MirrorHub/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-11-21 23:11:05 +01:00
Code Issues Releases Wiki Activity

Use ctx.Org.Organization.IsOwnedBy

Browse source
This commit is contained in:
Tomáš Ženčák 2024-02-01 14:45:01 +01:00
parent 0421028556
commit a352455b81
1 changed files with 20 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
routers/api/v1/org/member.go
View file

@ -9,7 +9,6 @@ import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/organization"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/setting"
api "code.gitea.io/gitea/modules/structs"
@ -237,7 +236,16 @@ func PublicizeMember(ctx *context.APIContext) {
if ctx.Written() {
return
}
if userToPublicize.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin && !organization.IsUserOrgOwner(ctx, []*user_model.User{ctx.Doer}, ctx.Org.Organization.ID)[ctx.Doer.ID] {
allowed := userToPublicize.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin
if !allowed {
isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "ChangeOrgUserStatus", err)
return
}
allowed = isOwner
}
if !allowed {
ctx.Error(http.StatusForbidden, "", "Cannot publicize another member")
return
}
@ -279,7 +287,16 @@ func ConcealMember(ctx *context.APIContext) {
if ctx.Written() {
return
}
if userToConceal.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin && !organization.IsUserOrgOwner(ctx, []*user_model.User{ctx.Doer}, ctx.Org.Organization.ID)[ctx.Doer.ID] {
allowed := userToConceal.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin
if !allowed {
isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "ChangeOrgUserStatus", err)
return
}
allowed = isOwner
}
if !allowed {
ctx.Error(http.StatusForbidden, "", "Cannot conceal another member")
return
}