Fix bug that collaborators are able to modify settings of repository
This commit is contained in:
parent
465dc962b5
commit
cdffdeddc9
3 changed files with 29 additions and 23 deletions
|
@ -48,6 +48,7 @@ type Context struct {
|
||||||
|
|
||||||
Repo struct {
|
Repo struct {
|
||||||
IsOwner bool
|
IsOwner bool
|
||||||
|
IsTrueOwner bool
|
||||||
IsWatching bool
|
IsWatching bool
|
||||||
IsBranch bool
|
IsBranch bool
|
||||||
IsTag bool
|
IsTag bool
|
||||||
|
|
|
@ -37,7 +37,6 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
|
||||||
var (
|
var (
|
||||||
user *models.User
|
user *models.User
|
||||||
err error
|
err error
|
||||||
isTrueOwner bool
|
|
||||||
)
|
)
|
||||||
|
|
||||||
userName := params["username"]
|
userName := params["username"]
|
||||||
|
@ -52,10 +51,10 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
|
||||||
ctx.Handle(500, "RepoAssignment(HasAccess)", err)
|
ctx.Handle(500, "RepoAssignment(HasAccess)", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
isTrueOwner = ctx.User.LowerName == strings.ToLower(userName)
|
ctx.Repo.IsTrueOwner = ctx.User.LowerName == strings.ToLower(userName)
|
||||||
}
|
}
|
||||||
|
|
||||||
if !isTrueOwner {
|
if !ctx.Repo.IsTrueOwner {
|
||||||
user, err = models.GetUserByName(userName)
|
user, err = models.GetUserByName(userName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err == models.ErrUserNotExist {
|
if err == models.ErrUserNotExist {
|
||||||
|
@ -82,6 +81,11 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
|
||||||
}
|
}
|
||||||
ctx.Repo.Owner = user
|
ctx.Repo.Owner = user
|
||||||
|
|
||||||
|
// Organization owner team members are true owners as well.
|
||||||
|
if ctx.Repo.Owner.IsOrganization() && ctx.Repo.Owner.IsOrgOwner(ctx.User.Id) {
|
||||||
|
ctx.Repo.IsTrueOwner = true
|
||||||
|
}
|
||||||
|
|
||||||
// get repository
|
// get repository
|
||||||
repo, err := models.GetRepositoryByName(user.Id, repoName)
|
repo, err := models.GetRepositoryByName(user.Id, repoName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -154,6 +158,7 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
|
||||||
ctx.Data["Owner"] = user
|
ctx.Data["Owner"] = user
|
||||||
ctx.Data["RepoLink"] = ctx.Repo.RepoLink
|
ctx.Data["RepoLink"] = ctx.Repo.RepoLink
|
||||||
ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner
|
ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner
|
||||||
|
ctx.Data["IsRepositoryTrueOwner"] = ctx.Repo.IsTrueOwner
|
||||||
ctx.Data["BranchName"] = ""
|
ctx.Data["BranchName"] = ""
|
||||||
|
|
||||||
if setting.SshPort != 22 {
|
if setting.SshPort != 22 {
|
||||||
|
@ -257,7 +262,7 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
|
||||||
|
|
||||||
func RequireOwner() martini.Handler {
|
func RequireOwner() martini.Handler {
|
||||||
return func(ctx *Context) {
|
return func(ctx *Context) {
|
||||||
if !ctx.Repo.IsOwner {
|
if !ctx.Repo.IsTrueOwner {
|
||||||
if !ctx.IsSigned {
|
if !ctx.IsSigned {
|
||||||
ctx.SetCookie("redirect_to", "/"+url.QueryEscape(ctx.Req.RequestURI))
|
ctx.SetCookie("redirect_to", "/"+url.QueryEscape(ctx.Req.RequestURI))
|
||||||
ctx.Redirect("/user/login")
|
ctx.Redirect("/user/login")
|
||||||
|
|
|
@ -35,7 +35,7 @@
|
||||||
<li><a href="#">Pulse</a></li>
|
<li><a href="#">Pulse</a></li>
|
||||||
<li><a href="#">Network</a></li>
|
<li><a href="#">Network</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
</li> -->{{end}}{{if .IsRepositoryOwner}}
|
</li> -->{{end}}{{if .IsRepositoryTrueOwner}}
|
||||||
<li class="{{if .IsRepoToolbarSetting}}active{{end}}"><a href="{{.RepoLink}}/settings">Settings</a>
|
<li class="{{if .IsRepoToolbarSetting}}active{{end}}"><a href="{{.RepoLink}}/settings">Settings</a>
|
||||||
</li>{{end}}
|
</li>{{end}}
|
||||||
</ul>
|
</ul>
|
||||||
|
|
Loading…
Reference in a new issue