mirror of
https://github.com/go-gitea/gitea
synced 2025-07-23 02:38:35 +00:00
Restricted users (#6274)
* Restricted users (#4334): initial implementation
* Add User.IsRestricted & UI to edit it
* Pass user object instead of user id to places where IsRestricted flag matters
* Restricted users: maintain access rows for all referenced repos (incl public)
* Take logged in user & IsRestricted flag into account in org/repo listings, searches and accesses
* Add basic repo access tests for restricted users
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Mention restricted users in the faq
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Revert unnecessary change `.isUserPartOfOrg` -> `.IsUserPartOfOrg`
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Remove unnecessary `org.IsOrganization()` call
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Revert to an `int64` keyed `accessMap`
* Add type `userAccess`
* Add convenience func updateUserAccess()
* Turn accessMap into a `map[int64]userAccess`
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* or even better: `map[int64]*userAccess`
* updateUserAccess(): use tighter syntax as suggested by lafriks
* even tighter
* Avoid extra loop
* Don't disclose limited orgs to unauthenticated users
* Don't assume block only applies to orgs
* Use an array of `VisibleType` for filtering
* fix yet another thinko
* Ok - no need for u
* Revert "Ok - no need for u"
This reverts commit 5c3e886aab
.
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
committed by
Antoine GIRARD
parent
0b3aaa6196
commit
1751d5fcf2
@@ -432,7 +432,7 @@ func hasOrgVisible(e Engine, org *User, user *User) bool {
|
||||
return true
|
||||
}
|
||||
|
||||
if org.Visibility == structs.VisibleTypePrivate && !org.isUserPartOfOrg(e, user.ID) {
|
||||
if (org.Visibility == structs.VisibleTypePrivate || user.IsRestricted) && !org.isUserPartOfOrg(e, user.ID) {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
@@ -735,7 +735,7 @@ type AccessibleReposEnvironment interface {
|
||||
|
||||
type accessibleReposEnv struct {
|
||||
org *User
|
||||
userID int64
|
||||
user *User
|
||||
teamIDs []int64
|
||||
e Engine
|
||||
keyword string
|
||||
@@ -749,13 +749,23 @@ func (org *User) AccessibleReposEnv(userID int64) (AccessibleReposEnvironment, e
|
||||
}
|
||||
|
||||
func (org *User) accessibleReposEnv(e Engine, userID int64) (AccessibleReposEnvironment, error) {
|
||||
var user *User
|
||||
|
||||
if userID > 0 {
|
||||
u, err := getUserByID(e, userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
user = u
|
||||
}
|
||||
|
||||
teamIDs, err := org.getUserTeamIDs(e, userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &accessibleReposEnv{
|
||||
org: org,
|
||||
userID: userID,
|
||||
user: user,
|
||||
teamIDs: teamIDs,
|
||||
e: e,
|
||||
orderBy: SearchOrderByRecentUpdated,
|
||||
@@ -763,9 +773,12 @@ func (org *User) accessibleReposEnv(e Engine, userID int64) (AccessibleReposEnvi
|
||||
}
|
||||
|
||||
func (env *accessibleReposEnv) cond() builder.Cond {
|
||||
var cond builder.Cond = builder.Eq{
|
||||
"`repository`.owner_id": env.org.ID,
|
||||
"`repository`.is_private": false,
|
||||
var cond = builder.NewCond()
|
||||
if env.user == nil || !env.user.IsRestricted {
|
||||
cond = cond.Or(builder.Eq{
|
||||
"`repository`.owner_id": env.org.ID,
|
||||
"`repository`.is_private": false,
|
||||
})
|
||||
}
|
||||
if len(env.teamIDs) > 0 {
|
||||
cond = cond.Or(builder.In("team_repo.team_id", env.teamIDs))
|
||||
|
Reference in New Issue
Block a user