mirror of
https://github.com/go-gitea/gitea.git
synced 2024-10-29 08:17:31 -04:00
Merge pull request #1905 from ethantkoenig/fix/org_api_auth
Require token before checking membership/ownership
This commit is contained in:
commit
65cf6cc848
@ -453,19 +453,19 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||
m.Get("/users/:username/orgs", org.ListUserOrgs)
|
||||
m.Group("/orgs/:orgname", func() {
|
||||
m.Combo("").Get(org.Get).
|
||||
Patch(reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit)
|
||||
Patch(reqToken(), reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit)
|
||||
m.Group("/members", func() {
|
||||
m.Get("", org.ListMembers)
|
||||
m.Combo("/:username").Get(org.IsMember).
|
||||
Delete(reqOrgOwnership(), org.DeleteMember)
|
||||
Delete(reqToken(), reqOrgOwnership(), org.DeleteMember)
|
||||
})
|
||||
m.Group("/public_members", func() {
|
||||
m.Get("", org.ListPublicMembers)
|
||||
m.Combo("/:username").Get(org.IsPublicMember).
|
||||
Put(reqOrgMembership(), org.PublicizeMember).
|
||||
Delete(reqOrgMembership(), org.ConcealMember)
|
||||
Put(reqToken(), reqOrgMembership(), org.PublicizeMember).
|
||||
Delete(reqToken(), reqOrgMembership(), org.ConcealMember)
|
||||
})
|
||||
m.Combo("/teams", reqOrgMembership()).Get(org.ListTeams).
|
||||
m.Combo("/teams", reqToken(), reqOrgMembership()).Get(org.ListTeams).
|
||||
Post(bind(api.CreateTeamOption{}), org.CreateTeam)
|
||||
m.Group("/hooks", func() {
|
||||
m.Combo("").Get(org.ListHooks).
|
||||
@ -473,7 +473,7 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||
m.Combo("/:id").Get(org.GetHook).
|
||||
Patch(reqOrgOwnership(), bind(api.EditHookOption{}), org.EditHook).
|
||||
Delete(reqOrgOwnership(), org.DeleteHook)
|
||||
}, reqOrgMembership())
|
||||
}, reqToken(), reqOrgMembership())
|
||||
}, orgAssignment(true))
|
||||
m.Group("/teams/:teamid", func() {
|
||||
m.Combo("").Get(org.GetTeam).
|
||||
@ -491,7 +491,7 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||
Put(org.AddTeamRepository).
|
||||
Delete(org.RemoveTeamRepository)
|
||||
})
|
||||
}, orgAssignment(false, true), reqOrgMembership())
|
||||
}, orgAssignment(false, true), reqToken(), reqOrgMembership())
|
||||
|
||||
m.Any("/*", func(ctx *context.Context) {
|
||||
ctx.Error(404)
|
||||
|
Loading…
Reference in New Issue
Block a user