diff options
| author | Kim "BKC" Carlbäcker <kim.carlbacker@gmail.com> | 2017-05-19 12:10:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-05-19 12:10:17 +0200 |
| commit | 281a0389c10b95a48045ebb161ad5492226bad78 (patch) | |
| tree | 04b10fe28c10b1de457677ae35555cb91050b235 | |
| parent | 25d6e2a6601f6a8ffd812db35da7692a82044a7f (diff) | |
| parent | 6362462da8958980385aad7c8df503d90e13380d (diff) | |
| download | gitea-281a0389c10b95a48045ebb161ad5492226bad78.tar.gz gitea-281a0389c10b95a48045ebb161ad5492226bad78.zip | |
fix admin lost permission caused by #947 (#1753)
| -rw-r--r-- | cmd/serv.go | 2 | ||||
| -rw-r--r-- | models/repo.go | 12 | ||||
| -rw-r--r-- | modules/context/repo.go | 7 | ||||
| -rw-r--r-- | routers/repo/http.go | 2 |
4 files changed, 14 insertions, 9 deletions
diff --git a/cmd/serv.go b/cmd/serv.go index 0b1ddc3277..277790d4ca 100644 --- a/cmd/serv.go +++ b/cmd/serv.go @@ -250,7 +250,7 @@ func runServ(c *cli.Context) error { user.Name, requestedMode, repoPath) } - if !repo.CheckUnitUser(user.ID, unitType) { + if !repo.CheckUnitUser(user.ID, user.IsAdmin, unitType) { fail("You do not have allowed for this action", "User %s does not have allowed access to repository %s 's code", user.Name, repoPath) diff --git a/models/repo.go b/models/repo.go index e1b7014551..0c755241ce 100644 --- a/models/repo.go +++ b/models/repo.go @@ -330,8 +330,8 @@ func (repo *Repository) getUnits(e Engine) (err error) { } // CheckUnitUser check whether user could visit the unit of this repository -func (repo *Repository) CheckUnitUser(userID int64, unitType UnitType) bool { - if err := repo.getUnitsByUserID(x, userID); err != nil { +func (repo *Repository) CheckUnitUser(userID int64, isAdmin bool, unitType UnitType) bool { + if err := repo.getUnitsByUserID(x, userID, isAdmin); err != nil { return false } @@ -344,11 +344,11 @@ func (repo *Repository) CheckUnitUser(userID int64, unitType UnitType) bool { } // LoadUnitsByUserID loads units according userID's permissions -func (repo *Repository) LoadUnitsByUserID(userID int64) error { - return repo.getUnitsByUserID(x, userID) +func (repo *Repository) LoadUnitsByUserID(userID int64, isAdmin bool) error { + return repo.getUnitsByUserID(x, userID, isAdmin) } -func (repo *Repository) getUnitsByUserID(e Engine, userID int64) (err error) { +func (repo *Repository) getUnitsByUserID(e Engine, userID int64, isAdmin bool) (err error) { if repo.Units != nil { return nil } @@ -358,7 +358,7 @@ func (repo *Repository) getUnitsByUserID(e Engine, userID int64) (err error) { return err } - if !repo.Owner.IsOrganization() || userID == 0 { + if !repo.Owner.IsOrganization() || userID == 0 || isAdmin { return nil } diff --git a/modules/context/repo.go b/modules/context/repo.go index 555513c9e1..a59dc7da28 100644 --- a/modules/context/repo.go +++ b/modules/context/repo.go @@ -496,11 +496,16 @@ func RequireRepoWriter() macaron.Handler { // LoadRepoUnits loads repsitory's units, it should be called after repository and user loaded func LoadRepoUnits() macaron.Handler { return func(ctx *Context) { + var isAdmin bool + if ctx.User != nil && ctx.User.IsAdmin { + isAdmin = true + } + var userID int64 if ctx.User != nil { userID = ctx.User.ID } - err := ctx.Repo.Repository.LoadUnitsByUserID(userID) + err := ctx.Repo.Repository.LoadUnitsByUserID(userID, isAdmin) if err != nil { ctx.Handle(500, "LoadUnitsByUserID", err) return diff --git a/routers/repo/http.go b/routers/repo/http.go index b1c7cbbdb8..0bea513eff 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -206,7 +206,7 @@ func HTTP(ctx *context.Context) { } } - if !repo.CheckUnitUser(authUser.ID, unitType) { + if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) { ctx.HandleText(http.StatusForbidden, fmt.Sprintf("User %s does not have allowed access to repository %s 's code", authUser.Name, repo.RepoPath())) return |