Restricted users (#4334): initial implementation

* Add User.IsRestricted & UI to edit it * Pass user object instead of user id to places where IsRestricted flag matters * Restricted users: maintain access rows for all referenced repos (incl public) * Take logged in user & IsRestricted flag into account in org/repo listings, searches and accesses * Add basic repo access tests for restricted users Signed-off-by: Manush Dodunekov <manush@stendahls.se>
2019-04-15 05:22:14 +02:00 · 2019-04-15 05:22:14 +02:00 · 836f9d86aa
commit 836f9d86aa
parent 5749b26cdd
30 changed files with 281 additions and 117 deletions
--- a/models/lfs.go
+++ b/models/lfs.go
@ -159,7 +159,7 @@ func LFSObjectAccessible(user *User, oid string) (bool, error) {
 		count, err := x.Count(&LFSMetaObject{Oid: oid})
 		return (count > 0), err
 	}
-	cond := accessibleRepositoryCondition(user.ID)
+	cond := accessibleRepositoryCondition(user)
 	count, err := x.Where(cond).Join("INNER", "repository", "`lfs_meta_object`.repository_id = `repository`.id").Count(&LFSMetaObject{Oid: oid})
 	return (count > 0), err
 }
@ -182,7 +182,7 @@ func LFSAutoAssociate(metas []*LFSMetaObject, user *User, repoID int64) error {
 	cond := builder.NewCond()
 	if !user.IsAdmin {
 		cond = builder.In("`lfs_meta_object`.repository_id",
-			builder.Select("`repository`.id").From("repository").Where(accessibleRepositoryCondition(user.ID)))
+			builder.Select("`repository`.id").From("repository").Where(accessibleRepositoryCondition(user)))
 	}
 	newMetas := make([]*LFSMetaObject, 0, len(metas))
 	if err := sess.Cols("oid").Where(cond).In("oid", oids...).GroupBy("oid").Find(&newMetas); err != nil {