Allow administrator to create repository for any organization (#4368)

integrations/api_repo_test.go

@@ -262,3 +262,26 @@ func TestAPIRepoMigrate(t *testing.T) {
 		session.MakeRequest(t, req, testCase.expectedStatus)
 	}
 }
+
+func TestAPIOrgRepoCreate(t *testing.T) {
+	testCases := []struct {
+		ctxUserID         int64
+		orgName, repoName string
+		expectedStatus    int
+	}{
+		{ctxUserID: 1, orgName: "user3", repoName: "repo-admin", expectedStatus: http.StatusCreated},
+		{ctxUserID: 2, orgName: "user3", repoName: "repo-own", expectedStatus: http.StatusCreated},
+		{ctxUserID: 2, orgName: "user6", repoName: "repo-bad-org", expectedStatus: http.StatusForbidden},
+	}
+
+	prepareTestEnv(t)
+	for _, testCase := range testCases {
+		user := models.AssertExistsAndLoadBean(t, &models.User{ID: testCase.ctxUserID}).(*models.User)
+		session := loginUser(t, user.Name)
+
+		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/org/%s/repos", testCase.orgName), &api.CreateRepoOption{
+			Name: testCase.repoName,
+		})
+		session.MakeRequest(t, req, testCase.expectedStatus)
+	}
+}

routers/api/v1/repo/repo.go

@@ -257,13 +257,15 @@ func CreateOrgRepo(ctx *context.APIContext, opt api.CreateRepoOption) {
 		return
 	}
 
-	isOwner, err := org.IsOwnedBy(ctx.User.ID)
+	if !ctx.User.IsAdmin {
-	if err != nil {
+		isOwner, err := org.IsOwnedBy(ctx.User.ID)
-		ctx.ServerError("IsOwnedBy", err)
+		if err != nil {
-		return
+			ctx.ServerError("IsOwnedBy", err)
-	} else if !isOwner {
+			return
-		ctx.Error(403, "", "Given user is not owner of organization.")
+		} else if !isOwner {
-		return
+			ctx.Error(403, "", "Given user is not owner of organization.")
+			return
+		}
 	}
 	CreateUserRepo(ctx, org, opt)
 }