Skip to content

Commit 49df677

Browse files
ethantkoeniglunny
ethantkoenig
authored and
lunny
committed
Check for access in /repositories/:id (#2227)
* Check for access in /repositories/:id * Integration test
1 parent a9cc538 commit 49df677

File tree

2 files changed

+12
-1
lines changed

2 files changed

+12
-1
lines changed

integrations/api_repo_test.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,3 +84,11 @@ func TestAPIOrgRepos(t *testing.T) {
8484
assert.False(t, repo.Private)
8585
}
8686
}
87+
88+
func TestAPIGetRepoByIDUnauthorized(t *testing.T) {
89+
prepareTestEnv(t)
90+
user := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)
91+
sess := loginUser(t, user.Name)
92+
req := NewRequestf(t, "GET", "/api/v1/repositories/2")
93+
sess.MakeRequest(t, req, http.StatusNotFound)
94+
}

routers/api/v1/repo/repo.go

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -293,7 +293,10 @@ func GetByID(ctx *context.APIContext) {
293293

294294
access, err := models.AccessLevel(ctx.User.ID, repo)
295295
if err != nil {
296-
ctx.Error(500, "GetRepositoryByID", err)
296+
ctx.Error(500, "AccessLevel", err)
297+
return
298+
} else if access < models.AccessModeRead {
299+
ctx.Status(404)
297300
return
298301
}
299302
ctx.JSON(200, repo.APIFormat(access))

0 commit comments

Comments
 (0)