rdelaage
/
gitea
mirror of https://github.com/go-gitea/gitea.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge 046151ef90 into 58a03e9fad

This commit is contained in:
Tomeamis 2024-05-19 14:53:46 +09:00 committed by GitHub
parent 58a03e9fad 046151ef90
commit 28c8f93e36
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
routers/api/v1/org/member.go
View File

@ -236,9 +236,16 @@ func PublicizeMember(ctx *context.APIContext) {
if ctx.Written() {
return
}
if userToPublicize.ID != ctx.Doer.ID {
ctx.Error(http.StatusForbidden, "", "Cannot publicize another member")
return
if userToPublicize.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "IsOwnedBy", err)
return
}
if !isOwner {
ctx.Error(http.StatusForbidden, "", "Cannot publicize another member")
return
}
}
err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToPublicize.ID, true)
if err != nil {
@ -278,9 +285,16 @@ func ConcealMember(ctx *context.APIContext) {
if ctx.Written() {
return
}
if userToConceal.ID != ctx.Doer.ID {
ctx.Error(http.StatusForbidden, "", "Cannot conceal another member")
return
if userToConceal.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "IsOwnedBy", err)
return
}
if !isOwner {
ctx.Error(http.StatusForbidden, "", "Cannot conceal another member")
return
}
}
err := organization.ChangeOrgUserStatus(ctx, ctx.Org.Organization.ID, userToConceal.ID, false)
if err != nil {