mirror of https://github.com/go-gitea/gitea.git
Hide 'New Project board' button for users that are not signed in (#12547)
* hide: 'New Project board' button * there is no reason to show the button for users that are not signed in * update template: specifies the condition together with another one as per lafriks' suggestion in the comment * chore: add proper user authorization check * chore: also hide button if repo is archived * chore: show project board edit/delete menu to authorized users only * chore: drop the redundant IsSigned check * CanWriteIssues and CanWritePulls implies (and requires) signed in user * Add CanWriteProjects and properly assert permissions Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
parent
a0484890c1
commit
d4e35b9dc6
|
@ -95,6 +95,7 @@ func Projects(ctx *context.Context) {
|
||||||
pager.AddParam(ctx, "state", "State")
|
pager.AddParam(ctx, "state", "State")
|
||||||
ctx.Data["Page"] = pager
|
ctx.Data["Page"] = pager
|
||||||
|
|
||||||
|
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||||
ctx.Data["IsShowClosed"] = isShowClosed
|
ctx.Data["IsShowClosed"] = isShowClosed
|
||||||
ctx.Data["IsProjectsPage"] = true
|
ctx.Data["IsProjectsPage"] = true
|
||||||
ctx.Data["SortType"] = sortType
|
ctx.Data["SortType"] = sortType
|
||||||
|
@ -106,16 +107,17 @@ func Projects(ctx *context.Context) {
|
||||||
func NewProject(ctx *context.Context) {
|
func NewProject(ctx *context.Context) {
|
||||||
ctx.Data["Title"] = ctx.Tr("repo.projects.new")
|
ctx.Data["Title"] = ctx.Tr("repo.projects.new")
|
||||||
ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
|
ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
|
||||||
|
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||||
ctx.HTML(200, tplProjectsNew)
|
ctx.HTML(200, tplProjectsNew)
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewRepoProjectPost creates a new project
|
// NewProjectPost creates a new project
|
||||||
func NewRepoProjectPost(ctx *context.Context, form auth.CreateProjectForm) {
|
func NewProjectPost(ctx *context.Context, form auth.CreateProjectForm) {
|
||||||
|
|
||||||
ctx.Data["Title"] = ctx.Tr("repo.projects.new")
|
ctx.Data["Title"] = ctx.Tr("repo.projects.new")
|
||||||
|
|
||||||
if ctx.HasError() {
|
if ctx.HasError() {
|
||||||
|
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||||
|
ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
|
||||||
ctx.HTML(200, tplProjectsNew)
|
ctx.HTML(200, tplProjectsNew)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -192,6 +194,7 @@ func EditProject(ctx *context.Context) {
|
||||||
ctx.Data["Title"] = ctx.Tr("repo.projects.edit")
|
ctx.Data["Title"] = ctx.Tr("repo.projects.edit")
|
||||||
ctx.Data["PageIsProjects"] = true
|
ctx.Data["PageIsProjects"] = true
|
||||||
ctx.Data["PageIsEditProjects"] = true
|
ctx.Data["PageIsEditProjects"] = true
|
||||||
|
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||||
|
|
||||||
p, err := models.GetProjectByID(ctx.ParamsInt64(":id"))
|
p, err := models.GetProjectByID(ctx.ParamsInt64(":id"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -218,9 +221,10 @@ func EditProjectPost(ctx *context.Context, form auth.CreateProjectForm) {
|
||||||
ctx.Data["Title"] = ctx.Tr("repo.projects.edit")
|
ctx.Data["Title"] = ctx.Tr("repo.projects.edit")
|
||||||
ctx.Data["PageIsProjects"] = true
|
ctx.Data["PageIsProjects"] = true
|
||||||
ctx.Data["PageIsEditProjects"] = true
|
ctx.Data["PageIsEditProjects"] = true
|
||||||
|
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||||
|
|
||||||
if ctx.HasError() {
|
if ctx.HasError() {
|
||||||
ctx.HTML(200, tplMilestoneNew)
|
ctx.HTML(200, tplProjectsNew)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -287,6 +291,7 @@ func ViewProject(ctx *context.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||||
ctx.Data["Project"] = project
|
ctx.Data["Project"] = project
|
||||||
ctx.Data["Boards"] = allBoards
|
ctx.Data["Boards"] = allBoards
|
||||||
ctx.Data["PageIsProjects"] = true
|
ctx.Data["PageIsProjects"] = true
|
||||||
|
@ -551,6 +556,7 @@ func MoveIssueAcrossBoards(ctx *context.Context) {
|
||||||
func CreateProject(ctx *context.Context) {
|
func CreateProject(ctx *context.Context) {
|
||||||
ctx.Data["Title"] = ctx.Tr("repo.projects.new")
|
ctx.Data["Title"] = ctx.Tr("repo.projects.new")
|
||||||
ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
|
ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
|
||||||
|
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||||
|
|
||||||
ctx.HTML(200, tplGenericProjectsNew)
|
ctx.HTML(200, tplGenericProjectsNew)
|
||||||
}
|
}
|
||||||
|
@ -566,6 +572,7 @@ func CreateProjectPost(ctx *context.Context, form auth.UserCreateProjectForm) {
|
||||||
ctx.Data["ContextUser"] = user
|
ctx.Data["ContextUser"] = user
|
||||||
|
|
||||||
if ctx.HasError() {
|
if ctx.HasError() {
|
||||||
|
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||||
ctx.HTML(200, tplGenericProjectsNew)
|
ctx.HTML(200, tplGenericProjectsNew)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -535,6 +535,7 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
reqRepoIssuesOrPullsWriter := context.RequireRepoWriterOr(models.UnitTypeIssues, models.UnitTypePullRequests)
|
reqRepoIssuesOrPullsWriter := context.RequireRepoWriterOr(models.UnitTypeIssues, models.UnitTypePullRequests)
|
||||||
reqRepoIssuesOrPullsReader := context.RequireRepoReaderOr(models.UnitTypeIssues, models.UnitTypePullRequests)
|
reqRepoIssuesOrPullsReader := context.RequireRepoReaderOr(models.UnitTypeIssues, models.UnitTypePullRequests)
|
||||||
reqRepoProjectsReader := context.RequireRepoReader(models.UnitTypeProjects)
|
reqRepoProjectsReader := context.RequireRepoReader(models.UnitTypeProjects)
|
||||||
|
reqRepoProjectsWriter := context.RequireRepoWriter(models.UnitTypeProjects)
|
||||||
|
|
||||||
// ***** START: Organization *****
|
// ***** START: Organization *****
|
||||||
m.Group("/org", func() {
|
m.Group("/org", func() {
|
||||||
|
@ -858,10 +859,11 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
|
|
||||||
m.Group("/projects", func() {
|
m.Group("/projects", func() {
|
||||||
m.Get("", repo.Projects)
|
m.Get("", repo.Projects)
|
||||||
|
m.Get("/:id", repo.ViewProject)
|
||||||
|
m.Group("", func() {
|
||||||
m.Get("/new", repo.NewProject)
|
m.Get("/new", repo.NewProject)
|
||||||
m.Post("/new", bindIgnErr(auth.CreateProjectForm{}), repo.NewRepoProjectPost)
|
m.Post("/new", bindIgnErr(auth.CreateProjectForm{}), repo.NewProjectPost)
|
||||||
m.Group("/:id", func() {
|
m.Group("/:id", func() {
|
||||||
m.Get("", repo.ViewProject)
|
|
||||||
m.Post("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.AddBoardToProjectPost)
|
m.Post("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.AddBoardToProjectPost)
|
||||||
m.Post("/delete", repo.DeleteProject)
|
m.Post("/delete", repo.DeleteProject)
|
||||||
|
|
||||||
|
@ -876,6 +878,7 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
m.Post("/:index", repo.MoveIssueAcrossBoards)
|
m.Post("/:index", repo.MoveIssueAcrossBoards)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
}, reqRepoProjectsWriter, context.RepoMustNotBeArchived())
|
||||||
}, reqRepoProjectsReader, repo.MustEnableProjects)
|
}, reqRepoProjectsReader, repo.MustEnableProjects)
|
||||||
|
|
||||||
m.Group("/wiki", func() {
|
m.Group("/wiki", func() {
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<div class="ui container">
|
<div class="ui container">
|
||||||
<div class="navbar">
|
<div class="navbar">
|
||||||
{{template "repo/issue/navbar" .}}
|
{{template "repo/issue/navbar" .}}
|
||||||
{{if and (or .CanWriteIssues .CanWritePulls) (not .Repository.IsArchived)}}
|
{{if and .CanWriteProjects (not .Repository.IsArchived)}}
|
||||||
<div class="ui right">
|
<div class="ui right">
|
||||||
<a class="ui green button" href="{{$.Link}}/new">{{.i18n.Tr "repo.projects.new"}}</a>
|
<a class="ui green button" href="{{$.Link}}/new">{{.i18n.Tr "repo.projects.new"}}</a>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<div class="ui container">
|
<div class="ui container">
|
||||||
<div class="navbar">
|
<div class="navbar">
|
||||||
{{template "repo/issue/navbar" .}}
|
{{template "repo/issue/navbar" .}}
|
||||||
{{if and (or .CanWriteIssues .CanWritePulls) .PageIsEditProject}}
|
{{if and .CanWriteProjects .PageIsEditProject}}
|
||||||
<div class="ui right floated secondary menu">
|
<div class="ui right floated secondary menu">
|
||||||
<a class="ui green button" href="{{$.RepoLink}}/projects/new">{{.i18n.Tr "repo.milestones.new"}}</a>
|
<a class="ui green button" href="{{$.RepoLink}}/projects/new">{{.i18n.Tr "repo.milestones.new"}}</a>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -10,10 +10,9 @@
|
||||||
{{template "repo/issue/search" .}}
|
{{template "repo/issue/search" .}}
|
||||||
</div>
|
</div>
|
||||||
<div class="column right aligned">
|
<div class="column right aligned">
|
||||||
{{if .PageIsProjects}}
|
{{if and .CanWriteProjects (not .Repository.IsArchived) .PageIsProjects}}
|
||||||
<a class="ui green button show-modal item" data-modal="#new-board-item">{{.i18n.Tr "new_project_board"}}</a>
|
<a class="ui green button show-modal item" data-modal="#new-board-item">{{.i18n.Tr "new_project_board"}}</a>
|
||||||
{{end}}
|
{{end}}
|
||||||
|
|
||||||
<div class="ui small modal" id="new-board-item">
|
<div class="ui small modal" id="new-board-item">
|
||||||
<div class="header">
|
<div class="header">
|
||||||
{{$.i18n.Tr "repo.projects.board.new"}}
|
{{$.i18n.Tr "repo.projects.board.new"}}
|
||||||
|
@ -45,9 +44,7 @@
|
||||||
<div class="ui segment board-column">
|
<div class="ui segment board-column">
|
||||||
<div class="board-column-header">
|
<div class="board-column-header">
|
||||||
<div class="ui large label board-label">{{.Title}}</div>
|
<div class="ui large label board-label">{{.Title}}</div>
|
||||||
|
{{if and $.CanWriteProjects (not $.Repository.IsArchived) $.PageIsProjects (ne .ID 0)}}
|
||||||
{{ if $.IsSigned }}
|
|
||||||
{{ if not (eq .ID 0) }}
|
|
||||||
<div class="ui dropdown jump item poping up right" data-variation="tiny inverted">
|
<div class="ui dropdown jump item poping up right" data-variation="tiny inverted">
|
||||||
<span class="ui text">
|
<span class="ui text">
|
||||||
<img class="ui tiny avatar image" width="24" height="24">
|
<img class="ui tiny avatar image" width="24" height="24">
|
||||||
|
@ -104,7 +101,6 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ end }}
|
|
||||||
</div>
|
</div>
|
||||||
<div class="ui divider"></div>
|
<div class="ui divider"></div>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue