tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 02:08:36 +00:00
Code Releases Activity

Restrict permission check on repositories and fix some problems (#5314)

Browse Source 
* fix units permission problems

* fix some bugs and merge LoadUnits to repoAssignment

* refactor permission struct and add some copyright heads

* remove unused codes

* fix routes units check

* improve permission check

* add unit tests for permission

* fix typo

* fix tests

* fix some routes

* fix api permission check

* improve permission check

* fix some permission check

* fix tests

* fix tests

* improve some permission check

* fix some permission check

* refactor AccessLevel

* fix bug

* fix tests

* fix tests

* fix tests

* fix AccessLevel

* rename CanAccess

* fix tests

* fix comment

* fix bug

* add missing unit for test repos

* fix bug

* rename some functions

* fix routes check
This commit is contained in:
Lunny Xiao
2018-11-28 19:26:14 +08:00
committed by GitHub
parent 0222623be9
commit eabbddcd98
80 changed files with 1360 additions and 774 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
routers/api/v1/repo/repo.go
View File

@@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
@@ -183,11 +184,6 @@ func Search(ctx *context.APIContext) {
return
}
var userID int64
if ctx.IsSigned {
userID = ctx.User.ID
}
results := make([]*api.Repository, len(repos))
for i, repo := range repos {
if err = repo.GetOwner(); err != nil {
@@ -197,7 +193,7 @@ func Search(ctx *context.APIContext) {
})
return
}
accessMode, err := models.AccessLevel(userID, repo)
accessMode, err := models.AccessLevel(ctx.User, repo)
if err != nil {
ctx.JSON(500, api.SearchError{
OK: false,
@@ -469,15 +465,15 @@ func GetByID(ctx *context.APIContext) {
return
}
access, err := models.AccessLevel(ctx.User.ID, repo)
perm, err := models.GetUserRepoPermission(repo, ctx.User)
if err != nil {
ctx.Error(500, "AccessLevel", err)
return
} else if access < models.AccessModeRead {
} else if !perm.HasAccess() {
ctx.Status(404)
return
}
ctx.JSON(200, repo.APIFormat(access))
ctx.JSON(200, repo.APIFormat(perm.AccessMode))
}
// Delete one repository
@@ -503,10 +499,6 @@ func Delete(ctx *context.APIContext) {
// "$ref": "#/responses/empty"
// "403":
// "$ref": "#/responses/forbidden"
if !ctx.Repo.IsAdmin() {
ctx.Error(403, "", "Must have admin rights")
return
}
owner := ctx.Repo.Owner
repo := ctx.Repo.Repository
@@ -553,7 +545,7 @@ func MirrorSync(ctx *context.APIContext) {
// "$ref": "#/responses/empty"
repo := ctx.Repo.Repository
if !ctx.Repo.IsWriter() {
if !ctx.Repo.CanWrite(models.UnitTypeCode) {
ctx.Error(403, "MirrorSync", "Must have write access")
}