forked from mirror/gitea
Hide 'New Project board' button for users that are not signed in (#12547)
* hide: 'New Project board' button * there is no reason to show the button for users that are not signed in * update template: specifies the condition together with another one as per lafriks' suggestion in the comment * chore: add proper user authorization check * chore: also hide button if repo is archived * chore: show project board edit/delete menu to authorized users only * chore: drop the redundant IsSigned check * CanWriteIssues and CanWritePulls implies (and requires) signed in user * Add CanWriteProjects and properly assert permissions Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
parent
a0484890c1
commit
d4e35b9dc6
@ -95,6 +95,7 @@ func Projects(ctx *context.Context) {
|
||||
pager.AddParam(ctx, "state", "State")
|
||||
ctx.Data["Page"] = pager
|
||||
|
||||
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||
ctx.Data["IsShowClosed"] = isShowClosed
|
||||
ctx.Data["IsProjectsPage"] = true
|
||||
ctx.Data["SortType"] = sortType
|
||||
@ -106,16 +107,17 @@ func Projects(ctx *context.Context) {
|
||||
func NewProject(ctx *context.Context) {
|
||||
ctx.Data["Title"] = ctx.Tr("repo.projects.new")
|
||||
ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
|
||||
|
||||
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||
ctx.HTML(200, tplProjectsNew)
|
||||
}
|
||||
|
||||
// NewRepoProjectPost creates a new project
|
||||
func NewRepoProjectPost(ctx *context.Context, form auth.CreateProjectForm) {
|
||||
|
||||
// NewProjectPost creates a new project
|
||||
func NewProjectPost(ctx *context.Context, form auth.CreateProjectForm) {
|
||||
ctx.Data["Title"] = ctx.Tr("repo.projects.new")
|
||||
|
||||
if ctx.HasError() {
|
||||
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||
ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
|
||||
ctx.HTML(200, tplProjectsNew)
|
||||
return
|
||||
}
|
||||
@ -192,6 +194,7 @@ func EditProject(ctx *context.Context) {
|
||||
ctx.Data["Title"] = ctx.Tr("repo.projects.edit")
|
||||
ctx.Data["PageIsProjects"] = true
|
||||
ctx.Data["PageIsEditProjects"] = true
|
||||
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||
|
||||
p, err := models.GetProjectByID(ctx.ParamsInt64(":id"))
|
||||
if err != nil {
|
||||
@ -218,9 +221,10 @@ func EditProjectPost(ctx *context.Context, form auth.CreateProjectForm) {
|
||||
ctx.Data["Title"] = ctx.Tr("repo.projects.edit")
|
||||
ctx.Data["PageIsProjects"] = true
|
||||
ctx.Data["PageIsEditProjects"] = true
|
||||
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||
|
||||
if ctx.HasError() {
|
||||
ctx.HTML(200, tplMilestoneNew)
|
||||
ctx.HTML(200, tplProjectsNew)
|
||||
return
|
||||
}
|
||||
|
||||
@ -287,6 +291,7 @@ func ViewProject(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||
ctx.Data["Project"] = project
|
||||
ctx.Data["Boards"] = allBoards
|
||||
ctx.Data["PageIsProjects"] = true
|
||||
@ -551,6 +556,7 @@ func MoveIssueAcrossBoards(ctx *context.Context) {
|
||||
func CreateProject(ctx *context.Context) {
|
||||
ctx.Data["Title"] = ctx.Tr("repo.projects.new")
|
||||
ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
|
||||
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||
|
||||
ctx.HTML(200, tplGenericProjectsNew)
|
||||
}
|
||||
@ -566,6 +572,7 @@ func CreateProjectPost(ctx *context.Context, form auth.UserCreateProjectForm) {
|
||||
ctx.Data["ContextUser"] = user
|
||||
|
||||
if ctx.HasError() {
|
||||
ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
|
||||
ctx.HTML(200, tplGenericProjectsNew)
|
||||
return
|
||||
}
|
||||
|
@ -535,6 +535,7 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||
reqRepoIssuesOrPullsWriter := context.RequireRepoWriterOr(models.UnitTypeIssues, models.UnitTypePullRequests)
|
||||
reqRepoIssuesOrPullsReader := context.RequireRepoReaderOr(models.UnitTypeIssues, models.UnitTypePullRequests)
|
||||
reqRepoProjectsReader := context.RequireRepoReader(models.UnitTypeProjects)
|
||||
reqRepoProjectsWriter := context.RequireRepoWriter(models.UnitTypeProjects)
|
||||
|
||||
// ***** START: Organization *****
|
||||
m.Group("/org", func() {
|
||||
@ -858,24 +859,26 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||
|
||||
m.Group("/projects", func() {
|
||||
m.Get("", repo.Projects)
|
||||
m.Get("/new", repo.NewProject)
|
||||
m.Post("/new", bindIgnErr(auth.CreateProjectForm{}), repo.NewRepoProjectPost)
|
||||
m.Group("/:id", func() {
|
||||
m.Get("", repo.ViewProject)
|
||||
m.Post("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.AddBoardToProjectPost)
|
||||
m.Post("/delete", repo.DeleteProject)
|
||||
m.Get("/:id", repo.ViewProject)
|
||||
m.Group("", func() {
|
||||
m.Get("/new", repo.NewProject)
|
||||
m.Post("/new", bindIgnErr(auth.CreateProjectForm{}), repo.NewProjectPost)
|
||||
m.Group("/:id", func() {
|
||||
m.Post("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.AddBoardToProjectPost)
|
||||
m.Post("/delete", repo.DeleteProject)
|
||||
|
||||
m.Get("/edit", repo.EditProject)
|
||||
m.Post("/edit", bindIgnErr(auth.CreateProjectForm{}), repo.EditProjectPost)
|
||||
m.Post("/^:action(open|close)$", repo.ChangeProjectStatus)
|
||||
m.Get("/edit", repo.EditProject)
|
||||
m.Post("/edit", bindIgnErr(auth.CreateProjectForm{}), repo.EditProjectPost)
|
||||
m.Post("/^:action(open|close)$", repo.ChangeProjectStatus)
|
||||
|
||||
m.Group("/:boardID", func() {
|
||||
m.Put("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.EditProjectBoardTitle)
|
||||
m.Delete("", repo.DeleteProjectBoard)
|
||||
m.Group("/:boardID", func() {
|
||||
m.Put("", bindIgnErr(auth.EditProjectBoardTitleForm{}), repo.EditProjectBoardTitle)
|
||||
m.Delete("", repo.DeleteProjectBoard)
|
||||
|
||||
m.Post("/:index", repo.MoveIssueAcrossBoards)
|
||||
m.Post("/:index", repo.MoveIssueAcrossBoards)
|
||||
})
|
||||
})
|
||||
})
|
||||
}, reqRepoProjectsWriter, context.RepoMustNotBeArchived())
|
||||
}, reqRepoProjectsReader, repo.MustEnableProjects)
|
||||
|
||||
m.Group("/wiki", func() {
|
||||
|
@ -4,10 +4,10 @@
|
||||
<div class="ui container">
|
||||
<div class="navbar">
|
||||
{{template "repo/issue/navbar" .}}
|
||||
{{if and (or .CanWriteIssues .CanWritePulls) (not .Repository.IsArchived)}}
|
||||
<div class="ui right">
|
||||
<a class="ui green button" href="{{$.Link}}/new">{{.i18n.Tr "repo.projects.new"}}</a>
|
||||
</div>
|
||||
{{if and .CanWriteProjects (not .Repository.IsArchived)}}
|
||||
<div class="ui right">
|
||||
<a class="ui green button" href="{{$.Link}}/new">{{.i18n.Tr "repo.projects.new"}}</a>
|
||||
</div>
|
||||
{{end}}
|
||||
</div>
|
||||
<div class="ui divider"></div>
|
||||
@ -39,35 +39,35 @@
|
||||
</div>
|
||||
<div class="milestone list">
|
||||
{{range .Projects}}
|
||||
<li class="item">
|
||||
{{svg "octicon-project" 16}} <a href="{{$.RepoLink}}/projects/{{.ID}}">{{.Title}}</a>
|
||||
<div class="meta">
|
||||
{{ $closedDate:= TimeSinceUnix .ClosedDateUnix $.Lang }}
|
||||
{{if .IsClosed }}
|
||||
{{svg "octicon-clock" 16}} {{$.i18n.Tr "repo.milestones.closed" $closedDate|Str2html}}
|
||||
<li class="item">
|
||||
{{svg "octicon-project" 16}} <a href="{{$.RepoLink}}/projects/{{.ID}}">{{.Title}}</a>
|
||||
<div class="meta">
|
||||
{{ $closedDate:= TimeSinceUnix .ClosedDateUnix $.Lang }}
|
||||
{{if .IsClosed }}
|
||||
{{svg "octicon-clock" 16}} {{$.i18n.Tr "repo.milestones.closed" $closedDate|Str2html}}
|
||||
{{end}}
|
||||
<span class="issue-stats">
|
||||
{{svg "octicon-issue-opened" 16}} {{$.i18n.Tr "repo.issues.open_tab" .NumOpenIssues}}
|
||||
{{svg "octicon-issue-closed" 16}} {{$.i18n.Tr "repo.issues.close_tab" .NumClosedIssues}}
|
||||
</span>
|
||||
</div>
|
||||
{{if and (or $.CanWriteIssues $.CanWritePulls) (not $.Repository.IsArchived)}}
|
||||
<div class="ui right operate">
|
||||
<a href="{{$.Link}}/{{.ID}}/edit" data-id={{.ID}} data-title={{.Title}}>{{svg "octicon-pencil" 16}} {{$.i18n.Tr "repo.issues.label_edit"}}</a>
|
||||
{{if .IsClosed}}
|
||||
<a class="link-action" href data-url="{{$.Link}}/{{.ID}}/open">{{svg "octicon-check" 16}} {{$.i18n.Tr "repo.projects.open"}}</a>
|
||||
{{else}}
|
||||
<a class="link-action" href data-url="{{$.Link}}/{{.ID}}/close">{{svg "octicon-x" 16}} {{$.i18n.Tr "repo.projects.close"}}</a>
|
||||
{{end}}
|
||||
<a class="delete-button" href="#" data-url="{{$.RepoLink}}/projects/{{.ID}}/delete" data-id="{{.ID}}">{{svg "octicon-trashcan" 16}} {{$.i18n.Tr "repo.issues.label_delete"}}</a>
|
||||
</div>
|
||||
{{end}}
|
||||
<span class="issue-stats">
|
||||
{{svg "octicon-issue-opened" 16}} {{$.i18n.Tr "repo.issues.open_tab" .NumOpenIssues}}
|
||||
{{svg "octicon-issue-closed" 16}} {{$.i18n.Tr "repo.issues.close_tab" .NumClosedIssues}}
|
||||
</span>
|
||||
</div>
|
||||
{{if and (or $.CanWriteIssues $.CanWritePulls) (not $.Repository.IsArchived)}}
|
||||
<div class="ui right operate">
|
||||
<a href="{{$.Link}}/{{.ID}}/edit" data-id={{.ID}} data-title={{.Title}}>{{svg "octicon-pencil" 16}} {{$.i18n.Tr "repo.issues.label_edit"}}</a>
|
||||
{{if .IsClosed}}
|
||||
<a class="link-action" href data-url="{{$.Link}}/{{.ID}}/open">{{svg "octicon-check" 16}} {{$.i18n.Tr "repo.projects.open"}}</a>
|
||||
{{else}}
|
||||
<a class="link-action" href data-url="{{$.Link}}/{{.ID}}/close">{{svg "octicon-x" 16}} {{$.i18n.Tr "repo.projects.close"}}</a>
|
||||
{{if .Description}}
|
||||
<div class="content">
|
||||
{{.RenderedContent|Str2html}}
|
||||
</div>
|
||||
{{end}}
|
||||
<a class="delete-button" href="#" data-url="{{$.RepoLink}}/projects/{{.ID}}/delete" data-id="{{.ID}}">{{svg "octicon-trashcan" 16}} {{$.i18n.Tr "repo.issues.label_delete"}}</a>
|
||||
</div>
|
||||
{{end}}
|
||||
{{if .Description}}
|
||||
<div class="content">
|
||||
{{.RenderedContent|Str2html}}
|
||||
</div>
|
||||
{{end}}
|
||||
</li>
|
||||
</li>
|
||||
{{end}}
|
||||
|
||||
{{template "base/paginate" .}}
|
||||
|
@ -4,7 +4,7 @@
|
||||
<div class="ui container">
|
||||
<div class="navbar">
|
||||
{{template "repo/issue/navbar" .}}
|
||||
{{if and (or .CanWriteIssues .CanWritePulls) .PageIsEditProject}}
|
||||
{{if and .CanWriteProjects .PageIsEditProject}}
|
||||
<div class="ui right floated secondary menu">
|
||||
<a class="ui green button" href="{{$.RepoLink}}/projects/new">{{.i18n.Tr "repo.milestones.new"}}</a>
|
||||
</div>
|
||||
|
@ -10,10 +10,9 @@
|
||||
{{template "repo/issue/search" .}}
|
||||
</div>
|
||||
<div class="column right aligned">
|
||||
{{if .PageIsProjects}}
|
||||
<a class="ui green button show-modal item" data-modal="#new-board-item">{{.i18n.Tr "new_project_board"}}</a>
|
||||
{{if and .CanWriteProjects (not .Repository.IsArchived) .PageIsProjects}}
|
||||
<a class="ui green button show-modal item" data-modal="#new-board-item">{{.i18n.Tr "new_project_board"}}</a>
|
||||
{{end}}
|
||||
|
||||
<div class="ui small modal" id="new-board-item">
|
||||
<div class="header">
|
||||
{{$.i18n.Tr "repo.projects.board.new"}}
|
||||
@ -45,65 +44,62 @@
|
||||
<div class="ui segment board-column">
|
||||
<div class="board-column-header">
|
||||
<div class="ui large label board-label">{{.Title}}</div>
|
||||
|
||||
{{ if $.IsSigned }}
|
||||
{{ if not (eq .ID 0) }}
|
||||
<div class="ui dropdown jump item poping up right" data-variation="tiny inverted">
|
||||
<span class="ui text">
|
||||
<img class="ui tiny avatar image" width="24" height="24">
|
||||
<span class="fitted not-mobile" tabindex="-1">{{svg "octicon-kebab-horizontal" 24}}</span>
|
||||
</span>
|
||||
<div class="menu user-menu" tabindex="-1">
|
||||
<a class="item show-modal button" data-modal="#edit-project-board-modal-{{.ID}}">
|
||||
{{svg "octicon-pencil" 16}}
|
||||
{{$.i18n.Tr "repo.projects.board.edit"}}
|
||||
</a>
|
||||
<a class="item show-modal button" data-modal="#delete-board-modal-{{.ID}}">
|
||||
{{svg "octicon-trashcan" 16}}
|
||||
{{$.i18n.Tr "repo.projects.board.delete"}}
|
||||
</a>
|
||||
|
||||
<div class="ui small modal edit-project-board" id="edit-project-board-modal-{{.ID}}">
|
||||
<div class="header">
|
||||
{{if and $.CanWriteProjects (not $.Repository.IsArchived) $.PageIsProjects (ne .ID 0)}}
|
||||
<div class="ui dropdown jump item poping up right" data-variation="tiny inverted">
|
||||
<span class="ui text">
|
||||
<img class="ui tiny avatar image" width="24" height="24">
|
||||
<span class="fitted not-mobile" tabindex="-1">{{svg "octicon-kebab-horizontal" 24}}</span>
|
||||
</span>
|
||||
<div class="menu user-menu" tabindex="-1">
|
||||
<a class="item show-modal button" data-modal="#edit-project-board-modal-{{.ID}}">
|
||||
{{svg "octicon-pencil" 16}}
|
||||
{{$.i18n.Tr "repo.projects.board.edit"}}
|
||||
</div>
|
||||
<div class="content">
|
||||
<form class="ui form">
|
||||
<div class="required field">
|
||||
<label for="new_board_title">{{$.i18n.Tr "repo.projects.board.edit_title"}}</label>
|
||||
<input class="project-board-title" id="new_board_title" name="title" value="{{.Title}}" required>
|
||||
</div>
|
||||
</a>
|
||||
<a class="item show-modal button" data-modal="#delete-board-modal-{{.ID}}">
|
||||
{{svg "octicon-trashcan" 16}}
|
||||
{{$.i18n.Tr "repo.projects.board.delete"}}
|
||||
</a>
|
||||
|
||||
<div class="ui small modal edit-project-board" id="edit-project-board-modal-{{.ID}}">
|
||||
<div class="header">
|
||||
{{$.i18n.Tr "repo.projects.board.edit"}}
|
||||
</div>
|
||||
<div class="content">
|
||||
<form class="ui form">
|
||||
<div class="required field">
|
||||
<label for="new_board_title">{{$.i18n.Tr "repo.projects.board.edit_title"}}</label>
|
||||
<input class="project-board-title" id="new_board_title" name="title" value="{{.Title}}" required>
|
||||
</div>
|
||||
|
||||
<div class="text right actions">
|
||||
<div class="ui cancel button">{{$.i18n.Tr "settings.cancel"}}</div>
|
||||
<button data-url="{{$.RepoLink}}/projects/{{$.Project.ID}}/{{.ID}}" class="ui red button">{{$.i18n.Tr "repo.projects.board.edit"}}</button>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="ui basic modal" id="delete-board-modal-{{.ID}}">
|
||||
<div class="ui icon header">
|
||||
{{$.i18n.Tr "repo.projects.board.delete"}}
|
||||
</div>
|
||||
<div class="content center">
|
||||
<input type="hidden" name="action" value="delete">
|
||||
<div class="field">
|
||||
<label>
|
||||
{{$.i18n.Tr "repo.projects.board.deletion_desc"}}
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<form class="ui form" method="post">
|
||||
<div class="text right actions">
|
||||
<div class="ui cancel button">{{$.i18n.Tr "settings.cancel"}}</div>
|
||||
<button data-url="{{$.RepoLink}}/projects/{{$.Project.ID}}/{{.ID}}" class="ui red button">{{$.i18n.Tr "repo.projects.board.edit"}}</button>
|
||||
<button class="ui red button delete-project-board" data-url="{{$.RepoLink}}/projects/{{$.Project.ID}}/{{.ID}}">{{$.i18n.Tr "repo.projects.board.delete"}}</button>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="ui basic modal" id="delete-board-modal-{{.ID}}">
|
||||
<div class="ui icon header">
|
||||
{{$.i18n.Tr "repo.projects.board.delete"}}
|
||||
</div>
|
||||
<div class="content center">
|
||||
<input type="hidden" name="action" value="delete">
|
||||
<div class="field">
|
||||
<label>
|
||||
{{$.i18n.Tr "repo.projects.board.deletion_desc"}}
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<form class="ui form" method="post">
|
||||
<div class="text right actions">
|
||||
<div class="ui cancel button">{{$.i18n.Tr "settings.cancel"}}</div>
|
||||
<button class="ui red button delete-project-board" data-url="{{$.RepoLink}}/projects/{{$.Project.ID}}/{{.ID}}">{{$.i18n.Tr "repo.projects.board.delete"}}</button>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
</div>
|
||||
<div class="ui divider"></div>
|
||||
|
Loading…
Reference in New Issue
Block a user