Browse Source

Fix bug that collaborators are able to modify settings of repository

pull/272/head
Unknown 11 years ago
parent
commit
36292060d6
  1. 4
      cmd/web.go
  2. 2
      modules/middleware/repo.go

4
cmd/web.go

@ -186,7 +186,7 @@ func runWeb(*cli.Context) {
m.Get("/template/**", dev.TemplatePreview) m.Get("/template/**", dev.TemplatePreview)
} }
reqOwner := middleware.RequireOwner() reqTrueOwner := middleware.RequireTrueOwner()
m.Group("/org", func(r martini.Router) { m.Group("/org", func(r martini.Router) {
r.Get("/create", org.New) r.Get("/create", org.New)
@ -218,7 +218,7 @@ func runWeb(*cli.Context) {
r.Get("/hooks/:id", repo.WebHooksEdit) r.Get("/hooks/:id", repo.WebHooksEdit)
r.Post("/hooks/:id", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksEditPost) r.Post("/hooks/:id", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksEditPost)
}) })
}, reqSignIn, middleware.RepoAssignment(true), reqOwner) }, reqSignIn, middleware.RepoAssignment(true), reqTrueOwner)
m.Group("/:username/:reponame", func(r martini.Router) { m.Group("/:username/:reponame", func(r martini.Router) {
r.Get("/action/:action", repo.Action) r.Get("/action/:action", repo.Action)

2
modules/middleware/repo.go

@ -260,7 +260,7 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
} }
} }
func RequireOwner() martini.Handler { func RequireTrueOwner() martini.Handler {
return func(ctx *Context) { return func(ctx *Context) {
if !ctx.Repo.IsTrueOwner { if !ctx.Repo.IsTrueOwner {
if !ctx.IsSigned { if !ctx.IsSigned {

Loading…
Cancel
Save