mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-29 21:26:10 +01:00
33 lines
937 B
Go
33 lines
937 B
Go
|
// Copyright 2023 The forgejo Authors. All rights reserved.
|
||
|
// SPDX-License-Identifier: MIT
|
||
|
|
||
|
package context
|
||
|
|
||
|
import (
|
||
|
"net/http"
|
||
|
|
||
|
repo_model "code.gitea.io/gitea/models/repo"
|
||
|
"code.gitea.io/gitea/modules/context"
|
||
|
)
|
||
|
|
||
|
// RepositoryIDAssignmentAPI returns a middleware to handle context-repo assignment for api routes
|
||
|
func RepositoryIDAssignmentAPI() func(ctx *context.APIContext) {
|
||
|
return func(ctx *context.APIContext) {
|
||
|
// TODO: enough validation for security?
|
||
|
repositoryID := ctx.ParamsInt64(":repository-id")
|
||
|
|
||
|
//TODO: check auth here ?
|
||
|
if !ctx.Repo.HasAccess() && !ctx.IsUserSiteAdmin() {
|
||
|
ctx.Error(http.StatusForbidden, "reqAnyRepoReader", "user should have any permission to read repository or permissions of site admin")
|
||
|
return
|
||
|
}
|
||
|
|
||
|
var err error
|
||
|
ctx.Repo, err = repo_model.GetRepositoryByID(ctx, repositoryID)
|
||
|
|
||
|
if err != nil {
|
||
|
ctx.Error(http.StatusInternalServerError, "GetRepositoryByID", err)
|
||
|
}
|
||
|
}
|
||
|
}
|