aboutsummaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
authorAntoine GIRARD <sapk@users.noreply.github.com>2018-01-27 17:48:15 +0100
committerLauris BH <lauris@nix.lv>2018-01-27 18:48:15 +0200
commit9e842c8a722eb1db50cfbdbe7146b67d3670052f (patch)
treed0d1f06f9363276289971759c7134149b9ec6860 /models
parent97fe773491ae69531141316a1178d22c8a5d1257 (diff)
downloadgitea-9e842c8a722eb1db50cfbdbe7146b67d3670052f.tar.gz
gitea-9e842c8a722eb1db50cfbdbe7146b67d3670052f.zip
Fix SSH auth lfs locks (#3152)
* Fix SSH auth LFS locks * Activate SSH/lock test * Remove debug * Follow @lunny recommendation for AfterLoad method
Diffstat (limited to 'models')
-rw-r--r--models/error.go19
-rw-r--r--models/lfs_lock.go55
2 files changed, 40 insertions, 34 deletions
diff --git a/models/error.go b/models/error.go
index 765b8fa6ca..cd96fa9256 100644
--- a/models/error.go
+++ b/models/error.go
@@ -530,21 +530,24 @@ func (err ErrLFSLockNotExist) Error() string {
return fmt.Sprintf("lfs lock does not exist [id: %d, rid: %d, path: %s]", err.ID, err.RepoID, err.Path)
}
-// ErrLFSLockUnauthorizedAction represents a "LFSLockUnauthorizedAction" kind of error.
-type ErrLFSLockUnauthorizedAction struct {
+// ErrLFSUnauthorizedAction represents a "LFSUnauthorizedAction" kind of error.
+type ErrLFSUnauthorizedAction struct {
RepoID int64
UserName string
- Action string
+ Mode AccessMode
}
-// IsErrLFSLockUnauthorizedAction checks if an error is a ErrLFSLockUnauthorizedAction.
-func IsErrLFSLockUnauthorizedAction(err error) bool {
- _, ok := err.(ErrLFSLockUnauthorizedAction)
+// IsErrLFSUnauthorizedAction checks if an error is a ErrLFSUnauthorizedAction.
+func IsErrLFSUnauthorizedAction(err error) bool {
+ _, ok := err.(ErrLFSUnauthorizedAction)
return ok
}
-func (err ErrLFSLockUnauthorizedAction) Error() string {
- return fmt.Sprintf("User %s doesn't have rigth to %s for lfs lock [rid: %d]", err.UserName, err.Action, err.RepoID)
+func (err ErrLFSUnauthorizedAction) Error() string {
+ if err.Mode == AccessModeWrite {
+ return fmt.Sprintf("User %s doesn't have write access for lfs lock [rid: %d]", err.UserName, err.RepoID)
+ }
+ return fmt.Sprintf("User %s doesn't have read access for lfs lock [rid: %d]", err.UserName, err.RepoID)
}
// ErrLFSLockAlreadyExist represents a "LFSLockAlreadyExist" kind of error.
diff --git a/models/lfs_lock.go b/models/lfs_lock.go
index 9bb87843a3..52e877b156 100644
--- a/models/lfs_lock.go
+++ b/models/lfs_lock.go
@@ -11,28 +11,40 @@ import (
"strings"
"time"
+ "code.gitea.io/gitea/modules/log"
api "code.gitea.io/sdk/gitea"
+ "github.com/go-xorm/xorm"
)
// LFSLock represents a git lfs lock of repository.
type LFSLock struct {
- ID int64 `xorm:"pk autoincr"`
- RepoID int64 `xorm:"INDEX NOT NULL"`
- Owner *User `xorm:"-"`
- OwnerID int64 `xorm:"INDEX NOT NULL"`
- Path string `xorm:"TEXT"`
- Created time.Time `xorm:"created"`
+ ID int64 `xorm:"pk autoincr"`
+ Repo *Repository `xorm:"-"`
+ RepoID int64 `xorm:"INDEX NOT NULL"`
+ Owner *User `xorm:"-"`
+ OwnerID int64 `xorm:"INDEX NOT NULL"`
+ Path string `xorm:"TEXT"`
+ Created time.Time `xorm:"created"`
}
// BeforeInsert is invoked from XORM before inserting an object of this type.
func (l *LFSLock) BeforeInsert() {
l.OwnerID = l.Owner.ID
+ l.RepoID = l.Repo.ID
l.Path = cleanPath(l.Path)
}
// AfterLoad is invoked from XORM after setting the values of all fields of this object.
-func (l *LFSLock) AfterLoad() {
- l.Owner, _ = GetUserByID(l.OwnerID)
+func (l *LFSLock) AfterLoad(session *xorm.Session) {
+ var err error
+ l.Owner, err = getUserByID(session, l.OwnerID)
+ if err != nil {
+ log.Error(2, "LFS lock AfterLoad failed OwnerId[%d] not found: %v", l.OwnerID, err)
+ }
+ l.Repo, err = getRepositoryByID(session, l.RepoID)
+ if err != nil {
+ log.Error(2, "LFS lock AfterLoad failed RepoId[%d] not found: %v", l.RepoID, err)
+ }
}
func cleanPath(p string) string {
@@ -53,12 +65,12 @@ func (l *LFSLock) APIFormat() *api.LFSLock {
// CreateLFSLock creates a new lock.
func CreateLFSLock(lock *LFSLock) (*LFSLock, error) {
- err := CheckLFSAccessForRepo(lock.Owner, lock.RepoID, "create")
+ err := CheckLFSAccessForRepo(lock.Owner, lock.Repo, AccessModeWrite)
if err != nil {
return nil, err
}
- l, err := GetLFSLock(lock.RepoID, lock.Path)
+ l, err := GetLFSLock(lock.Repo, lock.Path)
if err == nil {
return l, ErrLFSLockAlreadyExist{lock.RepoID, lock.Path}
}
@@ -71,15 +83,15 @@ func CreateLFSLock(lock *LFSLock) (*LFSLock, error) {
}
// GetLFSLock returns release by given path.
-func GetLFSLock(repoID int64, path string) (*LFSLock, error) {
+func GetLFSLock(repo *Repository, path string) (*LFSLock, error) {
path = cleanPath(path)
- rel := &LFSLock{RepoID: repoID}
+ rel := &LFSLock{RepoID: repo.ID}
has, err := x.Where("lower(path) = ?", strings.ToLower(path)).Get(rel)
if err != nil {
return nil, err
}
if !has {
- return nil, ErrLFSLockNotExist{0, repoID, path}
+ return nil, ErrLFSLockNotExist{0, repo.ID, path}
}
return rel, nil
}
@@ -109,7 +121,7 @@ func DeleteLFSLockByID(id int64, u *User, force bool) (*LFSLock, error) {
return nil, err
}
- err = CheckLFSAccessForRepo(u, lock.RepoID, "delete")
+ err = CheckLFSAccessForRepo(u, lock.Repo, AccessModeWrite)
if err != nil {
return nil, err
}
@@ -123,24 +135,15 @@ func DeleteLFSLockByID(id int64, u *User, force bool) (*LFSLock, error) {
}
//CheckLFSAccessForRepo check needed access mode base on action
-func CheckLFSAccessForRepo(u *User, repoID int64, action string) error {
+func CheckLFSAccessForRepo(u *User, repo *Repository, mode AccessMode) error {
if u == nil {
- return ErrLFSLockUnauthorizedAction{repoID, "undefined", action}
- }
- mode := AccessModeRead
- if action == "create" || action == "delete" || action == "verify" {
- mode = AccessModeWrite
- }
-
- repo, err := GetRepositoryByID(repoID)
- if err != nil {
- return err
+ return ErrLFSUnauthorizedAction{repo.ID, "undefined", mode}
}
has, err := HasAccess(u.ID, repo, mode)
if err != nil {
return err
} else if !has {
- return ErrLFSLockUnauthorizedAction{repo.ID, u.DisplayName(), action}
+ return ErrLFSUnauthorizedAction{repo.ID, u.DisplayName(), mode}
}
return nil
}