diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2019-04-26 02:59:10 +0800 |
|---|---|---|
| committer | Lauris BH <lauris@nix.lv> | 2019-04-25 21:59:10 +0300 |
| commit | 199faadea3ff40880d70c8bc031aab800720330d (patch) | |
| tree | 274117bd848e3cbf9c7f9fb3057814fd76552e83 /models | |
| parent | e8f4c7733a822eb6bb04909dbf70f2de679522b7 (diff) | |
| download | gitea-199faadea3ff40880d70c8bc031aab800720330d.tar.gz gitea-199faadea3ff40880d70c8bc031aab800720330d.zip | |
Fix org visibility bug when git cloning (#6743)
* fix org visibility bug
* fix permission check
* add integration tests
* fix tests
* change test user name for easier maintainance and fix test
* fix test git repo name
Diffstat (limited to 'models')
| -rw-r--r-- | models/fixtures/repo_unit.yml | 84 | ||||
| -rw-r--r-- | models/fixtures/repository.yml | 44 | ||||
| -rw-r--r-- | models/fixtures/user.yml | 36 | ||||
| -rw-r--r-- | models/org.go | 6 | ||||
| -rw-r--r-- | models/repo_list_test.go | 2 | ||||
| -rw-r--r-- | models/repo_permission.go | 9 | ||||
| -rw-r--r-- | models/user.go | 6 |
7 files changed, 184 insertions, 3 deletions
diff --git a/models/fixtures/repo_unit.yml b/models/fixtures/repo_unit.yml index e2bb4388d7..2b325cba88 100644 --- a/models/fixtures/repo_unit.yml +++ b/models/fixtures/repo_unit.yml @@ -291,3 +291,87 @@ type: 3 config: "{\"IgnoreWhitespaceConflicts\":false,\"AllowMerge\":true,\"AllowRebase\":true,\"AllowRebaseMerge\":true,\"AllowSquash\":true}" created_unix: 946684810 + +- + id: 43 + repo_id: 38 + type: 1 + config: "{}" + created_unix: 946684810 + +- + id: 44 + repo_id: 38 + type: 2 + config: "{\"EnableTimetracker\":true,\"AllowOnlyContributorsToTrackTime\":true}" + created_unix: 946684810 + +- + id: 45 + repo_id: 38 + type: 3 + config: "{\"IgnoreWhitespaceConflicts\":false,\"AllowMerge\":true,\"AllowRebase\":true,\"AllowRebaseMerge\":true,\"AllowSquash\":true}" + created_unix: 946684810 + +- + id: 46 + repo_id: 39 + type: 1 + config: "{}" + created_unix: 946684810 + +- + id: 47 + repo_id: 39 + type: 2 + config: "{\"EnableTimetracker\":true,\"AllowOnlyContributorsToTrackTime\":true}" + created_unix: 946684810 + +- + id: 48 + repo_id: 39 + type: 3 + config: "{\"IgnoreWhitespaceConflicts\":false,\"AllowMerge\":true,\"AllowRebase\":true,\"AllowRebaseMerge\":true,\"AllowSquash\":true}" + created_unix: 946684810 + +- + id: 49 + repo_id: 40 + type: 1 + config: "{}" + created_unix: 946684810 + +- + id: 50 + repo_id: 40 + type: 2 + config: "{\"EnableTimetracker\":true,\"AllowOnlyContributorsToTrackTime\":true}" + created_unix: 946684810 + +- + id: 51 + repo_id: 40 + type: 3 + config: "{\"IgnoreWhitespaceConflicts\":false,\"AllowMerge\":true,\"AllowRebase\":true,\"AllowRebaseMerge\":true,\"AllowSquash\":true}" + created_unix: 946684810 + +- + id: 52 + repo_id: 41 + type: 1 + config: "{}" + created_unix: 946684810 + +- + id: 53 + repo_id: 41 + type: 2 + config: "{\"EnableTimetracker\":true,\"AllowOnlyContributorsToTrackTime\":true}" + created_unix: 946684810 + +- + id: 54 + repo_id: 41 + type: 3 + config: "{\"IgnoreWhitespaceConflicts\":false,\"AllowMerge\":true,\"AllowRebase\":true,\"AllowRebaseMerge\":true,\"AllowSquash\":true}" + created_unix: 946684810
\ No newline at end of file diff --git a/models/fixtures/repository.yml b/models/fixtures/repository.yml index b0fd8fcc5c..083182e2bc 100644 --- a/models/fixtures/repository.yml +++ b/models/fixtures/repository.yml @@ -452,3 +452,47 @@ num_forks: 0 num_issues: 0 is_mirror: false + +- + id: 38 + owner_id: 22 + lower_name: public_repo_on_limited_org + name: public_repo_on_limited_org + is_private: false + num_stars: 0 + num_forks: 0 + num_issues: 0 + is_mirror: false + +- + id: 39 + owner_id: 22 + lower_name: private_repo_on_limited_org + name: private_repo_on_limited_org + is_private: true + num_stars: 0 + num_forks: 0 + num_issues: 0 + is_mirror: false + +- + id: 40 + owner_id: 23 + lower_name: public_repo_on_private_org + name: public_repo_on_private_org + is_private: false + num_stars: 0 + num_forks: 0 + num_issues: 0 + is_mirror: false + +- + id: 41 + owner_id: 23 + lower_name: private_repo_on_private_org + name: private_repo_on_private_org + is_private: true + num_stars: 0 + num_forks: 0 + num_issues: 0 + is_mirror: false
\ No newline at end of file diff --git a/models/fixtures/user.yml b/models/fixtures/user.yml index 9a1d558e6b..ed60e7f5ea 100644 --- a/models/fixtures/user.yml +++ b/models/fixtures/user.yml @@ -330,3 +330,39 @@ avatar_email: user21@example.com num_repos: 2 is_active: true + +- + id: 22 + lower_name: limited_org + name: limited_org + full_name: Limited Org + email: limited_org@example.com + passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password + type: 1 # organization + salt: ZogKvWdyEx + is_admin: false + avatar: avatar22 + avatar_email: limited_org@example.com + num_repos: 2 + is_active: true + num_members: 0 + num_teams: 0 + visibility: 1 + +- + id: 23 + lower_name: privated_org + name: privated_org + full_name: Privated Org + email: privated_org@example.com + passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password + type: 1 # organization + salt: ZogKvWdyEx + is_admin: false + avatar: avatar23 + avatar_email: privated_org@example.com + num_repos: 2 + is_active: true + num_members: 0 + num_teams: 0 + visibility: 2
\ No newline at end of file diff --git a/models/org.go b/models/org.go index 149d6f7aa7..b7db32ef16 100644 --- a/models/org.go +++ b/models/org.go @@ -370,6 +370,10 @@ func getOwnedOrgsByUserID(sess *xorm.Session, userID int64) ([]*User, error) { // HasOrgVisible tells if the given user can see the given org func HasOrgVisible(org *User, user *User) bool { + return hasOrgVisible(x, org, user) +} + +func hasOrgVisible(e Engine, org *User, user *User) bool { // Not SignedUser if user == nil { if org.Visibility == structs.VisibleTypePublic { @@ -382,7 +386,7 @@ func HasOrgVisible(org *User, user *User) bool { return true } - if org.Visibility == structs.VisibleTypePrivate && !org.IsUserPartOfOrg(user.ID) { + if org.Visibility == structs.VisibleTypePrivate && !org.isUserPartOfOrg(e, user.ID) { return false } return true diff --git a/models/repo_list_test.go b/models/repo_list_test.go index 96ee8821b6..e871c612f0 100644 --- a/models/repo_list_test.go +++ b/models/repo_list_test.go @@ -150,7 +150,7 @@ func TestSearchRepositoryByName(t *testing.T) { count: 21}, {name: "AllPublic/PublicAndPrivateRepositoriesOfUserIncludingCollaborative", opts: &SearchRepoOptions{Page: 1, PageSize: 10, OwnerID: 15, Private: true, AllPublic: true}, - count: 25}, + count: 26}, {name: "AllPublic/PublicAndPrivateRepositoriesOfUserIncludingCollaborativeByName", opts: &SearchRepoOptions{Keyword: "test", Page: 1, PageSize: 10, OwnerID: 15, Private: true, AllPublic: true}, count: 15}, diff --git a/models/repo_permission.go b/models/repo_permission.go index b4bd1c30f5..583bc8c812 100644 --- a/models/repo_permission.go +++ b/models/repo_permission.go @@ -164,6 +164,15 @@ func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permiss return } + if repo.Owner == nil { + repo.mustOwner(e) + } + + if repo.Owner.IsOrganization() && !HasOrgVisible(repo.Owner, user) { + perm.AccessMode = AccessModeNone + return + } + if err = repo.getUnits(e); err != nil { return } diff --git a/models/user.go b/models/user.go index eafc53d6f1..31e2387feb 100644 --- a/models/user.go +++ b/models/user.go @@ -538,7 +538,11 @@ func (u *User) IsUserOrgOwner(orgID int64) bool { // IsUserPartOfOrg returns true if user with userID is part of the u organisation. func (u *User) IsUserPartOfOrg(userID int64) bool { - isMember, err := IsOrganizationMember(u.ID, userID) + return u.isUserPartOfOrg(x, userID) +} + +func (u *User) isUserPartOfOrg(e Engine, userID int64) bool { + isMember, err := isOrganizationMember(e, u.ID, userID) if err != nil { log.Error("IsOrganizationMember: %v", err) return false |