mirror of
https://github.com/go-gitea/gitea
synced 2025-07-22 18:28:37 +00:00
Move accessmode into models/perm (#17828)
This commit is contained in:
Lunny Xiao
GitHub
@@ -9,60 +9,10 @@ import (
|
||||
"fmt"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
)
|
||||
|
||||
// AccessMode specifies the users access mode
|
||||
type AccessMode int
|
||||
|
||||
const (
|
||||
// AccessModeNone no access
|
||||
AccessModeNone AccessMode = iota // 0
|
||||
// AccessModeRead read access
|
||||
AccessModeRead // 1
|
||||
// AccessModeWrite write access
|
||||
AccessModeWrite // 2
|
||||
// AccessModeAdmin admin access
|
||||
AccessModeAdmin // 3
|
||||
// AccessModeOwner owner access
|
||||
AccessModeOwner // 4
|
||||
)
|
||||
|
||||
func (mode AccessMode) String() string {
|
||||
switch mode {
|
||||
case AccessModeRead:
|
||||
return "read"
|
||||
case AccessModeWrite:
|
||||
return "write"
|
||||
case AccessModeAdmin:
|
||||
return "admin"
|
||||
case AccessModeOwner:
|
||||
return "owner"
|
||||
default:
|
||||
return "none"
|
||||
}
|
||||
}
|
||||
|
||||
// ColorFormat provides a ColorFormatted version of this AccessMode
|
||||
func (mode AccessMode) ColorFormat(s fmt.State) {
|
||||
log.ColorFprintf(s, "%d:%s",
|
||||
log.NewColoredIDValue(mode),
|
||||
mode)
|
||||
}
|
||||
|
||||
// ParseAccessMode returns corresponding access mode to given permission string.
|
||||
func ParseAccessMode(permission string) AccessMode {
|
||||
switch permission {
|
||||
case "write":
|
||||
return AccessModeWrite
|
||||
case "admin":
|
||||
return AccessModeAdmin
|
||||
default:
|
||||
return AccessModeRead
|
||||
}
|
||||
}
|
||||
|
||||
// Access represents the highest access level of a user to the repository. The only access type
|
||||
// that is not in this table is the real owner of a repository. In case of an organization
|
||||
// repository, the members of the owners team are in this table.
|
||||
@@ -70,15 +20,15 @@ type Access struct {
|
||||
ID int64 `xorm:"pk autoincr"`
|
||||
UserID int64 `xorm:"UNIQUE(s)"`
|
||||
RepoID int64 `xorm:"UNIQUE(s)"`
|
||||
Mode AccessMode
|
||||
Mode perm.AccessMode
|
||||
}
|
||||
|
||||
func init() {
|
||||
db.RegisterModel(new(Access))
|
||||
}
|
||||
|
||||
func accessLevel(e db.Engine, user *user_model.User, repo *Repository) (AccessMode, error) {
|
||||
mode := AccessModeNone
|
||||
func accessLevel(e db.Engine, user *user_model.User, repo *Repository) (perm.AccessMode, error) {
|
||||
mode := perm.AccessModeNone
|
||||
var userID int64
|
||||
restricted := false
|
||||
|
||||
@@ -88,7 +38,7 @@ func accessLevel(e db.Engine, user *user_model.User, repo *Repository) (AccessMo
|
||||
}
|
||||
|
||||
if !restricted && !repo.IsPrivate {
|
||||
mode = AccessModeRead
|
||||
mode = perm.AccessModeRead
|
||||
}
|
||||
|
||||
if userID == 0 {
|
||||
@@ -96,7 +46,7 @@ func accessLevel(e db.Engine, user *user_model.User, repo *Repository) (AccessMo
|
||||
}
|
||||
|
||||
if userID == repo.OwnerID {
|
||||
return AccessModeOwner, nil
|
||||
return perm.AccessModeOwner, nil
|
||||
}
|
||||
|
||||
a := &Access{UserID: userID, RepoID: repo.ID}
|
||||
@@ -106,8 +56,8 @@ func accessLevel(e db.Engine, user *user_model.User, repo *Repository) (AccessMo
|
||||
return a.Mode, nil
|
||||
}
|
||||
|
||||
func maxAccessMode(modes ...AccessMode) AccessMode {
|
||||
max := AccessModeNone
|
||||
func maxAccessMode(modes ...perm.AccessMode) perm.AccessMode {
|
||||
max := perm.AccessModeNone
|
||||
for _, mode := range modes {
|
||||
if mode > max {
|
||||
max = mode
|
||||
@@ -118,11 +68,11 @@ func maxAccessMode(modes ...AccessMode) AccessMode {
|
||||
|
||||
type userAccess struct {
|
||||
User *user_model.User
|
||||
Mode AccessMode
|
||||
Mode perm.AccessMode
|
||||
}
|
||||
|
||||
// updateUserAccess updates an access map so that user has at least mode
|
||||
func updateUserAccess(accessMap map[int64]*userAccess, user *user_model.User, mode AccessMode) {
|
||||
func updateUserAccess(accessMap map[int64]*userAccess, user *user_model.User, mode perm.AccessMode) {
|
||||
if ua, ok := accessMap[user.ID]; ok {
|
||||
ua.Mode = maxAccessMode(ua.Mode, mode)
|
||||
} else {
|
||||
@@ -132,9 +82,9 @@ func updateUserAccess(accessMap map[int64]*userAccess, user *user_model.User, mo
|
||||
|
||||
// FIXME: do cross-comparison so reduce deletions and additions to the minimum?
|
||||
func (repo *Repository) refreshAccesses(e db.Engine, accessMap map[int64]*userAccess) (err error) {
|
||||
minMode := AccessModeRead
|
||||
minMode := perm.AccessModeRead
|
||||
if !repo.IsPrivate {
|
||||
minMode = AccessModeWrite
|
||||
minMode = perm.AccessModeWrite
|
||||
}
|
||||
|
||||
newAccesses := make([]Access, 0, len(accessMap))
|
||||
@@ -208,7 +158,7 @@ func (repo *Repository) recalculateTeamAccesses(e db.Engine, ignTeamID int64) (e
|
||||
// Owner team gets owner access, and skip for teams that do not
|
||||
// have relations with repository.
|
||||
if t.IsOwnerTeam() {
|
||||
t.Authorize = AccessModeOwner
|
||||
t.Authorize = perm.AccessModeOwner
|
||||
} else if !t.hasRepository(e, repo.ID) {
|
||||
continue
|
||||
}
|
||||
@@ -227,12 +177,12 @@ func (repo *Repository) recalculateTeamAccesses(e db.Engine, ignTeamID int64) (e
|
||||
// recalculateUserAccess recalculates new access for a single user
|
||||
// Usable if we know access only affected one user
|
||||
func (repo *Repository) recalculateUserAccess(e db.Engine, uid int64) (err error) {
|
||||
minMode := AccessModeRead
|
||||
minMode := perm.AccessModeRead
|
||||
if !repo.IsPrivate {
|
||||
minMode = AccessModeWrite
|
||||
minMode = perm.AccessModeWrite
|
||||
}
|
||||
|
||||
accessMode := AccessModeNone
|
||||
accessMode := perm.AccessModeNone
|
||||
collaborator, err := repo.getCollaboration(e, uid)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -255,7 +205,7 @@ func (repo *Repository) recalculateUserAccess(e db.Engine, uid int64) (err error
|
||||
|
||||
for _, t := range teams {
|
||||
if t.IsOwnerTeam() {
|
||||
t.Authorize = AccessModeOwner
|
||||
t.Authorize = perm.AccessModeOwner
|
||||
}
|
||||
|
||||
accessMode = maxAccessMode(accessMode, t.Authorize)
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"testing"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
|
||||
@@ -35,34 +36,34 @@ func TestAccessLevel(t *testing.T) {
|
||||
|
||||
level, err := AccessLevel(user2, repo1)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, AccessModeOwner, level)
|
||||
assert.Equal(t, perm.AccessModeOwner, level)
|
||||
|
||||
level, err = AccessLevel(user2, repo3)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, AccessModeOwner, level)
|
||||
assert.Equal(t, perm.AccessModeOwner, level)
|
||||
|
||||
level, err = AccessLevel(user5, repo1)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, AccessModeRead, level)
|
||||
assert.Equal(t, perm.AccessModeRead, level)
|
||||
|
||||
level, err = AccessLevel(user5, repo3)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, AccessModeNone, level)
|
||||
assert.Equal(t, perm.AccessModeNone, level)
|
||||
|
||||
// restricted user has no access to a public repo
|
||||
level, err = AccessLevel(user29, repo1)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, AccessModeNone, level)
|
||||
assert.Equal(t, perm.AccessModeNone, level)
|
||||
|
||||
// ... unless he's a collaborator
|
||||
level, err = AccessLevel(user29, repo4)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, AccessModeWrite, level)
|
||||
assert.Equal(t, perm.AccessModeWrite, level)
|
||||
|
||||
// ... or a team member
|
||||
level, err = AccessLevel(user29, repo24)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, AccessModeRead, level)
|
||||
assert.Equal(t, perm.AccessModeRead, level)
|
||||
}
|
||||
|
||||
func TestHasAccess(t *testing.T) {
|
||||
@@ -105,7 +106,7 @@ func TestRepository_RecalculateAccesses(t *testing.T) {
|
||||
has, err := db.GetEngine(db.DefaultContext).Get(access)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, has)
|
||||
assert.Equal(t, AccessModeOwner, access.Mode)
|
||||
assert.Equal(t, perm.AccessModeOwner, access.Mode)
|
||||
}
|
||||
|
||||
func TestRepository_RecalculateAccesses2(t *testing.T) {
|
||||
|
||||
@@ -11,6 +11,7 @@ import (
|
||||
"time"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/base"
|
||||
@@ -76,7 +77,7 @@ func (protectBranch *ProtectedBranch) CanUserPush(userID int64) bool {
|
||||
} else if repo, err := GetRepositoryByID(protectBranch.RepoID); err != nil {
|
||||
log.Error("GetRepositoryByID: %v", err)
|
||||
return false
|
||||
} else if writeAccess, err := HasAccessUnit(user, repo, unit.TypeCode, AccessModeWrite); err != nil {
|
||||
} else if writeAccess, err := HasAccessUnit(user, repo, unit.TypeCode, perm.AccessModeWrite); err != nil {
|
||||
log.Error("HasAccessUnit: %v", err)
|
||||
return false
|
||||
} else {
|
||||
@@ -136,7 +137,7 @@ func (protectBranch *ProtectedBranch) isUserOfficialReviewer(e db.Engine, user *
|
||||
|
||||
if !protectBranch.EnableApprovalsWhitelist {
|
||||
// Anyone with write access is considered official reviewer
|
||||
writeAccess, err := hasAccessUnit(e, user, repo, unit.TypeCode, AccessModeWrite)
|
||||
writeAccess, err := hasAccessUnit(e, user, repo, unit.TypeCode, perm.AccessModeWrite)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
@@ -474,7 +475,7 @@ func updateTeamWhitelist(repo *Repository, currentWhitelist, newWhitelist []int6
|
||||
return currentWhitelist, nil
|
||||
}
|
||||
|
||||
teams, err := GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, AccessModeRead)
|
||||
teams, err := GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, perm.AccessModeRead)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("GetTeamsWithAccessToRepo [org_id: %d, repo_id: %d]: %v", repo.OwnerID, repo.ID, err)
|
||||
}
|
||||
|
||||
@@ -8,6 +8,7 @@ package models
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/modules/git"
|
||||
)
|
||||
|
||||
@@ -498,7 +499,7 @@ func (err ErrLFSLockNotExist) Error() string {
|
||||
type ErrLFSUnauthorizedAction struct {
|
||||
RepoID int64
|
||||
UserName string
|
||||
Mode AccessMode
|
||||
Mode perm.AccessMode
|
||||
}
|
||||
|
||||
// IsErrLFSUnauthorizedAction checks if an error is a ErrLFSUnauthorizedAction.
|
||||
@@ -508,7 +509,7 @@ func IsErrLFSUnauthorizedAction(err error) bool {
|
||||
}
|
||||
|
||||
func (err ErrLFSUnauthorizedAction) Error() string {
|
||||
if err.Mode == AccessModeWrite {
|
||||
if err.Mode == perm.AccessModeWrite {
|
||||
return fmt.Sprintf("User %s doesn't have write access for lfs lock [rid: %d]", err.UserName, err.RepoID)
|
||||
}
|
||||
return fmt.Sprintf("User %s doesn't have read access for lfs lock [rid: %d]", err.UserName, err.RepoID)
|
||||
|
||||
@@ -15,6 +15,7 @@ import (
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/issues"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
@@ -2086,7 +2087,7 @@ func (issue *Issue) ResolveMentionsByVisibility(ctx context.Context, doer *user_
|
||||
unittype = unit.TypePullRequests
|
||||
}
|
||||
for _, team := range teams {
|
||||
if team.Authorize >= AccessModeOwner {
|
||||
if team.Authorize >= perm.AccessModeOwner {
|
||||
checked = append(checked, team.ID)
|
||||
resolved[issue.Repo.Owner.LowerName+"/"+team.LowerName] = true
|
||||
continue
|
||||
|
||||
@@ -11,6 +11,7 @@ import (
|
||||
"time"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
@@ -53,7 +54,7 @@ func cleanPath(p string) string {
|
||||
|
||||
// CreateLFSLock creates a new lock.
|
||||
func CreateLFSLock(lock *LFSLock) (*LFSLock, error) {
|
||||
err := CheckLFSAccessForRepo(lock.OwnerID, lock.Repo, AccessModeWrite)
|
||||
err := CheckLFSAccessForRepo(lock.OwnerID, lock.Repo, perm.AccessModeWrite)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -124,7 +125,7 @@ func DeleteLFSLockByID(id int64, u *user_model.User, force bool) (*LFSLock, erro
|
||||
return nil, err
|
||||
}
|
||||
|
||||
err = CheckLFSAccessForRepo(u.ID, lock.Repo, AccessModeWrite)
|
||||
err = CheckLFSAccessForRepo(u.ID, lock.Repo, perm.AccessModeWrite)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -138,7 +139,7 @@ func DeleteLFSLockByID(id int64, u *user_model.User, force bool) (*LFSLock, erro
|
||||
}
|
||||
|
||||
// CheckLFSAccessForRepo check needed access mode base on action
|
||||
func CheckLFSAccessForRepo(ownerID int64, repo *Repository, mode AccessMode) error {
|
||||
func CheckLFSAccessForRepo(ownerID int64, repo *Repository, mode perm.AccessMode) error {
|
||||
if ownerID == 0 {
|
||||
return ErrLFSUnauthorizedAction{repo.ID, "undefined", mode}
|
||||
}
|
||||
|
||||
@@ -11,6 +11,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
@@ -263,7 +264,7 @@ func CreateOrganization(org *Organization, owner *user_model.User) (err error) {
|
||||
OrgID: org.ID,
|
||||
LowerName: strings.ToLower(ownerTeamName),
|
||||
Name: ownerTeamName,
|
||||
Authorize: AccessModeOwner,
|
||||
Authorize: perm.AccessModeOwner,
|
||||
NumMembers: 1,
|
||||
IncludesAllRepositories: true,
|
||||
CanCreateOrgRepo: true,
|
||||
@@ -420,8 +421,8 @@ func CanCreateOrgRepo(orgID, uid int64) (bool, error) {
|
||||
}
|
||||
|
||||
// GetOrgUserMaxAuthorizeLevel returns highest authorize level of user in an organization
|
||||
func (org *Organization) GetOrgUserMaxAuthorizeLevel(uid int64) (AccessMode, error) {
|
||||
var authorize AccessMode
|
||||
func (org *Organization) GetOrgUserMaxAuthorizeLevel(uid int64) (perm.AccessMode, error) {
|
||||
var authorize perm.AccessMode
|
||||
_, err := db.GetEngine(db.DefaultContext).
|
||||
Select("max(team.authorize)").
|
||||
Table("team").
|
||||
@@ -442,7 +443,7 @@ func getUsersWhoCanCreateOrgRepo(e db.Engine, orgID int64) ([]*user_model.User,
|
||||
return users, e.
|
||||
Join("INNER", "`team_user`", "`team_user`.uid=`user`.id").
|
||||
Join("INNER", "`team`", "`team`.id=`team_user`.team_id").
|
||||
Where(builder.Eq{"team.can_create_org_repo": true}.Or(builder.Eq{"team.authorize": AccessModeOwner})).
|
||||
Where(builder.Eq{"team.can_create_org_repo": true}.Or(builder.Eq{"team.authorize": perm.AccessModeOwner})).
|
||||
And("team_user.org_id = ?", orgID).Asc("`user`.name").Find(&users)
|
||||
}
|
||||
|
||||
@@ -564,7 +565,7 @@ func getOwnedOrgsByUserID(sess db.Engine, userID int64) ([]*Organization, error)
|
||||
Join("INNER", "`team_user`", "`team_user`.org_id=`user`.id").
|
||||
Join("INNER", "`team`", "`team`.id=`team_user`.team_id").
|
||||
Where("`team_user`.uid=?", userID).
|
||||
And("`team`.authorize=?", AccessModeOwner).
|
||||
And("`team`.authorize=?", perm.AccessModeOwner).
|
||||
Asc("`user`.name").
|
||||
Find(&orgs)
|
||||
}
|
||||
@@ -624,7 +625,7 @@ func GetOrgsCanCreateRepoByUserID(userID int64) ([]*Organization, error) {
|
||||
Join("INNER", "`team_user`", "`team_user`.org_id = `user`.id").
|
||||
Join("INNER", "`team`", "`team`.id = `team_user`.team_id").
|
||||
Where(builder.Eq{"`team_user`.uid": userID}).
|
||||
And(builder.Eq{"`team`.authorize": AccessModeOwner}.Or(builder.Eq{"`team`.can_create_org_repo": true})))).
|
||||
And(builder.Eq{"`team`.authorize": perm.AccessModeOwner}.Or(builder.Eq{"`team`.can_create_org_repo": true})))).
|
||||
Asc("`user`.name").
|
||||
Find(&orgs)
|
||||
}
|
||||
@@ -883,7 +884,7 @@ func (org *Organization) getUserTeamIDs(e db.Engine, userID int64) ([]int64, err
|
||||
}
|
||||
|
||||
// TeamsWithAccessToRepo returns all teams that have given access level to the repository.
|
||||
func (org *Organization) TeamsWithAccessToRepo(repoID int64, mode AccessMode) ([]*Team, error) {
|
||||
func (org *Organization) TeamsWithAccessToRepo(repoID int64, mode perm.AccessMode) ([]*Team, error) {
|
||||
return GetTeamsWithAccessToRepo(org.ID, repoID, mode)
|
||||
}
|
||||
|
||||
|
||||
@@ -13,6 +13,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
@@ -30,7 +31,7 @@ type Team struct {
|
||||
LowerName string
|
||||
Name string
|
||||
Description string
|
||||
Authorize AccessMode
|
||||
Authorize perm.AccessMode
|
||||
Repos []*Repository `xorm:"-"`
|
||||
Members []*user_model.User `xorm:"-"`
|
||||
NumRepos int
|
||||
@@ -143,7 +144,7 @@ func (t *Team) GetUnitNames() (res []string) {
|
||||
|
||||
// HasWriteAccess returns true if team has at least write level access mode.
|
||||
func (t *Team) HasWriteAccess() bool {
|
||||
return t.Authorize >= AccessModeWrite
|
||||
return t.Authorize >= perm.AccessModeWrite
|
||||
}
|
||||
|
||||
// IsOwnerTeam returns true if team is owner team.
|
||||
@@ -1001,7 +1002,7 @@ func removeTeamRepo(e db.Engine, teamID, repoID int64) error {
|
||||
}
|
||||
|
||||
// GetTeamsWithAccessToRepo returns all teams in an organization that have given access level to the repository.
|
||||
func GetTeamsWithAccessToRepo(orgID, repoID int64, mode AccessMode) ([]*Team, error) {
|
||||
func GetTeamsWithAccessToRepo(orgID, repoID int64, mode perm.AccessMode) ([]*Team, error) {
|
||||
teams := make([]*Team, 0, 5)
|
||||
return teams, db.GetEngine(db.DefaultContext).Where("team.authorize >= ?", mode).
|
||||
Join("INNER", "team_repo", "team_repo.team_id = team.id").
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"testing"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
|
||||
@@ -209,14 +210,14 @@ func TestUpdateTeam(t *testing.T) {
|
||||
team.LowerName = "newname"
|
||||
team.Name = "newName"
|
||||
team.Description = strings.Repeat("A long description!", 100)
|
||||
team.Authorize = AccessModeAdmin
|
||||
team.Authorize = perm.AccessModeAdmin
|
||||
assert.NoError(t, UpdateTeam(team, true, false))
|
||||
|
||||
team = unittest.AssertExistsAndLoadBean(t, &Team{Name: "newName"}).(*Team)
|
||||
assert.True(t, strings.HasPrefix(team.Description, "A long description!"))
|
||||
|
||||
access := unittest.AssertExistsAndLoadBean(t, &Access{UserID: 4, RepoID: 3}).(*Access)
|
||||
assert.EqualValues(t, AccessModeAdmin, access.Mode)
|
||||
assert.EqualValues(t, perm.AccessModeAdmin, access.Mode)
|
||||
|
||||
unittest.CheckConsistencyFor(t, &Team{ID: team.ID})
|
||||
}
|
||||
@@ -249,7 +250,7 @@ func TestDeleteTeam(t *testing.T) {
|
||||
repo := unittest.AssertExistsAndLoadBean(t, &Repository{ID: 3}).(*Repository)
|
||||
accessMode, err := AccessLevel(user, repo)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, accessMode < AccessModeWrite)
|
||||
assert.True(t, accessMode < perm.AccessModeWrite)
|
||||
}
|
||||
|
||||
func TestIsTeamMember(t *testing.T) {
|
||||
|
||||
61
models/perm/access_mode.go
Normal file
61
models/perm/access_mode.go
Normal file
@@ -0,0 +1,61 @@
|
||||
// Copyright 2019 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package perm
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
)
|
||||
|
||||
// AccessMode specifies the users access mode
|
||||
type AccessMode int
|
||||
|
||||
const (
|
||||
// AccessModeNone no access
|
||||
AccessModeNone AccessMode = iota // 0
|
||||
// AccessModeRead read access
|
||||
AccessModeRead // 1
|
||||
// AccessModeWrite write access
|
||||
AccessModeWrite // 2
|
||||
// AccessModeAdmin admin access
|
||||
AccessModeAdmin // 3
|
||||
// AccessModeOwner owner access
|
||||
AccessModeOwner // 4
|
||||
)
|
||||
|
||||
func (mode AccessMode) String() string {
|
||||
switch mode {
|
||||
case AccessModeRead:
|
||||
return "read"
|
||||
case AccessModeWrite:
|
||||
return "write"
|
||||
case AccessModeAdmin:
|
||||
return "admin"
|
||||
case AccessModeOwner:
|
||||
return "owner"
|
||||
default:
|
||||
return "none"
|
||||
}
|
||||
}
|
||||
|
||||
// ColorFormat provides a ColorFormatted version of this AccessMode
|
||||
func (mode AccessMode) ColorFormat(s fmt.State) {
|
||||
log.ColorFprintf(s, "%d:%s",
|
||||
log.NewColoredIDValue(mode),
|
||||
mode)
|
||||
}
|
||||
|
||||
// ParseAccessMode returns corresponding access mode to given permission string.
|
||||
func ParseAccessMode(permission string) AccessMode {
|
||||
switch permission {
|
||||
case "write":
|
||||
return AccessModeWrite
|
||||
case "admin":
|
||||
return AccessModeAdmin
|
||||
default:
|
||||
return AccessModeRead
|
||||
}
|
||||
}
|
||||
@@ -25,6 +25,7 @@ import (
|
||||
|
||||
admin_model "code.gitea.io/gitea/models/admin"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
@@ -542,7 +543,7 @@ func (repo *Repository) getAssignees(e db.Engine) (_ []*user_model.User, err err
|
||||
|
||||
accesses := make([]*Access, 0, 10)
|
||||
if err = e.
|
||||
Where("repo_id = ? AND mode >= ?", repo.ID, AccessModeWrite).
|
||||
Where("repo_id = ? AND mode >= ?", repo.ID, perm.AccessModeWrite).
|
||||
Find(&accesses); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -586,7 +587,7 @@ func (repo *Repository) getReviewers(e db.Engine, doerID, posterID int64) ([]*us
|
||||
// Anyone who can read the repository is a requestable reviewer
|
||||
if err := e.
|
||||
SQL("SELECT * FROM `user` WHERE id in (SELECT user_id FROM `access` WHERE repo_id = ? AND mode >= ? AND user_id NOT IN ( ?, ?)) ORDER BY name",
|
||||
repo.ID, AccessModeRead,
|
||||
repo.ID, perm.AccessModeRead,
|
||||
doerID, posterID).
|
||||
Find(&users); err != nil {
|
||||
return nil, err
|
||||
@@ -605,7 +606,7 @@ func (repo *Repository) getReviewers(e db.Engine, doerID, posterID int64) ([]*us
|
||||
"UNION "+
|
||||
"SELECT uid AS user_id FROM `org_user` WHERE org_id = ? "+
|
||||
") AND id NOT IN (?, ?) ORDER BY name",
|
||||
repo.ID, AccessModeRead,
|
||||
repo.ID, perm.AccessModeRead,
|
||||
repo.ID, RepoWatchModeNormal, RepoWatchModeAuto,
|
||||
repo.OwnerID,
|
||||
doerID, posterID).
|
||||
@@ -634,7 +635,7 @@ func (repo *Repository) GetReviewerTeams() ([]*Team, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
teams, err := GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, AccessModeRead)
|
||||
teams, err := GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, perm.AccessModeRead)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -817,12 +818,12 @@ func (repo *Repository) CanEnableEditor() bool {
|
||||
|
||||
// GetReaders returns all users that have explicit read access or higher to the repository.
|
||||
func (repo *Repository) GetReaders() (_ []*user_model.User, err error) {
|
||||
return repo.getUsersWithAccessMode(db.GetEngine(db.DefaultContext), AccessModeRead)
|
||||
return repo.getUsersWithAccessMode(db.GetEngine(db.DefaultContext), perm.AccessModeRead)
|
||||
}
|
||||
|
||||
// GetWriters returns all users that have write access to the repository.
|
||||
func (repo *Repository) GetWriters() (_ []*user_model.User, err error) {
|
||||
return repo.getUsersWithAccessMode(db.GetEngine(db.DefaultContext), AccessModeWrite)
|
||||
return repo.getUsersWithAccessMode(db.GetEngine(db.DefaultContext), perm.AccessModeWrite)
|
||||
}
|
||||
|
||||
// IsReader returns true if user has explicit read access or higher to the repository.
|
||||
@@ -830,11 +831,11 @@ func (repo *Repository) IsReader(userID int64) (bool, error) {
|
||||
if repo.OwnerID == userID {
|
||||
return true, nil
|
||||
}
|
||||
return db.GetEngine(db.DefaultContext).Where("repo_id = ? AND user_id = ? AND mode >= ?", repo.ID, userID, AccessModeRead).Get(&Access{})
|
||||
return db.GetEngine(db.DefaultContext).Where("repo_id = ? AND user_id = ? AND mode >= ?", repo.ID, userID, perm.AccessModeRead).Get(&Access{})
|
||||
}
|
||||
|
||||
// getUsersWithAccessMode returns users that have at least given access mode to the repository.
|
||||
func (repo *Repository) getUsersWithAccessMode(e db.Engine, mode AccessMode) (_ []*user_model.User, err error) {
|
||||
func (repo *Repository) getUsersWithAccessMode(e db.Engine, mode perm.AccessMode) (_ []*user_model.User, err error) {
|
||||
if err = repo.getOwner(e); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -1143,7 +1144,7 @@ func CreateRepository(ctx context.Context, doer, u *user_model.User, repo *Repos
|
||||
if err = repo.addCollaborator(db.GetEngine(ctx), doer); err != nil {
|
||||
return fmt.Errorf("AddCollaborator: %v", err)
|
||||
}
|
||||
if err = repo.changeCollaborationAccessMode(db.GetEngine(ctx), doer.ID, AccessModeAdmin); err != nil {
|
||||
if err = repo.changeCollaborationAccessMode(db.GetEngine(ctx), doer.ID, perm.AccessModeAdmin); err != nil {
|
||||
return fmt.Errorf("ChangeCollaborationAccessMode: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"fmt"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
@@ -22,7 +23,7 @@ type Collaboration struct {
|
||||
ID int64 `xorm:"pk autoincr"`
|
||||
RepoID int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
|
||||
UserID int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
|
||||
Mode AccessMode `xorm:"DEFAULT 2 NOT NULL"`
|
||||
Mode perm.AccessMode `xorm:"DEFAULT 2 NOT NULL"`
|
||||
CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
|
||||
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
|
||||
}
|
||||
@@ -43,7 +44,7 @@ func (repo *Repository) addCollaborator(e db.Engine, u *user_model.User) error {
|
||||
} else if has {
|
||||
return nil
|
||||
}
|
||||
collaboration.Mode = AccessModeWrite
|
||||
collaboration.Mode = perm.AccessModeWrite
|
||||
|
||||
if _, err = e.InsertOne(collaboration); err != nil {
|
||||
return err
|
||||
@@ -141,9 +142,9 @@ func (repo *Repository) IsCollaborator(userID int64) (bool, error) {
|
||||
return repo.isCollaborator(db.GetEngine(db.DefaultContext), userID)
|
||||
}
|
||||
|
||||
func (repo *Repository) changeCollaborationAccessMode(e db.Engine, uid int64, mode AccessMode) error {
|
||||
func (repo *Repository) changeCollaborationAccessMode(e db.Engine, uid int64, mode perm.AccessMode) error {
|
||||
// Discard invalid input
|
||||
if mode <= AccessModeNone || mode > AccessModeOwner {
|
||||
if mode <= perm.AccessModeNone || mode > perm.AccessModeOwner {
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -176,7 +177,7 @@ func (repo *Repository) changeCollaborationAccessMode(e db.Engine, uid int64, mo
|
||||
}
|
||||
|
||||
// ChangeCollaborationAccessMode sets new access mode for the collaboration.
|
||||
func (repo *Repository) ChangeCollaborationAccessMode(uid int64, mode AccessMode) error {
|
||||
func (repo *Repository) ChangeCollaborationAccessMode(uid int64, mode perm.AccessMode) error {
|
||||
ctx, committer, err := db.TxContext()
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"testing"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
|
||||
@@ -68,17 +69,17 @@ func TestRepository_ChangeCollaborationAccessMode(t *testing.T) {
|
||||
assert.NoError(t, unittest.PrepareTestDatabase())
|
||||
|
||||
repo := unittest.AssertExistsAndLoadBean(t, &Repository{ID: 4}).(*Repository)
|
||||
assert.NoError(t, repo.ChangeCollaborationAccessMode(4, AccessModeAdmin))
|
||||
assert.NoError(t, repo.ChangeCollaborationAccessMode(4, perm.AccessModeAdmin))
|
||||
|
||||
collaboration := unittest.AssertExistsAndLoadBean(t, &Collaboration{RepoID: repo.ID, UserID: 4}).(*Collaboration)
|
||||
assert.EqualValues(t, AccessModeAdmin, collaboration.Mode)
|
||||
assert.EqualValues(t, perm.AccessModeAdmin, collaboration.Mode)
|
||||
|
||||
access := unittest.AssertExistsAndLoadBean(t, &Access{UserID: 4, RepoID: repo.ID}).(*Access)
|
||||
assert.EqualValues(t, AccessModeAdmin, access.Mode)
|
||||
assert.EqualValues(t, perm.AccessModeAdmin, access.Mode)
|
||||
|
||||
assert.NoError(t, repo.ChangeCollaborationAccessMode(4, AccessModeAdmin))
|
||||
assert.NoError(t, repo.ChangeCollaborationAccessMode(4, perm.AccessModeAdmin))
|
||||
|
||||
assert.NoError(t, repo.ChangeCollaborationAccessMode(unittest.NonexistentID, AccessModeAdmin))
|
||||
assert.NoError(t, repo.ChangeCollaborationAccessMode(unittest.NonexistentID, perm.AccessModeAdmin))
|
||||
|
||||
unittest.CheckConsistencyFor(t, &Repository{ID: repo.ID})
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/structs"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
@@ -431,7 +432,7 @@ func accessibleRepositoryCondition(user *user_model.User) builder.Cond {
|
||||
From("`access`").
|
||||
Where(builder.And(
|
||||
builder.Eq{"user_id": user.ID},
|
||||
builder.Gt{"mode": int(AccessModeNone)}))),
|
||||
builder.Gt{"mode": int(perm.AccessModeNone)}))),
|
||||
// 3. Repositories that we directly own
|
||||
builder.Eq{"`repository`.owner_id": user.ID},
|
||||
// 4. Be able to see all repositories that we are in a team
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"fmt"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
perm_model "code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
@@ -15,49 +16,49 @@ import (
|
||||
|
||||
// Permission contains all the permissions related variables to a repository for a user
|
||||
type Permission struct {
|
||||
AccessMode AccessMode
|
||||
AccessMode perm_model.AccessMode
|
||||
Units []*RepoUnit
|
||||
UnitsMode map[unit.Type]AccessMode
|
||||
UnitsMode map[unit.Type]perm_model.AccessMode
|
||||
}
|
||||
|
||||
// IsOwner returns true if current user is the owner of repository.
|
||||
func (p *Permission) IsOwner() bool {
|
||||
return p.AccessMode >= AccessModeOwner
|
||||
return p.AccessMode >= perm_model.AccessModeOwner
|
||||
}
|
||||
|
||||
// IsAdmin returns true if current user has admin or higher access of repository.
|
||||
func (p *Permission) IsAdmin() bool {
|
||||
return p.AccessMode >= AccessModeAdmin
|
||||
return p.AccessMode >= perm_model.AccessModeAdmin
|
||||
}
|
||||
|
||||
// HasAccess returns true if the current user has at least read access to any unit of this repository
|
||||
func (p *Permission) HasAccess() bool {
|
||||
if p.UnitsMode == nil {
|
||||
return p.AccessMode >= AccessModeRead
|
||||
return p.AccessMode >= perm_model.AccessModeRead
|
||||
}
|
||||
return len(p.UnitsMode) > 0
|
||||
}
|
||||
|
||||
// UnitAccessMode returns current user accessmode to the specify unit of the repository
|
||||
func (p *Permission) UnitAccessMode(unitType unit.Type) AccessMode {
|
||||
func (p *Permission) UnitAccessMode(unitType unit.Type) perm_model.AccessMode {
|
||||
if p.UnitsMode == nil {
|
||||
for _, u := range p.Units {
|
||||
if u.Type == unitType {
|
||||
return p.AccessMode
|
||||
}
|
||||
}
|
||||
return AccessModeNone
|
||||
return perm_model.AccessModeNone
|
||||
}
|
||||
return p.UnitsMode[unitType]
|
||||
}
|
||||
|
||||
// CanAccess returns true if user has mode access to the unit of the repository
|
||||
func (p *Permission) CanAccess(mode AccessMode, unitType unit.Type) bool {
|
||||
func (p *Permission) CanAccess(mode perm_model.AccessMode, unitType unit.Type) bool {
|
||||
return p.UnitAccessMode(unitType) >= mode
|
||||
}
|
||||
|
||||
// CanAccessAny returns true if user has mode access to any of the units of the repository
|
||||
func (p *Permission) CanAccessAny(mode AccessMode, unitTypes ...unit.Type) bool {
|
||||
func (p *Permission) CanAccessAny(mode perm_model.AccessMode, unitTypes ...unit.Type) bool {
|
||||
for _, u := range unitTypes {
|
||||
if p.CanAccess(mode, u) {
|
||||
return true
|
||||
@@ -68,12 +69,12 @@ func (p *Permission) CanAccessAny(mode AccessMode, unitTypes ...unit.Type) bool
|
||||
|
||||
// CanRead returns true if user could read to this unit
|
||||
func (p *Permission) CanRead(unitType unit.Type) bool {
|
||||
return p.CanAccess(AccessModeRead, unitType)
|
||||
return p.CanAccess(perm_model.AccessModeRead, unitType)
|
||||
}
|
||||
|
||||
// CanReadAny returns true if user has read access to any of the units of the repository
|
||||
func (p *Permission) CanReadAny(unitTypes ...unit.Type) bool {
|
||||
return p.CanAccessAny(AccessModeRead, unitTypes...)
|
||||
return p.CanAccessAny(perm_model.AccessModeRead, unitTypes...)
|
||||
}
|
||||
|
||||
// CanReadIssuesOrPulls returns true if isPull is true and user could read pull requests and
|
||||
@@ -87,7 +88,7 @@ func (p *Permission) CanReadIssuesOrPulls(isPull bool) bool {
|
||||
|
||||
// CanWrite returns true if user could write to this unit
|
||||
func (p *Permission) CanWrite(unitType unit.Type) bool {
|
||||
return p.CanAccess(AccessModeWrite, unitType)
|
||||
return p.CanAccess(perm_model.AccessModeWrite, unitType)
|
||||
}
|
||||
|
||||
// CanWriteIssuesOrPulls returns true if isPull is true and user could write to pull requests and
|
||||
@@ -103,7 +104,7 @@ func (p *Permission) CanWriteIssuesOrPulls(isPull bool) bool {
|
||||
func (p *Permission) ColorFormat(s fmt.State) {
|
||||
noColor := log.ColorBytes(log.Reset)
|
||||
|
||||
format := "AccessMode: %-v, %d Units, %d UnitsMode(s): [ "
|
||||
format := "perm_model.AccessMode: %-v, %d Units, %d UnitsMode(s): [ "
|
||||
args := []interface{}{
|
||||
p.AccessMode,
|
||||
log.NewColoredValueBytes(len(p.Units), &noColor),
|
||||
@@ -163,7 +164,7 @@ func getUserRepoPermission(e db.Engine, repo *Repository, user *user_model.User)
|
||||
// anonymous user visit private repo.
|
||||
// TODO: anonymous user visit public unit of private repo???
|
||||
if user == nil && repo.IsPrivate {
|
||||
perm.AccessMode = AccessModeNone
|
||||
perm.AccessMode = perm_model.AccessModeNone
|
||||
return
|
||||
}
|
||||
|
||||
@@ -182,7 +183,7 @@ func getUserRepoPermission(e db.Engine, repo *Repository, user *user_model.User)
|
||||
// Prevent strangers from checking out public repo of private organization/users
|
||||
// Allow user if they are collaborator of a repo within a private user or a private organization but not a member of the organization itself
|
||||
if !hasOrgOrUserVisible(e, repo.Owner, user) && !isCollaborator {
|
||||
perm.AccessMode = AccessModeNone
|
||||
perm.AccessMode = perm_model.AccessModeNone
|
||||
return
|
||||
}
|
||||
|
||||
@@ -194,13 +195,13 @@ func getUserRepoPermission(e db.Engine, repo *Repository, user *user_model.User)
|
||||
|
||||
// anonymous visit public repo
|
||||
if user == nil {
|
||||
perm.AccessMode = AccessModeRead
|
||||
perm.AccessMode = perm_model.AccessModeRead
|
||||
return
|
||||
}
|
||||
|
||||
// Admin or the owner has super access to the repository
|
||||
if user.IsAdmin || user.ID == repo.OwnerID {
|
||||
perm.AccessMode = AccessModeOwner
|
||||
perm.AccessMode = perm_model.AccessModeOwner
|
||||
return
|
||||
}
|
||||
|
||||
@@ -217,7 +218,7 @@ func getUserRepoPermission(e db.Engine, repo *Repository, user *user_model.User)
|
||||
return
|
||||
}
|
||||
|
||||
perm.UnitsMode = make(map[unit.Type]AccessMode)
|
||||
perm.UnitsMode = make(map[unit.Type]perm_model.AccessMode)
|
||||
|
||||
// Collaborators on organization
|
||||
if isCollaborator {
|
||||
@@ -234,8 +235,8 @@ func getUserRepoPermission(e db.Engine, repo *Repository, user *user_model.User)
|
||||
|
||||
// if user in an owner team
|
||||
for _, team := range teams {
|
||||
if team.Authorize >= AccessModeOwner {
|
||||
perm.AccessMode = AccessModeOwner
|
||||
if team.Authorize >= perm_model.AccessModeOwner {
|
||||
perm.AccessMode = perm_model.AccessModeOwner
|
||||
perm.UnitsMode = nil
|
||||
return
|
||||
}
|
||||
@@ -256,7 +257,7 @@ func getUserRepoPermission(e db.Engine, repo *Repository, user *user_model.User)
|
||||
// for a public repo on an organization, a non-restricted user has read permission on non-team defined units.
|
||||
if !found && !repo.IsPrivate && !user.IsRestricted {
|
||||
if _, ok := perm.UnitsMode[u.Type]; !ok {
|
||||
perm.UnitsMode[u.Type] = AccessModeRead
|
||||
perm.UnitsMode[u.Type] = perm_model.AccessModeRead
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -291,7 +292,7 @@ func IsUserRealRepoAdmin(repo *Repository, user *user_model.User) (bool, error)
|
||||
return false, err
|
||||
}
|
||||
|
||||
return accessMode >= AccessModeAdmin, nil
|
||||
return accessMode >= perm_model.AccessModeAdmin, nil
|
||||
}
|
||||
|
||||
// IsUserRepoAdmin return true if user has admin right of a repo
|
||||
@@ -311,7 +312,7 @@ func isUserRepoAdmin(e db.Engine, repo *Repository, user *user_model.User) (bool
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if mode >= AccessModeAdmin {
|
||||
if mode >= perm_model.AccessModeAdmin {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
@@ -321,7 +322,7 @@ func isUserRepoAdmin(e db.Engine, repo *Repository, user *user_model.User) (bool
|
||||
}
|
||||
|
||||
for _, team := range teams {
|
||||
if team.Authorize >= AccessModeAdmin {
|
||||
if team.Authorize >= perm_model.AccessModeAdmin {
|
||||
return true, nil
|
||||
}
|
||||
}
|
||||
@@ -330,31 +331,31 @@ func isUserRepoAdmin(e db.Engine, repo *Repository, user *user_model.User) (bool
|
||||
|
||||
// AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
|
||||
// user does not have access.
|
||||
func AccessLevel(user *user_model.User, repo *Repository) (AccessMode, error) {
|
||||
func AccessLevel(user *user_model.User, repo *Repository) (perm_model.AccessMode, error) {
|
||||
return accessLevelUnit(db.GetEngine(db.DefaultContext), user, repo, unit.TypeCode)
|
||||
}
|
||||
|
||||
// AccessLevelUnit returns the Access a user has to a repository's. Will return NoneAccess if the
|
||||
// user does not have access.
|
||||
func AccessLevelUnit(user *user_model.User, repo *Repository, unitType unit.Type) (AccessMode, error) {
|
||||
func AccessLevelUnit(user *user_model.User, repo *Repository, unitType unit.Type) (perm_model.AccessMode, error) {
|
||||
return accessLevelUnit(db.GetEngine(db.DefaultContext), user, repo, unitType)
|
||||
}
|
||||
|
||||
func accessLevelUnit(e db.Engine, user *user_model.User, repo *Repository, unitType unit.Type) (AccessMode, error) {
|
||||
func accessLevelUnit(e db.Engine, user *user_model.User, repo *Repository, unitType unit.Type) (perm_model.AccessMode, error) {
|
||||
perm, err := getUserRepoPermission(e, repo, user)
|
||||
if err != nil {
|
||||
return AccessModeNone, err
|
||||
return perm_model.AccessModeNone, err
|
||||
}
|
||||
return perm.UnitAccessMode(unitType), nil
|
||||
}
|
||||
|
||||
func hasAccessUnit(e db.Engine, user *user_model.User, repo *Repository, unitType unit.Type, testMode AccessMode) (bool, error) {
|
||||
func hasAccessUnit(e db.Engine, user *user_model.User, repo *Repository, unitType unit.Type, testMode perm_model.AccessMode) (bool, error) {
|
||||
mode, err := accessLevelUnit(e, user, repo, unitType)
|
||||
return testMode <= mode, err
|
||||
}
|
||||
|
||||
// HasAccessUnit returns true if user has testMode to the unit of the repository
|
||||
func HasAccessUnit(user *user_model.User, repo *Repository, unitType unit.Type, testMode AccessMode) (bool, error) {
|
||||
func HasAccessUnit(user *user_model.User, repo *Repository, unitType unit.Type, testMode perm_model.AccessMode) (bool, error) {
|
||||
return hasAccessUnit(db.GetEngine(db.DefaultContext), user, repo, unitType, testMode)
|
||||
}
|
||||
|
||||
@@ -373,7 +374,7 @@ func canBeAssigned(e db.Engine, user *user_model.User, repo *Repository, _ bool)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return perm.CanAccessAny(AccessModeWrite, unit.TypeCode, unit.TypeIssues, unit.TypePullRequests), nil
|
||||
return perm.CanAccessAny(perm_model.AccessModeWrite, unit.TypeCode, unit.TypeIssues, unit.TypePullRequests), nil
|
||||
}
|
||||
|
||||
func hasAccess(e db.Engine, userID int64, repo *Repository) (bool, error) {
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"testing"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
perm_model "code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
@@ -93,7 +94,7 @@ func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {
|
||||
assert.True(t, perm.CanWrite(unit.Type))
|
||||
}
|
||||
|
||||
assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))
|
||||
assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, perm_model.AccessModeRead))
|
||||
perm, err = GetUserRepoPermission(repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
@@ -145,7 +146,7 @@ func TestRepoPermissionPublicOrgRepo(t *testing.T) {
|
||||
assert.True(t, perm.CanWrite(unit.Type))
|
||||
}
|
||||
|
||||
assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))
|
||||
assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, perm_model.AccessModeRead))
|
||||
perm, err = GetUserRepoPermission(repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
@@ -207,7 +208,7 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
|
||||
assert.True(t, perm.CanWrite(unit.Type))
|
||||
}
|
||||
|
||||
assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))
|
||||
assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, perm_model.AccessModeRead))
|
||||
perm, err = GetUserRepoPermission(repo, user)
|
||||
assert.NoError(t, err)
|
||||
for _, unit := range repo.Units {
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/base"
|
||||
@@ -277,7 +278,7 @@ func isOfficialReviewerTeam(e db.Engine, issue *Issue, team *Team) (bool, error)
|
||||
}
|
||||
|
||||
if !pr.ProtectedBranch.EnableApprovalsWhitelist {
|
||||
return team.Authorize >= AccessModeWrite, nil
|
||||
return team.Authorize >= perm.AccessModeWrite, nil
|
||||
}
|
||||
|
||||
return base.Int64sContains(pr.ProtectedBranch.ApprovalsWhitelistTeamIDs, team.ID), nil
|
||||
@@ -895,12 +896,12 @@ func CanMarkConversation(issue *Issue, doer *user_model.User) (permResult bool,
|
||||
return false, err
|
||||
}
|
||||
|
||||
perm, err := GetUserRepoPermission(issue.Repo, doer)
|
||||
p, err := GetUserRepoPermission(issue.Repo, doer)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
permResult = perm.CanAccess(AccessModeWrite, unit.TypePullRequests)
|
||||
permResult = p.CanAccess(perm.AccessModeWrite, unit.TypePullRequests)
|
||||
if !permResult {
|
||||
if permResult, err = IsOfficialReviewer(issue, doer); err != nil {
|
||||
return false, err
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/login"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/timeutil"
|
||||
@@ -35,14 +36,14 @@ const (
|
||||
|
||||
// PublicKey represents a user or deploy SSH public key.
|
||||
type PublicKey struct {
|
||||
ID int64 `xorm:"pk autoincr"`
|
||||
OwnerID int64 `xorm:"INDEX NOT NULL"`
|
||||
Name string `xorm:"NOT NULL"`
|
||||
Fingerprint string `xorm:"INDEX NOT NULL"`
|
||||
Content string `xorm:"TEXT NOT NULL"`
|
||||
Mode AccessMode `xorm:"NOT NULL DEFAULT 2"`
|
||||
Type KeyType `xorm:"NOT NULL DEFAULT 1"`
|
||||
LoginSourceID int64 `xorm:"NOT NULL DEFAULT 0"`
|
||||
ID int64 `xorm:"pk autoincr"`
|
||||
OwnerID int64 `xorm:"INDEX NOT NULL"`
|
||||
Name string `xorm:"NOT NULL"`
|
||||
Fingerprint string `xorm:"INDEX NOT NULL"`
|
||||
Content string `xorm:"TEXT NOT NULL"`
|
||||
Mode perm.AccessMode `xorm:"NOT NULL DEFAULT 2"`
|
||||
Type KeyType `xorm:"NOT NULL DEFAULT 1"`
|
||||
LoginSourceID int64 `xorm:"NOT NULL DEFAULT 0"`
|
||||
|
||||
CreatedUnix timeutil.TimeStamp `xorm:"created"`
|
||||
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
|
||||
@@ -123,7 +124,7 @@ func AddPublicKey(ownerID int64, name, content string, loginSourceID int64) (*Pu
|
||||
Name: name,
|
||||
Fingerprint: fingerprint,
|
||||
Content: content,
|
||||
Mode: AccessModeWrite,
|
||||
Mode: perm.AccessModeWrite,
|
||||
Type: KeyTypeUser,
|
||||
LoginSourceID: loginSourceID,
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"time"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/timeutil"
|
||||
|
||||
@@ -33,7 +34,7 @@ type DeployKey struct {
|
||||
Fingerprint string
|
||||
Content string `xorm:"-"`
|
||||
|
||||
Mode AccessMode `xorm:"NOT NULL DEFAULT 1"`
|
||||
Mode perm.AccessMode `xorm:"NOT NULL DEFAULT 1"`
|
||||
|
||||
CreatedUnix timeutil.TimeStamp `xorm:"created"`
|
||||
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
|
||||
@@ -59,7 +60,7 @@ func (key *DeployKey) GetContent() error {
|
||||
|
||||
// IsReadOnly checks if the key can only be used for read operations
|
||||
func (key *DeployKey) IsReadOnly() bool {
|
||||
return key.Mode == AccessModeRead
|
||||
return key.Mode == perm.AccessModeRead
|
||||
}
|
||||
|
||||
func init() {
|
||||
@@ -90,7 +91,7 @@ func checkDeployKey(e db.Engine, keyID, repoID int64, name string) error {
|
||||
}
|
||||
|
||||
// addDeployKey adds new key-repo relation.
|
||||
func addDeployKey(e db.Engine, keyID, repoID int64, name, fingerprint string, mode AccessMode) (*DeployKey, error) {
|
||||
func addDeployKey(e db.Engine, keyID, repoID int64, name, fingerprint string, mode perm.AccessMode) (*DeployKey, error) {
|
||||
if err := checkDeployKey(e, keyID, repoID, name); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -121,9 +122,9 @@ func AddDeployKey(repoID int64, name, content string, readOnly bool) (*DeployKey
|
||||
return nil, err
|
||||
}
|
||||
|
||||
accessMode := AccessModeRead
|
||||
accessMode := perm.AccessModeRead
|
||||
if !readOnly {
|
||||
accessMode = AccessModeWrite
|
||||
accessMode = perm.AccessModeWrite
|
||||
}
|
||||
|
||||
ctx, committer, err := db.TxContext()
|
||||
|
||||
@@ -10,6 +10,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
)
|
||||
@@ -46,7 +47,7 @@ func AddPrincipalKey(ownerID int64, content string, loginSourceID int64) (*Publi
|
||||
OwnerID: ownerID,
|
||||
Name: content,
|
||||
Content: content,
|
||||
Mode: AccessModeWrite,
|
||||
Mode: perm.AccessModeWrite,
|
||||
Type: KeyTypePrincipal,
|
||||
LoginSourceID: loginSourceID,
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user