|
|
|
@ -286,6 +286,43 @@ func reqOrgOwnership() macaron.Handler { |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// reqTeamMembership user should be an team member, or a site admin
|
|
|
|
|
func reqTeamMembership() macaron.Handler { |
|
|
|
|
return func(ctx *context.APIContext) { |
|
|
|
|
if ctx.Context.IsUserSiteAdmin() { |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
if ctx.Org.Team == nil { |
|
|
|
|
ctx.Error(500, "", "reqTeamMembership: unprepared context") |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
var orgID = ctx.Org.Team.OrgID |
|
|
|
|
isOwner, err := models.IsOrganizationOwner(orgID, ctx.User.ID) |
|
|
|
|
if err != nil { |
|
|
|
|
ctx.Error(500, "IsOrganizationOwner", err) |
|
|
|
|
return |
|
|
|
|
} else if isOwner { |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if isTeamMember, err := models.IsTeamMember(orgID, ctx.Org.Team.ID, ctx.User.ID); err != nil { |
|
|
|
|
ctx.Error(500, "IsTeamMember", err) |
|
|
|
|
return |
|
|
|
|
} else if !isTeamMember { |
|
|
|
|
isOrgMember, err := models.IsOrganizationMember(orgID, ctx.User.ID) |
|
|
|
|
if err != nil { |
|
|
|
|
ctx.Error(500, "IsOrganizationMember", err) |
|
|
|
|
} else if isOrgMember { |
|
|
|
|
ctx.Error(403, "", "Must be a team member") |
|
|
|
|
} else { |
|
|
|
|
ctx.NotFound() |
|
|
|
|
} |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// reqOrgMembership user should be an organization member, or a site admin
|
|
|
|
|
func reqOrgMembership() macaron.Handler { |
|
|
|
|
return func(ctx *context.APIContext) { |
|
|
|
@ -775,7 +812,7 @@ func RegisterRoutes(m *macaron.Macaron) { |
|
|
|
|
Put(org.AddTeamRepository). |
|
|
|
|
Delete(org.RemoveTeamRepository) |
|
|
|
|
}) |
|
|
|
|
}, orgAssignment(false, true), reqToken(), reqOrgMembership()) |
|
|
|
|
}, orgAssignment(false, true), reqToken(), reqTeamMembership()) |
|
|
|
|
|
|
|
|
|
m.Any("/*", func(ctx *context.APIContext) { |
|
|
|
|
ctx.NotFound() |
|
|
|
|