Move permission check from ArtifactsDeleteView to the route

As suggested by @Gusted in #2431, move the permission checking from
`ArtifactsDeleteView` into the route instead, where it belongs.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
This commit is contained in:
Gergely Nagy 2024-02-25 10:52:11 +01:00
parent b7ea2ea463
commit 9372bdd4a3
No known key found for this signature in database
2 changed files with 1 additions and 6 deletions

View file

@ -579,11 +579,6 @@ func ArtifactsView(ctx *context_module.Context) {
} }
func ArtifactsDeleteView(ctx *context_module.Context) { func ArtifactsDeleteView(ctx *context_module.Context) {
if !ctx.Repo.CanWrite(unit.TypeActions) {
ctx.Error(http.StatusForbidden, "no permission")
return
}
runIndex := ctx.ParamsInt64("run") runIndex := ctx.ParamsInt64("run")
artifactName := ctx.Params("artifact_name") artifactName := ctx.Params("artifact_name")

View file

@ -1401,7 +1401,7 @@ func registerRoutes(m *web.Route) {
m.Post("/approve", reqRepoActionsWriter, actions.Approve) m.Post("/approve", reqRepoActionsWriter, actions.Approve)
m.Post("/artifacts", actions.ArtifactsView) m.Post("/artifacts", actions.ArtifactsView)
m.Get("/artifacts/{artifact_name}", actions.ArtifactsDownloadView) m.Get("/artifacts/{artifact_name}", actions.ArtifactsDownloadView)
m.Delete("/artifacts/{artifact_name}", actions.ArtifactsDeleteView) m.Delete("/artifacts/{artifact_name}", reqRepoActionsWriter, actions.ArtifactsDeleteView)
m.Post("/rerun", reqRepoActionsWriter, actions.Rerun) m.Post("/rerun", reqRepoActionsWriter, actions.Rerun)
}) })
}) })