diff options
| author | Ethan Koenig <ethantkoenig@gmail.com> | 2017-12-20 23:43:26 -0800 |
|---|---|---|
| committer | Lauris BH <lauris@nix.lv> | 2017-12-21 09:43:26 +0200 |
| commit | 515cdaa85d6087d91a61ebe74fae39e0c4bdf1c4 (patch) | |
| tree | 3a7143fc376af4402ca9008876be3afdc0c18efc /routers/repo | |
| parent | 529482135c8e9304dd7cdf08772eaba61d903894 (diff) | |
| download | gitea-515cdaa85d6087d91a61ebe74fae39e0c4bdf1c4.tar.gz gitea-515cdaa85d6087d91a61ebe74fae39e0c4bdf1c4.zip | |
Fix ignored errors when checking if organization, team member (#3177)
Diffstat (limited to 'routers/repo')
| -rw-r--r-- | routers/repo/issue.go | 32 | ||||
| -rw-r--r-- | routers/repo/pull.go | 6 | ||||
| -rw-r--r-- | routers/repo/repo.go | 12 | ||||
| -rw-r--r-- | routers/repo/setting.go | 42 |
4 files changed, 50 insertions, 42 deletions
diff --git a/routers/repo/issue.go b/routers/repo/issue.go index 578ead1343..4e12d62f30 100644 --- a/routers/repo/issue.go +++ b/routers/repo/issue.go @@ -475,6 +475,26 @@ func NewIssuePost(ctx *context.Context, form auth.CreateIssueForm) { ctx.Redirect(ctx.Repo.RepoLink + "/issues/" + com.ToStr(issue.Index)) } +// commentTag returns the CommentTag for a comment in/with the given repo, poster and issue +func commentTag(repo *models.Repository, poster *models.User, issue *models.Issue) (models.CommentTag, error) { + if repo.IsOwnedBy(poster.ID) { + return models.CommentTagOwner, nil + } else if repo.Owner.IsOrganization() { + isOwner, err := repo.Owner.IsOwnedBy(poster.ID) + if err != nil { + return models.CommentTagNone, err + } else if isOwner { + return models.CommentTagOwner, nil + } + } + if poster.IsWriterOfRepo(repo) { + return models.CommentTagWriter, nil + } else if poster.ID == issue.PosterID { + return models.CommentTagPoster, nil + } + return models.CommentTagNone, nil +} + // ViewIssue render issue view page func ViewIssue(ctx *context.Context) { ctx.Data["RequireHighlightJS"] = true @@ -644,15 +664,11 @@ func ViewIssue(ctx *context.Context) { continue } - if repo.IsOwnedBy(comment.PosterID) || - (repo.Owner.IsOrganization() && repo.Owner.IsOwnedBy(comment.PosterID)) { - comment.ShowTag = models.CommentTagOwner - } else if comment.Poster.IsWriterOfRepo(repo) { - comment.ShowTag = models.CommentTagWriter - } else if comment.PosterID == issue.PosterID { - comment.ShowTag = models.CommentTagPoster + comment.ShowTag, err = commentTag(repo, comment.Poster, issue) + if err != nil { + ctx.Handle(500, "commentTag", err) + return } - marked[comment.PosterID] = comment.ShowTag isAdded := false diff --git a/routers/repo/pull.go b/routers/repo/pull.go index c2f0a07fe7..5575009af4 100644 --- a/routers/repo/pull.go +++ b/routers/repo/pull.go @@ -173,7 +173,11 @@ func ForkPost(ctx *context.Context, form auth.CreateRepoForm) { // Check ownership of organization. if ctxUser.IsOrganization() { - if !ctxUser.IsOwnedBy(ctx.User.ID) { + isOwner, err := ctxUser.IsOwnedBy(ctx.User.ID) + if err != nil { + ctx.Handle(500, "IsOwnedBy", err) + return + } else if !isOwner { ctx.Error(403) return } diff --git a/routers/repo/repo.go b/routers/repo/repo.go index aedc4e5477..4cd7c8062c 100644 --- a/routers/repo/repo.go +++ b/routers/repo/repo.go @@ -74,10 +74,20 @@ func checkContextUser(ctx *context.Context, uid int64) *models.User { } // Check ownership of organization. - if !org.IsOrganization() || !(ctx.User.IsAdmin || org.IsOwnedBy(ctx.User.ID)) { + if !org.IsOrganization() { ctx.Error(403) return nil } + if !ctx.User.IsAdmin { + isOwner, err := org.IsOwnedBy(ctx.User.ID) + if err != nil { + ctx.Handle(500, "IsOwnedBy", err) + return nil + } else if !isOwner { + ctx.Error(403) + return nil + } + } return org } diff --git a/routers/repo/setting.go b/routers/repo/setting.go index 329802673d..8cb551707c 100644 --- a/routers/repo/setting.go +++ b/routers/repo/setting.go @@ -234,13 +234,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) { return } - if ctx.Repo.Owner.IsOrganization() { - if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) { - ctx.Error(404) - return - } - } - if !repo.IsMirror { ctx.Error(404) return @@ -268,13 +261,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) { return } - if ctx.Repo.Owner.IsOrganization() { - if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) { - ctx.Error(404) - return - } - } - newOwner := ctx.Query("new_owner_name") isExist, err := models.IsUserExist(0, newOwner) if err != nil { @@ -307,13 +293,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) { return } - if ctx.Repo.Owner.IsOrganization() { - if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) { - ctx.Error(404) - return - } - } - if err := models.DeleteRepository(ctx.User, ctx.Repo.Owner.ID, repo.ID); err != nil { ctx.Handle(500, "DeleteRepository", err) return @@ -333,13 +312,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) { return } - if ctx.Repo.Owner.IsOrganization() { - if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) { - ctx.Error(404) - return - } - } - repo.DeleteWiki() log.Trace("Repository wiki deleted: %s/%s", ctx.Repo.Owner.Name, repo.Name) @@ -393,10 +365,16 @@ func CollaborationPost(ctx *context.Context) { } // Check if user is organization member. - if ctx.Repo.Owner.IsOrganization() && ctx.Repo.Owner.IsOrgMember(u.ID) { - ctx.Flash.Info(ctx.Tr("repo.settings.user_is_org_member")) - ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration") - return + if ctx.Repo.Owner.IsOrganization() { + isMember, err := ctx.Repo.Owner.IsOrgMember(u.ID) + if err != nil { + ctx.Handle(500, "IsOrgMember", err) + return + } else if isMember { + ctx.Flash.Info(ctx.Tr("repo.settings.user_is_org_member")) + ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration") + return + } } if err = ctx.Repo.Repository.AddCollaborator(u); err != nil { |