shaba/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-01-02 01:17:43 +03:00
Code Issues Projects Releases Wiki Activity

Merge 046151ef90 into d45456b1b5

Browse Source
This commit is contained in:
Tomeamis 2024-12-30 15:23:43 +08:00 committed by GitHub
commit b7529c030e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
routers/api/v1/org/member.go
View File

@ -240,9 +240,16 @@ func PublicizeMember(ctx *context.APIContext) {
if ctx.Written() {
return
}
if userToPublicize.ID != ctx.Doer.ID {
ctx.Error(http.StatusForbidden, "", "Cannot publicize another member")
return
if userToPublicize.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "IsOwnedBy", err)
return
}
if !isOwner {
ctx.Error(http.StatusForbidden, "", "Cannot publicize another member")
return
}
}
err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToPublicize.ID, true)
if err != nil {
@ -282,9 +289,16 @@ func ConcealMember(ctx *context.APIContext) {
if ctx.Written() {
return
}
if userToConceal.ID != ctx.Doer.ID {
ctx.Error(http.StatusForbidden, "", "Cannot conceal another member")
return
if userToConceal.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "IsOwnedBy", err)
return
}
if !isOwner {
ctx.Error(http.StatusForbidden, "", "Cannot conceal another member")
return
}
}
err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToConceal.ID, false)
if err != nil {