diff options
author | Antoine GIRARD <sapk@users.noreply.github.com> | 2018-01-27 17:48:15 +0100 |
---|---|---|
committer | Lauris BH <lauris@nix.lv> | 2018-01-27 18:48:15 +0200 |
commit | 9e842c8a722eb1db50cfbdbe7146b67d3670052f (patch) | |
tree | d0d1f06f9363276289971759c7134149b9ec6860 /models | |
parent | 97fe773491ae69531141316a1178d22c8a5d1257 (diff) | |
download | gitea-9e842c8a722eb1db50cfbdbe7146b67d3670052f.tar.gz gitea-9e842c8a722eb1db50cfbdbe7146b67d3670052f.zip |
Fix SSH auth lfs locks (#3152)
* Fix SSH auth LFS locks
* Activate SSH/lock test
* Remove debug
* Follow @lunny recommendation for AfterLoad method
Diffstat (limited to 'models')
-rw-r--r-- | models/error.go | 19 | ||||
-rw-r--r-- | models/lfs_lock.go | 55 |
2 files changed, 40 insertions, 34 deletions
diff --git a/models/error.go b/models/error.go index 765b8fa6ca..cd96fa9256 100644 --- a/models/error.go +++ b/models/error.go @@ -530,21 +530,24 @@ func (err ErrLFSLockNotExist) Error() string { return fmt.Sprintf("lfs lock does not exist [id: %d, rid: %d, path: %s]", err.ID, err.RepoID, err.Path) } -// ErrLFSLockUnauthorizedAction represents a "LFSLockUnauthorizedAction" kind of error. -type ErrLFSLockUnauthorizedAction struct { +// ErrLFSUnauthorizedAction represents a "LFSUnauthorizedAction" kind of error. +type ErrLFSUnauthorizedAction struct { RepoID int64 UserName string - Action string + Mode AccessMode } -// IsErrLFSLockUnauthorizedAction checks if an error is a ErrLFSLockUnauthorizedAction. -func IsErrLFSLockUnauthorizedAction(err error) bool { - _, ok := err.(ErrLFSLockUnauthorizedAction) +// IsErrLFSUnauthorizedAction checks if an error is a ErrLFSUnauthorizedAction. +func IsErrLFSUnauthorizedAction(err error) bool { + _, ok := err.(ErrLFSUnauthorizedAction) return ok } -func (err ErrLFSLockUnauthorizedAction) Error() string { - return fmt.Sprintf("User %s doesn't have rigth to %s for lfs lock [rid: %d]", err.UserName, err.Action, err.RepoID) +func (err ErrLFSUnauthorizedAction) Error() string { + if err.Mode == AccessModeWrite { + return fmt.Sprintf("User %s doesn't have write access for lfs lock [rid: %d]", err.UserName, err.RepoID) + } + return fmt.Sprintf("User %s doesn't have read access for lfs lock [rid: %d]", err.UserName, err.RepoID) } // ErrLFSLockAlreadyExist represents a "LFSLockAlreadyExist" kind of error. diff --git a/models/lfs_lock.go b/models/lfs_lock.go index 9bb87843a3..52e877b156 100644 --- a/models/lfs_lock.go +++ b/models/lfs_lock.go @@ -11,28 +11,40 @@ import ( "strings" "time" + "code.gitea.io/gitea/modules/log" api "code.gitea.io/sdk/gitea" + "github.com/go-xorm/xorm" ) // LFSLock represents a git lfs lock of repository. type LFSLock struct { - ID int64 `xorm:"pk autoincr"` - RepoID int64 `xorm:"INDEX NOT NULL"` - Owner *User `xorm:"-"` - OwnerID int64 `xorm:"INDEX NOT NULL"` - Path string `xorm:"TEXT"` - Created time.Time `xorm:"created"` + ID int64 `xorm:"pk autoincr"` + Repo *Repository `xorm:"-"` + RepoID int64 `xorm:"INDEX NOT NULL"` + Owner *User `xorm:"-"` + OwnerID int64 `xorm:"INDEX NOT NULL"` + Path string `xorm:"TEXT"` + Created time.Time `xorm:"created"` } // BeforeInsert is invoked from XORM before inserting an object of this type. func (l *LFSLock) BeforeInsert() { l.OwnerID = l.Owner.ID + l.RepoID = l.Repo.ID l.Path = cleanPath(l.Path) } // AfterLoad is invoked from XORM after setting the values of all fields of this object. -func (l *LFSLock) AfterLoad() { - l.Owner, _ = GetUserByID(l.OwnerID) +func (l *LFSLock) AfterLoad(session *xorm.Session) { + var err error + l.Owner, err = getUserByID(session, l.OwnerID) + if err != nil { + log.Error(2, "LFS lock AfterLoad failed OwnerId[%d] not found: %v", l.OwnerID, err) + } + l.Repo, err = getRepositoryByID(session, l.RepoID) + if err != nil { + log.Error(2, "LFS lock AfterLoad failed RepoId[%d] not found: %v", l.RepoID, err) + } } func cleanPath(p string) string { @@ -53,12 +65,12 @@ func (l *LFSLock) APIFormat() *api.LFSLock { // CreateLFSLock creates a new lock. func CreateLFSLock(lock *LFSLock) (*LFSLock, error) { - err := CheckLFSAccessForRepo(lock.Owner, lock.RepoID, "create") + err := CheckLFSAccessForRepo(lock.Owner, lock.Repo, AccessModeWrite) if err != nil { return nil, err } - l, err := GetLFSLock(lock.RepoID, lock.Path) + l, err := GetLFSLock(lock.Repo, lock.Path) if err == nil { return l, ErrLFSLockAlreadyExist{lock.RepoID, lock.Path} } @@ -71,15 +83,15 @@ func CreateLFSLock(lock *LFSLock) (*LFSLock, error) { } // GetLFSLock returns release by given path. -func GetLFSLock(repoID int64, path string) (*LFSLock, error) { +func GetLFSLock(repo *Repository, path string) (*LFSLock, error) { path = cleanPath(path) - rel := &LFSLock{RepoID: repoID} + rel := &LFSLock{RepoID: repo.ID} has, err := x.Where("lower(path) = ?", strings.ToLower(path)).Get(rel) if err != nil { return nil, err } if !has { - return nil, ErrLFSLockNotExist{0, repoID, path} + return nil, ErrLFSLockNotExist{0, repo.ID, path} } return rel, nil } @@ -109,7 +121,7 @@ func DeleteLFSLockByID(id int64, u *User, force bool) (*LFSLock, error) { return nil, err } - err = CheckLFSAccessForRepo(u, lock.RepoID, "delete") + err = CheckLFSAccessForRepo(u, lock.Repo, AccessModeWrite) if err != nil { return nil, err } @@ -123,24 +135,15 @@ func DeleteLFSLockByID(id int64, u *User, force bool) (*LFSLock, error) { } //CheckLFSAccessForRepo check needed access mode base on action -func CheckLFSAccessForRepo(u *User, repoID int64, action string) error { +func CheckLFSAccessForRepo(u *User, repo *Repository, mode AccessMode) error { if u == nil { - return ErrLFSLockUnauthorizedAction{repoID, "undefined", action} - } - mode := AccessModeRead - if action == "create" || action == "delete" || action == "verify" { - mode = AccessModeWrite - } - - repo, err := GetRepositoryByID(repoID) - if err != nil { - return err + return ErrLFSUnauthorizedAction{repo.ID, "undefined", mode} } has, err := HasAccess(u.ID, repo, mode) if err != nil { return err } else if !has { - return ErrLFSLockUnauthorizedAction{repo.ID, u.DisplayName(), action} + return ErrLFSUnauthorizedAction{repo.ID, u.DisplayName(), mode} } return nil } |