luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-05-16 15:02:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Restrict permission check on repositories and fix some problems (#5314)

Browse source 
* fix units permission problems

* fix some bugs and merge LoadUnits to repoAssignment

* refactor permission struct and add some copyright heads

* remove unused codes

* fix routes units check

* improve permission check

* add unit tests for permission

* fix typo

* fix tests

* fix some routes

* fix api permission check

* improve permission check

* fix some permission check

* fix tests

* fix tests

* improve some permission check

* fix some permission check

* refactor AccessLevel

* fix bug

* fix tests

* fix tests

* fix tests

* fix AccessLevel

* rename CanAccess

* fix tests

* fix comment

* fix bug

* add missing unit for test repos

* fix bug

* rename some functions

* fix routes check
This commit is contained in:
Lunny Xiao 2018-11-28 19:26:14 +08:00 committed by GitHub
parent 0222623be9
commit eabbddcd98
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
80 changed files with 1360 additions and 774 deletions
Download patch file Download diff file Expand all files Collapse all files

18
routers/api/v1/repo/collaborators.go
View file

@ -1,4 +1,5 @@
// Copyright 2016 The Gogs Authors. All rights reserved.
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
@ -34,10 +35,6 @@ func ListCollaborators(ctx *context.APIContext) {
// responses:
// "200":
// "$ref": "#/responses/UserList"
if !ctx.Repo.IsWriter() {
ctx.Error(403, "", "User does not have push access")
return
}
collaborators, err := ctx.Repo.Repository.GetCollaborators()
if err != nil {
ctx.Error(500, "ListCollaborators", err)
@ -78,10 +75,6 @@ func IsCollaborator(ctx *context.APIContext) {
// "$ref": "#/responses/empty"
// "404":
// "$ref": "#/responses/empty"
if !ctx.Repo.IsWriter() {
ctx.Error(403, "", "User does not have push access")
return
}
user, err := models.GetUserByName(ctx.Params(":collaborator"))
if err != nil {
if models.IsErrUserNotExist(err) {
@ -133,10 +126,6 @@ func AddCollaborator(ctx *context.APIContext, form api.AddCollaboratorOption) {
// responses:
// "204":
// "$ref": "#/responses/empty"
if !ctx.Repo.IsWriter() {
ctx.Error(403, "", "User does not have push access")
return
}
collaborator, err := models.GetUserByName(ctx.Params(":collaborator"))
if err != nil {
if models.IsErrUserNotExist(err) {
@ -193,11 +182,6 @@ func DeleteCollaborator(ctx *context.APIContext) {
// responses:
// "204":
// "$ref": "#/responses/empty"
if !ctx.Repo.IsWriter() {
ctx.Error(403, "", "User does not have push access")
return
}
collaborator, err := models.GetUserByName(ctx.Params(":collaborator"))
if err != nil {
if models.IsErrUserNotExist(err) {