self-hosted/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-12-30 10:11:23 +02:00
Code Issues Releases Activity

Disallow non admin users to deactivate repo

Browse Source
This commit is contained in:
Kirill Zaitsev 2016-07-21 20:43:29 +03:00
parent b675867967
commit 4485f6c6f3
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
router/middleware/session/user.go
View File

@ -85,6 +85,23 @@ func MustAdmin() gin.HandlerFunc {
}
}
func MustRepoAdmin() gin.HandlerFunc {
return func(c *gin.Context) {
user := User(c)
perm := Perm(c)
switch {
case user == nil:
c.String(401, "User not authorized")
c.Abort()
case perm.Admin == false:
c.String(403, "User not authorized")
c.Abort()
default:
c.Next()
}
}
}
func MustUser() gin.HandlerFunc {
return func(c *gin.Context) {
user := User(c)

2
router/router.go
View File

@ -84,7 +84,7 @@ func Load(middleware ...gin.HandlerFunc) http.Handler {
// requires push permissions
repo.PATCH("", session.MustPush, server.PatchRepo)
repo.DELETE("", session.MustPush, server.DeleteRepo)
repo.DELETE("", session.MustRepoAdmin(), server.DeleteRepo)
repo.POST("/chown", session.MustPush, server.ChownRepo)
repo.POST("/builds/:number", session.MustPush, server.PostBuild)