mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-05-25 11:22:16 +00:00
Push to create repo (#8419)
* Refactor Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add push-create to SSH serv Signed-off-by: jolheiser <john.olheiser@gmail.com> * Cannot push for another user unless admin Signed-off-by: jolheiser <john.olheiser@gmail.com> * Get owner in case admin pushes for another user Signed-off-by: jolheiser <john.olheiser@gmail.com> * Set new repo ID in result Signed-off-by: jolheiser <john.olheiser@gmail.com> * Update to service and use new org perms Signed-off-by: jolheiser <john.olheiser@gmail.com> * Move pushCreateRepo to services Signed-off-by: jolheiser <john.olheiser@gmail.com> * Fix import order Signed-off-by: jolheiser <john.olheiser@gmail.com> * Changes for @guillep2k * Check owner (not user) in SSH * Add basic tests for created repos (private, not empty) Signed-off-by: jolheiser <john.olheiser@gmail.com>
This commit is contained in:
John Olheiser
Lunny Xiao
parent
47c24be293
commit
6715677b2b
7 changed files with 219 additions and 51 deletions
|
|
@ -28,6 +28,7 @@ import (
|
|||
"code.gitea.io/gitea/modules/process"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/timeutil"
|
||||
repo_service "code.gitea.io/gitea/services/repository"
|
||||
)
|
||||
|
||||
// HTTP implmentation git smart HTTP protocol
|
||||
|
|
@ -100,29 +101,29 @@ func HTTP(ctx *context.Context) {
|
|||
return
|
||||
}
|
||||
|
||||
repoExist := true
|
||||
repo, err := models.GetRepositoryByName(owner.ID, reponame)
|
||||
if err != nil {
|
||||
if models.IsErrRepoNotExist(err) {
|
||||
redirectRepoID, err := models.LookupRepoRedirect(owner.ID, reponame)
|
||||
if err == nil {
|
||||
if redirectRepoID, err := models.LookupRepoRedirect(owner.ID, reponame); err == nil {
|
||||
context.RedirectToRepo(ctx, redirectRepoID)
|
||||
} else {
|
||||
ctx.NotFoundOrServerError("GetRepositoryByName", models.IsErrRepoRedirectNotExist, err)
|
||||
return
|
||||
}
|
||||
repoExist = false
|
||||
} else {
|
||||
ctx.ServerError("GetRepositoryByName", err)
|
||||
return
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Don't allow pushing if the repo is archived
|
||||
if repo.IsArchived && !isPull {
|
||||
if repoExist && repo.IsArchived && !isPull {
|
||||
ctx.HandleText(http.StatusForbidden, "This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.")
|
||||
return
|
||||
}
|
||||
|
||||
// Only public pull don't need auth.
|
||||
isPublicPull := !repo.IsPrivate && isPull
|
||||
isPublicPull := repoExist && !repo.IsPrivate && isPull
|
||||
var (
|
||||
askAuth = !isPublicPull || setting.Service.RequireSignInView
|
||||
authUser *models.User
|
||||
|
|
@ -243,20 +244,22 @@ func HTTP(ctx *context.Context) {
|
|||
}
|
||||
}
|
||||
|
||||
perm, err := models.GetUserRepoPermission(repo, authUser)
|
||||
if err != nil {
|
||||
ctx.ServerError("GetUserRepoPermission", err)
|
||||
return
|
||||
}
|
||||
if repoExist {
|
||||
perm, err := models.GetUserRepoPermission(repo, authUser)
|
||||
if err != nil {
|
||||
ctx.ServerError("GetUserRepoPermission", err)
|
||||
return
|
||||
}
|
||||
|
||||
if !perm.CanAccess(accessMode, unitType) {
|
||||
ctx.HandleText(http.StatusForbidden, "User permission denied")
|
||||
return
|
||||
}
|
||||
if !perm.CanAccess(accessMode, unitType) {
|
||||
ctx.HandleText(http.StatusForbidden, "User permission denied")
|
||||
return
|
||||
}
|
||||
|
||||
if !isPull && repo.IsMirror {
|
||||
ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
|
||||
return
|
||||
if !isPull && repo.IsMirror {
|
||||
ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
environ = []string{
|
||||
|
|
@ -264,7 +267,6 @@ func HTTP(ctx *context.Context) {
|
|||
models.EnvRepoName + "=" + reponame,
|
||||
models.EnvPusherName + "=" + authUser.Name,
|
||||
models.EnvPusherID + fmt.Sprintf("=%d", authUser.ID),
|
||||
models.ProtectedBranchRepoID + fmt.Sprintf("=%d", repo.ID),
|
||||
models.EnvIsDeployKey + "=false",
|
||||
}
|
||||
|
||||
|
|
@ -279,6 +281,25 @@ func HTTP(ctx *context.Context) {
|
|||
}
|
||||
}
|
||||
|
||||
if !repoExist {
|
||||
if owner.IsOrganization() && !setting.Repository.EnablePushCreateOrg {
|
||||
ctx.HandleText(http.StatusForbidden, "Push to create is not enabled for organizations.")
|
||||
return
|
||||
}
|
||||
if !owner.IsOrganization() && !setting.Repository.EnablePushCreateUser {
|
||||
ctx.HandleText(http.StatusForbidden, "Push to create is not enabled for users.")
|
||||
return
|
||||
}
|
||||
repo, err = repo_service.PushCreateRepo(authUser, owner, reponame)
|
||||
if err != nil {
|
||||
log.Error("pushCreateRepo: %v", err)
|
||||
ctx.Status(http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
environ = append(environ, models.ProtectedBranchRepoID+fmt.Sprintf("=%d", repo.ID))
|
||||
|
||||
w := ctx.Resp
|
||||
r := ctx.Req.Request
|
||||
cfg := &serviceConfig{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue