From 57a69ef277546414893a38feb70412aa4c32330e Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Wed, 30 Jan 2019 18:20:40 +0100 Subject: [PATCH] don't allow pull requests to be created on an archived repository (#5883) * don't allow pull requests to be created on an archived repository Also disable the "PR" button if the repo is archived * Refuse creating an issue/PR via API calls too --- routers/api/v1/api.go | 19 +++++++++++++------ routers/routes/routes.go | 2 +- templates/repo/home.tmpl | 2 +- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index d8f78550c8..7e7bf6a50b 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -74,7 +74,7 @@ import ( api "code.gitea.io/sdk/gitea" "github.com/go-macaron/binding" - "gopkg.in/macaron.v1" + macaron "gopkg.in/macaron.v1" ) func sudo() macaron.Handler { @@ -371,6 +371,13 @@ func mustEnableUserHeatmap(ctx *context.Context) { } } +func mustNotBeArchived(ctx *context.Context) { + if ctx.Repo.Repository.IsArchived { + ctx.Status(404) + return + } +} + // RegisterRoutes registers all v1 APIs routes to web application. // FIXME: custom form error response func RegisterRoutes(m *macaron.Macaron) { @@ -518,11 +525,11 @@ func RegisterRoutes(m *macaron.Macaron) { }, mustEnableIssues) m.Group("/issues", func() { m.Combo("").Get(repo.ListIssues). - Post(reqToken(), bind(api.CreateIssueOption{}), repo.CreateIssue) + Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueOption{}), repo.CreateIssue) m.Group("/comments", func() { m.Get("", repo.ListRepoIssueComments) m.Combo("/:id", reqToken()). - Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueComment). + Patch(mustNotBeArchived, bind(api.EditIssueCommentOption{}), repo.EditIssueComment). Delete(repo.DeleteIssueComment) }) m.Group("/:index", func() { @@ -531,7 +538,7 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("/comments", func() { m.Combo("").Get(repo.ListIssueComments). - Post(reqToken(), bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment) + Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment) m.Combo("/:id", reqToken()).Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueCommentDeprecated). Delete(repo.DeleteIssueCommentDeprecated) }) @@ -593,12 +600,12 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("/editorconfig/:filename", context.RepoRef(), reqRepoReader(models.UnitTypeCode), repo.GetEditorconfig) m.Group("/pulls", func() { m.Combo("").Get(bind(api.ListPullRequestsOptions{}), repo.ListPullRequests). - Post(reqToken(), bind(api.CreatePullRequestOption{}), repo.CreatePullRequest) + Post(reqToken(), mustNotBeArchived, bind(api.CreatePullRequestOption{}), repo.CreatePullRequest) m.Group("/:index", func() { m.Combo("").Get(repo.GetPullRequest). Patch(reqToken(), reqRepoWriter(models.UnitTypePullRequests), bind(api.EditPullRequestOption{}), repo.EditPullRequest) m.Combo("/merge").Get(repo.IsPullRequestMerged). - Post(reqToken(), reqRepoWriter(models.UnitTypePullRequests), bind(auth.MergePullRequestForm{}), repo.MergePullRequest) + Post(reqToken(), mustNotBeArchived, reqRepoWriter(models.UnitTypePullRequests), bind(auth.MergePullRequestForm{}), repo.MergePullRequest) }) }, mustAllowPulls, reqRepoReader(models.UnitTypeCode), context.ReferencesGitRepo()) m.Group("/statuses", func() { diff --git a/routers/routes/routes.go b/routers/routes/routes.go index 41f38801c8..c6b7a097ea 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -586,7 +586,7 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("/milestone", func() { m.Get("/:id", repo.MilestoneIssuesAndPulls) }, reqRepoIssuesOrPullsWriter, context.RepoRef()) - m.Combo("/compare/*", reqRepoCodeReader, reqRepoPullsReader, repo.MustAllowPulls, repo.SetEditorconfigIfExists). + m.Combo("/compare/*", context.RepoMustNotBeArchived(), reqRepoCodeReader, reqRepoPullsReader, repo.MustAllowPulls, repo.SetEditorconfigIfExists). Get(repo.SetDiffViewStyle, repo.CompareAndPullRequest). Post(bindIgnErr(auth.CreateIssueForm{}), repo.CompareAndPullRequestPost) diff --git a/templates/repo/home.tmpl b/templates/repo/home.tmpl index 735f6c00b9..d7161153cb 100644 --- a/templates/repo/home.tmpl +++ b/templates/repo/home.tmpl @@ -57,7 +57,7 @@ {{end}} {{template "repo/sub_menu" .}}