public/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-29 10:57:44 +09:00
Code Issues Packages Projects Releases Wiki Activity

Hide 'New Project board' button for users that are not signed in (#12547)

Browse Source 
* hide: 'New Project board' button

* there is no reason to show the button for users that are not signed in

* update template: specifies the condition together with another one

as per lafriks' suggestion in the comment

* chore: add proper user authorization check

* chore: also hide button if repo is archived

* chore: show project board edit/delete menu to authorized users only

* chore: drop the redundant IsSigned check

* CanWriteIssues and CanWritePulls implies (and requires) signed in user

* Add CanWriteProjects and properly assert permissions

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf
2020-08-22 08:58:59 +02:00
committed by GitHub
parent a0484890c1
commit d4e35b9dc6
5 changed files with 110 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
routers/routes/routes.go
View File

@@ -535,6 +535,7 @@ func RegisterRoutes(m *macaron.Macaron) {
reqRepoIssuesOrPullsWriter := context.RequireRepoWriterOr(models.UnitTypeIssues, models.UnitTypePullRequests)
reqRepoIssuesOrPullsReader := context.RequireRepoReaderOr(models.UnitTypeIssues, models.UnitTypePullRequests)
reqRepoProjectsReader := context.RequireRepoReader(models.UnitTypeProjects)
reqRepoProjectsWriter := context.RequireRepoWriter(models.UnitTypeProjects)
// ***** START: Organization *****
m.Group("/org", func() {
@@ -858,24 +859,26 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Group("/projects", func() {
m.Get("", repo.Projects)
m.Get("/new", repo.NewProject)
m.Post("/new", bindIgnErr(auth.CreateProjectForm{}), repo.NewRepoProjectPost)
m.Group("/:id", func() {
m.Get("", repo.ViewProject)
m.Post("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.AddBoardToProjectPost)
m.Post("/delete", repo.DeleteProject)
m.Get("/:id", repo.ViewProject)
m.Group("", func() {
m.Get("/new", repo.NewProject)
m.Post("/new", bindIgnErr(auth.CreateProjectForm{}), repo.NewProjectPost)
m.Group("/:id", func() {
m.Post("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.AddBoardToProjectPost)
m.Post("/delete", repo.DeleteProject)
m.Get("/edit", repo.EditProject)
m.Post("/edit", bindIgnErr(auth.CreateProjectForm{}), repo.EditProjectPost)
m.Post("/^:action(open|close)$", repo.ChangeProjectStatus)
m.Get("/edit", repo.EditProject)
m.Post("/edit", bindIgnErr(auth.CreateProjectForm{}), repo.EditProjectPost)
m.Post("/^:action(open|close)$", repo.ChangeProjectStatus)
m.Group("/:boardID", func() {
m.Put("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.EditProjectBoardTitle)
m.Delete("", repo.DeleteProjectBoard)
m.Group("/:boardID", func() {
m.Put("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.EditProjectBoardTitle)
m.Delete("", repo.DeleteProjectBoard)
m.Post("/:index", repo.MoveIssueAcrossBoards)
m.Post("/:index", repo.MoveIssueAcrossBoards)
})
})
})
}, reqRepoProjectsWriter, context.RepoMustNotBeArchived())
}, reqRepoProjectsReader, repo.MustEnableProjects)
m.Group("/wiki", func() {