diff options
| -rw-r--r-- | app/blueprints/api/endpoints.py | 3 | ||||
| -rw-r--r-- | app/blueprints/github/__init__.py | 2 | ||||
| -rw-r--r-- | app/blueprints/gitlab/__init__.py | 2 | ||||
| -rw-r--r-- | app/flatpages/help/release_webhooks.md | 4 |
4 files changed, 5 insertions, 6 deletions
diff --git a/app/blueprints/api/endpoints.py b/app/blueprints/api/endpoints.py index 057cb7a..7c7a44a 100644 --- a/app/blueprints/api/endpoints.py +++ b/app/blueprints/api/endpoints.py @@ -140,6 +140,9 @@ def markdown(): @is_package_page @is_api_authd def create_release(token, package): + if not package.checkPerm(token.owner, Permission.APPROVE_RELEASE): + return error(403, "You do not have the permission to approve releases") + json = request.json if json is None: return error(400, "JSON post data is required") diff --git a/app/blueprints/github/__init__.py b/app/blueprints/github/__init__.py index a07920c..2eb4f64 100644 --- a/app/blueprints/github/__init__.py +++ b/app/blueprints/github/__init__.py @@ -124,7 +124,7 @@ def webhook(): return error(403, "Invalid authentication, couldn't validate API token") if not package.checkPerm(actual_token.owner, Permission.APPROVE_RELEASE): - return error(403, "Only trusted members can use webhooks") + return error(403, "You do not have the permission to approve releases") # # Check event diff --git a/app/blueprints/gitlab/__init__.py b/app/blueprints/gitlab/__init__.py index 45b4aa5..84061d7 100644 --- a/app/blueprints/gitlab/__init__.py +++ b/app/blueprints/gitlab/__init__.py @@ -44,7 +44,7 @@ def webhook(): return error(403, "Invalid authentication") if not package.checkPerm(token.owner, Permission.APPROVE_RELEASE): - return error(403, "Only trusted members can use webhooks") + return error(403, "You do not have the permission to approve releases") # # Check event diff --git a/app/flatpages/help/release_webhooks.md b/app/flatpages/help/release_webhooks.md index 2d751a5..438226e 100644 --- a/app/flatpages/help/release_webhooks.md +++ b/app/flatpages/help/release_webhooks.md @@ -17,10 +17,6 @@ The process is as follows: 3. The git host posts a webhook notification to ContentDB, using the API token assigned to it. 4. ContentDB checks the API token and issues a new release. -<p class="alert alert-info"> - This feature is in beta, and is only available for Trusted Members. -</p> - ## Setting up ### GitHub (automatic) |