mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-26 18:00:34 +00:00
Correctly check http git access rights for reverse proxy authorized users (#3721)
This commit is contained in:
parent
4c6e170ceb
commit
ab5cc6f3a9
1 changed files with 20 additions and 20 deletions
|
@ -184,33 +184,33 @@ func HTTP(ctx *context.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if !isPublicPull {
|
if !isPublicPull {
|
||||||
has, err := models.HasAccess(authUser.ID, repo, accessMode)
|
has, err := models.HasAccess(authUser.ID, repo, accessMode)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.ServerError("HasAccess", err)
|
ctx.ServerError("HasAccess", err)
|
||||||
return
|
return
|
||||||
} else if !has {
|
} else if !has {
|
||||||
if accessMode == models.AccessModeRead {
|
if accessMode == models.AccessModeRead {
|
||||||
has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite)
|
has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.ServerError("HasAccess2", err)
|
ctx.ServerError("HasAccess2", err)
|
||||||
return
|
return
|
||||||
} else if !has {
|
} else if !has {
|
||||||
ctx.HandleText(http.StatusForbidden, "User permission denied")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
ctx.HandleText(http.StatusForbidden, "User permission denied")
|
ctx.HandleText(http.StatusForbidden, "User permission denied")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
} else {
|
||||||
|
ctx.HandleText(http.StatusForbidden, "User permission denied")
|
||||||
if !isPull && repo.IsMirror {
|
|
||||||
ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !isPull && repo.IsMirror {
|
||||||
|
ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {
|
if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {
|
||||||
|
|
Loading…
Reference in a new issue