Merge pull request #1905 from ethantkoenig/fix/org_api_auth
Require token before checking membership/ownership
This commit is contained in:
Andrey Nering
GitHub
commit
65cf6cc848
|
|
@ -453,19 +453,19 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
m.Get("/users/:username/orgs", org.ListUserOrgs)
|
m.Get("/users/:username/orgs", org.ListUserOrgs)
|
||||||
m.Group("/orgs/:orgname", func() {
|
m.Group("/orgs/:orgname", func() {
|
||||||
m.Combo("").Get(org.Get).
|
m.Combo("").Get(org.Get).
|
||||||
Patch(reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit)
|
Patch(reqToken(), reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit)
|
||||||
m.Group("/members", func() {
|
m.Group("/members", func() {
|
||||||
m.Get("", org.ListMembers)
|
m.Get("", org.ListMembers)
|
||||||
m.Combo("/:username").Get(org.IsMember).
|
m.Combo("/:username").Get(org.IsMember).
|
||||||
Delete(reqOrgOwnership(), org.DeleteMember)
|
Delete(reqToken(), reqOrgOwnership(), org.DeleteMember)
|
||||||
})
|
})
|
||||||
m.Group("/public_members", func() {
|
m.Group("/public_members", func() {
|
||||||
m.Get("", org.ListPublicMembers)
|
m.Get("", org.ListPublicMembers)
|
||||||
m.Combo("/:username").Get(org.IsPublicMember).
|
m.Combo("/:username").Get(org.IsPublicMember).
|
||||||
Put(reqOrgMembership(), org.PublicizeMember).
|
Put(reqToken(), reqOrgMembership(), org.PublicizeMember).
|
||||||
Delete(reqOrgMembership(), org.ConcealMember)
|
Delete(reqToken(), reqOrgMembership(), org.ConcealMember)
|
||||||
})
|
})
|
||||||
m.Combo("/teams", reqOrgMembership()).Get(org.ListTeams).
|
m.Combo("/teams", reqToken(), reqOrgMembership()).Get(org.ListTeams).
|
||||||
Post(bind(api.CreateTeamOption{}), org.CreateTeam)
|
Post(bind(api.CreateTeamOption{}), org.CreateTeam)
|
||||||
m.Group("/hooks", func() {
|
m.Group("/hooks", func() {
|
||||||
m.Combo("").Get(org.ListHooks).
|
m.Combo("").Get(org.ListHooks).
|
||||||
|
|
@ -473,7 +473,7 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
m.Combo("/:id").Get(org.GetHook).
|
m.Combo("/:id").Get(org.GetHook).
|
||||||
Patch(reqOrgOwnership(), bind(api.EditHookOption{}), org.EditHook).
|
Patch(reqOrgOwnership(), bind(api.EditHookOption{}), org.EditHook).
|
||||||
Delete(reqOrgOwnership(), org.DeleteHook)
|
Delete(reqOrgOwnership(), org.DeleteHook)
|
||||||
}, reqOrgMembership())
|
}, reqToken(), reqOrgMembership())
|
||||||
}, orgAssignment(true))
|
}, orgAssignment(true))
|
||||||
m.Group("/teams/:teamid", func() {
|
m.Group("/teams/:teamid", func() {
|
||||||
m.Combo("").Get(org.GetTeam).
|
m.Combo("").Get(org.GetTeam).
|
||||||
|
|
@ -491,7 +491,7 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
Put(org.AddTeamRepository).
|
Put(org.AddTeamRepository).
|
||||||
Delete(org.RemoveTeamRepository)
|
Delete(org.RemoveTeamRepository)
|
||||||
})
|
})
|
||||||
}, orgAssignment(false, true), reqOrgMembership())
|
}, orgAssignment(false, true), reqToken(), reqOrgMembership())
|
||||||
|
|
||||||
m.Any("/*", func(ctx *context.Context) {
|
m.Any("/*", func(ctx *context.Context) {
|
||||||
ctx.Error(404)
|
ctx.Error(404)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue