The boolean flags in the repo context have been replaced with mode and two methods
Also, the permissions have been brought more in line with https://help.github.com/articles/permission-levels-for-an-organization-repository/ , Admin Team members are able to change settings of their repositories.
m.Get("/template/*", dev.TemplatePreview)
}
- reqTrueOwner := middleware.RequireTrueOwner()
+ reqAdmin := middleware.RequireAdmin()
// Organization.
m.Group("/org", func() {
m.Post("/:name", repo.GitHooksEditPost)
}, middleware.GitHookService())
})
- }, reqSignIn, middleware.RepoAssignment(true), reqTrueOwner)
+ }, reqSignIn, middleware.RepoAssignment(true), reqAdmin)
m.Group("/:username/:reponame", func() {
m.Get("/action/:action", repo.Action)
IsSigned bool
IsBasicAuth bool
- Repo struct {
- IsOwner bool
- IsTrueOwner bool
- IsWatching bool
- IsBranch bool
- IsTag bool
- IsCommit bool
- IsAdmin bool // Current user is admin level.
- HasAccess bool
- Repository *models.Repository
- Owner *models.User
- Commit *git.Commit
- Tag *git.Tag
- GitRepo *git.Repository
- BranchName string
- TagName string
- TreeName string
- CommitId string
- RepoLink string
- CloneLink models.CloneLink
- CommitsCount int
- Mirror *models.Mirror
- }
+ Repo RepoContext
Org struct {
IsOwner bool
}
}
+type RepoContext struct {
+ AccessMode models.AccessMode
+ IsWatching bool
+ IsBranch bool
+ IsTag bool
+ IsCommit bool
+ Repository *models.Repository
+ Owner *models.User
+ Commit *git.Commit
+ Tag *git.Tag
+ GitRepo *git.Repository
+ BranchName string
+ TagName string
+ TreeName string
+ CommitId string
+ RepoLink string
+ CloneLink models.CloneLink
+ CommitsCount int
+ Mirror *models.Mirror
+}
+
+// Return if the current user has write access for this repository
+func (r RepoContext) IsOwner() bool {
+ return r.AccessMode >= models.ACCESS_MODE_WRITE
+}
+
+// Return if the current user has read access for this repository
+func (r RepoContext) HasAccess() bool {
+ return r.AccessMode >= models.ACCESS_MODE_READ
+}
+
// HasError returns true if error occurs in form validation.
func (ctx *Context) HasApiError() bool {
hasErr, ok := ctx.Data["HasError"]
return
}
- if ctx.IsSigned {
- mode, err := models.AccessLevel(ctx.User, repo)
- if err != nil {
- ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL})
- return
- }
-
- ctx.Repo.IsOwner = mode >= models.ACCESS_MODE_WRITE
- ctx.Repo.IsAdmin = mode >= models.ACCESS_MODE_READ
- ctx.Repo.IsTrueOwner = mode >= models.ACCESS_MODE_OWNER
+ mode, err := models.AccessLevel(ctx.User, repo)
+ if err != nil {
+ ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL})
+ return
}
+ ctx.Repo.AccessMode = mode
+
// Check access.
- if repo.IsPrivate && !ctx.Repo.IsOwner {
+ if ctx.Repo.AccessMode == models.ACCESS_MODE_NONE {
ctx.Error(404)
return
}
- ctx.Repo.HasAccess = true
ctx.Repo.Repository = repo
}
return
}
- if ctx.IsSigned {
- mode, err := models.AccessLevel(ctx.User, repo)
- if err != nil {
- ctx.Handle(500, "AccessLevel", err)
- return
- }
- ctx.Repo.IsOwner = mode >= models.ACCESS_MODE_WRITE
- ctx.Repo.IsAdmin = mode >= models.ACCESS_MODE_READ
- ctx.Repo.IsTrueOwner = mode >= models.ACCESS_MODE_OWNER
- if !ctx.Repo.IsTrueOwner && ctx.Repo.Owner.IsOrganization() {
- ctx.Repo.IsTrueOwner = ctx.Repo.Owner.IsOwnedBy(ctx.User.Id)
- }
+ mode, err := models.AccessLevel(ctx.User, repo)
+ if err != nil {
+ ctx.Handle(500, "AccessLevel", err)
+ return
}
+ ctx.Repo.AccessMode = mode
// Check access.
- if repo.IsPrivate && !ctx.Repo.IsOwner {
+ if ctx.Repo.AccessMode == models.ACCESS_MODE_NONE {
ctx.Handle(404, "no access right", err)
return
}
- ctx.Repo.HasAccess = true
ctx.Data["HasAccess"] = true
ctx.Data["Title"] = u.Name + "/" + repo.Name
ctx.Data["Repository"] = repo
ctx.Data["Owner"] = ctx.Repo.Repository.Owner
- ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner
- ctx.Data["IsRepositoryTrueOwner"] = ctx.Repo.IsTrueOwner
+ ctx.Data["IsRepositoryOwner"] = ctx.Repo.AccessMode >= models.ACCESS_MODE_WRITE
+ ctx.Data["IsRepositoryAdmin"] = ctx.Repo.AccessMode >= models.ACCESS_MODE_ADMIN
ctx.Data["DisableSSH"] = setting.DisableSSH
ctx.Repo.CloneLink, err = repo.CloneLink()
}
}
-func RequireTrueOwner() macaron.Handler {
+func RequireAdmin() macaron.Handler {
return func(ctx *Context) {
- if !ctx.Repo.IsTrueOwner && !ctx.Repo.IsAdmin {
+ if ctx.Repo.AccessMode < models.ACCESS_MODE_ADMIN {
if !ctx.IsSigned {
ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
ctx.Redirect(setting.AppSubUrl + "/user/login")
)
func GetRepoRawFile(ctx *middleware.Context) {
- if ctx.Repo.Repository.IsPrivate && !ctx.Repo.HasAccess {
+ if !ctx.Repo.HasAccess() {
ctx.Error(404)
return
}
}
// Only collaborators can assign.
- if !ctx.Repo.IsOwner {
+ if !ctx.Repo.IsOwner() {
form.AssigneeId = 0
}
issue := &models.Issue{
ctx.Data["Title"] = issue.Name
ctx.Data["Issue"] = issue
ctx.Data["Comments"] = comments
- ctx.Data["IsIssueOwner"] = ctx.Repo.IsOwner || (ctx.IsSigned && issue.PosterId == ctx.User.Id)
+ ctx.Data["IsIssueOwner"] = ctx.Repo.IsOwner() || (ctx.IsSigned && issue.PosterId == ctx.User.Id)
ctx.Data["IsRepoToolbarIssues"] = true
ctx.Data["IsRepoToolbarIssuesList"] = false
ctx.HTML(200, ISSUE_VIEW)
return
}
- if ctx.User.Id != issue.PosterId && !ctx.Repo.IsOwner {
+ if ctx.User.Id != issue.PosterId && !ctx.Repo.IsOwner() {
ctx.Error(403)
return
}
}
func UpdateIssueLabel(ctx *middleware.Context) {
- if !ctx.Repo.IsOwner {
+ if !ctx.Repo.IsOwner() {
ctx.Error(403)
return
}
}
func UpdateIssueMilestone(ctx *middleware.Context) {
- if !ctx.Repo.IsOwner {
+ if !ctx.Repo.IsOwner() {
ctx.Error(403)
return
}
}
func UpdateAssignee(ctx *middleware.Context) {
- if !ctx.Repo.IsOwner {
+ if !ctx.Repo.IsOwner() {
ctx.Error(403)
return
}
// Check if issue owner changes the status of issue.
var newStatus string
- if ctx.Repo.IsOwner || issue.PosterId == ctx.User.Id {
+ if ctx.Repo.IsOwner() || issue.PosterId == ctx.User.Id {
newStatus = ctx.Query("change_status")
}
if len(newStatus) > 0 {
tags := make([]*models.Release, len(rawTags))
for i, rawTag := range rawTags {
for j, rel := range rels {
- if rel == nil || (rel.IsDraft && !ctx.Repo.IsOwner) {
+ if rel == nil || (rel.IsDraft && !ctx.Repo.IsOwner()) {
continue
}
if rel.TagName == rawTag {
}
func NewRelease(ctx *middleware.Context) {
- if !ctx.Repo.IsOwner {
+ if !ctx.Repo.IsOwner() {
ctx.Handle(403, "release.ReleasesNew", nil)
return
}
}
func NewReleasePost(ctx *middleware.Context, form auth.NewReleaseForm) {
- if !ctx.Repo.IsOwner {
+ if !ctx.Repo.IsOwner() {
ctx.Handle(403, "release.ReleasesNew", nil)
return
}
}
func EditRelease(ctx *middleware.Context) {
- if !ctx.Repo.IsOwner {
+ if !ctx.Repo.IsOwner() {
ctx.Handle(403, "release.ReleasesEdit", nil)
return
}
}
func EditReleasePost(ctx *middleware.Context, form auth.EditReleaseForm) {
- if !ctx.Repo.IsOwner {
+ if !ctx.Repo.IsOwner() {
ctx.Handle(403, "release.EditReleasePost", nil)
return
}
case "unstar":
err = models.StarRepo(ctx.User.Id, ctx.Repo.Repository.Id, false)
case "desc":
- if !ctx.Repo.IsOwner {
+ if !ctx.Repo.IsOwner() {
ctx.Error(404)
return
}
</a>
</li>
<li id="repo-header-fork">
- <a id="repo-header-fork-btn" {{if or (not $.IsRepositoryTrueOwner) $.Owner.IsOrganization}}href="{{AppSubUrl}}/repo/fork?fork_id={{.Id}}"{{end}}>
+ <a id="repo-header-fork-btn" {{if or (not $.IsRepositoryAdmin) $.Owner.IsOrganization}}href="{{AppSubUrl}}/repo/fork?fork_id={{.Id}}"{{end}}>
<button class="btn btn-gray text-bold btn-radius">
<i class="octicon octicon-repo-forked"></i>{{$.i18n.Tr "repo.fork"}}
<span class="num">{{.NumForks}}</span>
<!-- <li>
<a class="radius" href="#"><i class="octicon octicon-organization"></i>contributors <span class="num right label label-gray label-radius">43</span></a>
</li> -->
- {{if .IsRepositoryTrueOwner}}
+ {{if .IsRepositoryAdmin}}
<li class="border-bottom"></li>
<li>
<a class="radius" href="{{.RepoLink}}/settings"><i class="octicon octicon-tools"></i>{{.i18n.Tr "repo.settings"}}</a>
<li><a href="#">Pulse</a></li>
<li><a href="#">Network</a></li>
</ul>
- </li> -->{{end}}{{if .IsRepositoryTrueOwner}}
+ </li> -->{{end}}{{if .IsRepositoryAdmin}}
<li class="{{if .IsRepoToolbarSetting}}active{{end}}"><a href="{{.RepoLink}}/settings">Settings</a>
</li>{{end}}
</ul>