yystopf
/
forgeplus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

新增:修改文件需要验证用户权限

This commit is contained in:
yystopf 2024-06-28 09:44:13 +08:00
parent 4d4a98c3b7
commit c2f8da0dd1
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/repositories_controller.rb
View File

@ -7,6 +7,7 @@ class RepositoriesController < ApplicationController
before_action :require_login, only: %i[edit update create_file update_file delete_file sync_mirror]
before_action :require_profile_completed, only: [:create_file]
before_action :load_repository
before_action :require_operate_above, only: %i[create_file update_file replace_file delete_file]
before_action :authorizate!, except: [:sync_mirror, :tags, :commit, :archive]
before_action :authorizate_user_can_edit_repo!, only: %i[sync_mirror]
before_action :get_ref, only: %i[entries sub_entries top_counts files archive]
@ -437,4 +438,8 @@ class RepositoriesController < ApplicationController
end
end
def require_operate_above
return render_forbidden if !current_user.admin? && !@project.operator?(current_user)
end
end