luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-05-21 09:21:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Restrict permission check on repositories and fix some problems (#5314)

Browse source 
* fix units permission problems

* fix some bugs and merge LoadUnits to repoAssignment

* refactor permission struct and add some copyright heads

* remove unused codes

* fix routes units check

* improve permission check

* add unit tests for permission

* fix typo

* fix tests

* fix some routes

* fix api permission check

* improve permission check

* fix some permission check

* fix tests

* fix tests

* improve some permission check

* fix some permission check

* refactor AccessLevel

* fix bug

* fix tests

* fix tests

* fix tests

* fix AccessLevel

* rename CanAccess

* fix tests

* fix comment

* fix bug

* add missing unit for test repos

* fix bug

* rename some functions

* fix routes check
This commit is contained in:
Lunny Xiao 2018-11-28 19:26:14 +08:00 committed by GitHub
parent 0222623be9
commit eabbddcd98
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
80 changed files with 1360 additions and 774 deletions
Download patch file Download diff file Expand all files Collapse all files

24
routers/repo/pull.go
View file

@ -57,7 +57,13 @@ func getForkRepository(ctx *context.Context) *models.Repository {
return nil
}
if !forkRepo.CanBeForked() || !forkRepo.HasAccess(ctx.User) {
perm, err := models.GetUserRepoPermission(forkRepo, ctx.User)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return nil
}
if forkRepo.IsBare || !perm.CanRead(models.UnitTypeCode) {
ctx.NotFound("getForkRepository", nil)
return nil
}
@ -669,7 +675,12 @@ func ParseCompareInfo(ctx *context.Context) (*models.User, *models.Repository, *
}
}
if !ctx.User.IsWriterOfRepo(headRepo) && !ctx.User.IsAdmin {
perm, err := models.GetUserRepoPermission(headRepo, ctx.User)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return nil, nil, nil, nil, "", ""
}
if !perm.CanWrite(models.UnitTypeCode) {
log.Trace("ParseCompareInfo[%d]: does not have write access or site admin", baseRepo.ID)
ctx.NotFound("ParseCompareInfo", nil)
return nil, nil, nil, nil, "", ""
@ -823,7 +834,7 @@ func CompareAndPullRequestPost(ctx *context.Context, form auth.CreateIssueForm)
return
}
labelIDs, assigneeIDs, milestoneID := ValidateRepoMetas(ctx, form)
labelIDs, assigneeIDs, milestoneID := ValidateRepoMetas(ctx, form, true)
if ctx.Written() {
return
}
@ -969,7 +980,12 @@ func CleanUpPullRequest(ctx *context.Context) {
return
}
if !ctx.User.IsWriterOfRepo(pr.HeadRepo) {
perm, err := models.GetUserRepoPermission(pr.HeadRepo, ctx.User)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return
}
if !perm.CanWrite(models.UnitTypeCode) {
ctx.NotFound("CleanUpPullRequest", nil)
return
}