diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2018-11-28 19:26:14 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-28 19:26:14 +0800 |
| commit | eabbddcd98717ef20d8475e819f403c50f4a9787 (patch) | |
| tree | efc525e7ec60d56d3bec72019febfa088a128b89 /routers/repo/pull.go | |
| parent | 0222623be9fa4a56d870213f77b92139cefc2518 (diff) | |
| download | gitea-eabbddcd98717ef20d8475e819f403c50f4a9787.tar.gz gitea-eabbddcd98717ef20d8475e819f403c50f4a9787.zip | |
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems
* fix some bugs and merge LoadUnits to repoAssignment
* refactor permission struct and add some copyright heads
* remove unused codes
* fix routes units check
* improve permission check
* add unit tests for permission
* fix typo
* fix tests
* fix some routes
* fix api permission check
* improve permission check
* fix some permission check
* fix tests
* fix tests
* improve some permission check
* fix some permission check
* refactor AccessLevel
* fix bug
* fix tests
* fix tests
* fix tests
* fix AccessLevel
* rename CanAccess
* fix tests
* fix comment
* fix bug
* add missing unit for test repos
* fix bug
* rename some functions
* fix routes check
Diffstat (limited to 'routers/repo/pull.go')
| -rw-r--r-- | routers/repo/pull.go | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/routers/repo/pull.go b/routers/repo/pull.go index 4ec1c27cea..4adfb96e74 100644 --- a/routers/repo/pull.go +++ b/routers/repo/pull.go @@ -57,7 +57,13 @@ func getForkRepository(ctx *context.Context) *models.Repository { return nil } - if !forkRepo.CanBeForked() || !forkRepo.HasAccess(ctx.User) { + perm, err := models.GetUserRepoPermission(forkRepo, ctx.User) + if err != nil { + ctx.ServerError("GetUserRepoPermission", err) + return nil + } + + if forkRepo.IsBare || !perm.CanRead(models.UnitTypeCode) { ctx.NotFound("getForkRepository", nil) return nil } @@ -669,7 +675,12 @@ func ParseCompareInfo(ctx *context.Context) (*models.User, *models.Repository, * } } - if !ctx.User.IsWriterOfRepo(headRepo) && !ctx.User.IsAdmin { + perm, err := models.GetUserRepoPermission(headRepo, ctx.User) + if err != nil { + ctx.ServerError("GetUserRepoPermission", err) + return nil, nil, nil, nil, "", "" + } + if !perm.CanWrite(models.UnitTypeCode) { log.Trace("ParseCompareInfo[%d]: does not have write access or site admin", baseRepo.ID) ctx.NotFound("ParseCompareInfo", nil) return nil, nil, nil, nil, "", "" @@ -823,7 +834,7 @@ func CompareAndPullRequestPost(ctx *context.Context, form auth.CreateIssueForm) return } - labelIDs, assigneeIDs, milestoneID := ValidateRepoMetas(ctx, form) + labelIDs, assigneeIDs, milestoneID := ValidateRepoMetas(ctx, form, true) if ctx.Written() { return } @@ -969,7 +980,12 @@ func CleanUpPullRequest(ctx *context.Context) { return } - if !ctx.User.IsWriterOfRepo(pr.HeadRepo) { + perm, err := models.GetUserRepoPermission(pr.HeadRepo, ctx.User) + if err != nil { + ctx.ServerError("GetUserRepoPermission", err) + return + } + if !perm.CanWrite(models.UnitTypeCode) { ctx.NotFound("CleanUpPullRequest", nil) return } |