diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2018-11-28 19:26:14 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-28 19:26:14 +0800 |
| commit | eabbddcd98717ef20d8475e819f403c50f4a9787 (patch) | |
| tree | efc525e7ec60d56d3bec72019febfa088a128b89 /routers/api/v1/repo/repo.go | |
| parent | 0222623be9fa4a56d870213f77b92139cefc2518 (diff) | |
| download | gitea-eabbddcd98717ef20d8475e819f403c50f4a9787.tar.gz gitea-eabbddcd98717ef20d8475e819f403c50f4a9787.zip | |
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems
* fix some bugs and merge LoadUnits to repoAssignment
* refactor permission struct and add some copyright heads
* remove unused codes
* fix routes units check
* improve permission check
* add unit tests for permission
* fix typo
* fix tests
* fix some routes
* fix api permission check
* improve permission check
* fix some permission check
* fix tests
* fix tests
* improve some permission check
* fix some permission check
* refactor AccessLevel
* fix bug
* fix tests
* fix tests
* fix tests
* fix AccessLevel
* rename CanAccess
* fix tests
* fix comment
* fix bug
* add missing unit for test repos
* fix bug
* rename some functions
* fix routes check
Diffstat (limited to 'routers/api/v1/repo/repo.go')
| -rw-r--r-- | routers/api/v1/repo/repo.go | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go index bf6346eebd..6d8125a77f 100644 --- a/routers/api/v1/repo/repo.go +++ b/routers/api/v1/repo/repo.go @@ -1,4 +1,5 @@ // Copyright 2014 The Gogs Authors. All rights reserved. +// Copyright 2018 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. @@ -183,11 +184,6 @@ func Search(ctx *context.APIContext) { return } - var userID int64 - if ctx.IsSigned { - userID = ctx.User.ID - } - results := make([]*api.Repository, len(repos)) for i, repo := range repos { if err = repo.GetOwner(); err != nil { @@ -197,7 +193,7 @@ func Search(ctx *context.APIContext) { }) return } - accessMode, err := models.AccessLevel(userID, repo) + accessMode, err := models.AccessLevel(ctx.User, repo) if err != nil { ctx.JSON(500, api.SearchError{ OK: false, @@ -469,15 +465,15 @@ func GetByID(ctx *context.APIContext) { return } - access, err := models.AccessLevel(ctx.User.ID, repo) + perm, err := models.GetUserRepoPermission(repo, ctx.User) if err != nil { ctx.Error(500, "AccessLevel", err) return - } else if access < models.AccessModeRead { + } else if !perm.HasAccess() { ctx.Status(404) return } - ctx.JSON(200, repo.APIFormat(access)) + ctx.JSON(200, repo.APIFormat(perm.AccessMode)) } // Delete one repository @@ -503,10 +499,6 @@ func Delete(ctx *context.APIContext) { // "$ref": "#/responses/empty" // "403": // "$ref": "#/responses/forbidden" - if !ctx.Repo.IsAdmin() { - ctx.Error(403, "", "Must have admin rights") - return - } owner := ctx.Repo.Owner repo := ctx.Repo.Repository @@ -553,7 +545,7 @@ func MirrorSync(ctx *context.APIContext) { // "$ref": "#/responses/empty" repo := ctx.Repo.Repository - if !ctx.Repo.IsWriter() { + if !ctx.Repo.CanWrite(models.UnitTypeCode) { ctx.Error(403, "MirrorSync", "Must have write access") } |