mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-04-26 06:04:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

For users and organizations check if they exits and the reporter can view them.

Browse source
This commit is contained in:
floss4good 2025-03-07 12:25:09 +02:00
parent 35970a1c0e
commit 570794e68e
No known key found for this signature in database
GPG key ID: 5B948B4F4DAF819D
1 changed files with 62 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

111
services/moderation/reporting.go
View file

@ -26,74 +26,87 @@ var (
// When reporting repositories the user should have at least read access to any repo unit type. // When reporting repositories the user should have at least read access to any repo unit type.
// When reporting issues, pull requests or comments the user should have at least read access // When reporting issues, pull requests or comments the user should have at least read access
// to 'TypeIssues', respectively 'TypePullRequests' unit for the repository where the content belongs. // to 'TypeIssues', respectively 'TypePullRequests' unit for the repository where the content belongs.
// When reporting users or organizations no checks are made. // When reporting users or organizations doer should be able to view the reported user.
func CanReport(ctx context.Context, doer *user.User, contentType moderation.ReportedContentType, contentID int64) (bool, error) { func CanReport(ctx context.Context, doer *user.User, contentType moderation.ReportedContentType, contentID int64) (bool, error) {
var hasAccess bool = false var hasAccess bool = false
var issueID int64 = 0 var issueID int64 = 0
var repoID int64 = 0 var repoID int64 = 0
var unitType unit.Type = unit.TypeInvalid var unitType unit.Type = unit.TypeInvalid
if contentType == moderation.ReportedContentTypeComment { if contentType == moderation.ReportedContentTypeUser {
comment, err := issues.GetCommentByID(ctx, contentID) reported_user, err := user.GetUserByID(ctx, contentID)
if err != nil { if err != nil {
if issues.IsErrCommentNotExist(err) { if user.IsErrUserNotExist(err) {
log.Warn("User #%d wanted to report comment #%d but it does not exist.", doer.ID, contentID) log.Warn("User #%d wanted to report user #%d but it does not exist.", doer.ID, contentID)
return false, ErrContentDoesNotExist
}
return false, err
}
issueID = comment.IssueID
} else if contentType == moderation.ReportedContentTypeIssue {
issueID = contentID
} else if contentType == moderation.ReportedContentTypeRepository {
repoID = contentID
}
if issueID > 0 {
issue, err := issues.GetIssueByID(ctx, issueID)
if err != nil {
if issues.IsErrIssueNotExist(err) {
log.Warn("User #%d wanted to report issue #%d (or one of its comments) but it does not exist.", doer.ID, issueID)
return false, ErrContentDoesNotExist return false, ErrContentDoesNotExist
} }
return false, err return false, err
} }
repoID = issue.RepoID hasAccess = user.IsUserVisibleToViewer(ctx, reported_user, ctx.Doer)
if issue.IsPull { } else {
unitType = unit.TypePullRequests if contentType == moderation.ReportedContentTypeComment {
} else { comment, err := issues.GetCommentByID(ctx, contentID)
unitType = unit.TypeIssues if err != nil {
} if issues.IsErrCommentNotExist(err) {
} log.Warn("User #%d wanted to report comment #%d but it does not exist.", doer.ID, contentID)
return false, ErrContentDoesNotExist
if repoID > 0 { }
repo, err := repo_model.GetRepositoryByID(ctx, repoID) return false, err
if err != nil {
if repo_model.IsErrRepoNotExist(err) {
log.Warn("User #%d wanted to report repository #%d (or one of its issues / comments) but it does not exist.", doer.ID, repoID)
return false, ErrContentDoesNotExist
} }
return false, err issueID = comment.IssueID
} else if contentType == moderation.ReportedContentTypeIssue {
issueID = contentID
} else if contentType == moderation.ReportedContentTypeRepository {
repoID = contentID
} }
if issueID > 0 { if issueID > 0 {
hasAccess, err = access_model.HasAccessUnit(ctx, doer, repo, unitType, perm.AccessModeRead) issue, err := issues.GetIssueByID(ctx, issueID)
if err != nil {
return false, err
} else if !hasAccess {
log.Warn("User #%d wanted to report issue #%d or one of its comments from repository #%d but they don't have access to it.", doer.ID, issueID, repoID)
return false, ErrDoerNotAllowed
}
} else {
perm, err := access_model.GetUserRepoPermission(ctx, repo, doer)
if err != nil { if err != nil {
if issues.IsErrIssueNotExist(err) {
log.Warn("User #%d wanted to report issue #%d (or one of its comments) but it does not exist.", doer.ID, issueID)
return false, ErrContentDoesNotExist
}
return false, err return false, err
} }
hasAccess = perm.CanReadAny(unit.AllRepoUnitTypes...)
if !hasAccess { repoID = issue.RepoID
log.Warn("User #%d wanted to report repository #%d but they don't have access to it.", doer.ID, repoID) if issue.IsPull {
return false, ErrDoerNotAllowed unitType = unit.TypePullRequests
} else {
unitType = unit.TypeIssues
}
}
if repoID > 0 {
repo, err := repo_model.GetRepositoryByID(ctx, repoID)
if err != nil {
if repo_model.IsErrRepoNotExist(err) {
log.Warn("User #%d wanted to report repository #%d (or one of its issues / comments) but it does not exist.", doer.ID, repoID)
return false, ErrContentDoesNotExist
}
return false, err
}
if issueID > 0 {
hasAccess, err = access_model.HasAccessUnit(ctx, doer, repo, unitType, perm.AccessModeRead)
if err != nil {
return false, err
} else if !hasAccess {
log.Warn("User #%d wanted to report issue #%d or one of its comments from repository #%d but they don't have access to it.", doer.ID, issueID, repoID)
return false, ErrDoerNotAllowed
}
} else {
perm, err := access_model.GetUserRepoPermission(ctx, repo, doer)
if err != nil {
return false, err
}
hasAccess = perm.CanReadAny(unit.AllRepoUnitTypes...)
if !hasAccess {
log.Warn("User #%d wanted to report repository #%d but they don't have access to it.", doer.ID, repoID)
return false, ErrDoerNotAllowed
}
} }
} }
} }