shaba/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-01-06 17:17:44 +03:00
Code Issues Projects Releases Wiki Activity

Merge 046151ef90 into d45456b1b5

Browse Source
This commit is contained in:
Tomeamis 2024-12-30 15:23:43 +08:00 committed by GitHub
commit b7529c030e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
routers/api/v1/org/member.go
View File

@ -240,10 +240,17 @@ func PublicizeMember(ctx *context.APIContext) {
if ctx.Written() { if ctx.Written() {
return return
} }
if userToPublicize.ID != ctx.Doer.ID { if userToPublicize.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "IsOwnedBy", err)
return
}
if !isOwner {
ctx.Error(http.StatusForbidden, "", "Cannot publicize another member") ctx.Error(http.StatusForbidden, "", "Cannot publicize another member")
return return
} }
}
err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToPublicize.ID, true) err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToPublicize.ID, true)
if err != nil { if err != nil {
ctx.Error(http.StatusInternalServerError, "ChangeOrgUserStatus", err) ctx.Error(http.StatusInternalServerError, "ChangeOrgUserStatus", err)
@ -282,10 +289,17 @@ func ConcealMember(ctx *context.APIContext) {
if ctx.Written() { if ctx.Written() {
return return
} }
if userToConceal.ID != ctx.Doer.ID { if userToConceal.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "IsOwnedBy", err)
return
}
if !isOwner {
ctx.Error(http.StatusForbidden, "", "Cannot conceal another member") ctx.Error(http.StatusForbidden, "", "Cannot conceal another member")
return return
} }
}
err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToConceal.ID, false) err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToConceal.ID, false)
if err != nil { if err != nil {
ctx.Error(http.StatusInternalServerError, "ChangeOrgUserStatus", err) ctx.Error(http.StatusInternalServerError, "ChangeOrgUserStatus", err)