Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-05-06 11:46:10 +02:00
Code Issues Packages Projects Releases Activity

Fix permission check on branch deletion (#1515)

Browse Source
This commit is contained in:
Eduard Heimbuch
2021-02-01 14:48:19 +01:00
committed by GitHub
parent eb914b1f93
commit e283195530
3 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gradle/changelog/delete_branches_permission.yaml Normal file
View File

@@ -0,0 +1,2 @@
- type: fixed
description: Fix permission check for branch deletion ([#1515](https://github.com/scm-manager/scm-manager/pull/1515))

2
scm-webapp/src/main/java/sonia/scm/api/v2/resources/BranchToBranchDtoMapper.java
View File

@@ -62,7 +62,7 @@ public abstract class BranchToBranchDtoMapper extends HalAppenderMapper implemen
.single(linkBuilder("changeset", resourceLinks.changeset().changeset(namespaceAndName.getNamespace(), namespaceAndName.getName(), branch.getRevision())).build())
.single(linkBuilder("source", resourceLinks.source().self(namespaceAndName.getNamespace(), namespaceAndName.getName(), branch.getRevision())).build());
if (!branch.isDefaultBranch() && RepositoryPermissions.modify(repository).isPermitted()) {
if (!branch.isDefaultBranch() && RepositoryPermissions.push(repository).isPermitted()) {
linksBuilder.single(linkBuilder("delete", resourceLinks.branch().delete(repository.getNamespace(), repository.getName(), branch.getName())).build());
}

4
scm-webapp/src/test/java/sonia/scm/api/v2/resources/BranchToBranchDtoMapperTest.java
View File

@@ -87,7 +87,7 @@ class BranchToBranchDtoMapperTest {
@Test
void shouldAppendDeleteLink() {
Repository repository = RepositoryTestData.createHeartOfGold();
when(subject.isPermitted("repository:modify:" + repository.getId())).thenReturn(true);
when(subject.isPermitted("repository:push:" + repository.getId())).thenReturn(true);
Branch branch = Branch.normalBranch("master", "42");
BranchDto dto = mapper.map(branch, repository);
@@ -106,7 +106,7 @@ class BranchToBranchDtoMapperTest {
@Test
void shouldNotAppendDeleteLinkIfNotPermitted() {
Repository repository = RepositoryTestData.createHeartOfGold();
when(subject.isPermitted("repository:modify:" + repository.getId())).thenReturn(false);
when(subject.isPermitted("repository:push:" + repository.getId())).thenReturn(false);
Branch branch = Branch.normalBranch("master", "42");
BranchDto dto = mapper.map(branch, repository);