peter/go-gitea
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow admin to migrate repositories for other users

Browse Source
This commit is contained in:
Lauris Bukšis-Haberkorns 2018-07-05 00:31:24 +03:00
parent e0ffe0b58d
commit 0cf6c338e7
No known key found for this signature in database
GPG Key ID: AECE216D007B1CCC
2 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
integrations/api_repo_test.go
View File

@ -242,7 +242,8 @@ func TestAPIRepoMigrate(t *testing.T) {
cloneURL, repoName string
expectedStatus int
}{
{ctxUserID: 2, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git", expectedStatus: http.StatusCreated},
{ctxUserID: 1, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-admin", expectedStatus: http.StatusCreated},
{ctxUserID: 2, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-own", expectedStatus: http.StatusCreated},
{ctxUserID: 2, userID: 1, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-bad", expectedStatus: http.StatusForbidden},
{ctxUserID: 2, userID: 3, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-org", expectedStatus: http.StatusCreated},
{ctxUserID: 2, userID: 6, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-bad-org", expectedStatus: http.StatusForbidden},

28
routers/api/v1/repo/repo.go
View File

@ -306,20 +306,22 @@ func Migrate(ctx *context.APIContext, form auth.MigrateRepoForm) {
return
}
if !ctxUser.IsOrganization() && ctx.User.ID != ctxUser.ID {
ctx.Error(403, "", "Given user is not an organization.")
return
}
if !ctx.User.IsAdmin {
if !ctxUser.IsOrganization() && ctx.User.ID != ctxUser.ID {
ctx.Error(403, "", "Given user is not an organization.")
return
}
if ctxUser.IsOrganization() && !ctx.User.IsAdmin {
// Check ownership of organization.
isOwner, err := ctxUser.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOwnedBy", err)
return
} else if !isOwner {
ctx.Error(403, "", "Given user is not owner of organization.")
return
if ctxUser.IsOrganization() {
// Check ownership of organization.
isOwner, err := ctxUser.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOwnedBy", err)
return
} else if !isOwner {
ctx.Error(403, "", "Given user is not owner of organization.")
return
}
}
}