Prevent DeleteUser API abuse (#10125)
* fix & co * word suggestions from @jolheiser
This commit is contained in:
parent
29151b90c6
commit
ea50f60df2
2 changed files with 7 additions and 1 deletions
|
@ -7,6 +7,7 @@ package admin
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"code.gitea.io/gitea/models"
|
"code.gitea.io/gitea/models"
|
||||||
|
@ -227,6 +228,11 @@ func DeleteUser(ctx *context.APIContext) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if u.IsOrganization() {
|
||||||
|
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("%s is an organization not a user", u.Name))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if err := models.DeleteUser(u); err != nil {
|
if err := models.DeleteUser(u); err != nil {
|
||||||
if models.IsErrUserOwnRepos(err) ||
|
if models.IsErrUserOwnRepos(err) ||
|
||||||
models.IsErrUserHasOrgs(err) {
|
models.IsErrUserHasOrgs(err) {
|
||||||
|
|
|
@ -115,7 +115,7 @@ func SettingsDeleteAvatar(ctx *context.Context) {
|
||||||
ctx.Redirect(ctx.Org.OrgLink + "/settings")
|
ctx.Redirect(ctx.Org.OrgLink + "/settings")
|
||||||
}
|
}
|
||||||
|
|
||||||
// SettingsDelete response for delete repository
|
// SettingsDelete response for deleting an organization
|
||||||
func SettingsDelete(ctx *context.Context) {
|
func SettingsDelete(ctx *context.Context) {
|
||||||
ctx.Data["Title"] = ctx.Tr("org.settings")
|
ctx.Data["Title"] = ctx.Tr("org.settings")
|
||||||
ctx.Data["PageIsSettingsDelete"] = true
|
ctx.Data["PageIsSettingsDelete"] = true
|
||||||
|
|
Loading…
Reference in a new issue