diff options
Diffstat (limited to 'modules/context/package.go')
-rw-r--r-- | modules/context/package.go | 28 |
1 files changed, 10 insertions, 18 deletions
diff --git a/modules/context/package.go b/modules/context/package.go index 2a55db3a77..2a0159eb5c 100644 --- a/modules/context/package.go +++ b/modules/context/package.go @@ -92,33 +92,25 @@ func determineAccessMode(ctx *Context) (perm.AccessMode, error) { return perm.AccessModeNone, nil } + // TODO: ActionUser permission check accessMode := perm.AccessModeNone if ctx.Package.Owner.IsOrganization() { org := organization.OrgFromUser(ctx.Package.Owner) - // 1. Get user max authorize level for the org (may be none, if user is not member of the org) - if ctx.Doer != nil { - var err error - accessMode, err = org.GetOrgUserMaxAuthorizeLevel(ctx.Doer.ID) + if ctx.Doer != nil && !ctx.Doer.IsGhost() { + // 1. If user is logged in, check all team packages permissions + teams, err := organization.GetUserOrgTeams(ctx, org.ID, ctx.Doer.ID) if err != nil { return accessMode, err } - // If access mode is less than write check every team for more permissions - if accessMode < perm.AccessModeWrite { - teams, err := organization.GetUserOrgTeams(ctx, org.ID, ctx.Doer.ID) - if err != nil { - return accessMode, err - } - for _, t := range teams { - perm := t.UnitAccessMode(ctx, unit.TypePackages) - if accessMode < perm { - accessMode = perm - } + for _, t := range teams { + perm := t.UnitAccessMode(ctx, unit.TypePackages) + if accessMode < perm { + accessMode = perm } } - } - // 2. If authorize level is none, check if org is visible to user - if accessMode == perm.AccessModeNone && organization.HasOrgOrUserVisible(ctx, ctx.Package.Owner, ctx.Doer) { + } else if organization.HasOrgOrUserVisible(ctx, ctx.Package.Owner, ctx.Doer) { + // 2. If user is non-login, check if org is visible to non-login user accessMode = perm.AccessModeRead } } else { |