summaryrefslogtreecommitdiffstats
path: root/modules/context/package.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/context/package.go')
-rw-r--r--modules/context/package.go28
1 files changed, 10 insertions, 18 deletions
diff --git a/modules/context/package.go b/modules/context/package.go
index 2a55db3a77..2a0159eb5c 100644
--- a/modules/context/package.go
+++ b/modules/context/package.go
@@ -92,33 +92,25 @@ func determineAccessMode(ctx *Context) (perm.AccessMode, error) {
return perm.AccessModeNone, nil
}
+ // TODO: ActionUser permission check
accessMode := perm.AccessModeNone
if ctx.Package.Owner.IsOrganization() {
org := organization.OrgFromUser(ctx.Package.Owner)
- // 1. Get user max authorize level for the org (may be none, if user is not member of the org)
- if ctx.Doer != nil {
- var err error
- accessMode, err = org.GetOrgUserMaxAuthorizeLevel(ctx.Doer.ID)
+ if ctx.Doer != nil && !ctx.Doer.IsGhost() {
+ // 1. If user is logged in, check all team packages permissions
+ teams, err := organization.GetUserOrgTeams(ctx, org.ID, ctx.Doer.ID)
if err != nil {
return accessMode, err
}
- // If access mode is less than write check every team for more permissions
- if accessMode < perm.AccessModeWrite {
- teams, err := organization.GetUserOrgTeams(ctx, org.ID, ctx.Doer.ID)
- if err != nil {
- return accessMode, err
- }
- for _, t := range teams {
- perm := t.UnitAccessMode(ctx, unit.TypePackages)
- if accessMode < perm {
- accessMode = perm
- }
+ for _, t := range teams {
+ perm := t.UnitAccessMode(ctx, unit.TypePackages)
+ if accessMode < perm {
+ accessMode = perm
}
}
- }
- // 2. If authorize level is none, check if org is visible to user
- if accessMode == perm.AccessModeNone && organization.HasOrgOrUserVisible(ctx, ctx.Package.Owner, ctx.Doer) {
+ } else if organization.HasOrgOrUserVisible(ctx, ctx.Package.Owner, ctx.Doer) {
+ // 2. If user is non-login, check if org is visible to non-login user
accessMode = perm.AccessModeRead
}
} else {