summaryrefslogtreecommitdiffstats
path: root/modules/middleware
diff options
context:
space:
mode:
Diffstat (limited to 'modules/middleware')
-rw-r--r--modules/middleware/context.go1
-rw-r--r--modules/middleware/org.go14
-rw-r--r--modules/middleware/repo.go23
3 files changed, 30 insertions, 8 deletions
diff --git a/modules/middleware/context.go b/modules/middleware/context.go
index 80975e999e..3ef1b1d620 100644
--- a/modules/middleware/context.go
+++ b/modules/middleware/context.go
@@ -46,6 +46,7 @@ type Context struct {
IsBranch bool
IsTag bool
IsCommit bool
+ IsAdmin bool // Current user is admin level.
HasAccess bool
Repository *models.Repository
Owner *models.User
diff --git a/modules/middleware/org.go b/modules/middleware/org.go
index c85221a5ab..ee4460b274 100644
--- a/modules/middleware/org.go
+++ b/modules/middleware/org.go
@@ -8,6 +8,7 @@ import (
"github.com/Unknwon/macaron"
"github.com/gogits/gogs/models"
+ "github.com/gogits/gogs/modules/log"
)
func OrgAssignment(redirect bool, args ...bool) macaron.Handler {
@@ -35,6 +36,7 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler {
if err == models.ErrUserNotExist {
ctx.Handle(404, "GetUserByName", err)
} else if redirect {
+ log.Error(4, "GetUserByName", err)
ctx.Redirect("/")
} else {
ctx.Handle(500, "GetUserByName", err)
@@ -52,17 +54,14 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler {
} else {
if org.IsOrgMember(ctx.User.Id) {
ctx.Org.IsMember = true
- // TODO: ctx.Org.IsAdminTeam
}
}
}
if (requireMember && !ctx.Org.IsMember) ||
- (requireOwner && !ctx.Org.IsOwner) ||
- (requireAdminTeam && !ctx.Org.IsAdminTeam) {
+ (requireOwner && !ctx.Org.IsOwner) {
ctx.Handle(404, "OrgAssignment", err)
return
}
- ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
ctx.Data["IsOrganizationOwner"] = ctx.Org.IsOwner
ctx.Org.OrgLink = "/org/" + org.Name
@@ -76,6 +75,7 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler {
if err == models.ErrTeamNotExist {
ctx.Handle(404, "GetTeam", err)
} else if redirect {
+ log.Error(4, "GetTeam", err)
ctx.Redirect("/")
} else {
ctx.Handle(500, "GetTeam", err)
@@ -83,6 +83,12 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler {
return
}
ctx.Data["Team"] = ctx.Org.Team
+ ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize == models.ORG_ADMIN
+ }
+ ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
+ if requireAdminTeam && !ctx.Org.IsAdminTeam {
+ ctx.Handle(404, "OrgAssignment", err)
+ return
}
}
}
diff --git a/modules/middleware/repo.go b/modules/middleware/repo.go
index 3db1932af0..68a9a2d7fb 100644
--- a/modules/middleware/repo.go
+++ b/modules/middleware/repo.go
@@ -59,6 +59,7 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
if err == models.ErrUserNotExist {
ctx.Handle(404, "GetUserByName", err)
} else if redirect {
+ log.Error(4, "GetUserByName", err)
ctx.Redirect("/")
} else {
ctx.Handle(500, "GetUserByName", err)
@@ -84,7 +85,7 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
ctx.Repo.IsTrueOwner = true
}
- // get repository
+ // Get repository.
repo, err := models.GetRepositoryByName(u.Id, repoName)
if err != nil {
if err == models.ErrRepoNotExist {
@@ -102,8 +103,22 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
}
// Check if the mirror repository owner(mirror repository doesn't have access).
- if ctx.IsSigned && !ctx.Repo.IsOwner && repo.OwnerId == ctx.User.Id {
- ctx.Repo.IsOwner = true
+ if ctx.IsSigned && !ctx.Repo.IsOwner {
+ if repo.OwnerId == ctx.User.Id {
+ ctx.Repo.IsOwner = true
+ }
+ // Check if current user has admin permission to repository.
+ if u.IsOrganization() {
+ auth, err := models.GetHighestAuthorize(u.Id, ctx.User.Id, 0, repo.Id)
+ if err != nil {
+ ctx.Handle(500, "GetHighestAuthorize", err)
+ return
+ }
+ if auth == models.ORG_ADMIN {
+ ctx.Repo.IsOwner = true
+ ctx.Repo.IsAdmin = true
+ }
+ }
}
// Check access.
@@ -281,7 +296,7 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
func RequireTrueOwner() macaron.Handler {
return func(ctx *Context) {
- if !ctx.Repo.IsTrueOwner {
+ if !ctx.Repo.IsTrueOwner && !ctx.Repo.IsAdmin {
if !ctx.IsSigned {
ctx.SetCookie("redirect_to", "/"+url.QueryEscape(ctx.Req.RequestURI))
ctx.Redirect("/user/login")