From ab634ce61af234e220e8cb54204d652e2ec507df Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Thu, 30 Mar 2017 00:34:20 -0400
Subject: cmd/web: fix routes requires sign in (#4359)

Redirect user to sign in page when visit private repository with
public issues if user want to post comment or create new issue.
---
 cmd/web.go | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'cmd/web.go')

diff --git a/cmd/web.go b/cmd/web.go
index d0445ce3..a0463939 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -230,7 +230,6 @@ func runWeb(ctx *cli.Context) error {
 	})
 
 	m.Group("/user", func() {
-		// r.Get("/feeds", binding.Bind(form.Feeds{}), user.Feeds)
 		m.Any("/activate", user.Activate)
 		m.Any("/activate_email", user.ActivateEmail)
 		m.Get("/email2user", user.Email2User)
@@ -460,7 +459,10 @@ func runWeb(ctx *cli.Context) error {
 	m.Group("/:username/:reponame", func() {
 		m.Get("/issues", repo.RetrieveLabels, repo.Issues)
 		m.Get("/issues/:index", repo.ViewIssue)
-
+		m.Get("/labels/", repo.RetrieveLabels, repo.Labels)
+		m.Get("/milestones", repo.Milestones)
+	}, ignSignIn, context.RepoAssignment(true))
+	m.Group("/:username/:reponame", func() {
 		// FIXME: should use different URLs but mostly same logic for comments of issue and pull reuqest.
 		// So they can apply their own enable/disable logic on routers.
 		m.Group("/issues", func() {
@@ -477,10 +479,7 @@ func runWeb(ctx *cli.Context) error {
 			m.Post("", repo.UpdateCommentContent)
 			m.Post("/delete", repo.DeleteComment)
 		})
-
-		m.Get("/labels/", repo.RetrieveLabels, repo.Labels)
-		m.Get("/milestones", repo.Milestones)
-	}, ignSignIn, context.RepoAssignment(true))
+	}, reqSignIn, context.RepoAssignment(true))
 	m.Group("/:username/:reponame", func() {
 		m.Group("/wiki", func() {
 			m.Get("/?:page", repo.Wiki)
-- 
cgit v1.2.3