diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index 281c9b9e1..84aa3d9c1 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -1,6 +1,8 @@
class RepositoriesController < ApplicationController
before_action :load_vars
before_action :check_view_all_permissions, only: :index
+ before_action :check_edit_permissions, only: %(destroy destroy_modal
+ rename_modal update)
def index
render('repositories/index')
@@ -69,6 +71,10 @@ class RepositoriesController < ApplicationController
render_403 unless can_view_team_repositories(@team)
end
+ def check_edit_permissions
+ render_403 unless can_edit_repository(@repository)
+ end
+
def repository_params
params.require(:repository).permit(:name)
end
diff --git a/app/helpers/permission_helper.rb b/app/helpers/permission_helper.rb
index 929dd1908..c9a158123 100644
--- a/app/helpers/permission_helper.rb
+++ b/app/helpers/permission_helper.rb
@@ -1060,4 +1060,8 @@ module PermissionHelper
def can_view_repository(repository)
is_normal_user_or_admin_of_team(repository.team)
end
+
+ def can_edit_repository(repository)
+ is_admin_of_team(repository.team)
+ end
end
diff --git a/app/views/repositories/index.html.erb b/app/views/repositories/index.html.erb
index ae6c6b601..e82b3f870 100644
--- a/app/views/repositories/index.html.erb
+++ b/app/views/repositories/index.html.erb
@@ -29,34 +29,37 @@
type="button"
data-toggle="dropdown"
aria-haspopup="true"
- aria-expanded="true">
+ aria-expanded="true"
+ <%= "disabled='disabled'" if !can_edit_repository repo %>>
-
+ <% if can_edit_repository repo %>
+
+ <% end %>