"time"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/json"
"code.gitea.io/gitea/modules/log"
}
var (
- allowedCommands = map[string]models.AccessMode{
- "git-upload-pack": models.AccessModeRead,
- "git-upload-archive": models.AccessModeRead,
- "git-receive-pack": models.AccessModeWrite,
- lfsAuthenticateVerb: models.AccessModeNone,
+ allowedCommands = map[string]perm.AccessMode{
+ "git-upload-pack": perm.AccessModeRead,
+ "git-upload-archive": perm.AccessModeRead,
+ "git-receive-pack": perm.AccessModeWrite,
+ lfsAuthenticateVerb: perm.AccessModeNone,
}
alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)
)
if verb == lfsAuthenticateVerb {
if lfsVerb == "upload" {
- requestedMode = models.AccessModeWrite
+ requestedMode = perm.AccessModeWrite
} else if lfsVerb == "download" {
- requestedMode = models.AccessModeRead
+ requestedMode = perm.AccessModeRead
} else {
return fail("Unknown LFS verb", "Unknown lfs verb %s", lfsVerb)
}
"time"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/modules/json"
"code.gitea.io/gitea/modules/queue"
api "code.gitea.io/gitea/modules/structs"
}
}
-func doAPIAddCollaborator(ctx APITestContext, username string, mode models.AccessMode) func(*testing.T) {
+func doAPIAddCollaborator(ctx APITestContext, username string, mode perm.AccessMode) func(*testing.T) {
return func(t *testing.T) {
permission := "read"
- if mode == models.AccessModeAdmin {
+ if mode == perm.AccessModeAdmin {
permission = "admin"
- } else if mode > models.AccessModeRead {
+ } else if mode > perm.AccessModeRead {
permission = "write"
}
addCollaboratorOption := &api.AddCollaboratorOption{
"testing"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
api "code.gitea.io/gitea/modules/structs"
ID: newDeployKey.ID,
Name: rawKeyBody.Title,
Content: rawKeyBody.Key,
- Mode: models.AccessModeRead,
+ Mode: perm.AccessModeRead,
})
}
ID: newDeployKey.ID,
Name: rawKeyBody.Title,
Content: rawKeyBody.Key,
- Mode: models.AccessModeWrite,
+ Mode: perm.AccessModeWrite,
})
}
OwnerID: user.ID,
Name: rawKeyBody.Title,
Content: rawKeyBody.Key,
- Mode: models.AccessModeWrite,
+ Mode: perm.AccessModeWrite,
})
// Search by fingerprint
"testing"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/modules/private"
"github.com/stretchr/testify/assert"
defer cancel()
// Can push to a repo we own
- results, err := private.ServCommand(ctx, 1, "user2", "repo1", models.AccessModeWrite, "git-upload-pack", "")
+ results, err := private.ServCommand(ctx, 1, "user2", "repo1", perm.AccessModeWrite, "git-upload-pack", "")
assert.NoError(t, err)
assert.False(t, results.IsWiki)
assert.False(t, results.IsDeployKey)
assert.Equal(t, int64(1), results.RepoID)
// Cannot push to a private repo we're not associated with
- results, err = private.ServCommand(ctx, 1, "user15", "big_test_private_1", models.AccessModeWrite, "git-upload-pack", "")
+ results, err = private.ServCommand(ctx, 1, "user15", "big_test_private_1", perm.AccessModeWrite, "git-upload-pack", "")
assert.Error(t, err)
assert.Empty(t, results)
// Cannot pull from a private repo we're not associated with
- results, err = private.ServCommand(ctx, 1, "user15", "big_test_private_1", models.AccessModeRead, "git-upload-pack", "")
+ results, err = private.ServCommand(ctx, 1, "user15", "big_test_private_1", perm.AccessModeRead, "git-upload-pack", "")
assert.Error(t, err)
assert.Empty(t, results)
// Can pull from a public repo we're not associated with
- results, err = private.ServCommand(ctx, 1, "user15", "big_test_public_1", models.AccessModeRead, "git-upload-pack", "")
+ results, err = private.ServCommand(ctx, 1, "user15", "big_test_public_1", perm.AccessModeRead, "git-upload-pack", "")
assert.NoError(t, err)
assert.False(t, results.IsWiki)
assert.False(t, results.IsDeployKey)
assert.Equal(t, int64(17), results.RepoID)
// Cannot push to a public repo we're not associated with
- results, err = private.ServCommand(ctx, 1, "user15", "big_test_public_1", models.AccessModeWrite, "git-upload-pack", "")
+ results, err = private.ServCommand(ctx, 1, "user15", "big_test_public_1", perm.AccessModeWrite, "git-upload-pack", "")
assert.Error(t, err)
assert.Empty(t, results)
assert.NoError(t, err)
// Can pull from repo we're a deploy key for
- results, err = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_1", models.AccessModeRead, "git-upload-pack", "")
+ results, err = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_1", perm.AccessModeRead, "git-upload-pack", "")
assert.NoError(t, err)
assert.False(t, results.IsWiki)
assert.True(t, results.IsDeployKey)
assert.Equal(t, int64(19), results.RepoID)
// Cannot push to a private repo with reading key
- results, err = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_1", models.AccessModeWrite, "git-upload-pack", "")
+ results, err = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_1", perm.AccessModeWrite, "git-upload-pack", "")
assert.Error(t, err)
assert.Empty(t, results)
// Cannot pull from a private repo we're not associated with
- results, err = private.ServCommand(ctx, deployKey.ID, "user15", "big_test_private_2", models.AccessModeRead, "git-upload-pack", "")
+ results, err = private.ServCommand(ctx, deployKey.ID, "user15", "big_test_private_2", perm.AccessModeRead, "git-upload-pack", "")
assert.Error(t, err)
assert.Empty(t, results)
// Cannot pull from a public repo we're not associated with
- results, err = private.ServCommand(ctx, deployKey.ID, "user15", "big_test_public_1", models.AccessModeRead, "git-upload-pack", "")
+ results, err = private.ServCommand(ctx, deployKey.ID, "user15", "big_test_public_1", perm.AccessModeRead, "git-upload-pack", "")
assert.Error(t, err)
assert.Empty(t, results)
assert.NoError(t, err)
// Cannot push to a private repo with reading key
- results, err = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_1", models.AccessModeWrite, "git-upload-pack", "")
+ results, err = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_1", perm.AccessModeWrite, "git-upload-pack", "")
assert.Error(t, err)
assert.Empty(t, results)
// Can pull from repo we're a writing deploy key for
- results, err = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_2", models.AccessModeRead, "git-upload-pack", "")
+ results, err = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_2", perm.AccessModeRead, "git-upload-pack", "")
assert.NoError(t, err)
assert.False(t, results.IsWiki)
assert.True(t, results.IsDeployKey)
assert.Equal(t, int64(20), results.RepoID)
// Can push to repo we're a writing deploy key for
- results, err = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_2", models.AccessModeWrite, "git-upload-pack", "")
+ results, err = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_2", perm.AccessModeWrite, "git-upload-pack", "")
assert.NoError(t, err)
assert.False(t, results.IsWiki)
assert.True(t, results.IsDeployKey)
"time"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/git"
defer util.RemoveAll(dstPath)
t.Run("CreateRepoInDifferentUser", doAPICreateRepository(forkedUserCtx, false))
- t.Run("AddUserAsCollaborator", doAPIAddCollaborator(forkedUserCtx, httpContext.Username, models.AccessModeRead))
+ t.Run("AddUserAsCollaborator", doAPIAddCollaborator(forkedUserCtx, httpContext.Username, perm.AccessModeRead))
t.Run("ForkFromDifferentUser", doAPIForkRepository(httpContext, forkedUserCtx.Username))
keyname := "my-testing-key"
forkedUserCtx.Reponame = sshContext.Reponame
t.Run("CreateRepoInDifferentUser", doAPICreateRepository(forkedUserCtx, false))
- t.Run("AddUserAsCollaborator", doAPIAddCollaborator(forkedUserCtx, sshContext.Username, models.AccessModeRead))
+ t.Run("AddUserAsCollaborator", doAPIAddCollaborator(forkedUserCtx, sshContext.Username, perm.AccessModeRead))
t.Run("ForkFromDifferentUser", doAPIForkRepository(sshContext, forkedUserCtx.Username))
//Setup key the user ssh key
"fmt"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
- "code.gitea.io/gitea/modules/log"
)
-// AccessMode specifies the users access mode
-type AccessMode int
-
-const (
- // AccessModeNone no access
- AccessModeNone AccessMode = iota // 0
- // AccessModeRead read access
- AccessModeRead // 1
- // AccessModeWrite write access
- AccessModeWrite // 2
- // AccessModeAdmin admin access
- AccessModeAdmin // 3
- // AccessModeOwner owner access
- AccessModeOwner // 4
-)
-
-func (mode AccessMode) String() string {
- switch mode {
- case AccessModeRead:
- return "read"
- case AccessModeWrite:
- return "write"
- case AccessModeAdmin:
- return "admin"
- case AccessModeOwner:
- return "owner"
- default:
- return "none"
- }
-}
-
-// ColorFormat provides a ColorFormatted version of this AccessMode
-func (mode AccessMode) ColorFormat(s fmt.State) {
- log.ColorFprintf(s, "%d:%s",
- log.NewColoredIDValue(mode),
- mode)
-}
-
-// ParseAccessMode returns corresponding access mode to given permission string.
-func ParseAccessMode(permission string) AccessMode {
- switch permission {
- case "write":
- return AccessModeWrite
- case "admin":
- return AccessModeAdmin
- default:
- return AccessModeRead
- }
-}
-
// Access represents the highest access level of a user to the repository. The only access type
// that is not in this table is the real owner of a repository. In case of an organization
// repository, the members of the owners team are in this table.
ID int64 `xorm:"pk autoincr"`
UserID int64 `xorm:"UNIQUE(s)"`
RepoID int64 `xorm:"UNIQUE(s)"`
- Mode AccessMode
+ Mode perm.AccessMode
}
func init() {
db.RegisterModel(new(Access))
}
-func accessLevel(e db.Engine, user *user_model.User, repo *Repository) (AccessMode, error) {
- mode := AccessModeNone
+func accessLevel(e db.Engine, user *user_model.User, repo *Repository) (perm.AccessMode, error) {
+ mode := perm.AccessModeNone
var userID int64
restricted := false
}
if !restricted && !repo.IsPrivate {
- mode = AccessModeRead
+ mode = perm.AccessModeRead
}
if userID == 0 {
}
if userID == repo.OwnerID {
- return AccessModeOwner, nil
+ return perm.AccessModeOwner, nil
}
a := &Access{UserID: userID, RepoID: repo.ID}
return a.Mode, nil
}
-func maxAccessMode(modes ...AccessMode) AccessMode {
- max := AccessModeNone
+func maxAccessMode(modes ...perm.AccessMode) perm.AccessMode {
+ max := perm.AccessModeNone
for _, mode := range modes {
if mode > max {
max = mode
type userAccess struct {
User *user_model.User
- Mode AccessMode
+ Mode perm.AccessMode
}
// updateUserAccess updates an access map so that user has at least mode
-func updateUserAccess(accessMap map[int64]*userAccess, user *user_model.User, mode AccessMode) {
+func updateUserAccess(accessMap map[int64]*userAccess, user *user_model.User, mode perm.AccessMode) {
if ua, ok := accessMap[user.ID]; ok {
ua.Mode = maxAccessMode(ua.Mode, mode)
} else {
// FIXME: do cross-comparison so reduce deletions and additions to the minimum?
func (repo *Repository) refreshAccesses(e db.Engine, accessMap map[int64]*userAccess) (err error) {
- minMode := AccessModeRead
+ minMode := perm.AccessModeRead
if !repo.IsPrivate {
- minMode = AccessModeWrite
+ minMode = perm.AccessModeWrite
}
newAccesses := make([]Access, 0, len(accessMap))
// Owner team gets owner access, and skip for teams that do not
// have relations with repository.
if t.IsOwnerTeam() {
- t.Authorize = AccessModeOwner
+ t.Authorize = perm.AccessModeOwner
} else if !t.hasRepository(e, repo.ID) {
continue
}
// recalculateUserAccess recalculates new access for a single user
// Usable if we know access only affected one user
func (repo *Repository) recalculateUserAccess(e db.Engine, uid int64) (err error) {
- minMode := AccessModeRead
+ minMode := perm.AccessModeRead
if !repo.IsPrivate {
- minMode = AccessModeWrite
+ minMode = perm.AccessModeWrite
}
- accessMode := AccessModeNone
+ accessMode := perm.AccessModeNone
collaborator, err := repo.getCollaboration(e, uid)
if err != nil {
return err
for _, t := range teams {
if t.IsOwnerTeam() {
- t.Authorize = AccessModeOwner
+ t.Authorize = perm.AccessModeOwner
}
accessMode = maxAccessMode(accessMode, t.Authorize)
"testing"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
level, err := AccessLevel(user2, repo1)
assert.NoError(t, err)
- assert.Equal(t, AccessModeOwner, level)
+ assert.Equal(t, perm.AccessModeOwner, level)
level, err = AccessLevel(user2, repo3)
assert.NoError(t, err)
- assert.Equal(t, AccessModeOwner, level)
+ assert.Equal(t, perm.AccessModeOwner, level)
level, err = AccessLevel(user5, repo1)
assert.NoError(t, err)
- assert.Equal(t, AccessModeRead, level)
+ assert.Equal(t, perm.AccessModeRead, level)
level, err = AccessLevel(user5, repo3)
assert.NoError(t, err)
- assert.Equal(t, AccessModeNone, level)
+ assert.Equal(t, perm.AccessModeNone, level)
// restricted user has no access to a public repo
level, err = AccessLevel(user29, repo1)
assert.NoError(t, err)
- assert.Equal(t, AccessModeNone, level)
+ assert.Equal(t, perm.AccessModeNone, level)
// ... unless he's a collaborator
level, err = AccessLevel(user29, repo4)
assert.NoError(t, err)
- assert.Equal(t, AccessModeWrite, level)
+ assert.Equal(t, perm.AccessModeWrite, level)
// ... or a team member
level, err = AccessLevel(user29, repo24)
assert.NoError(t, err)
- assert.Equal(t, AccessModeRead, level)
+ assert.Equal(t, perm.AccessModeRead, level)
}
func TestHasAccess(t *testing.T) {
has, err := db.GetEngine(db.DefaultContext).Get(access)
assert.NoError(t, err)
assert.True(t, has)
- assert.Equal(t, AccessModeOwner, access.Mode)
+ assert.Equal(t, perm.AccessModeOwner, access.Mode)
}
func TestRepository_RecalculateAccesses2(t *testing.T) {
"time"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/base"
} else if repo, err := GetRepositoryByID(protectBranch.RepoID); err != nil {
log.Error("GetRepositoryByID: %v", err)
return false
- } else if writeAccess, err := HasAccessUnit(user, repo, unit.TypeCode, AccessModeWrite); err != nil {
+ } else if writeAccess, err := HasAccessUnit(user, repo, unit.TypeCode, perm.AccessModeWrite); err != nil {
log.Error("HasAccessUnit: %v", err)
return false
} else {
if !protectBranch.EnableApprovalsWhitelist {
// Anyone with write access is considered official reviewer
- writeAccess, err := hasAccessUnit(e, user, repo, unit.TypeCode, AccessModeWrite)
+ writeAccess, err := hasAccessUnit(e, user, repo, unit.TypeCode, perm.AccessModeWrite)
if err != nil {
return false, err
}
return currentWhitelist, nil
}
- teams, err := GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, AccessModeRead)
+ teams, err := GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, perm.AccessModeRead)
if err != nil {
return nil, fmt.Errorf("GetTeamsWithAccessToRepo [org_id: %d, repo_id: %d]: %v", repo.OwnerID, repo.ID, err)
}
import (
"fmt"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/modules/git"
)
type ErrLFSUnauthorizedAction struct {
RepoID int64
UserName string
- Mode AccessMode
+ Mode perm.AccessMode
}
// IsErrLFSUnauthorizedAction checks if an error is a ErrLFSUnauthorizedAction.
}
func (err ErrLFSUnauthorizedAction) Error() string {
- if err.Mode == AccessModeWrite {
+ if err.Mode == perm.AccessModeWrite {
return fmt.Sprintf("User %s doesn't have write access for lfs lock [rid: %d]", err.UserName, err.RepoID)
}
return fmt.Sprintf("User %s doesn't have read access for lfs lock [rid: %d]", err.UserName, err.RepoID)
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/issues"
+ "code.gitea.io/gitea/models/perm"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
unittype = unit.TypePullRequests
}
for _, team := range teams {
- if team.Authorize >= AccessModeOwner {
+ if team.Authorize >= perm.AccessModeOwner {
checked = append(checked, team.ID)
resolved[issue.Repo.Owner.LowerName+"/"+team.LowerName] = true
continue
"time"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
// CreateLFSLock creates a new lock.
func CreateLFSLock(lock *LFSLock) (*LFSLock, error) {
- err := CheckLFSAccessForRepo(lock.OwnerID, lock.Repo, AccessModeWrite)
+ err := CheckLFSAccessForRepo(lock.OwnerID, lock.Repo, perm.AccessModeWrite)
if err != nil {
return nil, err
}
return nil, err
}
- err = CheckLFSAccessForRepo(u.ID, lock.Repo, AccessModeWrite)
+ err = CheckLFSAccessForRepo(u.ID, lock.Repo, perm.AccessModeWrite)
if err != nil {
return nil, err
}
}
// CheckLFSAccessForRepo check needed access mode base on action
-func CheckLFSAccessForRepo(ownerID int64, repo *Repository, mode AccessMode) error {
+func CheckLFSAccessForRepo(ownerID int64, repo *Repository, mode perm.AccessMode) error {
if ownerID == 0 {
return ErrLFSUnauthorizedAction{repo.ID, "undefined", mode}
}
"strings"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
OrgID: org.ID,
LowerName: strings.ToLower(ownerTeamName),
Name: ownerTeamName,
- Authorize: AccessModeOwner,
+ Authorize: perm.AccessModeOwner,
NumMembers: 1,
IncludesAllRepositories: true,
CanCreateOrgRepo: true,
}
// GetOrgUserMaxAuthorizeLevel returns highest authorize level of user in an organization
-func (org *Organization) GetOrgUserMaxAuthorizeLevel(uid int64) (AccessMode, error) {
- var authorize AccessMode
+func (org *Organization) GetOrgUserMaxAuthorizeLevel(uid int64) (perm.AccessMode, error) {
+ var authorize perm.AccessMode
_, err := db.GetEngine(db.DefaultContext).
Select("max(team.authorize)").
Table("team").
return users, e.
Join("INNER", "`team_user`", "`team_user`.uid=`user`.id").
Join("INNER", "`team`", "`team`.id=`team_user`.team_id").
- Where(builder.Eq{"team.can_create_org_repo": true}.Or(builder.Eq{"team.authorize": AccessModeOwner})).
+ Where(builder.Eq{"team.can_create_org_repo": true}.Or(builder.Eq{"team.authorize": perm.AccessModeOwner})).
And("team_user.org_id = ?", orgID).Asc("`user`.name").Find(&users)
}
Join("INNER", "`team_user`", "`team_user`.org_id=`user`.id").
Join("INNER", "`team`", "`team`.id=`team_user`.team_id").
Where("`team_user`.uid=?", userID).
- And("`team`.authorize=?", AccessModeOwner).
+ And("`team`.authorize=?", perm.AccessModeOwner).
Asc("`user`.name").
Find(&orgs)
}
Join("INNER", "`team_user`", "`team_user`.org_id = `user`.id").
Join("INNER", "`team`", "`team`.id = `team_user`.team_id").
Where(builder.Eq{"`team_user`.uid": userID}).
- And(builder.Eq{"`team`.authorize": AccessModeOwner}.Or(builder.Eq{"`team`.can_create_org_repo": true})))).
+ And(builder.Eq{"`team`.authorize": perm.AccessModeOwner}.Or(builder.Eq{"`team`.can_create_org_repo": true})))).
Asc("`user`.name").
Find(&orgs)
}
}
// TeamsWithAccessToRepo returns all teams that have given access level to the repository.
-func (org *Organization) TeamsWithAccessToRepo(repoID int64, mode AccessMode) ([]*Team, error) {
+func (org *Organization) TeamsWithAccessToRepo(repoID int64, mode perm.AccessMode) ([]*Team, error) {
return GetTeamsWithAccessToRepo(org.ID, repoID, mode)
}
"strings"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
LowerName string
Name string
Description string
- Authorize AccessMode
+ Authorize perm.AccessMode
Repos []*Repository `xorm:"-"`
Members []*user_model.User `xorm:"-"`
NumRepos int
// HasWriteAccess returns true if team has at least write level access mode.
func (t *Team) HasWriteAccess() bool {
- return t.Authorize >= AccessModeWrite
+ return t.Authorize >= perm.AccessModeWrite
}
// IsOwnerTeam returns true if team is owner team.
}
// GetTeamsWithAccessToRepo returns all teams in an organization that have given access level to the repository.
-func GetTeamsWithAccessToRepo(orgID, repoID int64, mode AccessMode) ([]*Team, error) {
+func GetTeamsWithAccessToRepo(orgID, repoID int64, mode perm.AccessMode) ([]*Team, error) {
teams := make([]*Team, 0, 5)
return teams, db.GetEngine(db.DefaultContext).Where("team.authorize >= ?", mode).
Join("INNER", "team_repo", "team_repo.team_id = team.id").
"testing"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
team.LowerName = "newname"
team.Name = "newName"
team.Description = strings.Repeat("A long description!", 100)
- team.Authorize = AccessModeAdmin
+ team.Authorize = perm.AccessModeAdmin
assert.NoError(t, UpdateTeam(team, true, false))
team = unittest.AssertExistsAndLoadBean(t, &Team{Name: "newName"}).(*Team)
assert.True(t, strings.HasPrefix(team.Description, "A long description!"))
access := unittest.AssertExistsAndLoadBean(t, &Access{UserID: 4, RepoID: 3}).(*Access)
- assert.EqualValues(t, AccessModeAdmin, access.Mode)
+ assert.EqualValues(t, perm.AccessModeAdmin, access.Mode)
unittest.CheckConsistencyFor(t, &Team{ID: team.ID})
}
repo := unittest.AssertExistsAndLoadBean(t, &Repository{ID: 3}).(*Repository)
accessMode, err := AccessLevel(user, repo)
assert.NoError(t, err)
- assert.True(t, accessMode < AccessModeWrite)
+ assert.True(t, accessMode < perm.AccessModeWrite)
}
func TestIsTeamMember(t *testing.T) {
--- /dev/null
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package perm
+
+import (
+ "fmt"
+
+ "code.gitea.io/gitea/modules/log"
+)
+
+// AccessMode specifies the users access mode
+type AccessMode int
+
+const (
+ // AccessModeNone no access
+ AccessModeNone AccessMode = iota // 0
+ // AccessModeRead read access
+ AccessModeRead // 1
+ // AccessModeWrite write access
+ AccessModeWrite // 2
+ // AccessModeAdmin admin access
+ AccessModeAdmin // 3
+ // AccessModeOwner owner access
+ AccessModeOwner // 4
+)
+
+func (mode AccessMode) String() string {
+ switch mode {
+ case AccessModeRead:
+ return "read"
+ case AccessModeWrite:
+ return "write"
+ case AccessModeAdmin:
+ return "admin"
+ case AccessModeOwner:
+ return "owner"
+ default:
+ return "none"
+ }
+}
+
+// ColorFormat provides a ColorFormatted version of this AccessMode
+func (mode AccessMode) ColorFormat(s fmt.State) {
+ log.ColorFprintf(s, "%d:%s",
+ log.NewColoredIDValue(mode),
+ mode)
+}
+
+// ParseAccessMode returns corresponding access mode to given permission string.
+func ParseAccessMode(permission string) AccessMode {
+ switch permission {
+ case "write":
+ return AccessModeWrite
+ case "admin":
+ return AccessModeAdmin
+ default:
+ return AccessModeRead
+ }
+}
admin_model "code.gitea.io/gitea/models/admin"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
accesses := make([]*Access, 0, 10)
if err = e.
- Where("repo_id = ? AND mode >= ?", repo.ID, AccessModeWrite).
+ Where("repo_id = ? AND mode >= ?", repo.ID, perm.AccessModeWrite).
Find(&accesses); err != nil {
return nil, err
}
// Anyone who can read the repository is a requestable reviewer
if err := e.
SQL("SELECT * FROM `user` WHERE id in (SELECT user_id FROM `access` WHERE repo_id = ? AND mode >= ? AND user_id NOT IN ( ?, ?)) ORDER BY name",
- repo.ID, AccessModeRead,
+ repo.ID, perm.AccessModeRead,
doerID, posterID).
Find(&users); err != nil {
return nil, err
"UNION "+
"SELECT uid AS user_id FROM `org_user` WHERE org_id = ? "+
") AND id NOT IN (?, ?) ORDER BY name",
- repo.ID, AccessModeRead,
+ repo.ID, perm.AccessModeRead,
repo.ID, RepoWatchModeNormal, RepoWatchModeAuto,
repo.OwnerID,
doerID, posterID).
return nil, nil
}
- teams, err := GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, AccessModeRead)
+ teams, err := GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, perm.AccessModeRead)
if err != nil {
return nil, err
}
// GetReaders returns all users that have explicit read access or higher to the repository.
func (repo *Repository) GetReaders() (_ []*user_model.User, err error) {
- return repo.getUsersWithAccessMode(db.GetEngine(db.DefaultContext), AccessModeRead)
+ return repo.getUsersWithAccessMode(db.GetEngine(db.DefaultContext), perm.AccessModeRead)
}
// GetWriters returns all users that have write access to the repository.
func (repo *Repository) GetWriters() (_ []*user_model.User, err error) {
- return repo.getUsersWithAccessMode(db.GetEngine(db.DefaultContext), AccessModeWrite)
+ return repo.getUsersWithAccessMode(db.GetEngine(db.DefaultContext), perm.AccessModeWrite)
}
// IsReader returns true if user has explicit read access or higher to the repository.
if repo.OwnerID == userID {
return true, nil
}
- return db.GetEngine(db.DefaultContext).Where("repo_id = ? AND user_id = ? AND mode >= ?", repo.ID, userID, AccessModeRead).Get(&Access{})
+ return db.GetEngine(db.DefaultContext).Where("repo_id = ? AND user_id = ? AND mode >= ?", repo.ID, userID, perm.AccessModeRead).Get(&Access{})
}
// getUsersWithAccessMode returns users that have at least given access mode to the repository.
-func (repo *Repository) getUsersWithAccessMode(e db.Engine, mode AccessMode) (_ []*user_model.User, err error) {
+func (repo *Repository) getUsersWithAccessMode(e db.Engine, mode perm.AccessMode) (_ []*user_model.User, err error) {
if err = repo.getOwner(e); err != nil {
return nil, err
}
if err = repo.addCollaborator(db.GetEngine(ctx), doer); err != nil {
return fmt.Errorf("AddCollaborator: %v", err)
}
- if err = repo.changeCollaborationAccessMode(db.GetEngine(ctx), doer.ID, AccessModeAdmin); err != nil {
+ if err = repo.changeCollaborationAccessMode(db.GetEngine(ctx), doer.ID, perm.AccessModeAdmin); err != nil {
return fmt.Errorf("ChangeCollaborationAccessMode: %v", err)
}
}
"fmt"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
ID int64 `xorm:"pk autoincr"`
RepoID int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
UserID int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
- Mode AccessMode `xorm:"DEFAULT 2 NOT NULL"`
+ Mode perm.AccessMode `xorm:"DEFAULT 2 NOT NULL"`
CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
}
} else if has {
return nil
}
- collaboration.Mode = AccessModeWrite
+ collaboration.Mode = perm.AccessModeWrite
if _, err = e.InsertOne(collaboration); err != nil {
return err
return repo.isCollaborator(db.GetEngine(db.DefaultContext), userID)
}
-func (repo *Repository) changeCollaborationAccessMode(e db.Engine, uid int64, mode AccessMode) error {
+func (repo *Repository) changeCollaborationAccessMode(e db.Engine, uid int64, mode perm.AccessMode) error {
// Discard invalid input
- if mode <= AccessModeNone || mode > AccessModeOwner {
+ if mode <= perm.AccessModeNone || mode > perm.AccessModeOwner {
return nil
}
}
// ChangeCollaborationAccessMode sets new access mode for the collaboration.
-func (repo *Repository) ChangeCollaborationAccessMode(uid int64, mode AccessMode) error {
+func (repo *Repository) ChangeCollaborationAccessMode(uid int64, mode perm.AccessMode) error {
ctx, committer, err := db.TxContext()
if err != nil {
return err
"testing"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
assert.NoError(t, unittest.PrepareTestDatabase())
repo := unittest.AssertExistsAndLoadBean(t, &Repository{ID: 4}).(*Repository)
- assert.NoError(t, repo.ChangeCollaborationAccessMode(4, AccessModeAdmin))
+ assert.NoError(t, repo.ChangeCollaborationAccessMode(4, perm.AccessModeAdmin))
collaboration := unittest.AssertExistsAndLoadBean(t, &Collaboration{RepoID: repo.ID, UserID: 4}).(*Collaboration)
- assert.EqualValues(t, AccessModeAdmin, collaboration.Mode)
+ assert.EqualValues(t, perm.AccessModeAdmin, collaboration.Mode)
access := unittest.AssertExistsAndLoadBean(t, &Access{UserID: 4, RepoID: repo.ID}).(*Access)
- assert.EqualValues(t, AccessModeAdmin, access.Mode)
+ assert.EqualValues(t, perm.AccessModeAdmin, access.Mode)
- assert.NoError(t, repo.ChangeCollaborationAccessMode(4, AccessModeAdmin))
+ assert.NoError(t, repo.ChangeCollaborationAccessMode(4, perm.AccessModeAdmin))
- assert.NoError(t, repo.ChangeCollaborationAccessMode(unittest.NonexistentID, AccessModeAdmin))
+ assert.NoError(t, repo.ChangeCollaborationAccessMode(unittest.NonexistentID, perm.AccessModeAdmin))
unittest.CheckConsistencyFor(t, &Repository{ID: repo.ID})
}
"strings"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/util"
From("`access`").
Where(builder.And(
builder.Eq{"user_id": user.ID},
- builder.Gt{"mode": int(AccessModeNone)}))),
+ builder.Gt{"mode": int(perm.AccessModeNone)}))),
// 3. Repositories that we directly own
builder.Eq{"`repository`.owner_id": user.ID},
// 4. Be able to see all repositories that we are in a team
"fmt"
"code.gitea.io/gitea/models/db"
+ perm_model "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
// Permission contains all the permissions related variables to a repository for a user
type Permission struct {
- AccessMode AccessMode
+ AccessMode perm_model.AccessMode
Units []*RepoUnit
- UnitsMode map[unit.Type]AccessMode
+ UnitsMode map[unit.Type]perm_model.AccessMode
}
// IsOwner returns true if current user is the owner of repository.
func (p *Permission) IsOwner() bool {
- return p.AccessMode >= AccessModeOwner
+ return p.AccessMode >= perm_model.AccessModeOwner
}
// IsAdmin returns true if current user has admin or higher access of repository.
func (p *Permission) IsAdmin() bool {
- return p.AccessMode >= AccessModeAdmin
+ return p.AccessMode >= perm_model.AccessModeAdmin
}
// HasAccess returns true if the current user has at least read access to any unit of this repository
func (p *Permission) HasAccess() bool {
if p.UnitsMode == nil {
- return p.AccessMode >= AccessModeRead
+ return p.AccessMode >= perm_model.AccessModeRead
}
return len(p.UnitsMode) > 0
}
// UnitAccessMode returns current user accessmode to the specify unit of the repository
-func (p *Permission) UnitAccessMode(unitType unit.Type) AccessMode {
+func (p *Permission) UnitAccessMode(unitType unit.Type) perm_model.AccessMode {
if p.UnitsMode == nil {
for _, u := range p.Units {
if u.Type == unitType {
return p.AccessMode
}
}
- return AccessModeNone
+ return perm_model.AccessModeNone
}
return p.UnitsMode[unitType]
}
// CanAccess returns true if user has mode access to the unit of the repository
-func (p *Permission) CanAccess(mode AccessMode, unitType unit.Type) bool {
+func (p *Permission) CanAccess(mode perm_model.AccessMode, unitType unit.Type) bool {
return p.UnitAccessMode(unitType) >= mode
}
// CanAccessAny returns true if user has mode access to any of the units of the repository
-func (p *Permission) CanAccessAny(mode AccessMode, unitTypes ...unit.Type) bool {
+func (p *Permission) CanAccessAny(mode perm_model.AccessMode, unitTypes ...unit.Type) bool {
for _, u := range unitTypes {
if p.CanAccess(mode, u) {
return true
// CanRead returns true if user could read to this unit
func (p *Permission) CanRead(unitType unit.Type) bool {
- return p.CanAccess(AccessModeRead, unitType)
+ return p.CanAccess(perm_model.AccessModeRead, unitType)
}
// CanReadAny returns true if user has read access to any of the units of the repository
func (p *Permission) CanReadAny(unitTypes ...unit.Type) bool {
- return p.CanAccessAny(AccessModeRead, unitTypes...)
+ return p.CanAccessAny(perm_model.AccessModeRead, unitTypes...)
}
// CanReadIssuesOrPulls returns true if isPull is true and user could read pull requests and
// CanWrite returns true if user could write to this unit
func (p *Permission) CanWrite(unitType unit.Type) bool {
- return p.CanAccess(AccessModeWrite, unitType)
+ return p.CanAccess(perm_model.AccessModeWrite, unitType)
}
// CanWriteIssuesOrPulls returns true if isPull is true and user could write to pull requests and
func (p *Permission) ColorFormat(s fmt.State) {
noColor := log.ColorBytes(log.Reset)
- format := "AccessMode: %-v, %d Units, %d UnitsMode(s): [ "
+ format := "perm_model.AccessMode: %-v, %d Units, %d UnitsMode(s): [ "
args := []interface{}{
p.AccessMode,
log.NewColoredValueBytes(len(p.Units), &noColor),
// anonymous user visit private repo.
// TODO: anonymous user visit public unit of private repo???
if user == nil && repo.IsPrivate {
- perm.AccessMode = AccessModeNone
+ perm.AccessMode = perm_model.AccessModeNone
return
}
// Prevent strangers from checking out public repo of private organization/users
// Allow user if they are collaborator of a repo within a private user or a private organization but not a member of the organization itself
if !hasOrgOrUserVisible(e, repo.Owner, user) && !isCollaborator {
- perm.AccessMode = AccessModeNone
+ perm.AccessMode = perm_model.AccessModeNone
return
}
// anonymous visit public repo
if user == nil {
- perm.AccessMode = AccessModeRead
+ perm.AccessMode = perm_model.AccessModeRead
return
}
// Admin or the owner has super access to the repository
if user.IsAdmin || user.ID == repo.OwnerID {
- perm.AccessMode = AccessModeOwner
+ perm.AccessMode = perm_model.AccessModeOwner
return
}
return
}
- perm.UnitsMode = make(map[unit.Type]AccessMode)
+ perm.UnitsMode = make(map[unit.Type]perm_model.AccessMode)
// Collaborators on organization
if isCollaborator {
// if user in an owner team
for _, team := range teams {
- if team.Authorize >= AccessModeOwner {
- perm.AccessMode = AccessModeOwner
+ if team.Authorize >= perm_model.AccessModeOwner {
+ perm.AccessMode = perm_model.AccessModeOwner
perm.UnitsMode = nil
return
}
// for a public repo on an organization, a non-restricted user has read permission on non-team defined units.
if !found && !repo.IsPrivate && !user.IsRestricted {
if _, ok := perm.UnitsMode[u.Type]; !ok {
- perm.UnitsMode[u.Type] = AccessModeRead
+ perm.UnitsMode[u.Type] = perm_model.AccessModeRead
}
}
}
return false, err
}
- return accessMode >= AccessModeAdmin, nil
+ return accessMode >= perm_model.AccessModeAdmin, nil
}
// IsUserRepoAdmin return true if user has admin right of a repo
if err != nil {
return false, err
}
- if mode >= AccessModeAdmin {
+ if mode >= perm_model.AccessModeAdmin {
return true, nil
}
}
for _, team := range teams {
- if team.Authorize >= AccessModeAdmin {
+ if team.Authorize >= perm_model.AccessModeAdmin {
return true, nil
}
}
// AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
// user does not have access.
-func AccessLevel(user *user_model.User, repo *Repository) (AccessMode, error) {
+func AccessLevel(user *user_model.User, repo *Repository) (perm_model.AccessMode, error) {
return accessLevelUnit(db.GetEngine(db.DefaultContext), user, repo, unit.TypeCode)
}
// AccessLevelUnit returns the Access a user has to a repository's. Will return NoneAccess if the
// user does not have access.
-func AccessLevelUnit(user *user_model.User, repo *Repository, unitType unit.Type) (AccessMode, error) {
+func AccessLevelUnit(user *user_model.User, repo *Repository, unitType unit.Type) (perm_model.AccessMode, error) {
return accessLevelUnit(db.GetEngine(db.DefaultContext), user, repo, unitType)
}
-func accessLevelUnit(e db.Engine, user *user_model.User, repo *Repository, unitType unit.Type) (AccessMode, error) {
+func accessLevelUnit(e db.Engine, user *user_model.User, repo *Repository, unitType unit.Type) (perm_model.AccessMode, error) {
perm, err := getUserRepoPermission(e, repo, user)
if err != nil {
- return AccessModeNone, err
+ return perm_model.AccessModeNone, err
}
return perm.UnitAccessMode(unitType), nil
}
-func hasAccessUnit(e db.Engine, user *user_model.User, repo *Repository, unitType unit.Type, testMode AccessMode) (bool, error) {
+func hasAccessUnit(e db.Engine, user *user_model.User, repo *Repository, unitType unit.Type, testMode perm_model.AccessMode) (bool, error) {
mode, err := accessLevelUnit(e, user, repo, unitType)
return testMode <= mode, err
}
// HasAccessUnit returns true if user has testMode to the unit of the repository
-func HasAccessUnit(user *user_model.User, repo *Repository, unitType unit.Type, testMode AccessMode) (bool, error) {
+func HasAccessUnit(user *user_model.User, repo *Repository, unitType unit.Type, testMode perm_model.AccessMode) (bool, error) {
return hasAccessUnit(db.GetEngine(db.DefaultContext), user, repo, unitType, testMode)
}
if err != nil {
return false, err
}
- return perm.CanAccessAny(AccessModeWrite, unit.TypeCode, unit.TypeIssues, unit.TypePullRequests), nil
+ return perm.CanAccessAny(perm_model.AccessModeWrite, unit.TypeCode, unit.TypeIssues, unit.TypePullRequests), nil
}
func hasAccess(e db.Engine, userID int64, repo *Repository) (bool, error) {
"testing"
"code.gitea.io/gitea/models/db"
+ perm_model "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
assert.True(t, perm.CanWrite(unit.Type))
}
- assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))
+ assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, perm_model.AccessModeRead))
perm, err = GetUserRepoPermission(repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanWrite(unit.Type))
}
- assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))
+ assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, perm_model.AccessModeRead))
perm, err = GetUserRepoPermission(repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanWrite(unit.Type))
}
- assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, AccessModeRead))
+ assert.NoError(t, repo.ChangeCollaborationAccessMode(user.ID, perm_model.AccessModeRead))
perm, err = GetUserRepoPermission(repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
"strings"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/base"
}
if !pr.ProtectedBranch.EnableApprovalsWhitelist {
- return team.Authorize >= AccessModeWrite, nil
+ return team.Authorize >= perm.AccessModeWrite, nil
}
return base.Int64sContains(pr.ProtectedBranch.ApprovalsWhitelistTeamIDs, team.ID), nil
return false, err
}
- perm, err := GetUserRepoPermission(issue.Repo, doer)
+ p, err := GetUserRepoPermission(issue.Repo, doer)
if err != nil {
return false, err
}
- permResult = perm.CanAccess(AccessModeWrite, unit.TypePullRequests)
+ permResult = p.CanAccess(perm.AccessModeWrite, unit.TypePullRequests)
if !permResult {
if permResult, err = IsOfficialReviewer(issue, doer); err != nil {
return false, err
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/login"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/timeutil"
// PublicKey represents a user or deploy SSH public key.
type PublicKey struct {
- ID int64 `xorm:"pk autoincr"`
- OwnerID int64 `xorm:"INDEX NOT NULL"`
- Name string `xorm:"NOT NULL"`
- Fingerprint string `xorm:"INDEX NOT NULL"`
- Content string `xorm:"TEXT NOT NULL"`
- Mode AccessMode `xorm:"NOT NULL DEFAULT 2"`
- Type KeyType `xorm:"NOT NULL DEFAULT 1"`
- LoginSourceID int64 `xorm:"NOT NULL DEFAULT 0"`
+ ID int64 `xorm:"pk autoincr"`
+ OwnerID int64 `xorm:"INDEX NOT NULL"`
+ Name string `xorm:"NOT NULL"`
+ Fingerprint string `xorm:"INDEX NOT NULL"`
+ Content string `xorm:"TEXT NOT NULL"`
+ Mode perm.AccessMode `xorm:"NOT NULL DEFAULT 2"`
+ Type KeyType `xorm:"NOT NULL DEFAULT 1"`
+ LoginSourceID int64 `xorm:"NOT NULL DEFAULT 0"`
CreatedUnix timeutil.TimeStamp `xorm:"created"`
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
Name: name,
Fingerprint: fingerprint,
Content: content,
- Mode: AccessModeWrite,
+ Mode: perm.AccessModeWrite,
Type: KeyTypeUser,
LoginSourceID: loginSourceID,
}
"time"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/timeutil"
Fingerprint string
Content string `xorm:"-"`
- Mode AccessMode `xorm:"NOT NULL DEFAULT 1"`
+ Mode perm.AccessMode `xorm:"NOT NULL DEFAULT 1"`
CreatedUnix timeutil.TimeStamp `xorm:"created"`
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
// IsReadOnly checks if the key can only be used for read operations
func (key *DeployKey) IsReadOnly() bool {
- return key.Mode == AccessModeRead
+ return key.Mode == perm.AccessModeRead
}
func init() {
}
// addDeployKey adds new key-repo relation.
-func addDeployKey(e db.Engine, keyID, repoID int64, name, fingerprint string, mode AccessMode) (*DeployKey, error) {
+func addDeployKey(e db.Engine, keyID, repoID int64, name, fingerprint string, mode perm.AccessMode) (*DeployKey, error) {
if err := checkDeployKey(e, keyID, repoID, name); err != nil {
return nil, err
}
return nil, err
}
- accessMode := AccessModeRead
+ accessMode := perm.AccessModeRead
if !readOnly {
- accessMode = AccessModeWrite
+ accessMode = perm.AccessModeWrite
}
ctx, committer, err := db.TxContext()
"strings"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/setting"
)
OwnerID: ownerID,
Name: content,
Content: content,
- Mode: AccessModeWrite,
+ Mode: perm.AccessModeWrite,
Type: KeyTypePrincipal,
LoginSourceID: loginSourceID,
}
"strings"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
)
return
}
- ctx.Org.IsTeamAdmin = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.AccessModeAdmin
+ ctx.Org.IsTeamAdmin = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= perm.AccessModeAdmin
ctx.Data["IsTeamAdmin"] = ctx.Org.IsTeamAdmin
if requireTeamAdmin && !ctx.Org.IsTeamAdmin {
ctx.NotFound("OrgAssignment", err)
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/login"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/models/webhook"
var hasPerm bool
var err error
if user != nil {
- hasPerm, err = models.HasAccessUnit(user, repo, unit.TypeCode, models.AccessModeWrite)
+ hasPerm, err = models.HasAccessUnit(user, repo, unit.TypeCode, perm.AccessModeWrite)
if err != nil {
return nil, err
}
URL: fmt.Sprintf("%s%d", apiLink, key.ID),
Title: key.Name,
Created: key.CreatedUnix.AsTime(),
- ReadOnly: key.Mode == models.AccessModeRead, // All deploy keys are read-only.
+ ReadOnly: key.Mode == perm.AccessModeRead, // All deploy keys are read-only.
}
}
"net/url"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
api "code.gitea.io/gitea/modules/structs"
)
//since user only get notifications when he has access to use minimal access mode
if n.Repository != nil {
- result.Repository = ToRepo(n.Repository, models.AccessModeRead)
+ result.Repository = ToRepo(n.Repository, perm.AccessModeRead)
}
//handle Subject
"fmt"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log"
return nil
}
- perm, err := models.GetUserRepoPermission(pr.BaseRepo, doer)
+ p, err := models.GetUserRepoPermission(pr.BaseRepo, doer)
if err != nil {
log.Error("GetUserRepoPermission[%d]: %v", pr.BaseRepoID, err)
- perm.AccessMode = models.AccessModeNone
+ p.AccessMode = perm.AccessModeNone
}
apiPullRequest := &api.PullRequest{
Name: pr.BaseBranch,
Ref: pr.BaseBranch,
RepoID: pr.BaseRepoID,
- Repository: ToRepo(pr.BaseRepo, perm.AccessMode),
+ Repository: ToRepo(pr.BaseRepo, p.AccessMode),
},
Head: &api.PRBranchInfo{
Name: pr.HeadBranch,
}
if pr.HeadRepo != nil && pr.Flow == models.PullRequestFlowGithub {
- perm, err := models.GetUserRepoPermission(pr.HeadRepo, doer)
+ p, err := models.GetUserRepoPermission(pr.HeadRepo, doer)
if err != nil {
log.Error("GetUserRepoPermission[%d]: %v", pr.HeadRepoID, err)
- perm.AccessMode = models.AccessModeNone
+ p.AccessMode = perm.AccessModeNone
}
apiPullRequest.Head.RepoID = pr.HeadRepo.ID
- apiPullRequest.Head.Repository = ToRepo(pr.HeadRepo, perm.AccessMode)
+ apiPullRequest.Head.Repository = ToRepo(pr.HeadRepo, p.AccessMode)
headGitRepo, err := git.OpenRepository(pr.HeadRepo.RepoPath())
if err != nil {
"testing"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unittest"
"code.gitea.io/gitea/modules/structs"
Ref: "refs/pull/2/head",
Sha: "4a357436d925b5c974181ff12a994538ddc5a269",
RepoID: 1,
- Repository: ToRepo(headRepo, models.AccessModeRead),
+ Repository: ToRepo(headRepo, perm.AccessModeRead),
}, apiPullRequest.Head)
//withOut HeadRepo
import (
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
unit_model "code.gitea.io/gitea/models/unit"
api "code.gitea.io/gitea/modules/structs"
)
// ToRepo converts a Repository to api.Repository
-func ToRepo(repo *models.Repository, mode models.AccessMode) *api.Repository {
+func ToRepo(repo *models.Repository, mode perm.AccessMode) *api.Repository {
return innerToRepo(repo, mode, false)
}
-func innerToRepo(repo *models.Repository, mode models.AccessMode, isParent bool) *api.Repository {
+func innerToRepo(repo *models.Repository, mode perm.AccessMode, isParent bool) *api.Repository {
var parent *api.Repository
cloneLink := repo.CloneLink()
permission := &api.Permission{
- Admin: mode >= models.AccessModeAdmin,
- Push: mode >= models.AccessModeWrite,
- Pull: mode >= models.AccessModeRead,
+ Admin: mode >= perm.AccessModeAdmin,
+ Push: mode >= perm.AccessModeWrite,
+ Pull: mode >= perm.AccessModeRead,
}
if !isParent {
err := repo.GetBaseRepo()
package convert
import (
- "code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
api "code.gitea.io/gitea/modules/structs"
)
// ToUserWithAccessMode convert user_model.User to api.User
// AccessMode is not none show add some more information
-func ToUserWithAccessMode(user *user_model.User, accessMode models.AccessMode) *api.User {
+func ToUserWithAccessMode(user *user_model.User, accessMode perm.AccessMode) *api.User {
if user == nil {
return nil
}
- return toUser(user, accessMode != models.AccessModeNone, false)
+ return toUser(user, accessMode != perm.AccessModeNone, false)
}
// toUser convert user_model.User to api.User
import (
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/models/webhook"
if u.IsOrganization() {
if err := webhook_services.PrepareWebhooks(repo, webhook.HookEventRepository, &api.RepositoryPayload{
Action: api.HookRepoCreated,
- Repository: convert.ToRepo(repo, models.AccessModeOwner),
+ Repository: convert.ToRepo(repo, perm.AccessModeOwner),
Organization: convert.ToUser(u, nil),
Sender: convert.ToUser(doer, nil),
}); err != nil {
// Add to hook queue for created repo after session commit.
if err := webhook_services.PrepareWebhooks(repo, webhook.HookEventRepository, &api.RepositoryPayload{
Action: api.HookRepoCreated,
- Repository: convert.ToRepo(repo, models.AccessModeOwner),
+ Repository: convert.ToRepo(repo, perm.AccessModeOwner),
Organization: convert.ToUser(u, nil),
Sender: convert.ToUser(doer, nil),
}); err != nil {
if err := webhook_services.PrepareWebhooks(repo, webhook.HookEventRepository, &api.RepositoryPayload{
Action: api.HookRepoDeleted,
- Repository: convert.ToRepo(repo, models.AccessModeOwner),
+ Repository: convert.ToRepo(repo, perm.AccessModeOwner),
Organization: convert.ToUser(u, nil),
Sender: convert.ToUser(doer, nil),
}); err != nil {
// Add to hook queue for created repo after session commit.
if err := webhook_services.PrepareWebhooks(repo, webhook.HookEventRepository, &api.RepositoryPayload{
Action: api.HookRepoCreated,
- Repository: convert.ToRepo(repo, models.AccessModeOwner),
+ Repository: convert.ToRepo(repo, perm.AccessModeOwner),
Organization: convert.ToUser(u, nil),
Sender: convert.ToUser(doer, nil),
}); err != nil {
Action: api.HookIssueLabelUpdated,
Index: issue.Index,
PullRequest: convert.ToAPIPullRequest(issue.PullRequest, nil),
- Repository: convert.ToRepo(issue.Repo, models.AccessModeNone),
+ Repository: convert.ToRepo(issue.Repo, perm.AccessModeNone),
Sender: convert.ToUser(doer, nil),
})
} else {
CompareURL: setting.AppURL + commits.CompareURL,
Commits: apiCommits,
HeadCommit: apiHeadCommit,
- Repo: convert.ToRepo(repo, models.AccessModeOwner),
+ Repo: convert.ToRepo(repo, perm.AccessModeOwner),
Pusher: apiPusher,
Sender: apiPusher,
}); err != nil {
func (m *webhookNotifier) NotifyCreateRef(pusher *user_model.User, repo *models.Repository, refType, refFullName string) {
apiPusher := convert.ToUser(pusher, nil)
- apiRepo := convert.ToRepo(repo, models.AccessModeNone)
+ apiRepo := convert.ToRepo(repo, perm.AccessModeNone)
refName := git.RefEndName(refFullName)
gitRepo, err := git.OpenRepository(repo.RepoPath())
Action: api.HookIssueSynchronized,
Index: pr.Issue.Index,
PullRequest: convert.ToAPIPullRequest(pr, nil),
- Repository: convert.ToRepo(pr.Issue.Repo, models.AccessModeNone),
+ Repository: convert.ToRepo(pr.Issue.Repo, perm.AccessModeNone),
Sender: convert.ToUser(doer, nil),
}); err != nil {
log.Error("PrepareWebhooks [pull_id: %v]: %v", pr.ID, err)
func (m *webhookNotifier) NotifyDeleteRef(pusher *user_model.User, repo *models.Repository, refType, refFullName string) {
apiPusher := convert.ToUser(pusher, nil)
- apiRepo := convert.ToRepo(repo, models.AccessModeNone)
+ apiRepo := convert.ToRepo(repo, perm.AccessModeNone)
refName := git.RefEndName(refFullName)
if err := webhook_services.PrepareWebhooks(repo, webhook.HookEventDelete, &api.DeletePayload{
CompareURL: setting.AppURL + commits.CompareURL,
Commits: apiCommits,
HeadCommit: apiHeadCommit,
- Repo: convert.ToRepo(repo, models.AccessModeOwner),
+ Repo: convert.ToRepo(repo, perm.AccessModeOwner),
Pusher: apiPusher,
Sender: apiPusher,
}); err != nil {
"net/url"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/json"
"code.gitea.io/gitea/modules/setting"
}
// ServCommand preps for a serv call
-func ServCommand(ctx context.Context, keyID int64, ownerName, repoName string, mode models.AccessMode, verbs ...string) (*ServCommandResults, error) {
+func ServCommand(ctx context.Context, keyID int64, ownerName, repoName string, mode perm.AccessMode, verbs ...string) (*ServCommandResults, error) {
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/serv/command/%d/%s/%s?mode=%d",
keyID,
url.PathEscape(ownerName),
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/structs"
{
OrgID: org.ID,
Name: "team one",
- Authorize: models.AccessModeRead,
+ Authorize: perm.AccessModeRead,
IncludesAllRepositories: true,
},
{
OrgID: org.ID,
Name: "team 2",
- Authorize: models.AccessModeRead,
+ Authorize: perm.AccessModeRead,
IncludesAllRepositories: false,
},
{
OrgID: org.ID,
Name: "team three",
- Authorize: models.AccessModeWrite,
+ Authorize: perm.AccessModeWrite,
IncludesAllRepositories: true,
},
{
OrgID: org.ID,
Name: "team 4",
- Authorize: models.AccessModeWrite,
+ Authorize: perm.AccessModeWrite,
IncludesAllRepositories: false,
},
}
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/convert"
return
}
- if authorizeLevel > models.AccessModeNone {
+ if authorizeLevel > perm.AccessModeNone {
op.CanRead = true
}
- if authorizeLevel > models.AccessModeRead {
+ if authorizeLevel > perm.AccessModeRead {
op.CanWrite = true
}
- if authorizeLevel > models.AccessModeWrite {
+ if authorizeLevel > perm.AccessModeWrite {
op.IsAdmin = true
}
- if authorizeLevel > models.AccessModeAdmin {
+ if authorizeLevel > perm.AccessModeAdmin {
op.IsOwner = true
}
"net/http"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
unit_model "code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/convert"
Description: form.Description,
IncludesAllRepositories: form.IncludesAllRepositories,
CanCreateOrgRepo: form.CanCreateOrgRepo,
- Authorize: models.ParseAccessMode(form.Permission),
+ Authorize: perm.ParseAccessMode(form.Permission),
}
unitTypes := unit_model.FindUnitTypes(form.Units...)
- if team.Authorize < models.AccessModeOwner {
+ if team.Authorize < perm.AccessModeOwner {
var units = make([]*models.TeamUnit, 0, len(form.Units))
for _, tp := range unitTypes {
units = append(units, &models.TeamUnit{
isIncludeAllChanged := false
if !team.IsOwnerTeam() && len(form.Permission) != 0 {
// Validate permission level.
- auth := models.ParseAccessMode(form.Permission)
+ auth := perm.ParseAccessMode(form.Permission)
if team.Authorize != auth {
isAuthChanged = true
}
}
- if team.Authorize < models.AccessModeOwner {
+ if team.Authorize < perm.AccessModeOwner {
if len(form.Units) > 0 {
var units = make([]*models.TeamUnit, 0, len(form.Units))
unitTypes := unit_model.FindUnitTypes(form.Units...)
if access, err := models.AccessLevel(ctx.User, repo); err != nil {
ctx.Error(http.StatusInternalServerError, "AccessLevel", err)
return
- } else if access < models.AccessModeAdmin {
+ } else if access < perm.AccessModeAdmin {
ctx.Error(http.StatusForbidden, "", "Must have admin-level access to the repository")
return
}
if access, err := models.AccessLevel(ctx.User, repo); err != nil {
ctx.Error(http.StatusInternalServerError, "AccessLevel", err)
return
- } else if access < models.AccessModeAdmin {
+ } else if access < perm.AccessModeAdmin {
ctx.Error(http.StatusForbidden, "", "Must have admin-level access to the repository")
return
}
"errors"
"net/http"
- "code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/convert"
}
if form.Permission != nil {
- if err := ctx.Repo.Repository.ChangeCollaborationAccessMode(collaborator.ID, models.ParseAccessMode(*form.Permission)); err != nil {
+ if err := ctx.Repo.Repository.ChangeCollaborationAccessMode(collaborator.ID, perm.ParseAccessMode(*form.Permission)); err != nil {
ctx.Error(http.StatusInternalServerError, "ChangeCollaborationAccessMode", err)
return
}
"net/http"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/convert"
}
//TODO change back to 201
- ctx.JSON(http.StatusAccepted, convert.ToRepo(fork, models.AccessModeOwner))
+ ctx.JSON(http.StatusAccepted, convert.ToRepo(fork, perm.AccessModeOwner))
}
import (
"net/http"
- "code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/webhook"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/convert"
After: ctx.Repo.Commit.ID.String(),
Commits: []*api.PayloadCommit{commit},
HeadCommit: commit,
- Repo: convert.ToRepo(ctx.Repo.Repository, models.AccessModeNone),
- Pusher: convert.ToUserWithAccessMode(ctx.User, models.AccessModeNone),
- Sender: convert.ToUserWithAccessMode(ctx.User, models.AccessModeNone),
+ Repo: convert.ToRepo(ctx.Repo.Repository, perm.AccessModeNone),
+ Pusher: convert.ToUserWithAccessMode(ctx.User, perm.AccessModeNone),
+ Sender: convert.ToUserWithAccessMode(ctx.User, perm.AccessModeNone),
}); err != nil {
ctx.Error(http.StatusInternalServerError, "PrepareWebhook: ", err)
return
"net/url"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/convert"
"code.gitea.io/gitea/modules/setting"
// appendPrivateInformation appends the owner and key type information to api.PublicKey
func appendPrivateInformation(apiKey *api.DeployKey, key *models.DeployKey, repository *models.Repository) (*api.DeployKey, error) {
- apiKey.ReadOnly = key.Mode == models.AccessModeRead
+ apiKey.ReadOnly = key.Mode == perm.AccessModeRead
if repository.ID == key.RepoID {
apiKey.Repository = convert.ToRepo(repository, key.Mode)
} else {
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/convert"
}
log.Trace("Repository migrated: %s/%s", repoOwner.Name, form.RepoName)
- ctx.JSON(http.StatusCreated, convert.ToRepo(repo, models.AccessModeAdmin))
+ ctx.JSON(http.StatusCreated, convert.ToRepo(repo, perm.AccessModeAdmin))
}
func handleMigrateError(ctx *context.APIContext, repoOwner *user_model.User, remoteAddr string, err error) {
"net/http"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/convert"
opts := models.FindReleasesOptions{
ListOptions: listOptions,
- IncludeDrafts: ctx.Repo.AccessMode >= models.AccessModeWrite || ctx.Repo.UnitAccessMode(unit.TypeReleases) >= models.AccessModeWrite,
+ IncludeDrafts: ctx.Repo.AccessMode >= perm.AccessModeWrite || ctx.Repo.UnitAccessMode(unit.TypeReleases) >= perm.AccessModeWrite,
IncludeTags: false,
IsDraft: ctx.FormOptionalBool("draft"),
IsPreRelease: ctx.FormOptionalBool("pre-release"),
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
unit_model "code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
ctx.Error(http.StatusInternalServerError, "GetRepositoryByID", err)
}
- ctx.JSON(http.StatusCreated, convert.ToRepo(repo, models.AccessModeOwner))
+ ctx.JSON(http.StatusCreated, convert.ToRepo(repo, perm.AccessModeOwner))
}
// Create one repository of mine
}
log.Trace("Repository generated [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name)
- ctx.JSON(http.StatusCreated, convert.ToRepo(repo, models.AccessModeOwner))
+ ctx.JSON(http.StatusCreated, convert.ToRepo(repo, perm.AccessModeOwner))
}
// CreateOrgRepoDeprecated create one repository of the organization
"net/http"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/convert"
if ctx.Repo.Repository.Status == models.RepositoryPendingTransfer {
log.Trace("Repository transfer initiated: %s -> %s", ctx.Repo.Repository.FullName(), newOwner.Name)
- ctx.JSON(http.StatusCreated, convert.ToRepo(ctx.Repo.Repository, models.AccessModeAdmin))
+ ctx.JSON(http.StatusCreated, convert.ToRepo(ctx.Repo.Repository, perm.AccessModeAdmin))
return
}
log.Trace("Repository transferred: %s -> %s", ctx.Repo.Repository.FullName(), newOwner.Name)
- ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx.Repo.Repository, models.AccessModeAdmin))
+ ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx.Repo.Repository, perm.AccessModeAdmin))
}
"net/http"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/convert"
} else {
apiKey.KeyType = "unknown"
}
- apiKey.ReadOnly = key.Mode == models.AccessModeRead
+ apiKey.ReadOnly = key.Mode == perm.AccessModeRead
return apiKey, nil
}
"net/http"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/convert"
ctx.Error(http.StatusInternalServerError, "AccessLevel", err)
return
}
- if ctx.IsSigned && ctx.User.IsAdmin || access >= models.AccessModeRead {
+ if ctx.IsSigned && ctx.User.IsAdmin || access >= perm.AccessModeRead {
apiRepos = append(apiRepos, convert.ToRepo(repos[i], access))
}
}
"strings"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
keyID := ctx.ParamsInt64(":keyid")
ownerName := ctx.Params(":owner")
repoName := ctx.Params(":repo")
- mode := models.AccessMode(ctx.FormInt("mode"))
+ mode := perm.AccessMode(ctx.FormInt("mode"))
// Set the basic parts of the results to return
results := private.ServCommandResults{
// Now because we're not translating things properly let's just default some English strings here
modeString := "read"
- if mode > models.AccessModeRead {
+ if mode > perm.AccessModeRead {
modeString = "write to"
}
}
// We can shortcut at this point if the repo is a mirror
- if mode > models.AccessModeRead && repo.IsMirror {
+ if mode > perm.AccessModeRead && repo.IsMirror {
ctx.JSON(http.StatusForbidden, private.ErrServCommand{
Results: results,
Err: fmt.Sprintf("Mirror Repository %s/%s is read-only", results.OwnerName, results.RepoName),
}
// Don't allow pushing if the repo is archived
- if repoExist && mode > models.AccessModeRead && repo.IsArchived {
+ if repoExist && mode > perm.AccessModeRead && repo.IsArchived {
ctx.JSON(http.StatusUnauthorized, private.ErrServCommand{
Results: results,
Err: fmt.Sprintf("Repo: %s/%s is archived.", results.OwnerName, results.RepoName),
// Permissions checking:
if repoExist &&
- (mode > models.AccessModeRead ||
+ (mode > perm.AccessModeRead ||
repo.IsPrivate ||
owner.Visibility.IsPrivate() ||
(user != nil && user.IsRestricted) || // user will be nil if the key is a deploykey
} else {
// Because of the special ref "refs/for" we will need to delay write permission check
if git.SupportProcReceive && unitType == unit.TypeCode {
- mode = models.AccessModeRead
+ mode = perm.AccessModeRead
}
perm, err := models.GetUserRepoPermission(repo, user)
"strings"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
unit_model "code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/base"
OrgID: ctx.Org.Organization.ID,
Name: form.TeamName,
Description: form.Description,
- Authorize: models.ParseAccessMode(form.Permission),
+ Authorize: perm.ParseAccessMode(form.Permission),
IncludesAllRepositories: includesAllRepositories,
CanCreateOrgRepo: form.CanCreateOrgRepo,
}
- if t.Authorize < models.AccessModeOwner {
+ if t.Authorize < perm.AccessModeOwner {
var units = make([]*models.TeamUnit, 0, len(form.Units))
for _, tp := range form.Units {
units = append(units, &models.TeamUnit{
return
}
- if t.Authorize < models.AccessModeAdmin && len(form.Units) == 0 {
+ if t.Authorize < perm.AccessModeAdmin && len(form.Units) == 0 {
ctx.RenderWithErr(ctx.Tr("form.team_no_units_error"), tplTeamNew, &form)
return
}
var includesAllRepositories = form.RepoAccess == "all"
if !t.IsOwnerTeam() {
// Validate permission level.
- auth := models.ParseAccessMode(form.Permission)
+ auth := perm.ParseAccessMode(form.Permission)
t.Name = form.TeamName
if t.Authorize != auth {
}
}
t.Description = form.Description
- if t.Authorize < models.AccessModeOwner {
+ if t.Authorize < perm.AccessModeOwner {
var units = make([]models.TeamUnit, 0, len(form.Units))
for _, tp := range form.Units {
units = append(units, models.TeamUnit{
return
}
- if t.Authorize < models.AccessModeAdmin && len(form.Units) == 0 {
+ if t.Authorize < perm.AccessModeAdmin && len(form.Units) == 0 {
ctx.RenderWithErr(ctx.Tr("form.team_no_units_error"), tplTeamNew, &form)
return
}
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/login"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
isPull = ctx.Req.Method == "GET"
}
- var accessMode models.AccessMode
+ var accessMode perm.AccessMode
if isPull {
- accessMode = models.AccessModeRead
+ accessMode = perm.AccessModeRead
} else {
- accessMode = models.AccessModeWrite
+ accessMode = perm.AccessModeWrite
}
isWiki := false
}
if repoExist {
- perm, err := models.GetUserRepoPermission(repo, ctx.User)
+ p, err := models.GetUserRepoPermission(repo, ctx.User)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return
// Because of special ref "refs/for" .. , need delay write permission check
if git.SupportProcReceive {
- accessMode = models.AccessModeRead
+ accessMode = perm.AccessModeRead
}
- if !perm.CanAccess(accessMode, unitType) {
+ if !p.CanAccess(accessMode, unitType) {
ctx.HandleText(http.StatusForbidden, "User permission denied")
return
}
"strings"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
return
}
- if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, unit.TypeProjects) {
+ if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
ctx.JSON(http.StatusForbidden, map[string]string{
"message": "Only authorized users are allowed to perform this action.",
})
// AddBoardToProjectPost allows a new board to be added to a project.
func AddBoardToProjectPost(ctx *context.Context) {
form := web.GetForm(ctx).(*forms.EditProjectBoardForm)
- if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, unit.TypeProjects) {
+ if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
ctx.JSON(http.StatusForbidden, map[string]string{
"message": "Only authorized users are allowed to perform this action.",
})
return nil, nil
}
- if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, unit.TypeProjects) {
+ if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
ctx.JSON(http.StatusForbidden, map[string]string{
"message": "Only authorized users are allowed to perform this action.",
})
return
}
- if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, unit.TypeProjects) {
+ if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
ctx.JSON(http.StatusForbidden, map[string]string{
"message": "Only authorized users are allowed to perform this action.",
})
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
unit_model "code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/base"
func ChangeCollaborationAccessMode(ctx *context.Context) {
if err := ctx.Repo.Repository.ChangeCollaborationAccessMode(
ctx.FormInt64("uid"),
- models.AccessMode(ctx.FormInt("mode"))); err != nil {
+ perm.AccessMode(ctx.FormInt("mode"))); err != nil {
log.Error("ChangeCollaborationAccessMode: %v", err)
}
}
"time"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/git"
}
if c.Repo.Owner.IsOrganization() {
- teams, err := models.OrgFromUser(c.Repo.Owner).TeamsWithAccessToRepo(c.Repo.Repository.ID, models.AccessModeRead)
+ teams, err := models.OrgFromUser(c.Repo.Owner).TeamsWithAccessToRepo(c.Repo.Repository.ID, perm.AccessModeRead)
if err != nil {
c.ServerError("Repo.Owner.TeamsWithAccessToRepo", err)
return
"testing"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
unittest.AssertExistsAndLoadBean(t, &models.DeployKey{
Name: addKeyForm.Title,
Content: addKeyForm.Content,
- Mode: models.AccessModeRead,
+ Mode: perm.AccessModeRead,
})
}
unittest.AssertExistsAndLoadBean(t, &models.DeployKey{
Name: addKeyForm.Title,
Content: addKeyForm.Content,
- Mode: models.AccessModeWrite,
+ Mode: perm.AccessModeWrite,
})
}
"strings"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/setting"
ctx.Data["Users"] = users
if ctx.Repo.Owner.IsOrganization() {
- teams, err := models.OrgFromUser(ctx.Repo.Owner).TeamsWithAccessToRepo(ctx.Repo.Repository.ID, models.AccessModeRead)
+ teams, err := models.OrgFromUser(ctx.Repo.Owner).TeamsWithAccessToRepo(ctx.Repo.Repository.ID, perm.AccessModeRead)
if err != nil {
ctx.ServerError("Repo.Owner.TeamsWithAccessToRepo", err)
return err
"path"
"strings"
- "code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/models/webhook"
"code.gitea.io/gitea/modules/base"
}
}
- apiUser := convert.ToUserWithAccessMode(ctx.User, models.AccessModeNone)
+ apiUser := convert.ToUserWithAccessMode(ctx.User, perm.AccessModeNone)
apiCommit := &api.PayloadCommit{
ID: commit.ID.String(),
After: commit.ID.String(),
Commits: []*api.PayloadCommit{apiCommit},
HeadCommit: apiCommit,
- Repo: convert.ToRepo(ctx.Repo.Repository, models.AccessModeNone),
+ Repo: convert.ToRepo(ctx.Repo.Repository, perm.AccessModeNone),
Pusher: apiUser,
Sender: apiUser,
}
import (
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
var pemResult bool
if isAdd {
- pemResult = permReviewer.CanAccessAny(models.AccessModeRead, unit.TypePullRequests)
+ pemResult = permReviewer.CanAccessAny(perm.AccessModeRead, unit.TypePullRequests)
if !pemResult {
return models.ErrNotValidReviewRequest{
Reason: "Reviewer can't read",
return nil
}
- pemResult = permDoer.CanAccessAny(models.AccessModeWrite, unit.TypePullRequests)
+ pemResult = permDoer.CanAccessAny(perm.AccessModeWrite, unit.TypePullRequests)
if !pemResult {
pemResult, err = models.IsOfficialReviewer(issue, doer)
if err != nil {
}
}
- doerCanWrite := permission.CanAccessAny(models.AccessModeWrite, unit.TypePullRequests)
+ doerCanWrite := permission.CanAccessAny(perm.AccessModeWrite, unit.TypePullRequests)
if !doerCanWrite {
official, err := models.IsOfficialReviewer(issue, doer)
if err != nil {
"strings"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context"
// authenticate uses the authorization string to determine whether
// or not to proceed. This server assumes an HTTP Basic auth format.
func authenticate(ctx *context.Context, repository *models.Repository, authorization string, requireSigned, requireWrite bool) bool {
- accessMode := models.AccessModeRead
+ accessMode := perm.AccessModeRead
if requireWrite {
- accessMode = models.AccessModeWrite
+ accessMode = perm.AccessModeWrite
}
// ctx.IsSigned is unnecessary here, this will be checked in perm.CanAccess
return true
}
-func handleLFSToken(tokenSHA string, target *models.Repository, mode models.AccessMode) (*user_model.User, error) {
+func handleLFSToken(tokenSHA string, target *models.Repository, mode perm.AccessMode) (*user_model.User, error) {
if !strings.Contains(tokenSHA, ".") {
return nil, nil
}
return nil, fmt.Errorf("invalid token claim")
}
- if mode == models.AccessModeWrite && claims.Op != "upload" {
+ if mode == perm.AccessModeWrite && claims.Op != "upload" {
return nil, fmt.Errorf("invalid token claim")
}
return u, nil
}
-func parseToken(authorization string, target *models.Repository, mode models.AccessMode) (*user_model.User, error) {
+func parseToken(authorization string, target *models.Repository, mode perm.AccessMode) (*user_model.User, error) {
if authorization == "" {
return nil, fmt.Errorf("no token")
}
"fmt"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/notification"
"code.gitea.io/gitea/modules/sync"
if err := repo.AddCollaborator(newOwner); err != nil {
return err
}
- if err := repo.ChangeCollaborationAccessMode(newOwner.ID, models.AccessModeRead); err != nil {
+ if err := repo.ChangeCollaborationAccessMode(newOwner.ID, perm.AccessModeRead); err != nil {
return err
}
}
projects / gitea.git / commitdiff