From e3bdfd51ff4a3987c9c14d46d4c145f550b42d01 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Sat, 8 Aug 2015 17:24:10 +0800
Subject: [PATCH] better fork permission check

---
 models/repo.go                 | 7 +++++++
 routers/repo/pull.go           | 6 ++++++
 templates/repo/pulls/fork.tmpl | 2 ++
 3 files changed, 15 insertions(+)

diff --git a/models/repo.go b/models/repo.go
index 910ccee38..8135bc57d 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -1421,6 +1421,13 @@ func IsStaring(uid, repoId int64) bool {
 //  \___  / \____/|__|  |__|_ \
 //      \/                   \/
 
+// HasForkedRepo checks if given user has already forked a repository with given ID.
+func HasForkedRepo(ownerID, repoID int64) (*Repository, bool) {
+	repo := new(Repository)
+	has, _ := x.Where("owner_id=? AND fork_id=?", ownerID, repoID).Get(repo)
+	return repo, has
+}
+
 func ForkRepository(u *User, oldRepo *Repository, name, desc string) (_ *Repository, err error) {
 	repo := &Repository{
 		OwnerId:     u.Id,
diff --git a/routers/repo/pull.go b/routers/repo/pull.go
index cb5167033..a4ebb91a3 100644
--- a/routers/repo/pull.go
+++ b/routers/repo/pull.go
@@ -78,6 +78,12 @@ func ForkPost(ctx *middleware.Context, form auth.CreateRepoForm) {
 		return
 	}
 
+	repo, has := models.HasForkedRepo(ctxUser.Id, forkRepo.Id)
+	if has {
+		ctx.Redirect(setting.AppSubUrl + "/" + ctxUser.Name + "/" + repo.Name)
+		return
+	}
+
 	// Check ownership of organization.
 	if ctxUser.IsOrganization() {
 		if !ctxUser.IsOwnedBy(ctx.User.Id) {
diff --git a/templates/repo/pulls/fork.tmpl b/templates/repo/pulls/fork.tmpl
index acac9040f..2f76cf002 100644
--- a/templates/repo/pulls/fork.tmpl
+++ b/templates/repo/pulls/fork.tmpl
@@ -24,11 +24,13 @@
 	            		{{.SignedUser.Name}}
 			        	</div>
 			        	{{range .Orgs}}
+			        	{{if .IsOwnedBy $.SignedUser.Id}}
 			        	<div class="item" data-value="{{.Id}}">
 				        	<img class="ui mini avatar image" src="{{.AvatarLink}}">
 	            		{{.Name}}
 			        	</div>
 			        	{{end}}
+			        	{{end}}
 			        </div>
 			      </div>
 		      </div>