var (
COMMANDS_READONLY = map[string]models.AccessMode{
- "git-upload-pack": models.WriteAccess,
- "git upload-pack": models.WriteAccess,
- "git-upload-archive": models.WriteAccess,
+ "git-upload-pack": models.ACCESS_MODE_WRITE,
+ "git upload-pack": models.ACCESS_MODE_WRITE,
+ "git-upload-archive": models.ACCESS_MODE_WRITE,
}
COMMANDS_WRITE = map[string]models.AccessMode{
- "git-receive-pack": models.ReadAccess,
- "git receive-pack": models.ReadAccess,
+ "git-receive-pack": models.ACCESS_MODE_READ,
+ "git receive-pack": models.ACCESS_MODE_READ,
}
)
switch {
case isWrite:
- has, err := models.HasAccess(user, repo, models.WriteAccess)
+ has, err := models.HasAccess(user, repo, models.ACCESS_MODE_WRITE)
if err != nil {
println("Gogs: internal error:", err.Error())
log.GitLogger.Fatal(2, "Fail to check write access:", err)
break
}
- has, err := models.HasAccess(user, repo, models.ReadAccess)
+ has, err := models.HasAccess(user, repo, models.ACCESS_MODE_READ)
if err != nil {
println("Gogs: internal error:", err.Error())
log.GitLogger.Fatal(2, "Fail to check read access:", err)
type AccessMode int
const (
- NoAccess AccessMode = iota
- ReadAccess
- WriteAccess
- AdminAccess
- OwnerAccess
+ ACCESS_MODE_NONE AccessMode = iota
+ ACCESS_MODE_READ
+ ACCESS_MODE_WRITE
+ ACCESS_MODE_ADMIN
+ ACCESS_MODE_OWNER
)
func maxAccessMode(modes ...AccessMode) AccessMode {
- max := NoAccess
+ max := ACCESS_MODE_NONE
for _, mode := range modes {
if mode > max {
max = mode
// Return the Access a user has to a repository. Will return NoneAccess if the
// user does not have access. User can be nil!
func AccessLevel(u *User, r *Repository) (AccessMode, error) {
- mode := NoAccess
+ mode := ACCESS_MODE_NONE
if !r.IsPrivate {
- mode = ReadAccess
+ mode = ACCESS_MODE_READ
}
if u != nil {
if u.Id == r.OwnerId {
- return OwnerAccess, nil
+ return ACCESS_MODE_OWNER, nil
}
a := &Access{UserID: u.Id, RepoID: r.Id}
return err
}
for _, c := range collaborators {
- accessMap[c.Id] = WriteAccess
+ accessMap[c.Id] = ACCESS_MODE_WRITE
}
if err := r.GetOwner(); err != nil {
}
}
- minMode := ReadAccess
+ minMode := ACCESS_MODE_READ
if !r.IsPrivate {
- minMode = WriteAccess
+ minMode = ACCESS_MODE_WRITE
}
newAccesses := make([]Access, 0, len(accessMap))
OrgId: org.Id,
LowerName: strings.ToLower(OWNER_TEAM),
Name: OWNER_TEAM,
- Authorize: OwnerAccess,
+ Authorize: ACCESS_MODE_OWNER,
NumMembers: 1,
}
if _, err = sess.Insert(t); err != nil {
return
}
ctx.Data["Team"] = ctx.Org.Team
- ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.AdminAccess
+ ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.ACCESS_MODE_ADMIN
}
ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
if requireAdminTeam && !ctx.Org.IsAdminTeam {
ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL})
return
}
- ctx.Repo.IsOwner = mode >= models.WriteAccess
- ctx.Repo.IsAdmin = mode >= models.ReadAccess
- ctx.Repo.IsTrueOwner = mode >= models.OwnerAccess
+ ctx.Repo.IsOwner = mode >= models.ACCESS_MODE_WRITE
+ ctx.Repo.IsAdmin = mode >= models.ACCESS_MODE_READ
+ ctx.Repo.IsTrueOwner = mode >= models.ACCESS_MODE_OWNER
}
// Check access.
ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL})
return
}
- ctx.Repo.IsOwner = mode >= models.WriteAccess
- ctx.Repo.IsAdmin = mode >= models.ReadAccess
- ctx.Repo.IsTrueOwner = mode >= models.OwnerAccess
+ ctx.Repo.IsOwner = mode >= models.ACCESS_MODE_WRITE
+ ctx.Repo.IsAdmin = mode >= models.ACCESS_MODE_READ
+ ctx.Repo.IsTrueOwner = mode >= models.ACCESS_MODE_OWNER
}
// Check access.
return
}
- repos[i] = ToApiRepository(repo.Owner, repo, api.Permission{false, access >= models.WriteAccess, true})
+ repos[i] = ToApiRepository(repo.Owner, repo, api.Permission{false, access >= models.ACCESS_MODE_WRITE, true})
// FIXME: cache result to reduce DB query?
if repo.Owner.IsOrganization() && repo.Owner.IsOwnedBy(ctx.User.Id) {
var auth models.AccessMode
switch form.Permission {
case "read":
- auth = models.ReadAccess
+ auth = models.ACCESS_MODE_READ
case "write":
- auth = models.WriteAccess
+ auth = models.ACCESS_MODE_WRITE
case "admin":
- auth = models.AdminAccess
+ auth = models.ACCESS_MODE_ADMIN
default:
ctx.Error(401)
return
var auth models.AccessMode
switch form.Permission {
case "read":
- auth = models.ReadAccess
+ auth = models.ACCESS_MODE_READ
case "write":
- auth = models.WriteAccess
+ auth = models.ACCESS_MODE_WRITE
case "admin":
- auth = models.AdminAccess
+ auth = models.ACCESS_MODE_ADMIN
default:
ctx.Error(401)
return
}
if !isPublicPull {
- var tp = models.WriteAccess
+ var tp = models.ACCESS_MODE_WRITE
if isPull {
- tp = models.ReadAccess
+ tp = models.ACCESS_MODE_READ
}
has, err := models.HasAccess(authUser, repo, tp)
ctx.Handle(401, "no basic auth and digit auth", nil)
return
} else if !has {
- if tp == models.ReadAccess {
- has, err = models.HasAccess(authUser, repo, models.WriteAccess)
+ if tp == models.ACCESS_MODE_READ {
+ has, err = models.HasAccess(authUser, repo, models.ACCESS_MODE_WRITE)
if err != nil || !has {
ctx.Handle(401, "no basic auth and digit auth", nil)
return
access := hasAccess(r, hr.Config, dir, rpc, true)
if access == false {
- renderNoAccess(w)
+ renderACCESS_MODE_NONE(w)
return
}
w.Write([]byte("Not Found"))
}
-func renderNoAccess(w http.ResponseWriter) {
+func renderACCESS_MODE_NONE(w http.ResponseWriter) {
w.WriteHeader(http.StatusForbidden)
w.Write([]byte("Forbidden"))
}
feeds := make([]*models.Action, 0, len(actions))
for _, act := range actions {
if act.IsPrivate {
- if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ReadAccess); !has {
+ if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ACCESS_MODE_READ); !has {
continue
}
}
continue
}
if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true},
- models.ReadAccess); !has {
+ models.ACCESS_MODE_READ); !has {
continue
}
}
projects / gitea.git / commitdiff