diff --git a/src/api/app/controllers/source_controller.rb b/src/api/app/controllers/source_controller.rb index 47b1d1f16ba..c0157374ae7 100644 --- a/src/api/app/controllers/source_controller.rb +++ b/src/api/app/controllers/source_controller.rb @@ -76,6 +76,7 @@ def show_package pass_to_backend(path) end + # DELETE /source/:project/:package def delete_package # checks raise DeletePackageNoPermission, '_project package can not be deleted.' if @target_package_name == '_project' @@ -102,17 +103,6 @@ def delete_package render_ok end - def verify_can_modify_target_package! - return if User.session!.can_modify?(@package) - - unless @package.instance_of?(Package) - raise CmdExecutionNoPermission, "no permission to execute command '#{params[:cmd]}' " \ - 'for unspecified package' - end - raise CmdExecutionNoPermission, "no permission to execute command '#{params[:cmd]}' " \ - "for package #{@package.name} in project #{@package.project.name}" - end - # POST /source/:project/:package def package_command params[:user] = User.session!.login @@ -1144,6 +1134,17 @@ def verify_can_modify_target! end end + def verify_can_modify_target_package! + return if User.session!.can_modify?(@package) + + unless @package.instance_of?(Package) + raise CmdExecutionNoPermission, "no permission to execute command '#{params[:cmd]}' " \ + 'for unspecified package' + end + raise CmdExecutionNoPermission, "no permission to execute command '#{params[:cmd]}' " \ + "for package #{@package.name} in project #{@package.project.name}" + end + def private_branch_command ret = BranchPackage.new(params).branch if ret[:text] @@ -1157,7 +1158,6 @@ def private_branch_command end # POST /source//?cmd=branch&target_project="optional_project"&target_package="optional_package"&update_project_attribute="alternative_attribute"&comment="message" - def package_command_branch # find out about source and target dependening on command - FIXME: ugly! sync calls