self-hosted/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-01-05 10:20:36 +02:00
Code Issues Releases Activity

Disallow non admin users to deactivate repo

Browse Source
This commit is contained in:
Kirill Zaitsev 2016-07-21 20:43:29 +03:00
parent b675867967
commit 4485f6c6f3
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
router/middleware/session/user.go
View File

@ -85,6 +85,23 @@ func MustAdmin() gin.HandlerFunc {
} }
} }
func MustRepoAdmin() gin.HandlerFunc {
return func(c *gin.Context) {
user := User(c)
perm := Perm(c)
switch {
case user == nil:
c.String(401, "User not authorized")
c.Abort()
case perm.Admin == false:
c.String(403, "User not authorized")
c.Abort()
default:
c.Next()
}
}
}
func MustUser() gin.HandlerFunc { func MustUser() gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
user := User(c) user := User(c)

2
router/router.go
View File

@ -84,7 +84,7 @@ func Load(middleware ...gin.HandlerFunc) http.Handler {
// requires push permissions // requires push permissions
repo.PATCH("", session.MustPush, server.PatchRepo) repo.PATCH("", session.MustPush, server.PatchRepo)
repo.DELETE("", session.MustPush, server.DeleteRepo) repo.DELETE("", session.MustRepoAdmin(), server.DeleteRepo)
repo.POST("/chown", session.MustPush, server.ChownRepo) repo.POST("/chown", session.MustPush, server.ChownRepo)
repo.POST("/builds/:number", session.MustPush, server.PostBuild) repo.POST("/builds/:number", session.MustPush, server.PostBuild)