tyler.durden/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-31 11:35:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Prevent DeleteUser API abuse (#10125)

Browse Source 
* fix & co

* word suggestions from @jolheiser
This commit is contained in:
6543 2020-02-03 17:46:33 +01:00 committed by GitHub
parent 29151b90c6
commit ea50f60df2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
routers/api/v1/admin/user.go
View File

@ -7,6 +7,7 @@ package admin
import ( import (
"errors" "errors"
"fmt"
"net/http" "net/http"
"code.gitea.io/gitea/models" "code.gitea.io/gitea/models"
@ -227,6 +228,11 @@ func DeleteUser(ctx *context.APIContext) {
return return
} }
if u.IsOrganization() {
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("%s is an organization not a user", u.Name))
return
}
if err := models.DeleteUser(u); err != nil { if err := models.DeleteUser(u); err != nil {
if models.IsErrUserOwnRepos(err) || if models.IsErrUserOwnRepos(err) ||
models.IsErrUserHasOrgs(err) { models.IsErrUserHasOrgs(err) {

2
routers/org/setting.go
View File

@ -115,7 +115,7 @@ func SettingsDeleteAvatar(ctx *context.Context) {
ctx.Redirect(ctx.Org.OrgLink + "/settings") ctx.Redirect(ctx.Org.OrgLink + "/settings")
} }
// SettingsDelete response for delete repository // SettingsDelete response for deleting an organization
func SettingsDelete(ctx *context.Context) { func SettingsDelete(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("org.settings") ctx.Data["Title"] = ctx.Tr("org.settings")
ctx.Data["PageIsSettingsDelete"] = true ctx.Data["PageIsSettingsDelete"] = true