  402. 					Post(reqToken(), bind(api.CreateForkOption{}), repo.CreateFork)

  403. 				m.Group("/branches", func() {

  404. 					m.Get("", repo.ListBranches)

  405. 					m.Get("/*", context.RepoRefByType(context.RepoRefBranch), repo.GetBranch)

  406. 				})

  407. 				m.Group("/keys", func() {

  408. 					m.Combo("").Get(repo.ListDeployKeys).

  409. 						Post(bind(api.CreateKeyOption{}), repo.CreateDeployKey)

  410. 					m.Combo("/:id").Get(repo.GetDeployKey).

  411. 						Delete(repo.DeleteDeploykey)

  412. 				}, reqToken(), reqRepoWriter())

  413. 				m.Group("/times", func() {

  414. 					m.Combo("").Get(repo.ListTrackedTimesByRepository)

  415. 					m.Combo("/:timetrackingusername").Get(repo.ListTrackedTimesByUser)

  416. 

  417. 				}, mustEnableIssues)

  418. 				m.Group("/issues", func() {

  419. 					m.Combo("").Get(repo.ListIssues).

  420. 						Post(reqToken(), bind(api.CreateIssueOption{}), repo.CreateIssue)

  421. 					m.Group("/comments", func() {

  422. 						m.Get("", repo.ListRepoIssueComments)

  423. 						m.Combo("/:id", reqToken()).

  424. 							Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueComment).

  425. 							Delete(repo.DeleteIssueComment)

  426. 					})

  427. 					m.Group("/:index", func() {

  428. 						m.Combo("").Get(repo.GetIssue).

  429. 							Patch(reqToken(), bind(api.EditIssueOption{}), repo.EditIssue)

  430. 

  431. 						m.Group("/comments", func() {

  432. 							m.Combo("").Get(repo.ListIssueComments).

  433. 								Post(reqToken(), bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment)

  434. 							m.Combo("/:id", reqToken()).Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueCommentDeprecated).

  435. 								Delete(repo.DeleteIssueCommentDeprecated)

  436. 						})

  437. 

  438. 						m.Group("/labels", func() {

  439. 							m.Combo("").Get(repo.ListIssueLabels).

  440. 								Post(reqToken(), bind(api.IssueLabelsOption{}), repo.AddIssueLabels).

  441. 								Put(reqToken(), bind(api.IssueLabelsOption{}), repo.ReplaceIssueLabels).

  442. 								Delete(reqToken(), repo.ClearIssueLabels)

  443. 							m.Delete("/:id", reqToken(), repo.DeleteIssueLabel)

  444. 						})

  445. 

  446. 						m.Group("/times", func() {

  447. 							m.Combo("").Get(repo.ListTrackedTimes).

  448. 								Post(reqToken(), bind(api.AddTimeOption{}), repo.AddTime)

  449. 						})

  450. 

  451. 						m.Combo("/deadline").Post(reqToken(), bind(api.EditDeadlineOption{}), repo.UpdateIssueDeadline)

  452. 					})

  453. 				}, mustEnableIssues)

  454. 				m.Group("/labels", func() {

  455. 					m.Combo("").Get(repo.ListLabels).

  456. 						Post(reqToken(), bind(api.CreateLabelOption{}), repo.CreateLabel)

  457. 					m.Combo("/:id").Get(repo.GetLabel).

  458. 						Patch(reqToken(), bind(api.EditLabelOption{}), repo.EditLabel).

  459. 						Delete(reqToken(), repo.DeleteLabel)

  460. 				})

  461. 				m.Group("/milestones", func() {

  462. 					m.Combo("").Get(repo.ListMilestones).

  463. 						Post(reqToken(), reqRepoWriter(), bind(api.CreateMilestoneOption{}), repo.CreateMilestone)

  464. 					m.Combo("/:id").Get(repo.GetMilestone).

  465. 						Patch(reqToken(), reqRepoWriter(), bind(api.EditMilestoneOption{}), repo.EditMilestone).

  466. 						Delete(reqToken(), reqRepoWriter(), repo.DeleteMilestone)

  467. 				})

  468. 				m.Get("/stargazers", repo.ListStargazers)

  469. 				m.Get("/subscribers", repo.ListSubscribers)

  470. 				m.Group("/subscription", func() {

  471. 					m.Get("", user.IsWatching)

  472. 					m.Put("", reqToken(), user.Watch)

  473. 					m.Delete("", reqToken(), user.Unwatch)

  474. 				})

  475. 				m.Group("/releases", func() {

  476. 					m.Combo("").Get(repo.ListReleases).

  477. 						Post(reqToken(), reqRepoWriter(), context.ReferencesGitRepo(), bind(api.CreateReleaseOption{}), repo.CreateRelease)

  478. 					m.Group("/:id", func() {

  479. 						m.Combo("").Get(repo.GetRelease).

  480. 							Patch(reqToken(), reqRepoWriter(), context.ReferencesGitRepo(), bind(api.EditReleaseOption{}), repo.EditRelease).

  481. 							Delete(reqToken(), reqRepoWriter(), repo.DeleteRelease)

  482. 						m.Group("/assets", func() {

  483. 							m.Combo("").Get(repo.ListReleaseAttachments).

  484. 								Post(reqToken(), reqRepoWriter(), repo.CreateReleaseAttachment)

  485. 							m.Combo("/:asset").Get(repo.GetReleaseAttachment).

  486. 								Patch(reqToken(), reqRepoWriter(), bind(api.EditAttachmentOptions{}), repo.EditReleaseAttachment).

  487. 								Delete(reqToken(), reqRepoWriter(), repo.DeleteReleaseAttachment)

  488. 						})

  489. 					})

  490. 				})

  491. 				m.Post("/mirror-sync", reqToken(), reqRepoWriter(), repo.MirrorSync)

  492. 				m.Get("/editorconfig/:filename", context.RepoRef(), repo.GetEditorconfig)

  493. 				m.Group("/pulls", func() {

  494. 					m.Combo("").Get(bind(api.ListPullRequestsOptions{}), repo.ListPullRequests).

  495. 						Post(reqToken(), reqRepoWriter(), bind(api.CreatePullRequestOption{}), repo.CreatePullRequest)

  496. 					m.Group("/:index", func() {

  497. 						m.Combo("").Get(repo.GetPullRequest).

  498. 							Patch(reqToken(), reqRepoWriter(), bind(api.EditPullRequestOption{}), repo.EditPullRequest)

  499. 						m.Combo("/merge").Get(repo.IsPullRequestMerged).

  500. 							Post(reqToken(), reqRepoWriter(), bind(auth.MergePullRequestForm{}), repo.MergePullRequest)

  501. 					})

  502. 

  503. 				}, mustAllowPulls, context.ReferencesGitRepo())

  504. 				m.Group("/statuses", func() {

  505. 					m.Combo("/:sha").Get(repo.GetCommitStatuses).

  506. 						Post(reqToken(), reqRepoWriter(), bind(api.CreateStatusOption{}), repo.NewCommitStatus)

  507. 				})

  508. 				m.Group("/commits/:ref", func() {

  509. 					m.Get("/status", repo.GetCombinedCommitStatusByRef)

  510. 					m.Get("/statuses", repo.GetCommitStatusesByRef)

  511. 				})

  512. 			}, repoAssignment())

  513. 		})

  514. 

  515. 		// Organizations

  516. 		m.Get("/user/orgs", reqToken(), org.ListMyOrgs)

  517. 		m.Get("/users/:username/orgs", org.ListUserOrgs)

  518. 		m.Group("/orgs/:orgname", func() {

  519. 			m.Get("/repos", user.ListOrgRepos)

  520. 			m.Combo("").Get(org.Get).

  521. 				Patch(reqToken(), reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit)

  522. 			m.Group("/members", func() {

  523. 				m.Get("", org.ListMembers)

  524. 				m.Combo("/:username").Get(org.IsMember).

  525. 					Delete(reqToken(), reqOrgOwnership(), org.DeleteMember)

  526. 			})

  527. 			m.Group("/public_members", func() {

  528. 				m.Get("", org.ListPublicMembers)

  529. 				m.Combo("/:username").Get(org.IsPublicMember).

  530. 					Put(reqToken(), reqOrgMembership(), org.PublicizeMember).

  531. 					Delete(reqToken(), reqOrgMembership(), org.ConcealMember)

  532. 			})

  533. 			m.Combo("/teams", reqToken(), reqOrgMembership()).Get(org.ListTeams).

  534. 				Post(bind(api.CreateTeamOption{}), org.CreateTeam)

  535. 			m.Group("/hooks", func() {

  536. 				m.Combo("").Get(org.ListHooks).

  537. 					Post(bind(api.CreateHookOption{}), org.CreateHook)

  538. 				m.Combo("/:id").Get(org.GetHook).

  539. 					Patch(reqOrgOwnership(), bind(api.EditHookOption{}), org.EditHook).

  540. 					Delete(reqOrgOwnership(), org.DeleteHook)

  541. 			}, reqToken(), reqOrgMembership())

  542. 		}, orgAssignment(true))

  543. 		m.Group("/teams/:teamid", func() {

  544. 			m.Combo("").Get(org.GetTeam).

  545. 				Patch(reqOrgOwnership(), bind(api.EditTeamOption{}), org.EditTeam).

  546. 				Delete(reqOrgOwnership(), org.DeleteTeam)

  547. 			m.Group("/members", func() {

  548. 				m.Get("", org.GetTeamMembers)

  549. 				m.Combo("/:username").

  550. 					Put(reqOrgOwnership(), org.AddTeamMember).

  551. 					Delete(reqOrgOwnership(), org.RemoveTeamMember)

  552. 			})

  553. 			m.Group("/repos", func() {

  554. 				m.Get("", org.GetTeamRepos)

  555. 				m.Combo("/:orgname/:reponame").

  556. 					Put(org.AddTeamRepository).

  557. 					Delete(org.RemoveTeamRepository)

  558. 			})

  559. 		}, orgAssignment(false, true), reqToken(), reqOrgMembership())

  560. 

  561. 		m.Any("/*", func(ctx *context.Context) {

  562. 			ctx.Error(404)

  563. 		})

  564. 

  565. 		m.Group("/admin", func() {

  566. 			m.Group("/users", func() {

  567. 				m.Post("", bind(api.CreateUserOption{}), admin.CreateUser)

  568. 				m.Group("/:username", func() {

  569. 					m.Combo("").Patch(bind(api.EditUserOption{}), admin.EditUser).

  570. 						Delete(admin.DeleteUser)

  571. 					m.Group("/keys", func() {

  572. 						m.Post("", bind(api.CreateKeyOption{}), admin.CreatePublicKey)

  573. 						m.Delete("/:id", admin.DeleteUserPublicKey)

  574. 					})

  575. 					m.Post("/orgs", bind(api.CreateOrgOption{}), admin.CreateOrg)

  576. 					m.Post("/repos", bind(api.CreateRepoOption{}), admin.CreateRepo)

  577. 				})

  578. 			})

  579. 		}, reqAdmin())

  580. 

  581. 		m.Group("/topics", func() {

  582. 			m.Get("/search", repo.TopicSearch)

  583. 		})

  584. 	}, context.APIContexter())

  585. }