diff options
| author | zeripath <art27@cantab.net> | 2022-02-02 10:10:06 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-02 11:10:06 +0100 |
| commit | 76e31115965164112a6dfdbd297632431e896e5e (patch) | |
| tree | 419d281e6efeb703a6076b16d11759ea2072c75c /models | |
| parent | 92e81e97e848f95af437694297105ec8fa18365e (diff) | |
| download | gitea-76e31115965164112a6dfdbd297632431e896e5e.tar.gz gitea-76e31115965164112a6dfdbd297632431e896e5e.zip | |
Collaborator trust model should trust collaborators (#18539)
* Collaborator trust model should trust collaborators
There was an unintended regression in #17917 which leads to only
repository admin commits being trusted. This PR restores the old logic.
Fix #18501
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'models')
| -rw-r--r-- | models/asymkey/gpg_key_commit_verification.go | 10 | ||||
| -rw-r--r-- | models/commit.go | 2 |
2 files changed, 6 insertions, 6 deletions
diff --git a/models/asymkey/gpg_key_commit_verification.go b/models/asymkey/gpg_key_commit_verification.go index 4b9d0cfda4..2f66863091 100644 --- a/models/asymkey/gpg_key_commit_verification.go +++ b/models/asymkey/gpg_key_commit_verification.go @@ -71,7 +71,7 @@ const ( ) // ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys. -func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isCodeReader func(*user_model.User) (bool, error)) []*SignCommit { +func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error)) []*SignCommit { newCommits := make([]*SignCommit, 0, len(oldCommits)) keyMap := map[string]bool{} @@ -81,7 +81,7 @@ func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustMod Verification: ParseCommitWithSignature(c.Commit), } - _ = CalculateTrustStatus(signCommit.Verification, repoTrustModel, isCodeReader, &keyMap) + _ = CalculateTrustStatus(signCommit.Verification, repoTrustModel, isOwnerMemberCollaborator, &keyMap) newCommits = append(newCommits, signCommit) } @@ -455,7 +455,7 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *use // CalculateTrustStatus will calculate the TrustStatus for a commit verification within a repository // There are several trust models in Gitea -func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, isCodeReader func(*user_model.User) (bool, error), keyMap *map[string]bool) (err error) { +func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error), keyMap *map[string]bool) (err error) { if !verification.Verified { return } @@ -500,11 +500,11 @@ func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_ var has bool isMember, has = (*keyMap)[verification.SigningKey.KeyID] if !has { - isMember, err = isCodeReader(verification.SigningUser) + isMember, err = isOwnerMemberCollaborator(verification.SigningUser) (*keyMap)[verification.SigningKey.KeyID] = isMember } } else { - isMember, err = isCodeReader(verification.SigningUser) + isMember, err = isOwnerMemberCollaborator(verification.SigningUser) } if !isMember { diff --git a/models/commit.go b/models/commit.go index 5df6964a1d..92a839b780 100644 --- a/models/commit.go +++ b/models/commit.go @@ -18,7 +18,7 @@ func ConvertFromGitCommit(commits []*git.Commit, repo *repo_model.Repository) [] user_model.ValidateCommitsWithEmails(commits), repo.GetTrustModel(), func(user *user_model.User) (bool, error) { - return IsUserRepoAdmin(repo, user) + return IsOwnerMemberCollaborator(repo, user.ID) }, ), repo, |