Merge remote-tracking branch 'mine/access_refactor' into access_refactor

Conflicts:
	cmd/serve.go
	models/access.go
	models/migrations/migrations.go
	models/org.go
	models/repo.go
	models/user.go
	modules/middleware/org.go
	modules/middleware/repo.go
	routers/api/v1/repo.go
	routers/org/teams.go
	routers/repo/http.go
	routers/user/home.go

10 files changed, 44 insertions, 42 deletions

diff --git a/cmd/serve.go b/cmd/serve.go
index 62e5d14374..54b3714806 100644
--- a/cmd/serve.go
+++ b/cmd/serve.go
@@ -67,14 +67,14 @@ func parseCmd(cmd string) (string, string) {
 
 var (
 	COMMANDS_READONLY = map[string]models.AccessMode{
-		"git-upload-pack":    models.WriteAccess,
-		"git upload-pack":    models.WriteAccess,
-		"git-upload-archive": models.WriteAccess,
+		"git-upload-pack":    models.ACCESS_MODE_WRITE,
+		"git upload-pack":    models.ACCESS_MODE_WRITE,
+		"git-upload-archive": models.ACCESS_MODE_WRITE,
 	}
 
 	COMMANDS_WRITE = map[string]models.AccessMode{
-		"git-receive-pack": models.ReadAccess,
-		"git receive-pack": models.ReadAccess,
+		"git-receive-pack": models.ACCESS_MODE_READ,
+		"git receive-pack": models.ACCESS_MODE_READ,
 	}
 )
 
@@ -155,7 +155,7 @@ func runServ(k *cli.Context) {
 
 	switch {
 	case isWrite:
-		has, err := models.HasAccess(user, repo, models.WriteAccess)
+		has, err := models.HasAccess(user, repo, models.ACCESS_MODE_WRITE)
 		if err != nil {
 			println("Gogs: internal error:", err.Error())
 			log.GitLogger.Fatal(2, "Fail to check write access:", err)
@@ -168,7 +168,7 @@ func runServ(k *cli.Context) {
 			break
 		}
 
-		has, err := models.HasAccess(user, repo, models.ReadAccess)
+		has, err := models.HasAccess(user, repo, models.ACCESS_MODE_READ)
 		if err != nil {
 			println("Gogs: internal error:", err.Error())
 			log.GitLogger.Fatal(2, "Fail to check read access:", err)
diff --git a/models/access.go b/models/access.go
index d85f24cd06..174aca987f 100644
--- a/models/access.go
+++ b/models/access.go
@@ -7,15 +7,15 @@ package models
 type AccessMode int
 
 const (
-	NoAccess AccessMode = iota
-	ReadAccess
-	WriteAccess
-	AdminAccess
-	OwnerAccess
+	ACCESS_MODE_NONE AccessMode = iota
+	ACCESS_MODE_READ
+	ACCESS_MODE_WRITE
+	ACCESS_MODE_ADMIN
+	ACCESS_MODE_OWNER
 )
 
 func maxAccessMode(modes ...AccessMode) AccessMode {
-	max := NoAccess
+	max := ACCESS_MODE_NONE
 	for _, mode := range modes {
 		if mode > max {
 			max = mode
@@ -43,14 +43,14 @@ func HasAccess(u *User, r *Repository, testMode AccessMode) (bool, error) {
 // Return the Access a user has to a repository. Will return NoneAccess if the
 // user does not have access. User can be nil!
 func AccessLevel(u *User, r *Repository) (AccessMode, error) {
-	mode := NoAccess
+	mode := ACCESS_MODE_NONE
 	if !r.IsPrivate {
-		mode = ReadAccess
+		mode = ACCESS_MODE_READ
 	}
 
 	if u != nil {
 		if u.Id == r.OwnerId {
-			return OwnerAccess, nil
+			return ACCESS_MODE_OWNER, nil
 		}
 
 		a := &Access{UserID: u.Id, RepoID: r.Id}
@@ -98,7 +98,7 @@ func (r *Repository) RecalcAccessSess() error {
 		return err
 	}
 	for _, c := range collaborators {
-		accessMap[c.Id] = WriteAccess
+		accessMap[c.Id] = ACCESS_MODE_WRITE
 	}
 
 	if err := r.GetOwner(); err != nil {
@@ -123,9 +123,9 @@ func (r *Repository) RecalcAccessSess() error {
 		}
 	}
 
-	minMode := ReadAccess
+	minMode := ACCESS_MODE_READ
 	if !r.IsPrivate {
-		minMode = WriteAccess
+		minMode = ACCESS_MODE_WRITE
 	}
 
 	newAccesses := make([]Access, 0, len(accessMap))
diff --git a/models/org.go b/models/org.go
index 775caa8639..d667fb26dc 100644
--- a/models/org.go
+++ b/models/org.go
@@ -134,7 +134,7 @@ func CreateOrganization(org, owner *User) (*User, error) {
 		OrgId:      org.Id,
 		LowerName:  strings.ToLower(OWNER_TEAM),
 		Name:       OWNER_TEAM,
-		Authorize:  OwnerAccess,
+		Authorize:  ACCESS_MODE_OWNER,
 		NumMembers: 1,
 	}
 	if _, err = sess.Insert(t); err != nil {
diff --git a/models/user.go b/models/user.go
index 9a6f93a474..7e3dc260e5 100644
--- a/models/user.go
+++ b/models/user.go
@@ -395,6 +395,7 @@ func ChangeUserName(u *User, newUserName string) (err error) {
 	if !IsLegalName(newUserName) {
 		return ErrUserNameIllegal
 	}
+
 	return os.Rename(UserPath(u.LowerName), UserPath(newUserName))
 }
 
diff --git a/modules/middleware/org.go b/modules/middleware/org.go
index cbce54860d..0e544fe4a2 100644
--- a/modules/middleware/org.go
+++ b/modules/middleware/org.go
@@ -87,7 +87,7 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler {
 				return
 			}
 			ctx.Data["Team"] = ctx.Org.Team
-			ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.AdminAccess
+			ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.ACCESS_MODE_ADMIN
 		}
 		ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
 		if requireAdminTeam && !ctx.Org.IsAdminTeam {
diff --git a/modules/middleware/repo.go b/modules/middleware/repo.go
index 8cc6290460..8465af83ef 100644
--- a/modules/middleware/repo.go
+++ b/modules/middleware/repo.go
@@ -64,9 +64,10 @@ func ApiRepoAssignment() macaron.Handler {
 				ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL})
 				return
 			}
-			ctx.Repo.IsOwner = mode >= models.WriteAccess
-			ctx.Repo.IsAdmin = mode >= models.ReadAccess
-			ctx.Repo.IsTrueOwner = mode >= models.OwnerAccess
+
+			ctx.Repo.IsOwner = mode >= models.ACCESS_MODE_WRITE
+			ctx.Repo.IsAdmin = mode >= models.ACCESS_MODE_READ
+			ctx.Repo.IsTrueOwner = mode >= models.ACCESS_MODE_OWNER
 		}
 
 		// Check access.
@@ -244,9 +245,9 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
 				ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL})
 				return
 			}
-			ctx.Repo.IsOwner = mode >= models.WriteAccess
-			ctx.Repo.IsAdmin = mode >= models.ReadAccess
-			ctx.Repo.IsTrueOwner = mode >= models.OwnerAccess
+			ctx.Repo.IsOwner = mode >= models.ACCESS_MODE_WRITE
+			ctx.Repo.IsAdmin = mode >= models.ACCESS_MODE_READ
+			ctx.Repo.IsTrueOwner = mode >= models.ACCESS_MODE_OWNER
 		}
 
 		// Check access.
diff --git a/routers/api/v1/repo.go b/routers/api/v1/repo.go
index 78c9f9a6a3..f5128e4746 100644
--- a/routers/api/v1/repo.go
+++ b/routers/api/v1/repo.go
@@ -255,7 +255,7 @@ func ListMyRepos(ctx *middleware.Context) {
 			return
 		}
 
-		repos[i] = ToApiRepository(repo.Owner, repo, api.Permission{false, access >= models.WriteAccess, true})
+		repos[i] = ToApiRepository(repo.Owner, repo, api.Permission{false, access >= models.ACCESS_MODE_WRITE, true})
 
 		// FIXME: cache result to reduce DB query?
 		if repo.Owner.IsOrganization() && repo.Owner.IsOwnedBy(ctx.User.Id) {
diff --git a/routers/org/teams.go b/routers/org/teams.go
index f5f94be0f4..2fbb1480d1 100644
--- a/routers/org/teams.go
+++ b/routers/org/teams.go
@@ -168,11 +168,11 @@ func NewTeamPost(ctx *middleware.Context, form auth.CreateTeamForm) {
 	var auth models.AccessMode
 	switch form.Permission {
 	case "read":
-		auth = models.ReadAccess
+		auth = models.ACCESS_MODE_READ
 	case "write":
-		auth = models.WriteAccess
+		auth = models.ACCESS_MODE_WRITE
 	case "admin":
-		auth = models.AdminAccess
+		auth = models.ACCESS_MODE_ADMIN
 	default:
 		ctx.Error(401)
 		return
@@ -249,11 +249,11 @@ func EditTeamPost(ctx *middleware.Context, form auth.CreateTeamForm) {
 		var auth models.AccessMode
 		switch form.Permission {
 		case "read":
-			auth = models.ReadAccess
+			auth = models.ACCESS_MODE_READ
 		case "write":
-			auth = models.WriteAccess
+			auth = models.ACCESS_MODE_WRITE
 		case "admin":
-			auth = models.AdminAccess
+			auth = models.ACCESS_MODE_ADMIN
 		default:
 			ctx.Error(401)
 			return
diff --git a/routers/repo/http.go b/routers/repo/http.go
index c6742af3ec..a209c2b254 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -137,9 +137,9 @@ func Http(ctx *middleware.Context) {
 		}
 
 		if !isPublicPull {
-			var tp = models.WriteAccess
+			var tp = models.ACCESS_MODE_WRITE
 			if isPull {
-				tp = models.ReadAccess
+				tp = models.ACCESS_MODE_READ
 			}
 
 			has, err := models.HasAccess(authUser, repo, tp)
@@ -147,8 +147,8 @@ func Http(ctx *middleware.Context) {
 				ctx.Handle(401, "no basic auth and digit auth", nil)
 				return
 			} else if !has {
-				if tp == models.ReadAccess {
-					has, err = models.HasAccess(authUser, repo, models.WriteAccess)
+				if tp == models.ACCESS_MODE_READ {
+					has, err = models.HasAccess(authUser, repo, models.ACCESS_MODE_WRITE)
 					if err != nil || !has {
 						ctx.Handle(401, "no basic auth and digit auth", nil)
 						return
@@ -288,7 +288,7 @@ func serviceRpc(rpc string, hr handler) {
 
 	access := hasAccess(r, hr.Config, dir, rpc, true)
 	if access == false {
-		renderNoAccess(w)
+		renderACCESS_MODE_NONE(w)
 		return
 	}
 
@@ -515,7 +515,7 @@ func renderNotFound(w http.ResponseWriter) {
 	w.Write([]byte("Not Found"))
 }
 
-func renderNoAccess(w http.ResponseWriter) {
+func renderACCESS_MODE_NONE(w http.ResponseWriter) {
 	w.WriteHeader(http.StatusForbidden)
 	w.Write([]byte("Forbidden"))
 }
diff --git a/routers/user/home.go b/routers/user/home.go
index 82325cb747..ce82ae772c 100644
--- a/routers/user/home.go
+++ b/routers/user/home.go
@@ -103,7 +103,7 @@ func Dashboard(ctx *middleware.Context) {
 	feeds := make([]*models.Action, 0, len(actions))
 	for _, act := range actions {
 		if act.IsPrivate {
-			if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ReadAccess); !has {
+			if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ACCESS_MODE_READ); !has {
 				continue
 			}
 		}
@@ -211,7 +211,7 @@ func Profile(ctx *middleware.Context) {
 					continue
 				}
 				if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true},
-					models.ReadAccess); !has {
+					models.ACCESS_MODE_READ); !has {
 					continue
 				}
 			}