models/webhook: restrict deletion to be explicitly with repo and org ID

pull/197/head
Unknwon 8 years ago
parent 5ff2dfb23e
commit 60110adc06
  1. 2
      README.md
  2. 2
      gogs.go
  3. 57
      models/webhook.go
  4. 18
      routers/api/v1/repo/hook.go
  5. 18
      routers/org/setting.go
  6. 4
      routers/repo/webhook.go
  7. 2
      templates/.VERSION

@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
##### Current tip version: 0.9.45 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions)
##### Current tip version: 0.9.46 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions)
| Web | UI | Preview |
|:-------------:|:-------:|:-------:|

@ -17,7 +17,7 @@ import (
"github.com/gogits/gogs/modules/setting"
)
const APP_VER = "0.9.45.0716"
const APP_VER = "0.9.46.0717"
func init() {
runtime.GOMAXPROCS(runtime.NumCPU())

@ -174,28 +174,32 @@ func CreateWebhook(w *Webhook) error {
return err
}
// GetWebhookByRepoID returns webhook of repository by given ID.
func GetWebhookByRepoID(repoID, id int64) (*Webhook, error) {
w := new(Webhook)
has, err := x.Id(id).And("repo_id=?", repoID).Get(w)
// getWebhook uses argument bean as query condition,
// ID must be specified and do not assign unnecessary fields.
func getWebhook(bean *Webhook) (*Webhook, error) {
has, err := x.Get(bean)
if err != nil {
return nil, err
} else if !has {
return nil, ErrWebhookNotExist{id}
return nil, ErrWebhookNotExist{bean.ID}
}
return w, nil
return bean, nil
}
// GetWebhookByRepoID returns webhook of repository by given ID.
func GetWebhookByRepoID(repoID, id int64) (*Webhook, error) {
return getWebhook(&Webhook{
ID: id,
RepoID: repoID,
})
}
// GetWebhookByOrgID returns webhook of organization by given ID.
func GetWebhookByOrgID(orgID, id int64) (*Webhook, error) {
w := new(Webhook)
has, err := x.Id(id).And("org_id=?", orgID).Get(w)
if err != nil {
return nil, err
} else if !has {
return nil, ErrWebhookNotExist{id}
}
return w, nil
return getWebhook(&Webhook{
ID: id,
OrgID: orgID,
})
}
// GetActiveWebhooksByRepoID returns all active webhooks of repository.
@ -216,23 +220,40 @@ func UpdateWebhook(w *Webhook) error {
return err
}
// DeleteWebhook deletes webhook of repository.
func DeleteWebhook(id int64) (err error) {
// deleteWebhook uses argument bean as query condition,
// ID must be specified and do not assign unnecessary fields.
func deleteWebhook(bean *Webhook) (err error) {
sess := x.NewSession()
defer sessionRelease(sess)
if err = sess.Begin(); err != nil {
return err
}
if _, err = sess.Delete(&Webhook{ID: id}); err != nil {
if _, err = sess.Delete(bean); err != nil {
return err
} else if _, err = sess.Delete(&HookTask{HookID: id}); err != nil {
} else if _, err = sess.Delete(&HookTask{HookID: bean.ID}); err != nil {
return err
}
return sess.Commit()
}
// DeleteWebhookByRepoID deletes webhook of repository by given ID.
func DeleteWebhookByRepoID(repoID, id int64) (error) {
return deleteWebhook(&Webhook{
ID: id,
RepoID: repoID,
})
}
// DeleteWebhookByOrgID deletes webhook of organization by given ID.
func DeleteWebhookByOrgID(orgID, id int64) (error) {
return deleteWebhook(&Webhook{
ID: id,
OrgID: orgID,
})
}
// GetWebhooksByOrgID returns all webhooks for an organization.
func GetWebhooksByOrgID(orgID int64) (ws []*Webhook, err error) {
err = x.Find(&ws, &Webhook{OrgID: orgID})

@ -96,15 +96,6 @@ func CreateHook(ctx *context.APIContext, form api.CreateHookOption) {
ctx.JSON(201, convert.ToHook(ctx.Repo.RepoLink, w))
}
func DeleteHook(ctx *context.APIContext) {
if err := models.DeleteWebhook(ctx.ParamsInt64(":id")); err != nil {
ctx.Error(500, "DeleteWebhook", err)
return
}
ctx.Status(204)
}
// https://github.com/gogits/go-gogs-client/wiki/Repositories#edit-a-hook
func EditHook(ctx *context.APIContext, form api.EditHookOption) {
w, err := models.GetWebhookByRepoID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id"))
@ -171,3 +162,12 @@ func EditHook(ctx *context.APIContext, form api.EditHookOption) {
ctx.JSON(200, convert.ToHook(ctx.Repo.RepoLink, w))
}
func DeleteHook(ctx *context.APIContext) {
if err := models.DeleteWebhookByRepoID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id")); err != nil {
ctx.Error(500, "DeleteWebhookByRepoID", err)
return
}
ctx.Status(204)
}

@ -7,8 +7,6 @@ package org
import (
"strings"
"github.com/Unknwon/com"
"github.com/gogits/gogs/models"
"github.com/gogits/gogs/modules/auth"
"github.com/gogits/gogs/modules/base"
@ -142,18 +140,6 @@ func Webhooks(ctx *context.Context) {
ctx.Data["BaseLink"] = ctx.Org.OrgLink
ctx.Data["Description"] = ctx.Tr("org.settings.hooks_desc")
// Delete web hook.
remove := com.StrTo(ctx.Query("remove")).MustInt64()
if remove > 0 {
if err := models.DeleteWebhook(remove); err != nil {
ctx.Handle(500, "DeleteWebhook", err)
return
}
ctx.Flash.Success(ctx.Tr("repo.settings.remove_hook_success"))
ctx.Redirect(ctx.Org.OrgLink + "/settings/hooks")
return
}
ws, err := models.GetWebhooksByOrgID(ctx.Org.Organization.Id)
if err != nil {
ctx.Handle(500, "GetWebhooksByOrgId", err)
@ -165,8 +151,8 @@ func Webhooks(ctx *context.Context) {
}
func DeleteWebhook(ctx *context.Context) {
if err := models.DeleteWebhook(ctx.QueryInt64("id")); err != nil {
ctx.Flash.Error("DeleteWebhook: " + err.Error())
if err := models.DeleteWebhookByOrgID(ctx.Org.Organization.Id, ctx.QueryInt64("id")); err != nil {
ctx.Flash.Error("DeleteWebhookByOrgID: " + err.Error())
} else {
ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success"))
}

@ -384,8 +384,8 @@ func TestWebhook(ctx *context.Context) {
}
func DeleteWebhook(ctx *context.Context) {
if err := models.DeleteWebhook(ctx.QueryInt64("id")); err != nil {
ctx.Flash.Error("DeleteWebhook: " + err.Error())
if err := models.DeleteWebhookByRepoID(ctx.Repo.Repository.ID, ctx.QueryInt64("id")); err != nil {
ctx.Flash.Error("DeleteWebhookByRepoID: " + err.Error())
} else {
ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success"))
}

@ -1 +1 @@
0.9.45.0716
0.9.46.0717
Loading…
Cancel
Save