models/webhook: restrict deletion to be explicitly with repo and org ID

This commit is contained in:
Unknwon 2016-07-17 08:33:59 +08:00
parent 5ff2dfb23e
commit 60110adc06
7 changed files with 55 additions and 48 deletions

View File

@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true) ![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
##### Current tip version: 0.9.45 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions) ##### Current tip version: 0.9.46 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions)
| Web | UI | Preview | | Web | UI | Preview |
|:-------------:|:-------:|:-------:| |:-------------:|:-------:|:-------:|

View File

@ -17,7 +17,7 @@ import (
"github.com/gogits/gogs/modules/setting" "github.com/gogits/gogs/modules/setting"
) )
const APP_VER = "0.9.45.0716" const APP_VER = "0.9.46.0717"
func init() { func init() {
runtime.GOMAXPROCS(runtime.NumCPU()) runtime.GOMAXPROCS(runtime.NumCPU())

View File

@ -174,28 +174,32 @@ func CreateWebhook(w *Webhook) error {
return err return err
} }
// GetWebhookByRepoID returns webhook of repository by given ID. // getWebhook uses argument bean as query condition,
func GetWebhookByRepoID(repoID, id int64) (*Webhook, error) { // ID must be specified and do not assign unnecessary fields.
w := new(Webhook) func getWebhook(bean *Webhook) (*Webhook, error) {
has, err := x.Id(id).And("repo_id=?", repoID).Get(w) has, err := x.Get(bean)
if err != nil { if err != nil {
return nil, err return nil, err
} else if !has { } else if !has {
return nil, ErrWebhookNotExist{id} return nil, ErrWebhookNotExist{bean.ID}
} }
return w, nil return bean, nil
}
// GetWebhookByRepoID returns webhook of repository by given ID.
func GetWebhookByRepoID(repoID, id int64) (*Webhook, error) {
return getWebhook(&Webhook{
ID: id,
RepoID: repoID,
})
} }
// GetWebhookByOrgID returns webhook of organization by given ID. // GetWebhookByOrgID returns webhook of organization by given ID.
func GetWebhookByOrgID(orgID, id int64) (*Webhook, error) { func GetWebhookByOrgID(orgID, id int64) (*Webhook, error) {
w := new(Webhook) return getWebhook(&Webhook{
has, err := x.Id(id).And("org_id=?", orgID).Get(w) ID: id,
if err != nil { OrgID: orgID,
return nil, err })
} else if !has {
return nil, ErrWebhookNotExist{id}
}
return w, nil
} }
// GetActiveWebhooksByRepoID returns all active webhooks of repository. // GetActiveWebhooksByRepoID returns all active webhooks of repository.
@ -216,23 +220,40 @@ func UpdateWebhook(w *Webhook) error {
return err return err
} }
// DeleteWebhook deletes webhook of repository. // deleteWebhook uses argument bean as query condition,
func DeleteWebhook(id int64) (err error) { // ID must be specified and do not assign unnecessary fields.
func deleteWebhook(bean *Webhook) (err error) {
sess := x.NewSession() sess := x.NewSession()
defer sessionRelease(sess) defer sessionRelease(sess)
if err = sess.Begin(); err != nil { if err = sess.Begin(); err != nil {
return err return err
} }
if _, err = sess.Delete(&Webhook{ID: id}); err != nil { if _, err = sess.Delete(bean); err != nil {
return err return err
} else if _, err = sess.Delete(&HookTask{HookID: id}); err != nil { } else if _, err = sess.Delete(&HookTask{HookID: bean.ID}); err != nil {
return err return err
} }
return sess.Commit() return sess.Commit()
} }
// DeleteWebhookByRepoID deletes webhook of repository by given ID.
func DeleteWebhookByRepoID(repoID, id int64) (error) {
return deleteWebhook(&Webhook{
ID: id,
RepoID: repoID,
})
}
// DeleteWebhookByOrgID deletes webhook of organization by given ID.
func DeleteWebhookByOrgID(orgID, id int64) (error) {
return deleteWebhook(&Webhook{
ID: id,
OrgID: orgID,
})
}
// GetWebhooksByOrgID returns all webhooks for an organization. // GetWebhooksByOrgID returns all webhooks for an organization.
func GetWebhooksByOrgID(orgID int64) (ws []*Webhook, err error) { func GetWebhooksByOrgID(orgID int64) (ws []*Webhook, err error) {
err = x.Find(&ws, &Webhook{OrgID: orgID}) err = x.Find(&ws, &Webhook{OrgID: orgID})

View File

@ -96,15 +96,6 @@ func CreateHook(ctx *context.APIContext, form api.CreateHookOption) {
ctx.JSON(201, convert.ToHook(ctx.Repo.RepoLink, w)) ctx.JSON(201, convert.ToHook(ctx.Repo.RepoLink, w))
} }
func DeleteHook(ctx *context.APIContext) {
if err := models.DeleteWebhook(ctx.ParamsInt64(":id")); err != nil {
ctx.Error(500, "DeleteWebhook", err)
return
}
ctx.Status(204)
}
// https://github.com/gogits/go-gogs-client/wiki/Repositories#edit-a-hook // https://github.com/gogits/go-gogs-client/wiki/Repositories#edit-a-hook
func EditHook(ctx *context.APIContext, form api.EditHookOption) { func EditHook(ctx *context.APIContext, form api.EditHookOption) {
w, err := models.GetWebhookByRepoID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id")) w, err := models.GetWebhookByRepoID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id"))
@ -171,3 +162,12 @@ func EditHook(ctx *context.APIContext, form api.EditHookOption) {
ctx.JSON(200, convert.ToHook(ctx.Repo.RepoLink, w)) ctx.JSON(200, convert.ToHook(ctx.Repo.RepoLink, w))
} }
func DeleteHook(ctx *context.APIContext) {
if err := models.DeleteWebhookByRepoID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id")); err != nil {
ctx.Error(500, "DeleteWebhookByRepoID", err)
return
}
ctx.Status(204)
}

View File

@ -7,8 +7,6 @@ package org
import ( import (
"strings" "strings"
"github.com/Unknwon/com"
"github.com/gogits/gogs/models" "github.com/gogits/gogs/models"
"github.com/gogits/gogs/modules/auth" "github.com/gogits/gogs/modules/auth"
"github.com/gogits/gogs/modules/base" "github.com/gogits/gogs/modules/base"
@ -142,18 +140,6 @@ func Webhooks(ctx *context.Context) {
ctx.Data["BaseLink"] = ctx.Org.OrgLink ctx.Data["BaseLink"] = ctx.Org.OrgLink
ctx.Data["Description"] = ctx.Tr("org.settings.hooks_desc") ctx.Data["Description"] = ctx.Tr("org.settings.hooks_desc")
// Delete web hook.
remove := com.StrTo(ctx.Query("remove")).MustInt64()
if remove > 0 {
if err := models.DeleteWebhook(remove); err != nil {
ctx.Handle(500, "DeleteWebhook", err)
return
}
ctx.Flash.Success(ctx.Tr("repo.settings.remove_hook_success"))
ctx.Redirect(ctx.Org.OrgLink + "/settings/hooks")
return
}
ws, err := models.GetWebhooksByOrgID(ctx.Org.Organization.Id) ws, err := models.GetWebhooksByOrgID(ctx.Org.Organization.Id)
if err != nil { if err != nil {
ctx.Handle(500, "GetWebhooksByOrgId", err) ctx.Handle(500, "GetWebhooksByOrgId", err)
@ -165,8 +151,8 @@ func Webhooks(ctx *context.Context) {
} }
func DeleteWebhook(ctx *context.Context) { func DeleteWebhook(ctx *context.Context) {
if err := models.DeleteWebhook(ctx.QueryInt64("id")); err != nil { if err := models.DeleteWebhookByOrgID(ctx.Org.Organization.Id, ctx.QueryInt64("id")); err != nil {
ctx.Flash.Error("DeleteWebhook: " + err.Error()) ctx.Flash.Error("DeleteWebhookByOrgID: " + err.Error())
} else { } else {
ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success")) ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success"))
} }

View File

@ -384,8 +384,8 @@ func TestWebhook(ctx *context.Context) {
} }
func DeleteWebhook(ctx *context.Context) { func DeleteWebhook(ctx *context.Context) {
if err := models.DeleteWebhook(ctx.QueryInt64("id")); err != nil { if err := models.DeleteWebhookByRepoID(ctx.Repo.Repository.ID, ctx.QueryInt64("id")); err != nil {
ctx.Flash.Error("DeleteWebhook: " + err.Error()) ctx.Flash.Error("DeleteWebhookByRepoID: " + err.Error())
} else { } else {
ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success")) ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success"))
} }

View File

@ -1 +1 @@
0.9.45.0716 0.9.46.0717