Show More
| @@ -63,6 +63,7 b' class AdminReposView(BaseAppView, DataGr' | |||||
| 63 |
|
63 | |||
| 64 | @LoginRequired() |
|
64 | @LoginRequired() | |
| 65 | @NotAnonymous() |
|
65 | @NotAnonymous() | |
|
|
66 | # perms check inside | |||
| 66 | @view_config( |
|
67 | @view_config( | |
| 67 | route_name='repos', request_method='GET', |
|
68 | route_name='repos', request_method='GET', | |
| 68 | renderer='rhodecode:templates/admin/repos/repos.mako') |
|
69 | renderer='rhodecode:templates/admin/repos/repos.mako') | |
| @@ -212,10 +212,15 b' class RepoForksView(RepoAppView, DataGri' | |||||
| 212 | _form = RepoForkForm(old_data={'repo_type': self.db_repo.repo_type}, |
|
212 | _form = RepoForkForm(old_data={'repo_type': self.db_repo.repo_type}, | |
| 213 | repo_groups=c.repo_groups_choices, |
|
213 | repo_groups=c.repo_groups_choices, | |
| 214 | landing_revs=c.landing_revs_choices)() |
|
214 | landing_revs=c.landing_revs_choices)() | |
|
|
215 | post_data = dict(self.request.POST) | |||
|
|
216 | ||||
|
|
217 | # forbid injecting other repo by forging a request | |||
|
|
218 | post_data['fork_parent_id'] = self.db_repo.repo_id | |||
|
|
219 | ||||
| 215 | form_result = {} |
|
220 | form_result = {} | |
| 216 | task_id = None |
|
221 | task_id = None | |
| 217 | try: |
|
222 | try: | |
| 218 |
form_result = _form.to_python( |
|
223 | form_result = _form.to_python(post_data) | |
| 219 | # create fork is done sometimes async on celery, db transaction |
|
224 | # create fork is done sometimes async on celery, db transaction | |
| 220 | # management is handled there. |
|
225 | # management is handled there. | |
| 221 | task = RepoModel().create_fork( |
|
226 | task = RepoModel().create_fork( | |
General Comments 0
You need to be logged in to leave comments.
Login now