summaryrefslogtreecommitdiffstats
path: root/routers/private/internal.go
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2018-11-28 19:26:14 +0800
committerGitHub <noreply@github.com>2018-11-28 19:26:14 +0800
commiteabbddcd98717ef20d8475e819f403c50f4a9787 (patch)
treeefc525e7ec60d56d3bec72019febfa088a128b89 /routers/private/internal.go
parent0222623be9fa4a56d870213f77b92139cefc2518 (diff)
downloadgitea-eabbddcd98717ef20d8475e819f403c50f4a9787.tar.gz
gitea-eabbddcd98717ef20d8475e819f403c50f4a9787.zip
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems * fix some bugs and merge LoadUnits to repoAssignment * refactor permission struct and add some copyright heads * remove unused codes * fix routes units check * improve permission check * add unit tests for permission * fix typo * fix tests * fix some routes * fix api permission check * improve permission check * fix some permission check * fix tests * fix tests * improve some permission check * fix some permission check * refactor AccessLevel * fix bug * fix tests * fix tests * fix tests * fix AccessLevel * rename CanAccess * fix tests * fix comment * fix bug * add missing unit for test repos * fix bug * rename some functions * fix routes check
Diffstat (limited to 'routers/private/internal.go')
-rw-r--r--routers/private/internal.go36
1 files changed, 15 insertions, 21 deletions
diff --git a/routers/private/internal.go b/routers/private/internal.go
index 23e0122642..0221b1fee8 100644
--- a/routers/private/internal.go
+++ b/routers/private/internal.go
@@ -38,8 +38,8 @@ func GetRepositoryByOwnerAndName(ctx *macaron.Context) {
ctx.JSON(200, repo)
}
-//AccessLevel chainload to models.AccessLevel
-func AccessLevel(ctx *macaron.Context) {
+//CheckUnitUser chainload to models.CheckUnitUser
+func CheckUnitUser(ctx *macaron.Context) {
repoID := ctx.ParamsInt64(":repoid")
userID := ctx.ParamsInt64(":userid")
repo, err := models.GetRepositoryByID(repoID)
@@ -49,32 +49,27 @@ func AccessLevel(ctx *macaron.Context) {
})
return
}
- al, err := models.AccessLevel(userID, repo)
- if err != nil {
- ctx.JSON(500, map[string]interface{}{
- "err": err.Error(),
- })
- return
+
+ var user *models.User
+ if userID > 0 {
+ user, err = models.GetUserByID(userID)
+ if err != nil {
+ ctx.JSON(500, map[string]interface{}{
+ "err": err.Error(),
+ })
+ return
+ }
}
- ctx.JSON(200, al)
-}
-//CheckUnitUser chainload to models.CheckUnitUser
-func CheckUnitUser(ctx *macaron.Context) {
- repoID := ctx.ParamsInt64(":repoid")
- userID := ctx.ParamsInt64(":userid")
- repo, err := models.GetRepositoryByID(repoID)
+ perm, err := models.GetUserRepoPermission(repo, user)
if err != nil {
ctx.JSON(500, map[string]interface{}{
"err": err.Error(),
})
return
}
- if repo.CheckUnitUser(userID, ctx.QueryBool("isAdmin"), models.UnitType(ctx.QueryInt("unitType"))) {
- ctx.PlainText(200, []byte("success"))
- return
- }
- ctx.PlainText(404, []byte("no access"))
+
+ ctx.JSON(200, perm.UnitAccessMode(models.UnitType(ctx.QueryInt("unitType"))))
}
// RegisterRoutes registers all internal APIs routes to web application.
@@ -85,7 +80,6 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Get("/ssh/:id/user", GetUserByKeyID)
m.Post("/ssh/:id/update", UpdatePublicKey)
m.Post("/repositories/:repoid/keys/:keyid/update", UpdateDeployKey)
- m.Get("/repositories/:repoid/user/:userid/accesslevel", AccessLevel)
m.Get("/repositories/:repoid/user/:userid/checkunituser", CheckUnitUser)
m.Get("/repositories/:repoid/has-keys/:keyid", HasDeployKey)
m.Post("/push/update", PushUpdate)