diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2024-12-03 19:59:48 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-12-04 11:59:48 +0800 |
| commit | 17053e953f697ba21e067f1ad7715b18e07e273b (patch) | |
| tree | 0c9e462f5ffc9104208ccfaba578ebf88e650252 /services | |
| parent | c9e582c6b6cbc7beae66d24b05be6e1d338aa81b (diff) | |
| download | gitea-17053e953f697ba21e067f1ad7715b18e07e273b.tar.gz gitea-17053e953f697ba21e067f1ad7715b18e07e273b.zip | |
Fix delete branch perm checking (#32654)
Diffstat (limited to 'services')
| -rw-r--r-- | services/repository/branch.go | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/services/repository/branch.go b/services/repository/branch.go index 600ba96e92..508817c83e 100644 --- a/services/repository/branch.go +++ b/services/repository/branch.go @@ -14,7 +14,9 @@ import ( "code.gitea.io/gitea/models/db" git_model "code.gitea.io/gitea/models/git" issues_model "code.gitea.io/gitea/models/issues" + access_model "code.gitea.io/gitea/models/perm/access" repo_model "code.gitea.io/gitea/models/repo" + "code.gitea.io/gitea/models/unit" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/cache" "code.gitea.io/gitea/modules/git" @@ -463,15 +465,17 @@ var ( ErrBranchIsDefault = errors.New("branch is default") ) -// DeleteBranch delete branch -func DeleteBranch(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, gitRepo *git.Repository, branchName string) error { - err := repo.MustNotBeArchived() +func CanDeleteBranch(ctx context.Context, repo *repo_model.Repository, branchName string, doer *user_model.User) error { + if branchName == repo.DefaultBranch { + return ErrBranchIsDefault + } + + perm, err := access_model.GetUserRepoPermission(ctx, repo, doer) if err != nil { return err } - - if branchName == repo.DefaultBranch { - return ErrBranchIsDefault + if !perm.CanWrite(unit.TypeCode) { + return util.NewPermissionDeniedErrorf("permission denied to access repo %d unit %s", repo.ID, unit.TypeCode.LogString()) } isProtected, err := git_model.IsBranchProtected(ctx, repo.ID, branchName) @@ -481,6 +485,19 @@ func DeleteBranch(ctx context.Context, doer *user_model.User, repo *repo_model.R if isProtected { return git_model.ErrBranchIsProtected } + return nil +} + +// DeleteBranch delete branch +func DeleteBranch(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, gitRepo *git.Repository, branchName string) error { + err := repo.MustNotBeArchived() + if err != nil { + return err + } + + if err := CanDeleteBranch(ctx, repo, branchName, doer); err != nil { + return err + } rawBranch, err := git_model.GetBranch(ctx, repo.ID, branchName) if err != nil && !git_model.IsErrBranchNotExist(err) { |