forked from forgejo/forgejo
Hide 'New Project board' button for users that are not signed in (#12547)
* hide: 'New Project board' button * there is no reason to show the button for users that are not signed in * update template: specifies the condition together with another one as per lafriks' suggestion in the comment * chore: add proper user authorization check * chore: also hide button if repo is archived * chore: show project board edit/delete menu to authorized users only * chore: drop the redundant IsSigned check * CanWriteIssues and CanWritePulls implies (and requires) signed in user * Add CanWriteProjects and properly assert permissions Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf
GitHub
parent
a0484890c1
commit
d4e35b9dc6
5 changed files with 110 additions and 104 deletions
|
|
@ -535,6 +535,7 @@ func RegisterRoutes(m *macaron.Macaron) {
|
|||
reqRepoIssuesOrPullsWriter := context.RequireRepoWriterOr(models.UnitTypeIssues, models.UnitTypePullRequests)
|
||||
reqRepoIssuesOrPullsReader := context.RequireRepoReaderOr(models.UnitTypeIssues, models.UnitTypePullRequests)
|
||||
reqRepoProjectsReader := context.RequireRepoReader(models.UnitTypeProjects)
|
||||
reqRepoProjectsWriter := context.RequireRepoWriter(models.UnitTypeProjects)
|
||||
|
||||
// ***** START: Organization *****
|
||||
m.Group("/org", func() {
|
||||
|
|
@ -858,24 +859,26 @@ func RegisterRoutes(m *macaron.Macaron) {
|
|||
|
||||
m.Group("/projects", func() {
|
||||
m.Get("", repo.Projects)
|
||||
m.Get("/new", repo.NewProject)
|
||||
m.Post("/new", bindIgnErr(auth.CreateProjectForm{}), repo.NewRepoProjectPost)
|
||||
m.Group("/:id", func() {
|
||||
m.Get("", repo.ViewProject)
|
||||
m.Post("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.AddBoardToProjectPost)
|
||||
m.Post("/delete", repo.DeleteProject)
|
||||
m.Get("/:id", repo.ViewProject)
|
||||
m.Group("", func() {
|
||||
m.Get("/new", repo.NewProject)
|
||||
m.Post("/new", bindIgnErr(auth.CreateProjectForm{}), repo.NewProjectPost)
|
||||
m.Group("/:id", func() {
|
||||
m.Post("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.AddBoardToProjectPost)
|
||||
m.Post("/delete", repo.DeleteProject)
|
||||
|
||||
m.Get("/edit", repo.EditProject)
|
||||
m.Post("/edit", bindIgnErr(auth.CreateProjectForm{}), repo.EditProjectPost)
|
||||
m.Post("/^:action(open|close)$", repo.ChangeProjectStatus)
|
||||
m.Get("/edit", repo.EditProject)
|
||||
m.Post("/edit", bindIgnErr(auth.CreateProjectForm{}), repo.EditProjectPost)
|
||||
m.Post("/^:action(open|close)$", repo.ChangeProjectStatus)
|
||||
|
||||
m.Group("/:boardID", func() {
|
||||
m.Put("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.EditProjectBoardTitle)
|
||||
m.Delete("", repo.DeleteProjectBoard)
|
||||
m.Group("/:boardID", func() {
|
||||
m.Put("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.EditProjectBoardTitle)
|
||||
m.Delete("", repo.DeleteProjectBoard)
|
||||
|
||||
m.Post("/:index", repo.MoveIssueAcrossBoards)
|
||||
m.Post("/:index", repo.MoveIssueAcrossBoards)
|
||||
})
|
||||
})
|
||||
})
|
||||
}, reqRepoProjectsWriter, context.RepoMustNotBeArchived())
|
||||
}, reqRepoProjectsReader, repo.MustEnableProjects)
|
||||
|
||||
m.Group("/wiki", func() {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue