diff options
| author | zeripath <art27@cantab.net> | 2022-02-03 16:20:37 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-03 11:20:37 -0500 |
| commit | bc196a35e1c74f26d941aefbfde1733c2a989a6b (patch) | |
| tree | c107fa362b9e505312eec5f9814fec2a1daacc80 /models | |
| parent | 8d31cfbfff63d01150c131e674708ee7ed2e430d (diff) | |
| download | gitea-bc196a35e1c74f26d941aefbfde1733c2a989a6b.tar.gz gitea-bc196a35e1c74f26d941aefbfde1733c2a989a6b.zip | |
Collaborator trust model should trust collaborators (#18539) (#18557)
Backport #18539
There was an unintended regression in #17917 which leads to only
repository admin commits being trusted. This PR restores the old logic.
Fix #18501
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'models')
| -rw-r--r-- | models/asymkey/gpg_key_commit_verification.go | 10 | ||||
| -rw-r--r-- | models/commit.go | 2 |
2 files changed, 6 insertions, 6 deletions
diff --git a/models/asymkey/gpg_key_commit_verification.go b/models/asymkey/gpg_key_commit_verification.go index 4b9d0cfda4..2f66863091 100644 --- a/models/asymkey/gpg_key_commit_verification.go +++ b/models/asymkey/gpg_key_commit_verification.go @@ -71,7 +71,7 @@ const ( ) // ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys. -func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isCodeReader func(*user_model.User) (bool, error)) []*SignCommit { +func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error)) []*SignCommit { newCommits := make([]*SignCommit, 0, len(oldCommits)) keyMap := map[string]bool{} @@ -81,7 +81,7 @@ func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustMod Verification: ParseCommitWithSignature(c.Commit), } - _ = CalculateTrustStatus(signCommit.Verification, repoTrustModel, isCodeReader, &keyMap) + _ = CalculateTrustStatus(signCommit.Verification, repoTrustModel, isOwnerMemberCollaborator, &keyMap) newCommits = append(newCommits, signCommit) } @@ -455,7 +455,7 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *use // CalculateTrustStatus will calculate the TrustStatus for a commit verification within a repository // There are several trust models in Gitea -func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, isCodeReader func(*user_model.User) (bool, error), keyMap *map[string]bool) (err error) { +func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error), keyMap *map[string]bool) (err error) { if !verification.Verified { return } @@ -500,11 +500,11 @@ func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_ var has bool isMember, has = (*keyMap)[verification.SigningKey.KeyID] if !has { - isMember, err = isCodeReader(verification.SigningUser) + isMember, err = isOwnerMemberCollaborator(verification.SigningUser) (*keyMap)[verification.SigningKey.KeyID] = isMember } } else { - isMember, err = isCodeReader(verification.SigningUser) + isMember, err = isOwnerMemberCollaborator(verification.SigningUser) } if !isMember { diff --git a/models/commit.go b/models/commit.go index 5df6964a1d..92a839b780 100644 --- a/models/commit.go +++ b/models/commit.go @@ -18,7 +18,7 @@ func ConvertFromGitCommit(commits []*git.Commit, repo *repo_model.Repository) [] user_model.ValidateCommitsWithEmails(commits), repo.GetTrustModel(), func(user *user_model.User) (bool, error) { - return IsUserRepoAdmin(repo, user) + return IsOwnerMemberCollaborator(repo, user.ID) }, ), repo, |