Restricted users (#6274)

* Restricted users (#4334): initial implementation * Add User.IsRestricted & UI to edit it * Pass user object instead of user id to places where IsRestricted flag matters * Restricted users: maintain access rows for all referenced repos (incl public) * Take logged in user & IsRestricted flag into account in org/repo listings, searches and accesses * Add basic repo access tests for restricted users Signed-off-by: Manush Dodunekov <manush@stendahls.se> * Mention restricted users in the faq Signed-off-by: Manush Dodunekov <manush@stendahls.se> * Revert unnecessary change `.isUserPartOfOrg` -> `.IsUserPartOfOrg` Signed-off-by: Manush Dodunekov <manush@stendahls.se> * Remove unnecessary `org.IsOrganization()` call Signed-off-by: Manush Dodunekov <manush@stendahls.se> * Revert to an `int64` keyed `accessMap` * Add type `userAccess` * Add convenience func updateUserAccess() * Turn accessMap into a `map[int64]userAccess` Signed-off-by: Manush Dodunekov <manush@stendahls.se> * or even better: `map[int64]*userAccess` * updateUserAccess(): use tighter syntax as suggested by lafriks * even tighter * Avoid extra loop * Don't disclose limited orgs to unauthenticated users * Don't assume block only applies to orgs * Use an array of `VisibleType` for filtering * fix yet another thinko * Ok - no need for u * Revert "Ok - no need for u" This reverts commit 5c3e886aabd5acd997a3b35687d322439732c200. Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com> Co-authored-by: Lauris BH <lauris@nix.lv>
author: Manush Dodunekov <manush@stendahls.se> 2020-01-13 19:33:46 +0200
committer: Antoine GIRARD <sapk@users.noreply.github.com> 2020-01-13 18:33:46 +0100
commit: 1751d5fcf200b7d78ec5543fa620174c69d2746a (patch)
tree: dfc9584c2c60ede1fcef436de02dc66d28fd9647 /routers
parent: 0b3aaa61964faa85b8008b04487388cc362ab436 (diff)
download: gitea-1751d5fcf200b7d78ec5543fa620174c69d2746a.tar.gz
gitea-1751d5fcf200b7d78ec5543fa620174c69d2746a.zip
7 files changed, 22 insertions, 27 deletions
diff --git a/routers/admin/users.go b/routers/admin/users.go
index b5c7dbd383..71cda86cc2 100644
--- a/routers/admin/users.go
+++ b/routers/admin/users.go
@@ -233,6 +233,7 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
 	u.MaxRepoCreation = form.MaxRepoCreation
 	u.IsActive = form.Active
 	u.IsAdmin = form.Admin
+	u.IsRestricted = form.Restricted
 	u.AllowGitHook = form.AllowGitHook
 	u.AllowImportLocal = form.AllowImportLocal
 	u.AllowCreateOrganization = form.AllowCreateOrganization
diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go
index 69b8a36995..1219ef2e41 100644
--- a/routers/api/v1/repo/issue.go
+++ b/routers/api/v1/repo/issue.go
@@ -73,13 +73,12 @@ func SearchIssues(ctx *context.APIContext) {
 		AllPublic:   true,
 		TopicOnly:   false,
 		Collaborate: util.OptionalBoolNone,
-		UserIsAdmin: ctx.IsUserSiteAdmin(),
 		OrderBy:     models.SearchOrderByRecentUpdated,
+		Actor:       ctx.User,
 	}
 	if ctx.IsSigned {
 		opts.Private = true
 		opts.AllLimited = true
-		opts.UserID = ctx.User.ID
 	}
 	issueCount := 0
 	for page := 1; ; page++ {
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index c7959c6db9..9ae0c4af4e 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -126,6 +126,7 @@ func Search(ctx *context.APIContext) {
 	//     "$ref": "#/responses/validationError"
 
 	opts := &models.SearchRepoOptions{
+		Actor:              ctx.User,
 		Keyword:            strings.Trim(ctx.Query("q"), " "),
 		OwnerID:            ctx.QueryInt64("uid"),
 		PriorityOwnerID:    ctx.QueryInt64("priority_owner_id"),
@@ -135,8 +136,6 @@ func Search(ctx *context.APIContext) {
 		Collaborate:        util.OptionalBoolNone,
 		Private:            ctx.IsSigned && (ctx.Query("private") == "" || ctx.QueryBool("private")),
 		Template:           util.OptionalBoolNone,
-		UserIsAdmin:        ctx.IsUserSiteAdmin(),
-		UserID:             ctx.Data["SignedUserID"].(int64),
 		StarredByID:        ctx.QueryInt64("starredBy"),
 		IncludeDescription: ctx.QueryBool("includeDesc"),
 	}
diff --git a/routers/home.go b/routers/home.go
index 0f59c95705..96e13cc68f 100644
--- a/routers/home.go
+++ b/routers/home.go
@@ -72,10 +72,11 @@ func Home(ctx *context.Context) {
 
 // RepoSearchOptions when calling search repositories
 type RepoSearchOptions struct {
-	OwnerID  int64
-	Private  bool
-	PageSize int
-	TplName  base.TplName
+	OwnerID    int64
+	Private    bool
+	Restricted bool
+	PageSize   int
+	TplName    base.TplName
 }
 
 var (
@@ -136,6 +137,7 @@ func RenderRepoSearch(ctx *context.Context, opts *RepoSearchOptions) {
 	ctx.Data["TopicOnly"] = topicOnly
 
 	repos, count, err = models.SearchRepository(&models.SearchRepoOptions{
+		Actor:              ctx.User,
 		Page:               page,
 		PageSize:           opts.PageSize,
 		OrderBy:            orderBy,
@@ -190,6 +192,7 @@ func RenderUserSearch(ctx *context.Context, opts *models.SearchUserOptions, tplN
 	if opts.Page <= 1 {
 		opts.Page = 1
 	}
+	opts.Actor = ctx.User
 
 	var (
 		users   []*models.User
@@ -261,22 +264,16 @@ func ExploreOrganizations(ctx *context.Context) {
 	ctx.Data["PageIsExploreOrganizations"] = true
 	ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled
 
-	var ownerID int64
-	if ctx.User != nil && !ctx.User.IsAdmin {
-		ownerID = ctx.User.ID
+	visibleTypes := []structs.VisibleType{structs.VisibleTypePublic}
+	if ctx.User != nil {
+		visibleTypes = append(visibleTypes, structs.VisibleTypeLimited, structs.VisibleTypePrivate)
 	}
 
-	opts := models.SearchUserOptions{
+	RenderUserSearch(ctx, &models.SearchUserOptions{
 		Type:     models.UserTypeOrganization,
 		PageSize: setting.UI.ExplorePagingNum,
-		OwnerID:  ownerID,
-	}
-	if ctx.User != nil {
-		opts.Visible = []structs.VisibleType{structs.VisibleTypePublic, structs.VisibleTypeLimited, structs.VisibleTypePrivate}
-	} else {
-		opts.Visible = []structs.VisibleType{structs.VisibleTypePublic}
-	}
-	RenderUserSearch(ctx, &opts, tplExploreOrganizations)
+		Visible:  visibleTypes,
+	}, tplExploreOrganizations)
 }
 
 // ExploreCode render explore code page
@@ -310,7 +307,7 @@ func ExploreCode(ctx *context.Context) {
 
 	// guest user or non-admin user
 	if ctx.User == nil || !isAdmin {
-		repoIDs, err = models.FindUserAccessibleRepoIDs(userID)
+		repoIDs, err = models.FindUserAccessibleRepoIDs(ctx.User)
 		if err != nil {
 			ctx.ServerError("SearchResults", err)
 			return
diff --git a/routers/org/home.go b/routers/org/home.go
index 9c24fe72fb..2f461d861b 100644
--- a/routers/org/home.go
+++ b/routers/org/home.go
@@ -80,8 +80,7 @@ func Home(ctx *context.Context) {
 		OwnerID:            org.ID,
 		OrderBy:            orderBy,
 		Private:            ctx.IsSigned,
-		UserIsAdmin:        ctx.IsUserSiteAdmin(),
-		UserID:             ctx.Data["SignedUserID"].(int64),
+		Actor:              ctx.User,
 		Page:               page,
 		IsProfile:          true,
 		PageSize:           setting.UI.User.RepoPagingNum,
diff --git a/routers/user/home.go b/routers/user/home.go
index 512c60716d..822452f1ca 100644
--- a/routers/user/home.go
+++ b/routers/user/home.go
@@ -144,6 +144,7 @@ func Dashboard(ctx *context.Context) {
 
 	retrieveFeeds(ctx, models.GetFeedsOptions{
 		RequestedUser:   ctxUser,
+		Actor:           ctx.User,
 		IncludePrivate:  true,
 		OnlyPerformedBy: false,
 		IncludeDeleted:  false,
diff --git a/routers/user/profile.go b/routers/user/profile.go
index 90e832b530..b5933788dd 100644
--- a/routers/user/profile.go
+++ b/routers/user/profile.go
@@ -161,6 +161,7 @@ func Profile(ctx *context.Context) {
 	switch tab {
 	case "activity":
 		retrieveFeeds(ctx, models.GetFeedsOptions{RequestedUser: ctxUser,
+			Actor:           ctx.User,
 			IncludePrivate:  showPrivate,
 			OnlyPerformedBy: true,
 			IncludeDeleted:  false,
@@ -171,11 +172,10 @@ func Profile(ctx *context.Context) {
 	case "stars":
 		ctx.Data["PageIsProfileStarList"] = true
 		repos, count, err = models.SearchRepository(&models.SearchRepoOptions{
+			Actor:              ctx.User,
 			Keyword:            keyword,
 			OrderBy:            orderBy,
 			Private:            ctx.IsSigned,
-			UserIsAdmin:        ctx.IsUserSiteAdmin(),
-			UserID:             ctx.Data["SignedUserID"].(int64),
 			Page:               page,
 			PageSize:           setting.UI.User.RepoPagingNum,
 			StarredByID:        ctxUser.ID,
@@ -191,12 +191,11 @@ func Profile(ctx *context.Context) {
 		total = int(count)
 	default:
 		repos, count, err = models.SearchRepository(&models.SearchRepoOptions{
+			Actor:              ctx.User,
 			Keyword:            keyword,
 			OwnerID:            ctxUser.ID,
 			OrderBy:            orderBy,
 			Private:            ctx.IsSigned,
-			UserIsAdmin:        ctx.IsUserSiteAdmin(),
-			UserID:             ctx.Data["SignedUserID"].(int64),
 			Page:               page,
 			IsProfile:          true,
 			PageSize:           setting.UI.User.RepoPagingNum,
author	Manush Dodunekov <manush@stendahls.se>	2020-01-13 19:33:46 +0200
committer	Antoine GIRARD <sapk@users.noreply.github.com>	2020-01-13 18:33:46 +0100
commit	1751d5fcf200b7d78ec5543fa620174c69d2746a (patch)
tree	dfc9584c2c60ede1fcef436de02dc66d28fd9647 /routers
parent	0b3aaa61964faa85b8008b04487388cc362ab436 (diff)
download	gitea-1751d5fcf200b7d78ec5543fa620174c69d2746a.tar.gz gitea-1751d5fcf200b7d78ec5543fa620174c69d2746a.zip