Merge pull request 'Move permission check from ArtifactsDeleteView to the route' (#2464) from algernon/forgejo:gitea-port/artifact-deletion/refactor into forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2464 Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-03 15:16:39 +02:00 · 2024-02-25 14:15:03 +00:00 · 2024-02-25 14:15:03 +00:00 · 490b81a8ed
parent b7ea2ea463 9372bdd4a3
commit 490b81a8ed
2 changed files with 1 additions and 6 deletions
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@ -579,11 +579,6 @@ func ArtifactsView(ctx *context_module.Context) {
 }

 func ArtifactsDeleteView(ctx *context_module.Context) {
-	if !ctx.Repo.CanWrite(unit.TypeActions) {
-		ctx.Error(http.StatusForbidden, "no permission")
-		return
-	}
-
 	runIndex := ctx.ParamsInt64("run")
 	artifactName := ctx.Params("artifact_name")

--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -1401,7 +1401,7 @@ func registerRoutes(m *web.Route) {
 					m.Post("/approve", reqRepoActionsWriter, actions.Approve)
 					m.Post("/artifacts", actions.ArtifactsView)
 					m.Get("/artifacts/{artifact_name}", actions.ArtifactsDownloadView)
-					m.Delete("/artifacts/{artifact_name}", actions.ArtifactsDeleteView)
+					m.Delete("/artifacts/{artifact_name}", reqRepoActionsWriter, actions.ArtifactsDeleteView)
 					m.Post("/rerun", reqRepoActionsWriter, actions.Rerun)
 				})
 			})