mirror of https://github.com/go-gitea/gitea.git
Fix bug that collaborators are able to modify settings of repository
This commit is contained in:
parent
465dc962b5
commit
cdffdeddc9
|
@ -47,22 +47,23 @@ type Context struct {
|
|||
csrfToken string
|
||||
|
||||
Repo struct {
|
||||
IsOwner bool
|
||||
IsWatching bool
|
||||
IsBranch bool
|
||||
IsTag bool
|
||||
IsCommit bool
|
||||
HasAccess bool
|
||||
Repository *models.Repository
|
||||
Owner *models.User
|
||||
Commit *git.Commit
|
||||
Tag *git.Tag
|
||||
GitRepo *git.Repository
|
||||
BranchName string
|
||||
TagName string
|
||||
CommitId string
|
||||
RepoLink string
|
||||
CloneLink struct {
|
||||
IsOwner bool
|
||||
IsTrueOwner bool
|
||||
IsWatching bool
|
||||
IsBranch bool
|
||||
IsTag bool
|
||||
IsCommit bool
|
||||
HasAccess bool
|
||||
Repository *models.Repository
|
||||
Owner *models.User
|
||||
Commit *git.Commit
|
||||
Tag *git.Tag
|
||||
GitRepo *git.Repository
|
||||
BranchName string
|
||||
TagName string
|
||||
CommitId string
|
||||
RepoLink string
|
||||
CloneLink struct {
|
||||
SSH string
|
||||
HTTPS string
|
||||
Git string
|
||||
|
|
|
@ -35,9 +35,8 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
|
|||
}
|
||||
|
||||
var (
|
||||
user *models.User
|
||||
err error
|
||||
isTrueOwner bool
|
||||
user *models.User
|
||||
err error
|
||||
)
|
||||
|
||||
userName := params["username"]
|
||||
|
@ -52,10 +51,10 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
|
|||
ctx.Handle(500, "RepoAssignment(HasAccess)", err)
|
||||
return
|
||||
}
|
||||
isTrueOwner = ctx.User.LowerName == strings.ToLower(userName)
|
||||
ctx.Repo.IsTrueOwner = ctx.User.LowerName == strings.ToLower(userName)
|
||||
}
|
||||
|
||||
if !isTrueOwner {
|
||||
if !ctx.Repo.IsTrueOwner {
|
||||
user, err = models.GetUserByName(userName)
|
||||
if err != nil {
|
||||
if err == models.ErrUserNotExist {
|
||||
|
@ -82,6 +81,11 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
|
|||
}
|
||||
ctx.Repo.Owner = user
|
||||
|
||||
// Organization owner team members are true owners as well.
|
||||
if ctx.Repo.Owner.IsOrganization() && ctx.Repo.Owner.IsOrgOwner(ctx.User.Id) {
|
||||
ctx.Repo.IsTrueOwner = true
|
||||
}
|
||||
|
||||
// get repository
|
||||
repo, err := models.GetRepositoryByName(user.Id, repoName)
|
||||
if err != nil {
|
||||
|
@ -154,6 +158,7 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
|
|||
ctx.Data["Owner"] = user
|
||||
ctx.Data["RepoLink"] = ctx.Repo.RepoLink
|
||||
ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner
|
||||
ctx.Data["IsRepositoryTrueOwner"] = ctx.Repo.IsTrueOwner
|
||||
ctx.Data["BranchName"] = ""
|
||||
|
||||
if setting.SshPort != 22 {
|
||||
|
@ -257,7 +262,7 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
|
|||
|
||||
func RequireOwner() martini.Handler {
|
||||
return func(ctx *Context) {
|
||||
if !ctx.Repo.IsOwner {
|
||||
if !ctx.Repo.IsTrueOwner {
|
||||
if !ctx.IsSigned {
|
||||
ctx.SetCookie("redirect_to", "/"+url.QueryEscape(ctx.Req.RequestURI))
|
||||
ctx.Redirect("/user/login")
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
<li><a href="#">Pulse</a></li>
|
||||
<li><a href="#">Network</a></li>
|
||||
</ul>
|
||||
</li> -->{{end}}{{if .IsRepositoryOwner}}
|
||||
</li> -->{{end}}{{if .IsRepositoryTrueOwner}}
|
||||
<li class="{{if .IsRepoToolbarSetting}}active{{end}}"><a href="{{.RepoLink}}/settings">Settings</a>
|
||||
</li>{{end}}
|
||||
</ul>
|
||||
|
|
Loading…
Reference in New Issue