| |
@@ -58,15 +58,11 @@
|
| |
_check_token(repo, project_token=False)
|
| |
|
| |
is_site_admin = pagure.utils.is_admin()
|
| |
- admins = [u.username for u in repo.get_project_users("admin")]
|
| |
# Only allow the main admin, the admins of the project, and Pagure site
|
| |
# admins to modify projects' monitoring, even if the user has the right
|
| |
# ACLs on their token
|
| |
- if (
|
| |
- flask.g.fas_user.username not in admins
|
| |
- and flask.g.fas_user.username != repo.user.username
|
| |
- and not is_site_admin
|
| |
- ):
|
| |
+ if (pagure.utils.is_repo_admin(repo, flask.g.fas_user.username) and not
|
| |
+ is_site_admin):
|
| |
raise pagure.exceptions.APIError(
|
| |
401, error_code=APIERROR.EMODIFYPROJECTNOTALLOWED
|
| |
)
|
| |
@@ -694,9 +690,10 @@
|
| |
repo = _get_repo(repo, namespace=namespace)
|
| |
|
| |
is_site_admin = pagure.utils.is_admin()
|
| |
- # Only allow the main admin and Pagure site admins to modify projects'
|
| |
+ # Only allow project admins and Pagure site admins to modify projects'
|
| |
# monitoring, even if the user has the right ACLs on their token
|
| |
- if flask.g.fas_user.username != repo.user.username and not is_site_admin:
|
| |
+ if (not pagure.utils.is_repo_admin(repo, flask.g.fas_user.username) and not
|
| |
+ is_site_admin):
|
| |
raise pagure.exceptions.APIError(
|
| |
401, error_code=APIERROR.EMODIFYPROJECTNOTALLOWED
|
| |
)
|
| |
See the commit messages for more explanation.
This is a draft, because I haven't yet set up a Pagure instance to test this.
/cc @zlopez re. monitoring changes