diff options
author | Lunny Xiao <xiaolunwen@gmail.com> | 2018-11-28 19:26:14 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-11-28 19:26:14 +0800 |
commit | eabbddcd98717ef20d8475e819f403c50f4a9787 (patch) | |
tree | efc525e7ec60d56d3bec72019febfa088a128b89 /modules/lfs | |
parent | 0222623be9fa4a56d870213f77b92139cefc2518 (diff) | |
download | gitea-eabbddcd98717ef20d8475e819f403c50f4a9787.tar.gz gitea-eabbddcd98717ef20d8475e819f403c50f4a9787.zip |
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems
* fix some bugs and merge LoadUnits to repoAssignment
* refactor permission struct and add some copyright heads
* remove unused codes
* fix routes units check
* improve permission check
* add unit tests for permission
* fix typo
* fix tests
* fix some routes
* fix api permission check
* improve permission check
* fix some permission check
* fix tests
* fix tests
* improve some permission check
* fix some permission check
* refactor AccessLevel
* fix bug
* fix tests
* fix tests
* fix tests
* fix AccessLevel
* rename CanAccess
* fix tests
* fix comment
* fix bug
* add missing unit for test repos
* fix bug
* rename some functions
* fix routes check
Diffstat (limited to 'modules/lfs')
-rw-r--r-- | modules/lfs/server.go | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/modules/lfs/server.go b/modules/lfs/server.go index d6543816b9..f0f2d4bf44 100644 --- a/modules/lfs/server.go +++ b/modules/lfs/server.go @@ -497,12 +497,12 @@ func authenticate(ctx *context.Context, repository *models.Repository, authoriza accessMode = models.AccessModeWrite } - if !repository.IsPrivate && !requireWrite { - return true + perm, err := models.GetUserRepoPermission(repository, ctx.User) + if err != nil { + return false } if ctx.IsSigned { - accessCheck, _ := models.HasAccess(ctx.User.ID, repository, accessMode) - return accessCheck + return perm.CanAccess(accessMode, models.UnitTypeCode) } user, repo, opStr, err := parseToken(authorization) @@ -511,8 +511,11 @@ func authenticate(ctx *context.Context, repository *models.Repository, authoriza } ctx.User = user if opStr == "basic" { - accessCheck, _ := models.HasAccess(ctx.User.ID, repository, accessMode) - return accessCheck + perm, err = models.GetUserRepoPermission(repository, ctx.User) + if err != nil { + return false + } + return perm.CanAccess(accessMode, models.UnitTypeCode) } if repository.ID == repo.ID { if requireWrite && opStr != "upload" { |