Move accessmode into models/perm (#17828)

2025-06-17 11:59:30 +00:00 · 2021-11-28 19:58:28 +08:00 · 2021-11-28 19:58:28 +08:00 · 1fee11d69a
commit 1fee11d69a
parent 24a8d54bfb
59 changed files with 359 additions and 295 deletions
--- a/routers/web/org/teams.go
+++ b/routers/web/org/teams.go
@ -12,6 +12,7 @@ import (
 	"strings"

 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/perm"
 	unit_model "code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
@ -235,12 +236,12 @@ func NewTeamPost(ctx *context.Context) {
 		OrgID:                   ctx.Org.Organization.ID,
 		Name:                    form.TeamName,
 		Description:             form.Description,
-		Authorize:               models.ParseAccessMode(form.Permission),
+		Authorize:               perm.ParseAccessMode(form.Permission),
 		IncludesAllRepositories: includesAllRepositories,
 		CanCreateOrgRepo:        form.CanCreateOrgRepo,
 	}

-	if t.Authorize < models.AccessModeOwner {
+	if t.Authorize < perm.AccessModeOwner {
 		var units = make([]*models.TeamUnit, 0, len(form.Units))
 		for _, tp := range form.Units {
 			units = append(units, &models.TeamUnit{
@ -258,7 +259,7 @@ func NewTeamPost(ctx *context.Context) {
 		return
 	}

-	if t.Authorize < models.AccessModeAdmin && len(form.Units) == 0 {
+	if t.Authorize < perm.AccessModeAdmin && len(form.Units) == 0 {
 		ctx.RenderWithErr(ctx.Tr("form.team_no_units_error"), tplTeamNew, &form)
 		return
 	}
@ -325,7 +326,7 @@ func EditTeamPost(ctx *context.Context) {
 	var includesAllRepositories = form.RepoAccess == "all"
 	if !t.IsOwnerTeam() {
 		// Validate permission level.
-		auth := models.ParseAccessMode(form.Permission)
+		auth := perm.ParseAccessMode(form.Permission)

 		t.Name = form.TeamName
 		if t.Authorize != auth {
@ -339,7 +340,7 @@ func EditTeamPost(ctx *context.Context) {
 		}
 	}
 	t.Description = form.Description
-	if t.Authorize < models.AccessModeOwner {
+	if t.Authorize < perm.AccessModeOwner {
 		var units = make([]models.TeamUnit, 0, len(form.Units))
 		for _, tp := range form.Units {
 			units = append(units, models.TeamUnit{
@ -361,7 +362,7 @@ func EditTeamPost(ctx *context.Context) {
 		return
 	}

-	if t.Authorize < models.AccessModeAdmin && len(form.Units) == 0 {
+	if t.Authorize < perm.AccessModeAdmin && len(form.Units) == 0 {
 		ctx.RenderWithErr(ctx.Tr("form.team_no_units_error"), tplTeamNew, &form)
 		return
 	}
--- a/routers/web/repo/http.go
+++ b/routers/web/repo/http.go
@ -22,6 +22,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/context"
@ -93,11 +94,11 @@ func httpBase(ctx *context.Context) (h *serviceHandler) {
 		isPull = ctx.Req.Method == "GET"
 	}

-	var accessMode models.AccessMode
+	var accessMode perm.AccessMode
 	if isPull {
-		accessMode = models.AccessModeRead
+		accessMode = perm.AccessModeRead
 	} else {
-		accessMode = models.AccessModeWrite
+		accessMode = perm.AccessModeWrite
 	}

 	isWiki := false
@ -194,7 +195,7 @@ func httpBase(ctx *context.Context) (h *serviceHandler) {
 		}

 		if repoExist {
-			perm, err := models.GetUserRepoPermission(repo, ctx.User)
+			p, err := models.GetUserRepoPermission(repo, ctx.User)
 			if err != nil {
 				ctx.ServerError("GetUserRepoPermission", err)
 				return
@ -202,10 +203,10 @@ func httpBase(ctx *context.Context) (h *serviceHandler) {

 			// Because of special ref "refs/for" .. , need delay write permission check
 			if git.SupportProcReceive {
-				accessMode = models.AccessModeRead
+				accessMode = perm.AccessModeRead
 			}

-			if !perm.CanAccess(accessMode, unitType) {
+			if !p.CanAccess(accessMode, unitType) {
 				ctx.HandleText(http.StatusForbidden, "User permission denied")
 				return
 			}
--- a/routers/web/repo/projects.go
+++ b/routers/web/repo/projects.go
@ -11,6 +11,7 @@ import (
 	"strings"

 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
@ -373,7 +374,7 @@ func DeleteProjectBoard(ctx *context.Context) {
 		return
 	}

-	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, unit.TypeProjects) {
+	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
 		ctx.JSON(http.StatusForbidden, map[string]string{
 			"message": "Only authorized users are allowed to perform this action.",
 		})
@ -422,7 +423,7 @@ func DeleteProjectBoard(ctx *context.Context) {
 // AddBoardToProjectPost allows a new board to be added to a project.
 func AddBoardToProjectPost(ctx *context.Context) {
 	form := web.GetForm(ctx).(*forms.EditProjectBoardForm)
-	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, unit.TypeProjects) {
+	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
 		ctx.JSON(http.StatusForbidden, map[string]string{
 			"message": "Only authorized users are allowed to perform this action.",
 		})
@ -462,7 +463,7 @@ func checkProjectBoardChangePermissions(ctx *context.Context) (*models.Project,
 		return nil, nil
 	}

-	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, unit.TypeProjects) {
+	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
 		ctx.JSON(http.StatusForbidden, map[string]string{
 			"message": "Only authorized users are allowed to perform this action.",
 		})
@ -556,7 +557,7 @@ func MoveIssueAcrossBoards(ctx *context.Context) {
 		return
 	}

-	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, unit.TypeProjects) {
+	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
 		ctx.JSON(http.StatusForbidden, map[string]string{
 			"message": "Only authorized users are allowed to perform this action.",
 		})
--- a/routers/web/repo/setting.go
+++ b/routers/web/repo/setting.go
@ -16,6 +16,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/perm"
 	unit_model "code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
@ -846,7 +847,7 @@ func CollaborationPost(ctx *context.Context) {
 func ChangeCollaborationAccessMode(ctx *context.Context) {
 	if err := ctx.Repo.Repository.ChangeCollaborationAccessMode(
 		ctx.FormInt64("uid"),
-		models.AccessMode(ctx.FormInt("mode"))); err != nil {
+		perm.AccessMode(ctx.FormInt("mode"))); err != nil {
 		log.Error("ChangeCollaborationAccessMode: %v", err)
 	}
 }
--- a/routers/web/repo/setting_protected_branch.go
+++ b/routers/web/repo/setting_protected_branch.go
@ -11,6 +11,7 @@ import (
 	"time"

 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/git"
@ -156,7 +157,7 @@ func SettingsProtectedBranch(c *context.Context) {
 	}

 	if c.Repo.Owner.IsOrganization() {
-		teams, err := models.OrgFromUser(c.Repo.Owner).TeamsWithAccessToRepo(c.Repo.Repository.ID, models.AccessModeRead)
+		teams, err := models.OrgFromUser(c.Repo.Owner).TeamsWithAccessToRepo(c.Repo.Repository.ID, perm.AccessModeRead)
 		if err != nil {
 			c.ServerError("Repo.Owner.TeamsWithAccessToRepo", err)
 			return
--- a/routers/web/repo/settings_test.go
+++ b/routers/web/repo/settings_test.go
@ -10,6 +10,7 @@ import (
 	"testing"

 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/context"
@ -62,7 +63,7 @@ func TestAddReadOnlyDeployKey(t *testing.T) {
 	unittest.AssertExistsAndLoadBean(t, &models.DeployKey{
 		Name:    addKeyForm.Title,
 		Content: addKeyForm.Content,
-		Mode:    models.AccessModeRead,
+		Mode:    perm.AccessModeRead,
 	})
 }

@ -92,7 +93,7 @@ func TestAddReadWriteOnlyDeployKey(t *testing.T) {
 	unittest.AssertExistsAndLoadBean(t, &models.DeployKey{
 		Name:    addKeyForm.Title,
 		Content: addKeyForm.Content,
-		Mode:    models.AccessModeWrite,
+		Mode:    perm.AccessModeWrite,
 	})
 }

--- a/routers/web/repo/tag.go
+++ b/routers/web/repo/tag.go
@ -10,6 +10,7 @@ import (
 	"strings"

 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/setting"
@ -149,7 +150,7 @@ func setTagsContext(ctx *context.Context) error {
 	ctx.Data["Users"] = users

 	if ctx.Repo.Owner.IsOrganization() {
-		teams, err := models.OrgFromUser(ctx.Repo.Owner).TeamsWithAccessToRepo(ctx.Repo.Repository.ID, models.AccessModeRead)
+		teams, err := models.OrgFromUser(ctx.Repo.Owner).TeamsWithAccessToRepo(ctx.Repo.Repository.ID, perm.AccessModeRead)
 		if err != nil {
 			ctx.ServerError("Repo.Owner.TeamsWithAccessToRepo", err)
 			return err
--- a/routers/web/repo/webhook.go
+++ b/routers/web/repo/webhook.go
@ -13,8 +13,8 @@ import (
 	"path"
 	"strings"

-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/perm"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/models/webhook"
 	"code.gitea.io/gitea/modules/base"
@ -1159,7 +1159,7 @@ func TestWebhook(ctx *context.Context) {
 		}
 	}

-	apiUser := convert.ToUserWithAccessMode(ctx.User, models.AccessModeNone)
+	apiUser := convert.ToUserWithAccessMode(ctx.User, perm.AccessModeNone)

 	apiCommit := &api.PayloadCommit{
 		ID:      commit.ID.String(),
@ -1181,7 +1181,7 @@ func TestWebhook(ctx *context.Context) {
 		After:      commit.ID.String(),
 		Commits:    []*api.PayloadCommit{apiCommit},
 		HeadCommit: apiCommit,
-		Repo:       convert.ToRepo(ctx.Repo.Repository, models.AccessModeNone),
+		Repo:       convert.ToRepo(ctx.Repo.Repository, perm.AccessModeNone),
 		Pusher:     apiUser,
 		Sender:     apiUser,
 	}