Move permission check from ArtifactsDeleteView to the route
As suggested by @Gusted in #2431, move the permission checking from `ArtifactsDeleteView` into the route instead, where it belongs. Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
This commit is contained in:
parent
b7ea2ea463
commit
9372bdd4a3
|
@ -579,11 +579,6 @@ func ArtifactsView(ctx *context_module.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func ArtifactsDeleteView(ctx *context_module.Context) {
|
func ArtifactsDeleteView(ctx *context_module.Context) {
|
||||||
if !ctx.Repo.CanWrite(unit.TypeActions) {
|
|
||||||
ctx.Error(http.StatusForbidden, "no permission")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
runIndex := ctx.ParamsInt64("run")
|
runIndex := ctx.ParamsInt64("run")
|
||||||
artifactName := ctx.Params("artifact_name")
|
artifactName := ctx.Params("artifact_name")
|
||||||
|
|
||||||
|
|
|
@ -1401,7 +1401,7 @@ func registerRoutes(m *web.Route) {
|
||||||
m.Post("/approve", reqRepoActionsWriter, actions.Approve)
|
m.Post("/approve", reqRepoActionsWriter, actions.Approve)
|
||||||
m.Post("/artifacts", actions.ArtifactsView)
|
m.Post("/artifacts", actions.ArtifactsView)
|
||||||
m.Get("/artifacts/{artifact_name}", actions.ArtifactsDownloadView)
|
m.Get("/artifacts/{artifact_name}", actions.ArtifactsDownloadView)
|
||||||
m.Delete("/artifacts/{artifact_name}", actions.ArtifactsDeleteView)
|
m.Delete("/artifacts/{artifact_name}", reqRepoActionsWriter, actions.ArtifactsDeleteView)
|
||||||
m.Post("/rerun", reqRepoActionsWriter, actions.Rerun)
|
m.Post("/rerun", reqRepoActionsWriter, actions.Rerun)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue