MarcoBuster/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-11-01 01:03:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix bug that collaborators are able to modify settings of repository

Browse Source
This commit is contained in:
Unknown 2014-07-04 01:25:06 -04:00
parent cdffdeddc9
commit 36292060d6
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/web.go
View File

@ -186,7 +186,7 @@ func runWeb(*cli.Context) {
m.Get("/template/**", dev.TemplatePreview)
}
reqOwner := middleware.RequireOwner()
reqTrueOwner := middleware.RequireTrueOwner()
m.Group("/org", func(r martini.Router) {
r.Get("/create", org.New)
@ -218,7 +218,7 @@ func runWeb(*cli.Context) {
r.Get("/hooks/:id", repo.WebHooksEdit)
r.Post("/hooks/:id", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksEditPost)
})
}, reqSignIn, middleware.RepoAssignment(true), reqOwner)
}, reqSignIn, middleware.RepoAssignment(true), reqTrueOwner)
m.Group("/:username/:reponame", func(r martini.Router) {
r.Get("/action/:action", repo.Action)

2
modules/middleware/repo.go
View File

@ -260,7 +260,7 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
}
}
func RequireOwner() martini.Handler {
func RequireTrueOwner() martini.Handler {
return func(ctx *Context) {
if !ctx.Repo.IsTrueOwner {
if !ctx.IsSigned {