MarcoBuster/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-09-27 00:37:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge 046151ef90 into 55d5a74bb3

Browse Source
This commit is contained in:
Tomeamis 2024-09-20 08:48:31 +08:00 committed by GitHub
commit 8006acca6d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
routers/api/v1/org/member.go
View File

@ -236,10 +236,17 @@ func PublicizeMember(ctx *context.APIContext) {
if ctx.Written() {
return
}
if userToPublicize.ID != ctx.Doer.ID {
if userToPublicize.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "IsOwnedBy", err)
return
}
if !isOwner {
ctx.Error(http.StatusForbidden, "", "Cannot publicize another member")
return
}
}
err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToPublicize.ID, true)
if err != nil {
ctx.Error(http.StatusInternalServerError, "ChangeOrgUserStatus", err)
@ -278,10 +285,17 @@ func ConcealMember(ctx *context.APIContext) {
if ctx.Written() {
return
}
if userToConceal.ID != ctx.Doer.ID {
if userToConceal.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "IsOwnedBy", err)
return
}
if !isOwner {
ctx.Error(http.StatusForbidden, "", "Cannot conceal another member")
return
}
}
err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToConceal.ID, false)
if err != nil {
ctx.Error(http.StatusInternalServerError, "ChangeOrgUserStatus", err)