isaaccorbrey.com
forked from
tangled.org/core
this repo has no description
appview: fix pull close/reopen permissions
Signed-off-by: oppiliappan <me@oppi.li>
oppi.li
+4
-2
appview/pulls/pulls.go
+4
-2
appview/pulls/pulls.go
···
2026
2027
// auth filter: only owner or collaborators can close
2028
roles := f.RolesInRepo(user)
2029
isCollaborator := roles.IsCollaborator()
2030
isPullAuthor := user.Did == pull.OwnerDid
2031
-
isCloseAllowed := isCollaborator || isPullAuthor
2032
if !isCloseAllowed {
2033
log.Println("failed to close pull")
2034
s.pages.Notice(w, "pull-close", "You are unauthorized to close this pull.")
···
2094
2095
// auth filter: only owner or collaborators can close
2096
roles := f.RolesInRepo(user)
2097
isCollaborator := roles.IsCollaborator()
2098
isPullAuthor := user.Did == pull.OwnerDid
2099
-
isCloseAllowed := isCollaborator || isPullAuthor
2100
if !isCloseAllowed {
2101
log.Println("failed to close pull")
2102
s.pages.Notice(w, "pull-close", "You are unauthorized to close this pull.")
···
2026
2027
// auth filter: only owner or collaborators can close
2028
roles := f.RolesInRepo(user)
2029
+
isOwner := roles.IsOwner()
2030
isCollaborator := roles.IsCollaborator()
2031
isPullAuthor := user.Did == pull.OwnerDid
2032
+
isCloseAllowed := isOwner || isCollaborator || isPullAuthor
2033
if !isCloseAllowed {
2034
log.Println("failed to close pull")
2035
s.pages.Notice(w, "pull-close", "You are unauthorized to close this pull.")
···
2095
2096
// auth filter: only owner or collaborators can close
2097
roles := f.RolesInRepo(user)
2098
+
isOwner := roles.IsOwner()
2099
isCollaborator := roles.IsCollaborator()
2100
isPullAuthor := user.Did == pull.OwnerDid
2101
+
isCloseAllowed := isOwner || isCollaborator || isPullAuthor
2102
if !isCloseAllowed {
2103
log.Println("failed to close pull")
2104
s.pages.Notice(w, "pull-close", "You are unauthorized to close this pull.")
+2
appview/pulls/router.go
+2
appview/pulls/router.go