@@ -67,6 +67,28 @@ func ListRunners(ctx *context.APIContext, ownerID, repoID int64) {
6767ctx .JSON (http .StatusOK ,& res )
6868}
6969
70+ func getRunnerByID (ctx * context.APIContext ,ownerID ,repoID ,runnerID int64 ) (* actions_model.ActionRunner ,bool ) {
71+ if ownerID != 0 && repoID != 0 {
72+ setting .PanicInDevOrTesting ("ownerID and repoID should not be both set" )
73+ }
74+
75+ runner ,err := actions_model .GetRunnerByID (ctx ,runnerID )
76+ if err != nil {
77+ if errors .Is (err ,util .ErrNotExist ) {
78+ ctx .APIErrorNotFound ("Runner not found" )
79+ }else {
80+ ctx .APIErrorInternal (err )
81+ }
82+ return nil ,false
83+ }
84+
85+ if ! runner .EditableInContext (ownerID ,repoID ) {
86+ ctx .APIErrorNotFound ("No permission to access this runner" )
87+ return nil ,false
88+ }
89+ return runner ,true
90+ }
91+
7092// GetRunner get the runner for api route validated ownerID and repoID
7193// ownerID == 0 and repoID == 0 means any runner including global runners
7294// ownerID == 0 and repoID != 0 means any runner for the given repo
@@ -77,13 +99,8 @@ func GetRunner(ctx *context.APIContext, ownerID, repoID, runnerID int64) {
7799if ownerID != 0 && repoID != 0 {
78100setting .PanicInDevOrTesting ("ownerID and repoID should not be both set" )
79101}
80- runner ,err := actions_model .GetRunnerByID (ctx ,runnerID )
81- if err != nil {
82- ctx .APIErrorNotFound (err )
83- return
84- }
85- if ! runner .EditableInContext (ownerID ,repoID ) {
86- ctx .APIErrorNotFound ("No permission to get this runner" )
102+ runner ,ok := getRunnerByID (ctx ,ownerID ,repoID ,runnerID )
103+ if ! ok {
87104return
88105}
89106ctx .JSON (http .StatusOK ,convert .ToActionRunner (ctx ,runner ))
@@ -96,20 +113,12 @@ func GetRunner(ctx *context.APIContext, ownerID, repoID, runnerID int64) {
96113// ownerID != 0 and repoID != 0 undefined behavior
97114// Access rights are checked at the API route level
98115func DeleteRunner (ctx * context.APIContext ,ownerID ,repoID ,runnerID int64 ) {
99- if ownerID != 0 && repoID != 0 {
100- setting .PanicInDevOrTesting ("ownerID and repoID should not be both set" )
101- }
102- runner ,err := actions_model .GetRunnerByID (ctx ,runnerID )
103- if err != nil {
104- ctx .APIErrorInternal (err )
105- return
106- }
107- if ! runner .EditableInContext (ownerID ,repoID ) {
108- ctx .APIErrorNotFound ("No permission to delete this runner" )
116+ runner ,ok := getRunnerByID (ctx ,ownerID ,repoID ,runnerID )
117+ if ! ok {
109118return
110119}
111120
112- err = actions_model .DeleteRunner (ctx ,runner .ID )
121+ err : =actions_model .DeleteRunner (ctx ,runner .ID )
113122if err != nil {
114123ctx .APIErrorInternal (err )
115124return