diff --git a/app/controllers/api/v1/base_controller.rb b/app/controllers/api/v1/base_controller.rb index c765906b0..b937d798e 100644 --- a/app/controllers/api/v1/base_controller.rb +++ b/app/controllers/api/v1/base_controller.rb @@ -40,6 +40,13 @@ class Api::V1::BaseController < ApplicationController return render_forbidden if !current_user.admin? && !@project.operator?(current_user) end + # 具有仓库的操作权限或者fork仓库的操作权限 + def require_operate_above_or_fork_project + @project = load_project + puts !current_user.admin? && !@project.operator?(current_user) && !(@project.fork_project.present? && @project.fork_project.operator?(current_user)) + return render_forbidden if !current_user.admin? && !@project.operator?(current_user) && !(@project.fork_project.present? && @project.fork_project.operator?(current_user)) + end + # 具有对仓库的访问权限 def require_public_and_member_above @project = load_project diff --git a/app/controllers/api/v1/projects/contents_controller.rb b/app/controllers/api/v1/projects/contents_controller.rb index 44ab8c549..1c59164a1 100644 --- a/app/controllers/api/v1/projects/contents_controller.rb +++ b/app/controllers/api/v1/projects/contents_controller.rb @@ -1,13 +1,13 @@ class Api::V1::Projects::ContentsController < Api::V1::BaseController - before_action :require_operate_above, only: [:batch] + before_action :require_operate_above_or_fork_project, only: [:batch] def batch @batch_content_params = batch_content_params # 处理下author和committer信息,如果没传则默认为当前用户信息 @batch_content_params.merge!(author_email: current_user.mail, author_name: current_user.login) if batch_content_params[:author_email].blank? && batch_content_params[:author_name].blank? @batch_content_params.merge!(committer_email: current_user.mail, committer_name: current_user.login) if batch_content_params[:committer_email].blank? && batch_content_params[:committer_name].blank? - @result_object = Api::V1::Projects::Contents::BatchCreateService.call(@project, @batch_content_params, current_user&.gitea_token) - puts @result_object + + @result_object = Api::V1::Projects::Contents::BatchCreateService.call(@project, @batch_content_params, @project.owner.gitea_token) end private diff --git a/app/controllers/concerns/render_helper.rb b/app/controllers/concerns/render_helper.rb index 851a3ccf8..b90af99bb 100644 --- a/app/controllers/concerns/render_helper.rb +++ b/app/controllers/concerns/render_helper.rb @@ -3,7 +3,7 @@ module RenderHelper render json: { status: 0, message: 'success' }.merge(data) end - def render_error(message = '') + def render_error(message = '', status = -1) render json: { status: status, message: message } end diff --git a/app/services/trace/client_service.rb b/app/services/trace/client_service.rb index 0f1449225..137241a70 100644 --- a/app/services/trace/client_service.rb +++ b/app/services/trace/client_service.rb @@ -8,8 +8,11 @@ class Trace::ClientService < ApplicationService def authed_post(token, url, params={}) puts "[trace][POST] request params: #{params}" puts "[trace][POST] request token: #{token}" - conn.headers['Authorization'] = token - conn.post(full_url(url), params[:data]) + conn.post do |req| + req.url full_url(url, 'post') + req.headers['Authorization'] = token + req.body = params[:data].as_json + end end def http_authed_post(token, url, params={}) @@ -55,8 +58,11 @@ class Trace::ClientService < ApplicationService def authed_delete(token, url, params={}) puts "[trace][DELETE] request params: #{params}" puts "[trace][DELETE] request token: #{token}" - conn.headers['Authorization'] = token - conn.delete(full_url(url), params[:data]) + conn.delete do |req| + req.url full_url(url, 'delete') + req.headers['Authorization'] = token + req.body = params[:data].as_json + end end def patch(url, params={}) @@ -67,8 +73,11 @@ class Trace::ClientService < ApplicationService def authed_patch(token, url, params={}) puts "[trace][PATCH] request params: #{params}" puts "[trace][PATCH] request token: #{token}" - conn.headers['Authorization'] = token - conn.patch(full_url(url), params[:data]) + conn.patch do |req| + req.url full_url(url, 'patch') + req.headers['Authorization'] = token + req.body = params[:data].as_json + end end def put(url, params={}) @@ -79,8 +88,11 @@ class Trace::ClientService < ApplicationService def authed_put(token, url, params={}) puts "[trace][PUT] request params: #{params}" puts "[trace][PUT] request token: #{token}" - conn.headers['Authorization'] = token - conn.put(full_url(url), params[:data]) + conn.put do |req| + req.url full_url(url, 'put') + req.headers['Authorization'] = token + req.body = params[:data].as_json + end end def conn