Skip to content

Commit db7349b

Browse files
wxiaoguangwxiaoguang
authored
Make owner/repo/pulls handlers use "PR reader" permission (#32254) (#32265)
Backport #32254 (no conflict)
1 parent 55562f9 commit db7349b

File tree

1 file changed

+29
-26
lines changed

1 file changed

+29
-26
lines changed

routers/web/web.go

Lines changed: 29 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1454,6 +1454,35 @@ func registerRoutes(m *web.Route) {
14541454
)
14551455
// end "/{username}/{reponame}/activity"
14561456

1457+
m.Group("/{username}/{reponame}", func() {
1458+
m.Group("/pulls/{index}", func() {
1459+
m.Get("", repo.SetWhitespaceBehavior, repo.GetPullDiffStats, repo.ViewIssue)
1460+
m.Get(".diff", repo.DownloadPullDiff)
1461+
m.Get(".patch", repo.DownloadPullPatch)
1462+
m.Group("/commits", func() {
1463+
m.Get("", context.RepoRef(), repo.SetWhitespaceBehavior, repo.GetPullDiffStats, repo.ViewPullCommits)
1464+
m.Get("/list", context.RepoRef(), repo.GetPullCommits)
1465+
m.Get("/{sha:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForSingleCommit)
1466+
})
1467+
m.Post("/merge", context.RepoMustNotBeArchived(), web.Bind(forms.MergePullRequestForm{}), repo.MergePullRequest)
1468+
m.Post("/cancel_auto_merge", context.RepoMustNotBeArchived(), repo.CancelAutoMergePullRequest)
1469+
m.Post("/update", repo.UpdatePullRequest)
1470+
m.Post("/set_allow_maintainer_edit", web.Bind(forms.UpdateAllowEditsForm{}), repo.SetAllowEdits)
1471+
m.Post("/cleanup", context.RepoMustNotBeArchived(), context.RepoRef(), repo.CleanUpPullRequest)
1472+
m.Group("/files", func() {
1473+
m.Get("", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForAllCommitsOfPr)
1474+
m.Get("/{sha:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesStartingFromCommit)
1475+
m.Get("/{shaFrom:[a-f0-9]{7,40}}..{shaTo:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForRange)
1476+
m.Group("/reviews", func() {
1477+
m.Get("/new_comment", repo.RenderNewCodeCommentForm)
1478+
m.Post("/comments", web.Bind(forms.CodeCommentForm{}), repo.SetShowOutdatedComments, repo.CreateCodeComment)
1479+
m.Post("/submit", web.Bind(forms.SubmitReviewForm{}), repo.SubmitReview)
1480+
}, context.RepoMustNotBeArchived())
1481+
})
1482+
})
1483+
}, ignSignIn, context.RepoAssignment, repo.MustAllowPulls, reqRepoPullsReader)
1484+
// end "/{username}/{reponame}/pulls/{index}": repo pull request
1485+
14571486
m.Group("/{username}/{reponame}", func() {
14581487
m.Group("/activity_author_data", func() {
14591488
m.Get("", repo.ActivityAuthors)
@@ -1492,32 +1521,6 @@ func registerRoutes(m *web.Route) {
14921521
return cancel
14931522
})
14941523

1495-
m.Group("/pulls/{index}", func() {
1496-
m.Get("", repo.SetWhitespaceBehavior, repo.GetPullDiffStats, repo.ViewIssue)
1497-
m.Get(".diff", repo.DownloadPullDiff)
1498-
m.Get(".patch", repo.DownloadPullPatch)
1499-
m.Group("/commits", func() {
1500-
m.Get("", context.RepoRef(), repo.SetWhitespaceBehavior, repo.GetPullDiffStats, repo.ViewPullCommits)
1501-
m.Get("/list", context.RepoRef(), repo.GetPullCommits)
1502-
m.Get("/{sha:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForSingleCommit)
1503-
})
1504-
m.Post("/merge", context.RepoMustNotBeArchived(), web.Bind(forms.MergePullRequestForm{}), repo.MergePullRequest)
1505-
m.Post("/cancel_auto_merge", context.RepoMustNotBeArchived(), repo.CancelAutoMergePullRequest)
1506-
m.Post("/update", repo.UpdatePullRequest)
1507-
m.Post("/set_allow_maintainer_edit", web.Bind(forms.UpdateAllowEditsForm{}), repo.SetAllowEdits)
1508-
m.Post("/cleanup", context.RepoMustNotBeArchived(), context.RepoRef(), repo.CleanUpPullRequest)
1509-
m.Group("/files", func() {
1510-
m.Get("", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForAllCommitsOfPr)
1511-
m.Get("/{sha:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesStartingFromCommit)
1512-
m.Get("/{shaFrom:[a-f0-9]{7,40}}..{shaTo:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForRange)
1513-
m.Group("/reviews", func() {
1514-
m.Get("/new_comment", repo.RenderNewCodeCommentForm)
1515-
m.Post("/comments", web.Bind(forms.CodeCommentForm{}), repo.SetShowOutdatedComments, repo.CreateCodeComment)
1516-
m.Post("/submit", web.Bind(forms.SubmitReviewForm{}), repo.SubmitReview)
1517-
}, context.RepoMustNotBeArchived())
1518-
})
1519-
}, repo.MustAllowPulls)
1520-
15211524
m.Group("/media", func() {
15221525
m.Get("/branch/*", context.RepoRefByType(context.RepoRefBranch), repo.SingleDownloadOrLFS)
15231526
m.Get("/tag/*", context.RepoRefByType(context.RepoRefTag), repo.SingleDownloadOrLFS)

0 commit comments

Comments
 (0)