From 57a69ef277546414893a38feb70412aa4c32330e Mon Sep 17 00:00:00 2001
From: Lanre Adelowo <adelowomailbox@gmail.com>
Date: Wed, 30 Jan 2019 18:20:40 +0100
Subject: [PATCH] don't allow pull requests to be created on an archived
 repository (#5883)

* don't allow pull requests to be created on an archived repository
Also disable the "PR" button if the repo is archived

* Refuse creating an issue/PR via API calls too
---
 routers/api/v1/api.go    | 19 +++++++++++++------
 routers/routes/routes.go |  2 +-
 templates/repo/home.tmpl |  2 +-
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index d8f78550c8..7e7bf6a50b 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -74,7 +74,7 @@ import (
 	api "code.gitea.io/sdk/gitea"
 
 	"github.com/go-macaron/binding"
-	"gopkg.in/macaron.v1"
+	macaron "gopkg.in/macaron.v1"
 )
 
 func sudo() macaron.Handler {
@@ -371,6 +371,13 @@ func mustEnableUserHeatmap(ctx *context.Context) {
 	}
 }
 
+func mustNotBeArchived(ctx *context.Context) {
+	if ctx.Repo.Repository.IsArchived {
+		ctx.Status(404)
+		return
+	}
+}
+
 // RegisterRoutes registers all v1 APIs routes to web application.
 // FIXME: custom form error response
 func RegisterRoutes(m *macaron.Macaron) {
@@ -518,11 +525,11 @@ func RegisterRoutes(m *macaron.Macaron) {
 				}, mustEnableIssues)
 				m.Group("/issues", func() {
 					m.Combo("").Get(repo.ListIssues).
-						Post(reqToken(), bind(api.CreateIssueOption{}), repo.CreateIssue)
+						Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueOption{}), repo.CreateIssue)
 					m.Group("/comments", func() {
 						m.Get("", repo.ListRepoIssueComments)
 						m.Combo("/:id", reqToken()).
-							Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueComment).
+							Patch(mustNotBeArchived, bind(api.EditIssueCommentOption{}), repo.EditIssueComment).
 							Delete(repo.DeleteIssueComment)
 					})
 					m.Group("/:index", func() {
@@ -531,7 +538,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 
 						m.Group("/comments", func() {
 							m.Combo("").Get(repo.ListIssueComments).
-								Post(reqToken(), bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment)
+								Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment)
 							m.Combo("/:id", reqToken()).Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueCommentDeprecated).
 								Delete(repo.DeleteIssueCommentDeprecated)
 						})
@@ -593,12 +600,12 @@ func RegisterRoutes(m *macaron.Macaron) {
 				m.Get("/editorconfig/:filename", context.RepoRef(), reqRepoReader(models.UnitTypeCode), repo.GetEditorconfig)
 				m.Group("/pulls", func() {
 					m.Combo("").Get(bind(api.ListPullRequestsOptions{}), repo.ListPullRequests).
-						Post(reqToken(), bind(api.CreatePullRequestOption{}), repo.CreatePullRequest)
+						Post(reqToken(), mustNotBeArchived, bind(api.CreatePullRequestOption{}), repo.CreatePullRequest)
 					m.Group("/:index", func() {
 						m.Combo("").Get(repo.GetPullRequest).
 							Patch(reqToken(), reqRepoWriter(models.UnitTypePullRequests), bind(api.EditPullRequestOption{}), repo.EditPullRequest)
 						m.Combo("/merge").Get(repo.IsPullRequestMerged).
-							Post(reqToken(), reqRepoWriter(models.UnitTypePullRequests), bind(auth.MergePullRequestForm{}), repo.MergePullRequest)
+							Post(reqToken(), mustNotBeArchived, reqRepoWriter(models.UnitTypePullRequests), bind(auth.MergePullRequestForm{}), repo.MergePullRequest)
 					})
 				}, mustAllowPulls, reqRepoReader(models.UnitTypeCode), context.ReferencesGitRepo())
 				m.Group("/statuses", func() {
diff --git a/routers/routes/routes.go b/routers/routes/routes.go
index 41f38801c8..c6b7a097ea 100644
--- a/routers/routes/routes.go
+++ b/routers/routes/routes.go
@@ -586,7 +586,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 		m.Group("/milestone", func() {
 			m.Get("/:id", repo.MilestoneIssuesAndPulls)
 		}, reqRepoIssuesOrPullsWriter, context.RepoRef())
-		m.Combo("/compare/*", reqRepoCodeReader, reqRepoPullsReader, repo.MustAllowPulls, repo.SetEditorconfigIfExists).
+		m.Combo("/compare/*", context.RepoMustNotBeArchived(), reqRepoCodeReader, reqRepoPullsReader, repo.MustAllowPulls, repo.SetEditorconfigIfExists).
 			Get(repo.SetDiffViewStyle, repo.CompareAndPullRequest).
 			Post(bindIgnErr(auth.CreateIssueForm{}), repo.CompareAndPullRequestPost)
 
diff --git a/templates/repo/home.tmpl b/templates/repo/home.tmpl
index 735f6c00b9..d7161153cb 100644
--- a/templates/repo/home.tmpl
+++ b/templates/repo/home.tmpl
@@ -57,7 +57,7 @@
 		{{end}}
 		{{template "repo/sub_menu" .}}
 		<div class="ui stackable secondary menu mobile--margin-between-items mobile--no-negative-margins">
-			{{if and .PullRequestCtx.Allowed .IsViewBranch}}
+			{{if and .PullRequestCtx.Allowed .IsViewBranch (not .Repository.IsArchived)}}
 				<div class="fitted item">
 					<a href="{{.BaseRepo.Link}}/compare/{{.BaseRepo.DefaultBranch | EscapePound}}...{{ if .Repository.IsFork }}{{.Repository.Owner.Name}}{{ else }}{{ .SignedUserName }}{{ end }}:{{.BranchName | EscapePound}}">
 					<button class="ui green tiny compact button"><i class="octicon octicon-git-compare"></i></button>