mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-05-20 00:40:26 +00:00
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems * fix some bugs and merge LoadUnits to repoAssignment * refactor permission struct and add some copyright heads * remove unused codes * fix routes units check * improve permission check * add unit tests for permission * fix typo * fix tests * fix some routes * fix api permission check * improve permission check * fix some permission check * fix tests * fix tests * improve some permission check * fix some permission check * refactor AccessLevel * fix bug * fix tests * fix tests * fix tests * fix AccessLevel * rename CanAccess * fix tests * fix comment * fix bug * add missing unit for test repos * fix bug * rename some functions * fix routes check
This commit is contained in:
Lunny Xiao
GitHub
parent
0222623be9
commit
eabbddcd98
80 changed files with 1360 additions and 774 deletions
|
|
@ -1,4 +1,5 @@
|
|||
// Copyright 2014 The Gogs Authors. All rights reserved.
|
||||
// Copyright 2018 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
|
|
@ -183,11 +184,6 @@ func Search(ctx *context.APIContext) {
|
|||
return
|
||||
}
|
||||
|
||||
var userID int64
|
||||
if ctx.IsSigned {
|
||||
userID = ctx.User.ID
|
||||
}
|
||||
|
||||
results := make([]*api.Repository, len(repos))
|
||||
for i, repo := range repos {
|
||||
if err = repo.GetOwner(); err != nil {
|
||||
|
|
@ -197,7 +193,7 @@ func Search(ctx *context.APIContext) {
|
|||
})
|
||||
return
|
||||
}
|
||||
accessMode, err := models.AccessLevel(userID, repo)
|
||||
accessMode, err := models.AccessLevel(ctx.User, repo)
|
||||
if err != nil {
|
||||
ctx.JSON(500, api.SearchError{
|
||||
OK: false,
|
||||
|
|
@ -469,15 +465,15 @@ func GetByID(ctx *context.APIContext) {
|
|||
return
|
||||
}
|
||||
|
||||
access, err := models.AccessLevel(ctx.User.ID, repo)
|
||||
perm, err := models.GetUserRepoPermission(repo, ctx.User)
|
||||
if err != nil {
|
||||
ctx.Error(500, "AccessLevel", err)
|
||||
return
|
||||
} else if access < models.AccessModeRead {
|
||||
} else if !perm.HasAccess() {
|
||||
ctx.Status(404)
|
||||
return
|
||||
}
|
||||
ctx.JSON(200, repo.APIFormat(access))
|
||||
ctx.JSON(200, repo.APIFormat(perm.AccessMode))
|
||||
}
|
||||
|
||||
// Delete one repository
|
||||
|
|
@ -503,10 +499,6 @@ func Delete(ctx *context.APIContext) {
|
|||
// "$ref": "#/responses/empty"
|
||||
// "403":
|
||||
// "$ref": "#/responses/forbidden"
|
||||
if !ctx.Repo.IsAdmin() {
|
||||
ctx.Error(403, "", "Must have admin rights")
|
||||
return
|
||||
}
|
||||
owner := ctx.Repo.Owner
|
||||
repo := ctx.Repo.Repository
|
||||
|
||||
|
|
@ -553,7 +545,7 @@ func MirrorSync(ctx *context.APIContext) {
|
|||
// "$ref": "#/responses/empty"
|
||||
repo := ctx.Repo.Repository
|
||||
|
||||
if !ctx.Repo.IsWriter() {
|
||||
if !ctx.Repo.CanWrite(models.UnitTypeCode) {
|
||||
ctx.Error(403, "MirrorSync", "Must have write access")
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue