From 1e5fe908c00eca3724d829e79bfb6664b0dfb65c Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Mar 28 2014 07:37:33 +0000 Subject: Make sure only admin repo can create pull-request for this repo --- diff --git a/progit/fork.py b/progit/fork.py index 1a46cb6..691d2f8 100644 --- a/progit/fork.py +++ b/progit/fork.py @@ -24,7 +24,8 @@ from pygments.formatters import HtmlFormatter import progit.doc_utils import progit.lib import progit.forms -from progit import APP, SESSION, LOG, __get_file_in_tree, cla_required +from progit import (APP, SESSION, LOG, __get_file_in_tree, cla_required, + is_repo_admin) @APP.route('//request-pulls') @@ -263,6 +264,11 @@ def new_request_pull(username, repo, commitid=None): if not repo: flask.abort(404) + if not is_repo_admin(repo): + flask.abort( + 403, + 'You are not allowed to create pull-requests for this project') + repopath = os.path.join(APP.config['FORK_FOLDER'], repo.path) repo_obj = pygit2.Repository(repopath)