TRKJ/gitea
2
0
Fork 0
mirror of https://gitee.com/gitea/gitea synced 2025-11-04 16:40:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Check for access in /repositories/:id (#2227)

Browse Source 
* Check for access in /repositories/:id

* Integration test
This commit is contained in:
Ethan Koenig
2017-07-29 18:13:33 -07:00
committed by Lunny Xiao
parent a9cc538ab5
commit 49df677c47
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
integrations/api_repo_test.go
View File

@@ -84,3 +84,11 @@ func TestAPIOrgRepos(t *testing.T) {
assert.False(t, repo.Private) assert.False(t, repo.Private)
} }
} }
func TestAPIGetRepoByIDUnauthorized(t *testing.T) {
prepareTestEnv(t)
user := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)
sess := loginUser(t, user.Name)
req := NewRequestf(t, "GET", "/api/v1/repositories/2")
sess.MakeRequest(t, req, http.StatusNotFound)
}

5
routers/api/v1/repo/repo.go
View File

@@ -293,7 +293,10 @@ func GetByID(ctx *context.APIContext) {
access, err := models.AccessLevel(ctx.User.ID, repo) access, err := models.AccessLevel(ctx.User.ID, repo)
if err != nil { if err != nil {
ctx.Error(500, "GetRepositoryByID", err) ctx.Error(500, "AccessLevel", err)
return
} else if access < models.AccessModeRead {
ctx.Status(404)
return return
} }
ctx.JSON(200, repo.APIFormat(access)) ctx.JSON(200, repo.APIFormat(access))