models/webhook: restrict deletion to be explicitly with repo and org ID
This commit is contained in:
parent
5ff2dfb23e
commit
60110adc06
7 changed files with 55 additions and 48 deletions
|
@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
|
||||||
|
|
||||||
![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
|
![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
|
||||||
|
|
||||||
##### Current tip version: 0.9.45 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions)
|
##### Current tip version: 0.9.46 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions)
|
||||||
|
|
||||||
| Web | UI | Preview |
|
| Web | UI | Preview |
|
||||||
|:-------------:|:-------:|:-------:|
|
|:-------------:|:-------:|:-------:|
|
||||||
|
|
2
gogs.go
2
gogs.go
|
@ -17,7 +17,7 @@ import (
|
||||||
"github.com/gogits/gogs/modules/setting"
|
"github.com/gogits/gogs/modules/setting"
|
||||||
)
|
)
|
||||||
|
|
||||||
const APP_VER = "0.9.45.0716"
|
const APP_VER = "0.9.46.0717"
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
runtime.GOMAXPROCS(runtime.NumCPU())
|
runtime.GOMAXPROCS(runtime.NumCPU())
|
||||||
|
|
|
@ -174,28 +174,32 @@ func CreateWebhook(w *Webhook) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetWebhookByRepoID returns webhook of repository by given ID.
|
// getWebhook uses argument bean as query condition,
|
||||||
func GetWebhookByRepoID(repoID, id int64) (*Webhook, error) {
|
// ID must be specified and do not assign unnecessary fields.
|
||||||
w := new(Webhook)
|
func getWebhook(bean *Webhook) (*Webhook, error) {
|
||||||
has, err := x.Id(id).And("repo_id=?", repoID).Get(w)
|
has, err := x.Get(bean)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
} else if !has {
|
} else if !has {
|
||||||
return nil, ErrWebhookNotExist{id}
|
return nil, ErrWebhookNotExist{bean.ID}
|
||||||
}
|
}
|
||||||
return w, nil
|
return bean, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetWebhookByRepoID returns webhook of repository by given ID.
|
||||||
|
func GetWebhookByRepoID(repoID, id int64) (*Webhook, error) {
|
||||||
|
return getWebhook(&Webhook{
|
||||||
|
ID: id,
|
||||||
|
RepoID: repoID,
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetWebhookByOrgID returns webhook of organization by given ID.
|
// GetWebhookByOrgID returns webhook of organization by given ID.
|
||||||
func GetWebhookByOrgID(orgID, id int64) (*Webhook, error) {
|
func GetWebhookByOrgID(orgID, id int64) (*Webhook, error) {
|
||||||
w := new(Webhook)
|
return getWebhook(&Webhook{
|
||||||
has, err := x.Id(id).And("org_id=?", orgID).Get(w)
|
ID: id,
|
||||||
if err != nil {
|
OrgID: orgID,
|
||||||
return nil, err
|
})
|
||||||
} else if !has {
|
|
||||||
return nil, ErrWebhookNotExist{id}
|
|
||||||
}
|
|
||||||
return w, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetActiveWebhooksByRepoID returns all active webhooks of repository.
|
// GetActiveWebhooksByRepoID returns all active webhooks of repository.
|
||||||
|
@ -216,23 +220,40 @@ func UpdateWebhook(w *Webhook) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// DeleteWebhook deletes webhook of repository.
|
// deleteWebhook uses argument bean as query condition,
|
||||||
func DeleteWebhook(id int64) (err error) {
|
// ID must be specified and do not assign unnecessary fields.
|
||||||
|
func deleteWebhook(bean *Webhook) (err error) {
|
||||||
sess := x.NewSession()
|
sess := x.NewSession()
|
||||||
defer sessionRelease(sess)
|
defer sessionRelease(sess)
|
||||||
if err = sess.Begin(); err != nil {
|
if err = sess.Begin(); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, err = sess.Delete(&Webhook{ID: id}); err != nil {
|
if _, err = sess.Delete(bean); err != nil {
|
||||||
return err
|
return err
|
||||||
} else if _, err = sess.Delete(&HookTask{HookID: id}); err != nil {
|
} else if _, err = sess.Delete(&HookTask{HookID: bean.ID}); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
return sess.Commit()
|
return sess.Commit()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeleteWebhookByRepoID deletes webhook of repository by given ID.
|
||||||
|
func DeleteWebhookByRepoID(repoID, id int64) (error) {
|
||||||
|
return deleteWebhook(&Webhook{
|
||||||
|
ID: id,
|
||||||
|
RepoID: repoID,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeleteWebhookByOrgID deletes webhook of organization by given ID.
|
||||||
|
func DeleteWebhookByOrgID(orgID, id int64) (error) {
|
||||||
|
return deleteWebhook(&Webhook{
|
||||||
|
ID: id,
|
||||||
|
OrgID: orgID,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
// GetWebhooksByOrgID returns all webhooks for an organization.
|
// GetWebhooksByOrgID returns all webhooks for an organization.
|
||||||
func GetWebhooksByOrgID(orgID int64) (ws []*Webhook, err error) {
|
func GetWebhooksByOrgID(orgID int64) (ws []*Webhook, err error) {
|
||||||
err = x.Find(&ws, &Webhook{OrgID: orgID})
|
err = x.Find(&ws, &Webhook{OrgID: orgID})
|
||||||
|
|
|
@ -96,15 +96,6 @@ func CreateHook(ctx *context.APIContext, form api.CreateHookOption) {
|
||||||
ctx.JSON(201, convert.ToHook(ctx.Repo.RepoLink, w))
|
ctx.JSON(201, convert.ToHook(ctx.Repo.RepoLink, w))
|
||||||
}
|
}
|
||||||
|
|
||||||
func DeleteHook(ctx *context.APIContext) {
|
|
||||||
if err := models.DeleteWebhook(ctx.ParamsInt64(":id")); err != nil {
|
|
||||||
ctx.Error(500, "DeleteWebhook", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx.Status(204)
|
|
||||||
}
|
|
||||||
|
|
||||||
// https://github.com/gogits/go-gogs-client/wiki/Repositories#edit-a-hook
|
// https://github.com/gogits/go-gogs-client/wiki/Repositories#edit-a-hook
|
||||||
func EditHook(ctx *context.APIContext, form api.EditHookOption) {
|
func EditHook(ctx *context.APIContext, form api.EditHookOption) {
|
||||||
w, err := models.GetWebhookByRepoID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id"))
|
w, err := models.GetWebhookByRepoID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id"))
|
||||||
|
@ -171,3 +162,12 @@ func EditHook(ctx *context.APIContext, form api.EditHookOption) {
|
||||||
|
|
||||||
ctx.JSON(200, convert.ToHook(ctx.Repo.RepoLink, w))
|
ctx.JSON(200, convert.ToHook(ctx.Repo.RepoLink, w))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func DeleteHook(ctx *context.APIContext) {
|
||||||
|
if err := models.DeleteWebhookByRepoID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id")); err != nil {
|
||||||
|
ctx.Error(500, "DeleteWebhookByRepoID", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.Status(204)
|
||||||
|
}
|
||||||
|
|
|
@ -7,8 +7,6 @@ package org
|
||||||
import (
|
import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/Unknwon/com"
|
|
||||||
|
|
||||||
"github.com/gogits/gogs/models"
|
"github.com/gogits/gogs/models"
|
||||||
"github.com/gogits/gogs/modules/auth"
|
"github.com/gogits/gogs/modules/auth"
|
||||||
"github.com/gogits/gogs/modules/base"
|
"github.com/gogits/gogs/modules/base"
|
||||||
|
@ -142,18 +140,6 @@ func Webhooks(ctx *context.Context) {
|
||||||
ctx.Data["BaseLink"] = ctx.Org.OrgLink
|
ctx.Data["BaseLink"] = ctx.Org.OrgLink
|
||||||
ctx.Data["Description"] = ctx.Tr("org.settings.hooks_desc")
|
ctx.Data["Description"] = ctx.Tr("org.settings.hooks_desc")
|
||||||
|
|
||||||
// Delete web hook.
|
|
||||||
remove := com.StrTo(ctx.Query("remove")).MustInt64()
|
|
||||||
if remove > 0 {
|
|
||||||
if err := models.DeleteWebhook(remove); err != nil {
|
|
||||||
ctx.Handle(500, "DeleteWebhook", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
ctx.Flash.Success(ctx.Tr("repo.settings.remove_hook_success"))
|
|
||||||
ctx.Redirect(ctx.Org.OrgLink + "/settings/hooks")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
ws, err := models.GetWebhooksByOrgID(ctx.Org.Organization.Id)
|
ws, err := models.GetWebhooksByOrgID(ctx.Org.Organization.Id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Handle(500, "GetWebhooksByOrgId", err)
|
ctx.Handle(500, "GetWebhooksByOrgId", err)
|
||||||
|
@ -165,8 +151,8 @@ func Webhooks(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func DeleteWebhook(ctx *context.Context) {
|
func DeleteWebhook(ctx *context.Context) {
|
||||||
if err := models.DeleteWebhook(ctx.QueryInt64("id")); err != nil {
|
if err := models.DeleteWebhookByOrgID(ctx.Org.Organization.Id, ctx.QueryInt64("id")); err != nil {
|
||||||
ctx.Flash.Error("DeleteWebhook: " + err.Error())
|
ctx.Flash.Error("DeleteWebhookByOrgID: " + err.Error())
|
||||||
} else {
|
} else {
|
||||||
ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success"))
|
ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success"))
|
||||||
}
|
}
|
||||||
|
|
|
@ -384,8 +384,8 @@ func TestWebhook(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func DeleteWebhook(ctx *context.Context) {
|
func DeleteWebhook(ctx *context.Context) {
|
||||||
if err := models.DeleteWebhook(ctx.QueryInt64("id")); err != nil {
|
if err := models.DeleteWebhookByRepoID(ctx.Repo.Repository.ID, ctx.QueryInt64("id")); err != nil {
|
||||||
ctx.Flash.Error("DeleteWebhook: " + err.Error())
|
ctx.Flash.Error("DeleteWebhookByRepoID: " + err.Error())
|
||||||
} else {
|
} else {
|
||||||
ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success"))
|
ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success"))
|
||||||
}
|
}
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
0.9.45.0716
|
0.9.46.0717
|
Reference in a new issue