From 096b0b954d2c6474f9677792e027d509ecee43e2 Mon Sep 17 00:00:00 2001
From: yystopf <yystopf@163.com>
Date: Mon, 1 Aug 2022 17:14:32 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E:=20fork=E4=BB=93=E5=BA=93?=
 =?UTF-8?q?=E5=8D=8F=E4=BD=9C=E8=80=85=E5=8F=AF=E4=BB=A5=E6=8F=90=E4=BA=A4?=
 =?UTF-8?q?=E6=96=87=E4=BB=B6=E8=87=B3=E4=BB=93=E5=BA=93?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/api/v1/base_controller.rb              | 7 +++++++
 app/controllers/api/v1/projects/contents_controller.rb | 6 +++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/v1/base_controller.rb b/app/controllers/api/v1/base_controller.rb
index c765906b0..b937d798e 100644
--- a/app/controllers/api/v1/base_controller.rb
+++ b/app/controllers/api/v1/base_controller.rb
@@ -40,6 +40,13 @@ class Api::V1::BaseController < ApplicationController
     return render_forbidden if !current_user.admin? && !@project.operator?(current_user)
   end
 
+  # 具有仓库的操作权限或者fork仓库的操作权限
+  def require_operate_above_or_fork_project 
+    @project = load_project
+    puts !current_user.admin? && !@project.operator?(current_user) && !(@project.fork_project.present? && @project.fork_project.operator?(current_user))
+    return render_forbidden if !current_user.admin? && !@project.operator?(current_user) && !(@project.fork_project.present? && @project.fork_project.operator?(current_user))
+  end
+
   # 具有对仓库的访问权限
   def require_public_and_member_above
     @project = load_project 
diff --git a/app/controllers/api/v1/projects/contents_controller.rb b/app/controllers/api/v1/projects/contents_controller.rb
index 44ab8c549..1c59164a1 100644
--- a/app/controllers/api/v1/projects/contents_controller.rb
+++ b/app/controllers/api/v1/projects/contents_controller.rb
@@ -1,13 +1,13 @@
 class Api::V1::Projects::ContentsController < Api::V1::BaseController 
-  before_action :require_operate_above, only: [:batch]
+  before_action :require_operate_above_or_fork_project, only: [:batch]
 
   def batch 
     @batch_content_params = batch_content_params
     # 处理下author和committer信息，如果没传则默认为当前用户信息
     @batch_content_params.merge!(author_email: current_user.mail, author_name: current_user.login) if batch_content_params[:author_email].blank? && batch_content_params[:author_name].blank?
     @batch_content_params.merge!(committer_email: current_user.mail, committer_name: current_user.login) if batch_content_params[:committer_email].blank? && batch_content_params[:committer_name].blank?
-    @result_object = Api::V1::Projects::Contents::BatchCreateService.call(@project, @batch_content_params, current_user&.gitea_token)
-    puts @result_object
+
+    @result_object = Api::V1::Projects::Contents::BatchCreateService.call(@project, @batch_content_params, @project.owner.gitea_token)
   end
 
   private