1
0
mirror of https://github.com/go-gitea/gitea.git synced 2025-01-03 14:57:55 -05:00

Fix rename branch permission bug (#32066)

The previous implementation requires admin permission to rename branches
which should be write permission.

Fix #31993
This commit is contained in:
Lunny Xiao 2024-09-23 02:08:27 +08:00 committed by GitHub
parent b594cec2bd
commit 9e0db1b646
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 6 additions and 7 deletions

View File

@ -1071,8 +1071,6 @@ func registerRoutes(m *web.Router) {
m.Post("/{id}/delete", repo_setting.DeleteProtectedBranchRulePost) m.Post("/{id}/delete", repo_setting.DeleteProtectedBranchRulePost)
}, repo.MustBeNotEmpty) }, repo.MustBeNotEmpty)
m.Post("/rename_branch", web.Bind(forms.RenameBranchForm{}), context.RepoMustNotBeArchived(), repo_setting.RenameBranchPost)
m.Group("/tags", func() { m.Group("/tags", func() {
m.Get("", repo_setting.ProtectedTags) m.Get("", repo_setting.ProtectedTags)
m.Post("", web.Bind(forms.ProtectTagForm{}), context.RepoMustNotBeArchived(), repo_setting.NewProtectedTagPost) m.Post("", web.Bind(forms.ProtectTagForm{}), context.RepoMustNotBeArchived(), repo_setting.NewProtectedTagPost)
@ -1304,6 +1302,7 @@ func registerRoutes(m *web.Router) {
}, web.Bind(forms.NewBranchForm{})) }, web.Bind(forms.NewBranchForm{}))
m.Post("/delete", repo.DeleteBranchPost) m.Post("/delete", repo.DeleteBranchPost)
m.Post("/restore", repo.RestoreBranchPost) m.Post("/restore", repo.RestoreBranchPost)
m.Post("/rename", web.Bind(forms.RenameBranchForm{}), repo_setting.RenameBranchPost)
}, context.RepoMustNotBeArchived(), reqRepoCodeWriter, repo.MustBeNotEmpty) }, context.RepoMustNotBeArchived(), reqRepoCodeWriter, repo.MustBeNotEmpty)
m.Combo("/fork").Get(repo.Fork).Post(web.Bind(forms.CreateRepoForm{}), repo.ForkPost) m.Combo("/fork").Get(repo.Fork).Post(web.Bind(forms.CreateRepoForm{}), repo.ForkPost)

View File

@ -240,7 +240,7 @@
<div class="header"> <div class="header">
{{ctx.Locale.Tr "repo.settings.rename_branch"}} {{ctx.Locale.Tr "repo.settings.rename_branch"}}
</div> </div>
<form class="ui form" action="{{$.Repository.Link}}/settings/rename_branch" method="post"> <form class="ui form" action="{{$.Repository.Link}}/branches/rename" method="post">
<div class="content"> <div class="content">
{{.CsrfTokenHtml}} {{.CsrfTokenHtml}}
<div class="field default-branch-warning"> <div class="field default-branch-warning">

View File

@ -28,11 +28,11 @@ func testRenameBranch(t *testing.T, u *url.URL) {
// get branch setting page // get branch setting page
session := loginUser(t, "user2") session := loginUser(t, "user2")
req := NewRequest(t, "GET", "/user2/repo1/settings/branches") req := NewRequest(t, "GET", "/user2/repo1/branches")
resp := session.MakeRequest(t, req, http.StatusOK) resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body) htmlDoc := NewHTMLParser(t, resp.Body)
req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/rename_branch", map[string]string{ req = NewRequestWithValues(t, "POST", "/user2/repo1/branches/rename", map[string]string{
"_csrf": htmlDoc.GetCSRF(), "_csrf": htmlDoc.GetCSRF(),
"from": "master", "from": "master",
"to": "main", "to": "main",
@ -76,7 +76,7 @@ func testRenameBranch(t *testing.T, u *url.URL) {
assert.Equal(t, "branch2", branch2.Name) assert.Equal(t, "branch2", branch2.Name)
// rename branch2 to branch1 // rename branch2 to branch1
req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/rename_branch", map[string]string{ req = NewRequestWithValues(t, "POST", "/user2/repo1/branches/rename", map[string]string{
"_csrf": htmlDoc.GetCSRF(), "_csrf": htmlDoc.GetCSRF(),
"from": "branch2", "from": "branch2",
"to": "branch1", "to": "branch1",
@ -103,7 +103,7 @@ func testRenameBranch(t *testing.T, u *url.URL) {
assert.True(t, branch1.IsDeleted) // virtual deletion assert.True(t, branch1.IsDeleted) // virtual deletion
// rename branch2 to branch1 again // rename branch2 to branch1 again
req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/rename_branch", map[string]string{ req = NewRequestWithValues(t, "POST", "/user2/repo1/branches/rename", map[string]string{
"_csrf": htmlDoc.GetCSRF(), "_csrf": htmlDoc.GetCSRF(),
"from": "branch2", "from": "branch2",
"to": "branch1", "to": "branch1",