Browse Source

#2345 disallow access of some pages for empty repo

Unknwon 8 years ago
parent
commit
e0f0f72a36
5 changed files with 17 additions and 10 deletions
  1. 1 1
      README.md
  2. 7 6
      cmd/web.go
  3. 1 1
      gogs.go
  4. 7 1
      routers/repo/repo.go
  5. 1 1
      templates/.VERSION

+ 1 - 1
README.md

@@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
 
 ![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
 
-##### Current version: 0.8.16
+##### Current version: 0.8.17
 
 | Web | UI  | Preview  |
 |:-------------:|:-------:|:-------:|

+ 7 - 6
cmd/web.go

@@ -432,9 +432,8 @@ func runWeb(ctx *cli.Context) {
 		})
 	}, reqSignIn, middleware.RepoAssignment(), reqRepoAdmin, middleware.RepoRef())
 
+	m.Get("/:username/:reponame/action/:action", reqSignIn, middleware.RepoAssignment(), repo.Action)
 	m.Group("/:username/:reponame", func() {
-		m.Get("/action/:action", repo.Action)
-
 		m.Group("/issues", func() {
 			m.Combo("/new", repo.MustEnableIssues).Get(middleware.RepoRef(), repo.NewIssue).
 				Post(bindIgnErr(auth.CreateIssueForm{}), repo.NewIssuePost)
@@ -476,7 +475,7 @@ func runWeb(ctx *cli.Context) {
 
 		m.Combo("/compare/*", repo.MustEnablePulls).Get(repo.CompareAndPullRequest).
 			Post(bindIgnErr(auth.CreateIssueForm{}), repo.CompareAndPullRequestPost)
-	}, reqSignIn, middleware.RepoAssignment())
+	}, reqSignIn, middleware.RepoAssignment(), repo.MustBeNotBare)
 
 	m.Group("/:username/:reponame", func() {
 		m.Group("", func() {
@@ -514,13 +513,15 @@ func runWeb(ctx *cli.Context) {
 			m.Get("/raw/*", repo.SingleDownload)
 			m.Get("/commits/*", repo.RefCommits)
 			m.Get("/commit/*", repo.Diff)
-			m.Get("/stars", repo.Stars)
-			m.Get("/watchers", repo.Watchers)
 			m.Get("/forks", repo.Forks)
 		}, middleware.RepoRef())
 
 		m.Get("/compare/:before([a-z0-9]{40})...:after([a-z0-9]{40})", repo.CompareDiff)
-	}, ignSignIn, middleware.RepoAssignment())
+	}, ignSignIn, middleware.RepoAssignment(), repo.MustBeNotBare)
+	m.Group("/:username/:reponame", func() {
+		m.Get("/stars", repo.Stars)
+		m.Get("/watchers", repo.Watchers)
+	}, ignSignIn, middleware.RepoAssignment(), middleware.RepoRef())
 
 	m.Group("/:username", func() {
 		m.Group("/:reponame", func() {

+ 1 - 1
gogs.go

@@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.8.16.0107"
+const APP_VER = "0.8.17.0107"
 
 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())

+ 7 - 1
routers/repo/repo.go

@@ -27,6 +27,12 @@ const (
 	MIGRATE base.TplName = "repo/migrate"
 )
 
+func MustBeNotBare(ctx *middleware.Context) {
+	if ctx.Repo.Repository.IsBare {
+		ctx.Handle(404, "MustBeNotBare", nil)
+	}
+}
+
 func checkContextUser(ctx *middleware.Context, uid int64) *models.User {
 	orgs, err := models.GetOwnedOrgsByUserIDDesc(ctx.User.Id, "updated")
 	if err != nil {
@@ -232,7 +238,7 @@ func Action(ctx *middleware.Context) {
 		err = models.StarRepo(ctx.User.Id, ctx.Repo.Repository.ID, true)
 	case "unstar":
 		err = models.StarRepo(ctx.User.Id, ctx.Repo.Repository.ID, false)
-	case "desc":
+	case "desc": // FIXME: this is not used
 		if !ctx.Repo.IsOwner() {
 			ctx.Error(404)
 			return

+ 1 - 1
templates/.VERSION

@@ -1 +1 @@
-0.8.16.0107
+0.8.17.0107