mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-13 18:45:41 +00:00
parent
f4c1f43644
commit
934124c641
2 changed files with 22 additions and 20 deletions
|
@ -127,7 +127,8 @@ func (p *Permission) LogString() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetUserRepoPermission returns the user permissions to the repository
|
// GetUserRepoPermission returns the user permissions to the repository
|
||||||
func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (perm Permission, err error) {
|
func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (Permission, error) {
|
||||||
|
var perm Permission
|
||||||
if log.IsTrace() {
|
if log.IsTrace() {
|
||||||
defer func() {
|
defer func() {
|
||||||
if user == nil {
|
if user == nil {
|
||||||
|
@ -147,30 +148,31 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use
|
||||||
// TODO: anonymous user visit public unit of private repo???
|
// TODO: anonymous user visit public unit of private repo???
|
||||||
if user == nil && repo.IsPrivate {
|
if user == nil && repo.IsPrivate {
|
||||||
perm.AccessMode = perm_model.AccessModeNone
|
perm.AccessMode = perm_model.AccessModeNone
|
||||||
return
|
return perm, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
var is bool
|
var isCollaborator bool
|
||||||
|
var err error
|
||||||
if user != nil {
|
if user != nil {
|
||||||
is, err = repo_model.IsCollaborator(ctx, repo.ID, user.ID)
|
isCollaborator, err = repo_model.IsCollaborator(ctx, repo.ID, user.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return perm, err
|
return perm, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = repo.LoadOwner(ctx); err != nil {
|
if err := repo.LoadOwner(ctx); err != nil {
|
||||||
return
|
return perm, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Prevent strangers from checking out public repo of private organization/users
|
// Prevent strangers from checking out public repo of private organization/users
|
||||||
// Allow user if they are collaborator of a repo within a private user or a private organization but not a member of the organization itself
|
// Allow user if they are collaborator of a repo within a private user or a private organization but not a member of the organization itself
|
||||||
if !organization.HasOrgOrUserVisible(ctx, repo.Owner, user) && !is {
|
if !organization.HasOrgOrUserVisible(ctx, repo.Owner, user) && !isCollaborator {
|
||||||
perm.AccessMode = perm_model.AccessModeNone
|
perm.AccessMode = perm_model.AccessModeNone
|
||||||
return
|
return perm, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = repo.LoadUnits(ctx); err != nil {
|
if err := repo.LoadUnits(ctx); err != nil {
|
||||||
return
|
return perm, err
|
||||||
}
|
}
|
||||||
|
|
||||||
perm.Units = repo.Units
|
perm.Units = repo.Units
|
||||||
|
@ -178,32 +180,32 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use
|
||||||
// anonymous visit public repo
|
// anonymous visit public repo
|
||||||
if user == nil {
|
if user == nil {
|
||||||
perm.AccessMode = perm_model.AccessModeRead
|
perm.AccessMode = perm_model.AccessModeRead
|
||||||
return
|
return perm, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Admin or the owner has super access to the repository
|
// Admin or the owner has super access to the repository
|
||||||
if user.IsAdmin || user.ID == repo.OwnerID {
|
if user.IsAdmin || user.ID == repo.OwnerID {
|
||||||
perm.AccessMode = perm_model.AccessModeOwner
|
perm.AccessMode = perm_model.AccessModeOwner
|
||||||
return
|
return perm, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// plain user
|
// plain user
|
||||||
perm.AccessMode, err = accessLevel(ctx, user, repo)
|
perm.AccessMode, err = accessLevel(ctx, user, repo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return perm, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = repo.LoadOwner(ctx); err != nil {
|
if err := repo.LoadOwner(ctx); err != nil {
|
||||||
return
|
return perm, err
|
||||||
}
|
}
|
||||||
if !repo.Owner.IsOrganization() {
|
if !repo.Owner.IsOrganization() {
|
||||||
return
|
return perm, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
perm.UnitsMode = make(map[unit.Type]perm_model.AccessMode)
|
perm.UnitsMode = make(map[unit.Type]perm_model.AccessMode)
|
||||||
|
|
||||||
// Collaborators on organization
|
// Collaborators on organization
|
||||||
if is {
|
if isCollaborator {
|
||||||
for _, u := range repo.Units {
|
for _, u := range repo.Units {
|
||||||
perm.UnitsMode[u.Type] = perm.AccessMode
|
perm.UnitsMode[u.Type] = perm.AccessMode
|
||||||
}
|
}
|
||||||
|
@ -212,7 +214,7 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use
|
||||||
// get units mode from teams
|
// get units mode from teams
|
||||||
teams, err := organization.GetUserRepoTeams(ctx, repo.OwnerID, user.ID, repo.ID)
|
teams, err := organization.GetUserRepoTeams(ctx, repo.OwnerID, user.ID, repo.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return perm, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// if user in an owner team
|
// if user in an owner team
|
||||||
|
@ -220,7 +222,7 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use
|
||||||
if team.AccessMode >= perm_model.AccessModeAdmin {
|
if team.AccessMode >= perm_model.AccessModeAdmin {
|
||||||
perm.AccessMode = perm_model.AccessModeOwner
|
perm.AccessMode = perm_model.AccessModeOwner
|
||||||
perm.UnitsMode = nil
|
perm.UnitsMode = nil
|
||||||
return
|
return perm, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -339,7 +339,7 @@ func (s releaseMetaSearch) Less(i, j int) bool {
|
||||||
// GetReleaseAttachments retrieves the attachments for releases
|
// GetReleaseAttachments retrieves the attachments for releases
|
||||||
func GetReleaseAttachments(ctx context.Context, rels ...*Release) (err error) {
|
func GetReleaseAttachments(ctx context.Context, rels ...*Release) (err error) {
|
||||||
if len(rels) == 0 {
|
if len(rels) == 0 {
|
||||||
return
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// To keep this efficient as possible sort all releases by id,
|
// To keep this efficient as possible sort all releases by id,
|
||||||
|
|
Loading…
Reference in a new issue