commit 0e8ec37e61a44f662c862d14f67a85fae7649bb5 · julien.rbrt.fr/tangled-core

+4 -2

appview/pulls/pulls.go

···

       2026
        
       

     

       2027
        
       	// auth filter: only owner or collaborators can close

     

       2028
        
       	roles := f.RolesInRepo(user)

     

       0
        
       
     

       2029
        
       	isCollaborator := roles.IsCollaborator()

     

       2030
        
       	isPullAuthor := user.Did == pull.OwnerDid

     

       2031
       -
       	isCloseAllowed := isCollaborator || isPullAuthor

     

       2032
        
       	if !isCloseAllowed {

     

       2033
        
       		log.Println("failed to close pull")

     

       2034
        
       		s.pages.Notice(w, "pull-close", "You are unauthorized to close this pull.")

     
···

       2094
        
       

     

       2095
        
       	// auth filter: only owner or collaborators can close

     

       2096
        
       	roles := f.RolesInRepo(user)

     

       0
        
       
     

       2097
        
       	isCollaborator := roles.IsCollaborator()

     

       2098
        
       	isPullAuthor := user.Did == pull.OwnerDid

     

       2099
       -
       	isCloseAllowed := isCollaborator || isPullAuthor

     

       2100
        
       	if !isCloseAllowed {

     

       2101
        
       		log.Println("failed to close pull")

     

       2102
        
       		s.pages.Notice(w, "pull-close", "You are unauthorized to close this pull.")

···

       2026
        
       

     

       2027
        
       	// auth filter: only owner or collaborators can close

     

       2028
        
       	roles := f.RolesInRepo(user)

     

       2029
       +
       	isOwner := roles.IsOwner()

     

       2030
        
       	isCollaborator := roles.IsCollaborator()

     

       2031
        
       	isPullAuthor := user.Did == pull.OwnerDid

     

       2032
       +
       	isCloseAllowed := isOwner || isCollaborator || isPullAuthor

     

       2033
        
       	if !isCloseAllowed {

     

       2034
        
       		log.Println("failed to close pull")

     

       2035
        
       		s.pages.Notice(w, "pull-close", "You are unauthorized to close this pull.")

     
···

       2095
        
       

     

       2096
        
       	// auth filter: only owner or collaborators can close

     

       2097
        
       	roles := f.RolesInRepo(user)

     

       2098
       +
       	isOwner := roles.IsOwner()

     

       2099
        
       	isCollaborator := roles.IsCollaborator()

     

       2100
        
       	isPullAuthor := user.Did == pull.OwnerDid

     

       2101
       +
       	isCloseAllowed := isOwner || isCollaborator || isPullAuthor

     

       2102
        
       	if !isCloseAllowed {

     

       2103
        
       		log.Println("failed to close pull")

     

       2104
        
       		s.pages.Notice(w, "pull-close", "You are unauthorized to close this pull.")

appview/pulls/router.go

···

       44
        
       				r.Get("/", s.ResubmitPull)

     

       45
        
       				r.Post("/", s.ResubmitPull)

     

       46
        
       			})

     

       0
        
       
     

       0
        
       
     

       47
        
       			r.Post("/close", s.ClosePull)

     

       48
        
       			r.Post("/reopen", s.ReopenPull)

     

       49
        
       			// collaborators only

···

       44
        
       				r.Get("/", s.ResubmitPull)

     

       45
        
       				r.Post("/", s.ResubmitPull)

     

       46
        
       			})

     

       47
       +
       			// permissions here require us to know pull author

     

       48
       +
       			// it is handled within the route

     

       49
        
       			r.Post("/close", s.ClosePull)

     

       50
        
       			r.Post("/reopen", s.ReopenPull)

     

       51
        
       			// collaborators only