diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2018-11-28 19:26:14 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-28 19:26:14 +0800 |
| commit | eabbddcd98717ef20d8475e819f403c50f4a9787 (patch) | |
| tree | efc525e7ec60d56d3bec72019febfa088a128b89 /routers/private | |
| parent | 0222623be9fa4a56d870213f77b92139cefc2518 (diff) | |
| download | gitea-eabbddcd98717ef20d8475e819f403c50f4a9787.tar.gz gitea-eabbddcd98717ef20d8475e819f403c50f4a9787.zip | |
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems
* fix some bugs and merge LoadUnits to repoAssignment
* refactor permission struct and add some copyright heads
* remove unused codes
* fix routes units check
* improve permission check
* add unit tests for permission
* fix typo
* fix tests
* fix some routes
* fix api permission check
* improve permission check
* fix some permission check
* fix tests
* fix tests
* improve some permission check
* fix some permission check
* refactor AccessLevel
* fix bug
* fix tests
* fix tests
* fix tests
* fix AccessLevel
* rename CanAccess
* fix tests
* fix comment
* fix bug
* add missing unit for test repos
* fix bug
* rename some functions
* fix routes check
Diffstat (limited to 'routers/private')
| -rw-r--r-- | routers/private/internal.go | 36 |
1 files changed, 15 insertions, 21 deletions
diff --git a/routers/private/internal.go b/routers/private/internal.go index 23e0122642..0221b1fee8 100644 --- a/routers/private/internal.go +++ b/routers/private/internal.go @@ -38,8 +38,8 @@ func GetRepositoryByOwnerAndName(ctx *macaron.Context) { ctx.JSON(200, repo) } -//AccessLevel chainload to models.AccessLevel -func AccessLevel(ctx *macaron.Context) { +//CheckUnitUser chainload to models.CheckUnitUser +func CheckUnitUser(ctx *macaron.Context) { repoID := ctx.ParamsInt64(":repoid") userID := ctx.ParamsInt64(":userid") repo, err := models.GetRepositoryByID(repoID) @@ -49,32 +49,27 @@ func AccessLevel(ctx *macaron.Context) { }) return } - al, err := models.AccessLevel(userID, repo) - if err != nil { - ctx.JSON(500, map[string]interface{}{ - "err": err.Error(), - }) - return + + var user *models.User + if userID > 0 { + user, err = models.GetUserByID(userID) + if err != nil { + ctx.JSON(500, map[string]interface{}{ + "err": err.Error(), + }) + return + } } - ctx.JSON(200, al) -} -//CheckUnitUser chainload to models.CheckUnitUser -func CheckUnitUser(ctx *macaron.Context) { - repoID := ctx.ParamsInt64(":repoid") - userID := ctx.ParamsInt64(":userid") - repo, err := models.GetRepositoryByID(repoID) + perm, err := models.GetUserRepoPermission(repo, user) if err != nil { ctx.JSON(500, map[string]interface{}{ "err": err.Error(), }) return } - if repo.CheckUnitUser(userID, ctx.QueryBool("isAdmin"), models.UnitType(ctx.QueryInt("unitType"))) { - ctx.PlainText(200, []byte("success")) - return - } - ctx.PlainText(404, []byte("no access")) + + ctx.JSON(200, perm.UnitAccessMode(models.UnitType(ctx.QueryInt("unitType")))) } // RegisterRoutes registers all internal APIs routes to web application. @@ -85,7 +80,6 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("/ssh/:id/user", GetUserByKeyID) m.Post("/ssh/:id/update", UpdatePublicKey) m.Post("/repositories/:repoid/keys/:keyid/update", UpdateDeployKey) - m.Get("/repositories/:repoid/user/:userid/accesslevel", AccessLevel) m.Get("/repositories/:repoid/user/:userid/checkunituser", CheckUnitUser) m.Get("/repositories/:repoid/has-keys/:keyid", HasDeployKey) m.Post("/push/update", PushUpdate) |