| @@ -7,6 +7,7 @@ class RepositoriesController < ApplicationController | |||||
| before_action :require_login, only: %i[edit update create_file update_file delete_file sync_mirror] | before_action :require_login, only: %i[edit update create_file update_file delete_file sync_mirror] | ||||
| before_action :require_profile_completed, only: [:create_file] | before_action :require_profile_completed, only: [:create_file] | ||||
| before_action :load_repository | before_action :load_repository | ||||
| before_action :require_operate_above, only: %i[create_file update_file replace_file delete_file] | |||||
| before_action :authorizate!, except: [:sync_mirror, :tags, :commit, :archive] | before_action :authorizate!, except: [:sync_mirror, :tags, :commit, :archive] | ||||
| before_action :authorizate_user_can_edit_repo!, only: %i[sync_mirror] | before_action :authorizate_user_can_edit_repo!, only: %i[sync_mirror] | ||||
| before_action :get_ref, only: %i[entries sub_entries top_counts files archive] | before_action :get_ref, only: %i[entries sub_entries top_counts files archive] | ||||
| @@ -437,4 +438,8 @@ class RepositoriesController < ApplicationController | |||||
| end | end | ||||
| end | end | ||||
| def require_operate_above | |||||
| return render_forbidden if !current_user.admin? && !@project.operator?(current_user) | |||||
| end | |||||
| end | end | ||||