Check for access in /repositories/:id (#2227)
* Check for access in /repositories/:id * Integration test
This commit is contained in:
parent
a9cc538ab5
commit
49df677c47
2 changed files with 12 additions and 1 deletions
|
@ -84,3 +84,11 @@ func TestAPIOrgRepos(t *testing.T) {
|
||||||
assert.False(t, repo.Private)
|
assert.False(t, repo.Private)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAPIGetRepoByIDUnauthorized(t *testing.T) {
|
||||||
|
prepareTestEnv(t)
|
||||||
|
user := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)
|
||||||
|
sess := loginUser(t, user.Name)
|
||||||
|
req := NewRequestf(t, "GET", "/api/v1/repositories/2")
|
||||||
|
sess.MakeRequest(t, req, http.StatusNotFound)
|
||||||
|
}
|
||||||
|
|
|
@ -293,7 +293,10 @@ func GetByID(ctx *context.APIContext) {
|
||||||
|
|
||||||
access, err := models.AccessLevel(ctx.User.ID, repo)
|
access, err := models.AccessLevel(ctx.User.ID, repo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Error(500, "GetRepositoryByID", err)
|
ctx.Error(500, "AccessLevel", err)
|
||||||
|
return
|
||||||
|
} else if access < models.AccessModeRead {
|
||||||
|
ctx.Status(404)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ctx.JSON(200, repo.APIFormat(access))
|
ctx.JSON(200, repo.APIFormat(access))
|
||||||
|
|
Reference in a new issue