From c2f8da0dd150ed2a71256f8971f8adeb73148684 Mon Sep 17 00:00:00 2001
From: yystopf <yystopf@163.com>
Date: Fri, 28 Jun 2024 09:44:13 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=EF=BC=9A=E4=BF=AE=E6=94=B9?=
 =?UTF-8?q?=E6=96=87=E4=BB=B6=E9=9C=80=E8=A6=81=E9=AA=8C=E8=AF=81=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E6=9D=83=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/repositories_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index a71c2ff1a..536bda3a8 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -7,6 +7,7 @@ class RepositoriesController < ApplicationController
   before_action :require_login, only: %i[edit update create_file update_file delete_file sync_mirror]
   before_action :require_profile_completed, only: [:create_file]
   before_action :load_repository
+  before_action :require_operate_above, only: %i[create_file update_file replace_file delete_file]
   before_action :authorizate!, except: [:sync_mirror, :tags, :commit, :archive]
   before_action :authorizate_user_can_edit_repo!, only: %i[sync_mirror]
   before_action :get_ref, only: %i[entries sub_entries top_counts files archive]
@@ -437,4 +438,8 @@ class RepositoriesController < ApplicationController
     end
   end
 
+  def require_operate_above 
+    return render_forbidden if !current_user.admin? && !@project.operator?(current_user)
+  end
+
 end