diff options
author | David Svantesson <davidsvantesson@gmail.com> | 2019-10-15 02:55:21 +0200 |
---|---|---|
committer | zeripath <art27@cantab.net> | 2019-10-15 01:55:21 +0100 |
commit | 8ad26976114c4fed6269a40e52632d065167bd20 (patch) | |
tree | b6c13ca7d7390ce8fd28354287c3b0b4ef3cb291 /models/access.go | |
parent | 733c898a907b23fa9e0c1bf108be5c5d9f9f7eb0 (diff) | |
download | gitea-8ad26976114c4fed6269a40e52632d065167bd20.tar.gz gitea-8ad26976114c4fed6269a40e52632d065167bd20.zip |
Recalculate repository access only for specific user (#8481)
* Recalculate repository access only for specific user
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Handle user repositories as well, and only add access if minimum mode
* Need to get repo owner to check if organization
Diffstat (limited to 'models/access.go')
-rw-r--r-- | models/access.go | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/models/access.go b/models/access.go index 3cdfc62f21..213efe08a6 100644 --- a/models/access.go +++ b/models/access.go @@ -246,6 +246,55 @@ func (repo *Repository) recalculateTeamAccesses(e Engine, ignTeamID int64) (err return repo.refreshAccesses(e, accessMap) } +// recalculateUserAccess recalculates new access for a single user +// Usable if we know access only affected one user +func (repo *Repository) recalculateUserAccess(e Engine, uid int64) (err error) { + minMode := AccessModeRead + if !repo.IsPrivate { + minMode = AccessModeWrite + } + + accessMode := AccessModeNone + collaborator, err := repo.getCollaboration(e, uid) + if err != nil { + return err + } else if collaborator != nil { + accessMode = collaborator.Mode + } + + if err = repo.getOwner(e); err != nil { + return err + } else if repo.Owner.IsOrganization() { + var teams []Team + if err := e.Join("INNER", "team_repo", "team_repo.team_id = team.id"). + Join("INNER", "team_user", "team_user.team_id = team.id"). + Where("team.org_id = ?", repo.OwnerID). + And("team_repo.repo_id=?", repo.ID). + And("team_user.uid=?", uid). + Find(&teams); err != nil { + return err + } + + for _, t := range teams { + if t.IsOwnerTeam() { + t.Authorize = AccessModeOwner + } + + accessMode = maxAccessMode(accessMode, t.Authorize) + } + } + + // Delete old user accesses and insert new one for repository. + if _, err = e.Delete(&Access{RepoID: repo.ID, UserID: uid}); err != nil { + return fmt.Errorf("delete old user accesses: %v", err) + } else if accessMode >= minMode { + if _, err = e.Insert(&Access{RepoID: repo.ID, UserID: uid, Mode: accessMode}); err != nil { + return fmt.Errorf("insert new user accesses: %v", err) + } + } + return nil +} + func (repo *Repository) recalculateAccesses(e Engine) error { if repo.Owner.IsOrganization() { return repo.recalculateTeamAccesses(e, 0) |