|
|
@@ -127,7 +127,8 @@ func (p *Permission) LogString() string { |
|
|
|
} |
|
|
|
|
|
|
|
// GetUserRepoPermission returns the user permissions to the repository |
|
|
|
func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (perm Permission, err error) { |
|
|
|
func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (Permission, error) { |
|
|
|
var perm Permission |
|
|
|
if log.IsTrace() { |
|
|
|
defer func() { |
|
|
|
if user == nil { |
|
|
@@ -147,30 +148,31 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use |
|
|
|
// TODO: anonymous user visit public unit of private repo??? |
|
|
|
if user == nil && repo.IsPrivate { |
|
|
|
perm.AccessMode = perm_model.AccessModeNone |
|
|
|
return |
|
|
|
return perm, nil |
|
|
|
} |
|
|
|
|
|
|
|
var is bool |
|
|
|
var isCollaborator bool |
|
|
|
var err error |
|
|
|
if user != nil { |
|
|
|
is, err = repo_model.IsCollaborator(ctx, repo.ID, user.ID) |
|
|
|
isCollaborator, err = repo_model.IsCollaborator(ctx, repo.ID, user.ID) |
|
|
|
if err != nil { |
|
|
|
return perm, err |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if err = repo.LoadOwner(ctx); err != nil { |
|
|
|
return |
|
|
|
if err := repo.LoadOwner(ctx); err != nil { |
|
|
|
return perm, err |
|
|
|
} |
|
|
|
|
|
|
|
// Prevent strangers from checking out public repo of private organization/users |
|
|
|
// Allow user if they are collaborator of a repo within a private user or a private organization but not a member of the organization itself |
|
|
|
if !organization.HasOrgOrUserVisible(ctx, repo.Owner, user) && !is { |
|
|
|
if !organization.HasOrgOrUserVisible(ctx, repo.Owner, user) && !isCollaborator { |
|
|
|
perm.AccessMode = perm_model.AccessModeNone |
|
|
|
return |
|
|
|
return perm, nil |
|
|
|
} |
|
|
|
|
|
|
|
if err = repo.LoadUnits(ctx); err != nil { |
|
|
|
return |
|
|
|
if err := repo.LoadUnits(ctx); err != nil { |
|
|
|
return perm, err |
|
|
|
} |
|
|
|
|
|
|
|
perm.Units = repo.Units |
|
|
@@ -178,32 +180,32 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use |
|
|
|
// anonymous visit public repo |
|
|
|
if user == nil { |
|
|
|
perm.AccessMode = perm_model.AccessModeRead |
|
|
|
return |
|
|
|
return perm, nil |
|
|
|
} |
|
|
|
|
|
|
|
// Admin or the owner has super access to the repository |
|
|
|
if user.IsAdmin || user.ID == repo.OwnerID { |
|
|
|
perm.AccessMode = perm_model.AccessModeOwner |
|
|
|
return |
|
|
|
return perm, nil |
|
|
|
} |
|
|
|
|
|
|
|
// plain user |
|
|
|
perm.AccessMode, err = accessLevel(ctx, user, repo) |
|
|
|
if err != nil { |
|
|
|
return |
|
|
|
return perm, err |
|
|
|
} |
|
|
|
|
|
|
|
if err = repo.LoadOwner(ctx); err != nil { |
|
|
|
return |
|
|
|
if err := repo.LoadOwner(ctx); err != nil { |
|
|
|
return perm, err |
|
|
|
} |
|
|
|
if !repo.Owner.IsOrganization() { |
|
|
|
return |
|
|
|
return perm, nil |
|
|
|
} |
|
|
|
|
|
|
|
perm.UnitsMode = make(map[unit.Type]perm_model.AccessMode) |
|
|
|
|
|
|
|
// Collaborators on organization |
|
|
|
if is { |
|
|
|
if isCollaborator { |
|
|
|
for _, u := range repo.Units { |
|
|
|
perm.UnitsMode[u.Type] = perm.AccessMode |
|
|
|
} |
|
|
@@ -212,7 +214,7 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use |
|
|
|
// get units mode from teams |
|
|
|
teams, err := organization.GetUserRepoTeams(ctx, repo.OwnerID, user.ID, repo.ID) |
|
|
|
if err != nil { |
|
|
|
return |
|
|
|
return perm, err |
|
|
|
} |
|
|
|
|
|
|
|
// if user in an owner team |
|
|
@@ -220,7 +222,7 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use |
|
|
|
if team.AccessMode >= perm_model.AccessModeAdmin { |
|
|
|
perm.AccessMode = perm_model.AccessModeOwner |
|
|
|
perm.UnitsMode = nil |
|
|
|
return |
|
|
|
return perm, nil |
|
|
|
} |
|
|
|
} |
|
|
|
|