don't allow pull requests to be created on an archived repository (#5883)

* don't allow pull requests to be created on an archived repository
Also disable the "PR" button if the repo is archived

* Refuse creating an issue/PR via API calls too
This commit is contained in:
Lanre Adelowo 2019-01-30 18:20:40 +01:00 committed by techknowlogick
parent 6dc2f401c9
commit 57a69ef277
3 changed files with 15 additions and 8 deletions

View file

@ -74,7 +74,7 @@ import (
api "code.gitea.io/sdk/gitea"
"github.com/go-macaron/binding"
"gopkg.in/macaron.v1"
macaron "gopkg.in/macaron.v1"
)
func sudo() macaron.Handler {
@ -371,6 +371,13 @@ func mustEnableUserHeatmap(ctx *context.Context) {
}
}
func mustNotBeArchived(ctx *context.Context) {
if ctx.Repo.Repository.IsArchived {
ctx.Status(404)
return
}
}
// RegisterRoutes registers all v1 APIs routes to web application.
// FIXME: custom form error response
func RegisterRoutes(m *macaron.Macaron) {
@ -518,11 +525,11 @@ func RegisterRoutes(m *macaron.Macaron) {
}, mustEnableIssues)
m.Group("/issues", func() {
m.Combo("").Get(repo.ListIssues).
Post(reqToken(), bind(api.CreateIssueOption{}), repo.CreateIssue)
Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueOption{}), repo.CreateIssue)
m.Group("/comments", func() {
m.Get("", repo.ListRepoIssueComments)
m.Combo("/:id", reqToken()).
Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueComment).
Patch(mustNotBeArchived, bind(api.EditIssueCommentOption{}), repo.EditIssueComment).
Delete(repo.DeleteIssueComment)
})
m.Group("/:index", func() {
@ -531,7 +538,7 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Group("/comments", func() {
m.Combo("").Get(repo.ListIssueComments).
Post(reqToken(), bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment)
Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment)
m.Combo("/:id", reqToken()).Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueCommentDeprecated).
Delete(repo.DeleteIssueCommentDeprecated)
})
@ -593,12 +600,12 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Get("/editorconfig/:filename", context.RepoRef(), reqRepoReader(models.UnitTypeCode), repo.GetEditorconfig)
m.Group("/pulls", func() {
m.Combo("").Get(bind(api.ListPullRequestsOptions{}), repo.ListPullRequests).
Post(reqToken(), bind(api.CreatePullRequestOption{}), repo.CreatePullRequest)
Post(reqToken(), mustNotBeArchived, bind(api.CreatePullRequestOption{}), repo.CreatePullRequest)
m.Group("/:index", func() {
m.Combo("").Get(repo.GetPullRequest).
Patch(reqToken(), reqRepoWriter(models.UnitTypePullRequests), bind(api.EditPullRequestOption{}), repo.EditPullRequest)
m.Combo("/merge").Get(repo.IsPullRequestMerged).
Post(reqToken(), reqRepoWriter(models.UnitTypePullRequests), bind(auth.MergePullRequestForm{}), repo.MergePullRequest)
Post(reqToken(), mustNotBeArchived, reqRepoWriter(models.UnitTypePullRequests), bind(auth.MergePullRequestForm{}), repo.MergePullRequest)
})
}, mustAllowPulls, reqRepoReader(models.UnitTypeCode), context.ReferencesGitRepo())
m.Group("/statuses", func() {

View file

@ -586,7 +586,7 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Group("/milestone", func() {
m.Get("/:id", repo.MilestoneIssuesAndPulls)
}, reqRepoIssuesOrPullsWriter, context.RepoRef())
m.Combo("/compare/*", reqRepoCodeReader, reqRepoPullsReader, repo.MustAllowPulls, repo.SetEditorconfigIfExists).
m.Combo("/compare/*", context.RepoMustNotBeArchived(), reqRepoCodeReader, reqRepoPullsReader, repo.MustAllowPulls, repo.SetEditorconfigIfExists).
Get(repo.SetDiffViewStyle, repo.CompareAndPullRequest).
Post(bindIgnErr(auth.CreateIssueForm{}), repo.CompareAndPullRequestPost)

View file

@ -57,7 +57,7 @@
{{end}}
{{template "repo/sub_menu" .}}
<div class="ui stackable secondary menu mobile--margin-between-items mobile--no-negative-margins">
{{if and .PullRequestCtx.Allowed .IsViewBranch}}
{{if and .PullRequestCtx.Allowed .IsViewBranch (not .Repository.IsArchived)}}
<div class="fitted item">
<a href="{{.BaseRepo.Link}}/compare/{{.BaseRepo.DefaultBranch | EscapePound}}...{{ if .Repository.IsFork }}{{.Repository.Owner.Name}}{{ else }}{{ .SignedUserName }}{{ end }}:{{.BranchName | EscapePound}}">
<button class="ui green tiny compact button"><i class="octicon octicon-git-compare"></i></button>