Move permission check from ArtifactsDeleteView to the route

As suggested by @Gusted in #2431, move the permission checking from `ArtifactsDeleteView` into the route instead, where it belongs. Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-25 10:52:11 +01:00 · 2024-02-25 10:52:11 +01:00 · 9372bdd4a3
commit 9372bdd4a3
parent b7ea2ea463
2 changed files with 1 additions and 6 deletions
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@ -579,11 +579,6 @@ func ArtifactsView(ctx *context_module.Context) {
 }

 func ArtifactsDeleteView(ctx *context_module.Context) {
-	if !ctx.Repo.CanWrite(unit.TypeActions) {
-		ctx.Error(http.StatusForbidden, "no permission")
-		return
-	}
-
 	runIndex := ctx.ParamsInt64("run")
 	artifactName := ctx.Params("artifact_name")

--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -1401,7 +1401,7 @@ func registerRoutes(m *web.Route) {
 					m.Post("/approve", reqRepoActionsWriter, actions.Approve)
 					m.Post("/artifacts", actions.ArtifactsView)
 					m.Get("/artifacts/{artifact_name}", actions.ArtifactsDownloadView)
-					m.Delete("/artifacts/{artifact_name}", actions.ArtifactsDeleteView)
+					m.Delete("/artifacts/{artifact_name}", reqRepoActionsWriter, actions.ArtifactsDeleteView)
 					m.Post("/rerun", reqRepoActionsWriter, actions.Rerun)
 				})
 			})