From f7978b9b32384ef50adc9c18fb135bc65cb50d3e Mon Sep 17 00:00:00 2001
From: Jasder <2053003901@@qq.com>
Date: Tue, 2 Jun 2020 15:13:52 +0800
Subject: [PATCH] FIX sync repo operate

---
 app/controllers/concerns/operate_project_ability_able.rb | 5 +++++
 app/controllers/repositories_controller.rb               | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/controllers/concerns/operate_project_ability_able.rb b/app/controllers/concerns/operate_project_ability_able.rb
index c470586aa..13f48e6cb 100644
--- a/app/controllers/concerns/operate_project_ability_able.rb
+++ b/app/controllers/concerns/operate_project_ability_able.rb
@@ -9,4 +9,9 @@ module OperateProjectAbilityAble
     render_forbidden('你没有权限操作.')
   end
 
+  def authorizate_user_can_edit_repo!
+    return if @repo.project.manager?(current_user) || current_user.admin?
+    render_forbidden('你没有权限操作.')
+  end
+
 end
diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index 4a96f0585..d11646df9 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -4,7 +4,7 @@ class RepositoriesController < ApplicationController
   before_action :require_login, only: %i[edit update create_file update_file delete_file sync_mirror]
   before_action :find_project, except: [:tags, :commit, :sync_mirror]
   before_action :authorizate!, except: [:sync_mirror, :tags, :commit]
-  before_action :authorizate_user_can_edit_project!, only: %i[sync_mirror]
+  before_action :authorizate_user_can_edit_repo!, only: %i[sync_mirror]
   before_action :find_repository_by_id, only: %i[commit sync_mirror tags]
 
   def show