diff --git a/routers/web/org/licenses.go b/routers/web/org/licenses.go index fda53795e4..3587b66620 100644 --- a/routers/web/org/licenses.go +++ b/routers/web/org/licenses.go @@ -67,6 +67,7 @@ func Licenses(ctx *context.Context) { } ctx.Data["LicenseKeys"] = keys ctx.Data["IsRepoAdmin"] = ctx.Org.IsOwner + ctx.Data["IsSiteAdmin"] = ctx.IsUserSiteAdmin() ctx.HTML(http.StatusOK, tplOrgLicenses) } diff --git a/routers/web/repo/licenses.go b/routers/web/repo/licenses.go index b08499e99b..8a36f9de3a 100644 --- a/routers/web/repo/licenses.go +++ b/routers/web/repo/licenses.go @@ -225,8 +225,12 @@ func LicensesEditPackagePost(ctx *context.Context) { ctx.Redirect(ctx.Repo.RepoLink + "/licenses") } -// LicensesDeletePackage deletes a license package. +// LicensesDeletePackage deletes a license package. Site admin only. func LicensesDeletePackage(ctx *context.Context) { + if !ctx.IsUserSiteAdmin() { + ctx.NotFound(nil) + return + } pkgID := ctx.PathParamInt64("id") if err := licenses.DeleteLicensePackage(ctx, pkgID); err != nil { ctx.ServerError("DeleteLicensePackage", err) diff --git a/services/context/repo.go b/services/context/repo.go index 46c587e696..a7079af052 100644 --- a/services/context/repo.go +++ b/services/context/repo.go @@ -613,6 +613,7 @@ func repoAssignmentPrepareTemplateData(ctx *Context, data *repoAssignmentPrepare ctx.Data["NumLicensePackages"] = numLicensePackages ctx.Data["EnableLicenses"] = numLicensePackages > 0 ctx.Data["IsRepoAdmin"] = ctx.Repo.Permission.IsAdmin() + ctx.Data["IsSiteAdmin"] = ctx.IsUserSiteAdmin() // Load repo update config for platform-aware UI. repoUpdateCfg, _ := licenses_model.GetRepoConfig(ctx, repo.ID) diff --git a/templates/repo/licenses.tmpl b/templates/repo/licenses.tmpl index 5f66a0eef0..4fd62a88eb 100644 --- a/templates/repo/licenses.tmpl +++ b/templates/repo/licenses.tmpl @@ -56,12 +56,14 @@ {{svg "octicon-pencil" 14}} -
+ {{if $.IsSiteAdmin}} + {{$.CsrfTokenHtml}}
+ {{end}} {{end}}