tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-11-03 21:08:25 +00:00
Code Releases Activity

Check user instead of organization when creating a repo from a template via API (#16346)

Browse Source 
* Check user instead of organization

* Enforce that only admins can copy a repo to another user
This commit is contained in:
Ion Jaureguialzo Sarasola
2021-07-15 20:19:39 +02:00
committed by GitHub
parent ff69dfff7a
commit 251d7f524a
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
routers/api/v1/repo/repo.go
View File

@@ -374,16 +374,21 @@ func Generate(ctx *context.APIContext) {
ctxUser := ctx.User ctxUser := ctx.User
var err error var err error
if form.Owner != ctxUser.Name { if form.Owner != ctxUser.Name {
ctxUser, err = models.GetOrgByName(form.Owner) ctxUser, err = models.GetUserByName(form.Owner)
if err != nil { if err != nil {
if models.IsErrOrgNotExist(err) { if models.IsErrUserNotExist(err) {
ctx.JSON(http.StatusNotFound, map[string]interface{}{ ctx.JSON(http.StatusNotFound, map[string]interface{}{
"error": "request owner `" + form.Name + "` is not exist", "error": "request owner `" + form.Owner + "` does not exist",
}) })
return return
} }
ctx.Error(http.StatusInternalServerError, "GetOrgByName", err) ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
return
}
if !ctx.User.IsAdmin && !ctxUser.IsOrganization() {
ctx.Error(http.StatusForbidden, "", "Only admin can generate repository for other user.")
return return
} }