aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2017-05-19 08:59:26 +0800
committerLunny Xiao <xiaolunwen@gmail.com>2017-05-19 08:59:26 +0800
commit6362462da8958980385aad7c8df503d90e13380d (patch)
tree04b10fe28c10b1de457677ae35555cb91050b235
parent25d6e2a6601f6a8ffd812db35da7692a82044a7f (diff)
downloadgitea-6362462da8958980385aad7c8df503d90e13380d.tar.gz
gitea-6362462da8958980385aad7c8df503d90e13380d.zip
fix admin lost permission caused by #947
-rw-r--r--cmd/serv.go2
-rw-r--r--models/repo.go12
-rw-r--r--modules/context/repo.go7
-rw-r--r--routers/repo/http.go2
4 files changed, 14 insertions, 9 deletions
diff --git a/cmd/serv.go b/cmd/serv.go
index 0b1ddc3277..277790d4ca 100644
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -250,7 +250,7 @@ func runServ(c *cli.Context) error {
user.Name, requestedMode, repoPath)
}
- if !repo.CheckUnitUser(user.ID, unitType) {
+ if !repo.CheckUnitUser(user.ID, user.IsAdmin, unitType) {
fail("You do not have allowed for this action",
"User %s does not have allowed access to repository %s 's code",
user.Name, repoPath)
diff --git a/models/repo.go b/models/repo.go
index e1b7014551..0c755241ce 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -330,8 +330,8 @@ func (repo *Repository) getUnits(e Engine) (err error) {
}
// CheckUnitUser check whether user could visit the unit of this repository
-func (repo *Repository) CheckUnitUser(userID int64, unitType UnitType) bool {
- if err := repo.getUnitsByUserID(x, userID); err != nil {
+func (repo *Repository) CheckUnitUser(userID int64, isAdmin bool, unitType UnitType) bool {
+ if err := repo.getUnitsByUserID(x, userID, isAdmin); err != nil {
return false
}
@@ -344,11 +344,11 @@ func (repo *Repository) CheckUnitUser(userID int64, unitType UnitType) bool {
}
// LoadUnitsByUserID loads units according userID's permissions
-func (repo *Repository) LoadUnitsByUserID(userID int64) error {
- return repo.getUnitsByUserID(x, userID)
+func (repo *Repository) LoadUnitsByUserID(userID int64, isAdmin bool) error {
+ return repo.getUnitsByUserID(x, userID, isAdmin)
}
-func (repo *Repository) getUnitsByUserID(e Engine, userID int64) (err error) {
+func (repo *Repository) getUnitsByUserID(e Engine, userID int64, isAdmin bool) (err error) {
if repo.Units != nil {
return nil
}
@@ -358,7 +358,7 @@ func (repo *Repository) getUnitsByUserID(e Engine, userID int64) (err error) {
return err
}
- if !repo.Owner.IsOrganization() || userID == 0 {
+ if !repo.Owner.IsOrganization() || userID == 0 || isAdmin {
return nil
}
diff --git a/modules/context/repo.go b/modules/context/repo.go
index 555513c9e1..a59dc7da28 100644
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@@ -496,11 +496,16 @@ func RequireRepoWriter() macaron.Handler {
// LoadRepoUnits loads repsitory's units, it should be called after repository and user loaded
func LoadRepoUnits() macaron.Handler {
return func(ctx *Context) {
+ var isAdmin bool
+ if ctx.User != nil && ctx.User.IsAdmin {
+ isAdmin = true
+ }
+
var userID int64
if ctx.User != nil {
userID = ctx.User.ID
}
- err := ctx.Repo.Repository.LoadUnitsByUserID(userID)
+ err := ctx.Repo.Repository.LoadUnitsByUserID(userID, isAdmin)
if err != nil {
ctx.Handle(500, "LoadUnitsByUserID", err)
return
diff --git a/routers/repo/http.go b/routers/repo/http.go
index b1c7cbbdb8..0bea513eff 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -206,7 +206,7 @@ func HTTP(ctx *context.Context) {
}
}
- if !repo.CheckUnitUser(authUser.ID, unitType) {
+ if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {
ctx.HandleText(http.StatusForbidden, fmt.Sprintf("User %s does not have allowed access to repository %s 's code",
authUser.Name, repo.RepoPath()))
return