From b1f72e401a779f2cc1b63ddae8be4319607ba2a9 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Sat, 6 Jun 2026 20:45:50 +0800 Subject: [PATCH] fix abuses --- routers/api/v1/admin/user.go | 12 +++++------- routers/api/v1/org/member.go | 2 +- routers/api/v1/org/org.go | 2 +- routers/api/v1/repo/mirror.go | 2 +- routers/api/v1/repo/pull_review.go | 2 +- routers/api/v1/repo/repo.go | 2 +- 6 files changed, 10 insertions(+), 12 deletions(-) diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index e656f963144..c32a98d0c51 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -471,13 +471,11 @@ func SearchUsers(ctx *context.APIContext) { var visible []api.VisibleType visibilityParam := ctx.FormString("visibility") - if len(visibilityParam) > 0 { - if visibility, ok := api.VisibilityModes[visibilityParam]; ok { - visible = []api.VisibleType{visibility} - } else { - ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("Invalid visibility: \"%s\"", visibilityParam)) - return - } + if visibility, ok := api.VisibilityModes[visibilityParam]; ok { + visible = []api.VisibleType{visibility} + } else if visibilityParam != "" { + ctx.APIError(http.StatusUnprocessableEntity, "invalid visibility") + return } searchOpts := user_model.SearchUserOptions{ diff --git a/routers/api/v1/org/member.go b/routers/api/v1/org/member.go index eac87a6f9c0..11b46a05c1c 100644 --- a/routers/api/v1/org/member.go +++ b/routers/api/v1/org/member.go @@ -221,7 +221,7 @@ func checkCanChangeOrgUserStatus(ctx *context.APIContext, targetUser *user_model // allow org owners to change status of members isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID) if err != nil { - ctx.APIError(http.StatusInternalServerError, err.Error()) + ctx.APIErrorInternal(err) } else if !isOwner { ctx.APIError(http.StatusForbidden, "Cannot change member visibility") } diff --git a/routers/api/v1/org/org.go b/routers/api/v1/org/org.go index 1c97000d86b..16d3e230a01 100644 --- a/routers/api/v1/org/org.go +++ b/routers/api/v1/org/org.go @@ -256,7 +256,7 @@ func Create(ctx *context.APIContext) { // "$ref": "#/responses/validationError" form := web.GetForm(ctx).(*api.CreateOrgOption) if !ctx.Doer.CanCreateOrganization() { - ctx.APIError(http.StatusForbidden, "") + ctx.APIError(http.StatusForbidden, "not allowed to create org") return } diff --git a/routers/api/v1/repo/mirror.go b/routers/api/v1/repo/mirror.go index 2306c9ea687..6f72c9613c3 100644 --- a/routers/api/v1/repo/mirror.go +++ b/routers/api/v1/repo/mirror.go @@ -239,7 +239,7 @@ func GetPushMirrorByName(ctx *context.APIContext) { ctx.APIErrorInternal(err) return } else if !exist { - ctx.APIError(http.StatusNotFound, "") + ctx.APIErrorNotFound() return } diff --git a/routers/api/v1/repo/pull_review.go b/routers/api/v1/repo/pull_review.go index dc9aedbcafd..54919cef90f 100644 --- a/routers/api/v1/repo/pull_review.go +++ b/routers/api/v1/repo/pull_review.go @@ -458,7 +458,7 @@ func DeletePullReview(ctx *context.APIContext) { return } if !ctx.Doer.IsAdmin && ctx.Doer.ID != review.ReviewerID { - ctx.APIError(http.StatusForbidden, "") + ctx.APIError(http.StatusForbidden, "no permission to delete comment") return } diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go index 0bf72880bb2..8adef610001 100644 --- a/routers/api/v1/repo/repo.go +++ b/routers/api/v1/repo/repo.go @@ -173,7 +173,7 @@ func Search(ctx *context.APIContext) { opts.Collaborate = optional.Some(true) case "": default: - ctx.APIError(http.StatusUnprocessableEntity, fmt.Sprintf("Invalid search mode: \"%s\"", mode)) + ctx.APIError(http.StatusUnprocessableEntity, "invalid search mode") return }