domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Restrict permission check on repositories and fix some problems (#5314)

Browse source 
* fix units permission problems

* fix some bugs and merge LoadUnits to repoAssignment

* refactor permission struct and add some copyright heads

* remove unused codes

* fix routes units check

* improve permission check

* add unit tests for permission

* fix typo

* fix tests

* fix some routes

* fix api permission check

* improve permission check

* fix some permission check

* fix tests

* fix tests

* improve some permission check

* fix some permission check

* refactor AccessLevel

* fix bug

* fix tests

* fix tests

* fix tests

* fix AccessLevel

* rename CanAccess

* fix tests

* fix comment

* fix bug

* add missing unit for test repos

* fix bug

* rename some functions

* fix routes check
This commit is contained in:
Lunny Xiao 2018-11-28 19:26:14 +08:00 committed by GitHub
parent 0222623be9
commit eabbddcd98
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
80 changed files with 1360 additions and 774 deletions
Download patch file Download diff file Expand all files Collapse all files

24
modules/private/internal.go
View file

@ -51,27 +51,9 @@ func newInternalRequest(url, method string) *httplib.Request {
}
// CheckUnitUser check whether user could visit the unit of this repository
func CheckUnitUser(userID, repoID int64, isAdmin bool, unitType models.UnitType) (bool, error) {
func CheckUnitUser(userID, repoID int64, isAdmin bool, unitType models.UnitType) (*models.AccessMode, error) {
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/user/%d/checkunituser?isAdmin=%t&unitType=%d", repoID, userID, isAdmin, unitType)
log.GitLogger.Trace("AccessLevel: %s", reqURL)
resp, err := newInternalRequest(reqURL, "GET").Response()
if err != nil {
return false, err
}
defer resp.Body.Close()
if resp.StatusCode == 200 {
return true, nil
}
return false, nil
}
// AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
// user does not have access.
func AccessLevel(userID, repoID int64) (*models.AccessMode, error) {
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/user/%d/accesslevel", repoID, userID)
log.GitLogger.Trace("AccessLevel: %s", reqURL)
log.GitLogger.Trace("CheckUnitUser: %s", reqURL)
resp, err := newInternalRequest(reqURL, "GET").Response()
if err != nil {
@ -80,7 +62,7 @@ func AccessLevel(userID, repoID int64) (*models.AccessMode, error) {
defer resp.Body.Close()
if resp.StatusCode != 200 {
return nil, fmt.Errorf("Failed to get user access level: %s", decodeJSONError(resp).Err)
return nil, fmt.Errorf("Failed to CheckUnitUser: %s", decodeJSONError(resp).Err)
}
var a models.AccessMode