diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/auth/auth.go | 9 | ||||
| -rw-r--r-- | modules/auth/auth_form.go | 5 | ||||
| -rw-r--r-- | modules/auth/ldap/ldap.go | 48 | ||||
| -rw-r--r-- | modules/auth/repo_form.go | 3 | ||||
| -rw-r--r-- | modules/auth/user_form.go | 2 | ||||
| -rw-r--r-- | modules/base/template.go | 14 | ||||
| -rw-r--r-- | modules/base/tool.go | 67 | ||||
| -rw-r--r-- | modules/git/signature.go | 29 | ||||
| -rw-r--r-- | modules/mailer/mailer.go | 10 | ||||
| -rw-r--r-- | modules/middleware/context.go | 67 | ||||
| -rw-r--r-- | modules/middleware/org.go | 2 | ||||
| -rw-r--r-- | modules/middleware/repo.go | 161 | ||||
| -rw-r--r-- | modules/setting/setting.go | 37 |
13 files changed, 186 insertions, 268 deletions
diff --git a/modules/auth/auth.go b/modules/auth/auth.go index ad7ce5b9ad..5b24591a6f 100644 --- a/modules/auth/auth.go +++ b/modules/auth/auth.go @@ -108,17 +108,16 @@ func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) { auths := strings.Fields(baHead) if len(auths) == 2 && auths[0] == "Basic" { uname, passwd, _ := base.BasicAuthDecode(auths[1]) - u, err := models.GetUserByName(uname) + + u, err := models.UserSignIn(uname, passwd) if err != nil { if err != models.ErrUserNotExist { - log.Error(4, "GetUserByName: %v", err) + log.Error(4, "UserSignIn: %v", err) } return nil, false } - if u.ValidtePassword(passwd) { - return u, true - } + return u, true } } return nil, false diff --git a/modules/auth/auth_form.go b/modules/auth/auth_form.go index e9789634c9..c7b9389600 100644 --- a/modules/auth/auth_form.go +++ b/modules/auth/auth_form.go @@ -18,7 +18,10 @@ type AuthenticationForm struct { Port int `form:"port"` UseSSL bool `form:"usessl"` BaseDN string `form:"base_dn"` - Attributes string `form:"attributes"` + AttributeUsername string `form:"attribute_username"` + AttributeName string `form:"attribute_name"` + AttributeSurname string `form:"attribute_surname"` + AttributeMail string `form:"attribute_mail"` Filter string `form:"filter"` MsAdSA string `form:"ms_ad_sa"` IsActived bool `form:"is_actived"` diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index 44c130a104..c78e241d37 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -15,15 +15,18 @@ import ( // Basic LDAP authentication service type Ldapsource struct { - Name string // canonical name (ie. corporate.ad) - Host string // LDAP host - Port int // port number - UseSSL bool // Use SSL - BaseDN string // Base DN - Attributes string // Attribute to search - Filter string // Query filter to validate entry - MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx) - Enabled bool // if this source is disabled + Name string // canonical name (ie. corporate.ad) + Host string // LDAP host + Port int // port number + UseSSL bool // Use SSL + BaseDN string // Base DN + AttributeUsername string // Username attribute + AttributeName string // First name attribute + AttributeSurname string // Surname attribute + AttributeMail string // E-mail attribute + Filter string // Query filter to validate entry + MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx) + Enabled bool // if this source is disabled } //Global LDAP directory pool @@ -32,18 +35,18 @@ var ( ) // Add a new source (LDAP directory) to the global pool -func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) { - ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true} +func AddSource(name string, host string, port int, usessl bool, basedn string, attribcn string, attribname string, attribsn string, attribmail string, filter string, msadsaformat string) { + ldaphost := Ldapsource{name, host, port, usessl, basedn, attribcn, attribname, attribsn, attribmail, filter, msadsaformat, true} Authensource = append(Authensource, ldaphost) } //LoginUser : try to login an user to LDAP sources, return requested (attribute,true) if ok, ("",false) other wise //First match wins //Returns first attribute if exists -func LoginUser(name, passwd string) (a string, r bool) { +func LoginUser(name, passwd string) (cn, fn, sn, mail string, r bool) { r = false for _, ls := range Authensource { - a, r = ls.SearchEntry(name, passwd) + cn, fn, sn, mail, r = ls.SearchEntry(name, passwd) if r { return } @@ -52,12 +55,12 @@ func LoginUser(name, passwd string) (a string, r bool) { } // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter -func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) { +func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, string, bool) { l, err := ldapDial(ls) if err != nil { log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) ls.Enabled = false - return "", false + return "", "", "", "", false } defer l.Close() @@ -65,26 +68,29 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) { err = l.Bind(nx, passwd) if err != nil { log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error()) - return "", false + return "", "", "", "", false } search := ldap.NewSearchRequest( ls.BaseDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, fmt.Sprintf(ls.Filter, name), - []string{ls.Attributes}, + []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}, nil) sr, err := l.Search(search) if err != nil { log.Debug("LDAP Authen OK but not in filter %s", name) - return "", false + return "", "", "", "", false } log.Debug("LDAP Authen OK: %s", name) if len(sr.Entries) > 0 { - r := sr.Entries[0].GetAttributeValue(ls.Attributes) - return r, true + cn := sr.Entries[0].GetAttributeValue(ls.AttributeUsername) + name := sr.Entries[0].GetAttributeValue(ls.AttributeName) + sn := sr.Entries[0].GetAttributeValue(ls.AttributeSurname) + mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail) + return cn, name, sn, mail, true } - return "", true + return "", "", "", "", true } func ldapDial(ls Ldapsource) (*ldap.Conn, error) { diff --git a/modules/auth/repo_form.go b/modules/auth/repo_form.go index 36e62f04fb..2902a92f2e 100644 --- a/modules/auth/repo_form.go +++ b/modules/auth/repo_form.go @@ -31,7 +31,7 @@ func (f *CreateRepoForm) Validate(ctx *macaron.Context, errs binding.Errors) bin } type MigrateRepoForm struct { - HttpsUrl string `form:"url" binding:"Required;Url"` + CloneAddr string `binding:"Required"` AuthUserName string `form:"auth_username"` AuthPasswd string `form:"auth_password"` Uid int64 `form:"uid" binding:"Required"` @@ -52,7 +52,6 @@ type RepoSettingForm struct { Branch string `form:"branch"` Interval int `form:"interval"` Private bool `form:"private"` - GoGet bool `form:"goget"` } func (f *RepoSettingForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors { diff --git a/modules/auth/user_form.go b/modules/auth/user_form.go index 3c0ff65174..b616a460ff 100644 --- a/modules/auth/user_form.go +++ b/modules/auth/user_form.go @@ -99,7 +99,7 @@ func (f *UploadAvatarForm) Validate(ctx *macaron.Context, errs binding.Errors) b } type AddEmailForm struct { - Email string `form:"email" binding:"Required;Email;MaxSize(50)"` + Email string `binding:"Required;Email;MaxSize(50)"` } func (f *AddEmailForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors { diff --git a/modules/base/template.go b/modules/base/template.go index f3fa138578..196b935107 100644 --- a/modules/base/template.go +++ b/modules/base/template.go @@ -41,6 +41,10 @@ func List(l *list.List) chan interface{} { return c } +func Sha1(str string) string { + return EncodeSha1(str) +} + func ShortSha(sha1 string) string { if len(sha1) == 40 { return sha1[:10] @@ -126,8 +130,13 @@ var TemplateFuncs template.FuncMap = map[string]interface{}{ return a + b }, "ActionIcon": ActionIcon, - "DateFormat": DateFormat, - "List": List, + "DateFmtLong": func(t time.Time) string { + return t.Format(time.RFC1123Z) + }, + "DateFmtShort": func(t time.Time) string { + return t.Format("Jan 02, 2006") + }, + "List": List, "Mail2Domain": func(mail string) string { if !strings.Contains(mail, "@") { return "try.gogs.io" @@ -155,6 +164,7 @@ var TemplateFuncs template.FuncMap = map[string]interface{}{ }, "DiffTypeToStr": DiffTypeToStr, "DiffLineTypeToStr": DiffLineTypeToStr, + "Sha1": Sha1, "ShortSha": ShortSha, "Md5": EncodeMd5, "ActionContent2Commits": ActionContent2Commits, diff --git a/modules/base/tool.go b/modules/base/tool.go index 5043364cec..55e6dffd96 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -126,7 +126,7 @@ func VerifyTimeLimitCode(data string, minutes int, code string) bool { retCode := CreateTimeLimitCode(data, minutes, start) if retCode == code && minutes > 0 { // check time is expired or not - before, _ := DateParse(start, "YmdHi") + before, _ := time.ParseInLocation("200601021504", start, time.Local) now := time.Now() if before.Add(time.Minute*time.Duration(minutes)).Unix() > now.Unix() { return true @@ -141,7 +141,7 @@ const TimeLimitCodeLength = 12 + 6 + 40 // create a time limit code // code format: 12 length date time string + 6 minutes string + 40 sha1 encoded string func CreateTimeLimitCode(data string, minutes int, startInf interface{}) string { - format := "YmdHi" + format := "200601021504" var start, end time.Time var startStr, endStr string @@ -149,16 +149,16 @@ func CreateTimeLimitCode(data string, minutes int, startInf interface{}) string if startInf == nil { // Use now time create code start = time.Now() - startStr = DateFormat(start, format) + startStr = start.Format(format) } else { // use start string create code startStr = startInf.(string) - start, _ = DateParse(startStr, format) - startStr = DateFormat(start, format) + start, _ = time.ParseInLocation(format, startStr, time.Local) + startStr = start.Format(format) } end = start.Add(time.Minute * time.Duration(minutes)) - endStr = DateFormat(end, format) + endStr = end.Format(format) // create sha1 encode string sh := sha1.New() @@ -420,58 +420,3 @@ func Subtract(left interface{}, right interface{}) interface{} { return fleft + float64(rleft) - (fright + float64(rright)) } } - -// DateFormat pattern rules. -var datePatterns = []string{ - // year - "Y", "2006", // A full numeric representation of a year, 4 digits Examples: 1999 or 2003 - "y", "06", //A two digit representation of a year Examples: 99 or 03 - - // month - "m", "01", // Numeric representation of a month, with leading zeros 01 through 12 - "n", "1", // Numeric representation of a month, without leading zeros 1 through 12 - "M", "Jan", // A short textual representation of a month, three letters Jan through Dec - "F", "January", // A full textual representation of a month, such as January or March January through December - - // day - "d", "02", // Day of the month, 2 digits with leading zeros 01 to 31 - "j", "2", // Day of the month without leading zeros 1 to 31 - - // week - "D", "Mon", // A textual representation of a day, three letters Mon through Sun - "l", "Monday", // A full textual representation of the day of the week Sunday through Saturday - - // time - "g", "3", // 12-hour format of an hour without leading zeros 1 through 12 - "G", "15", // 24-hour format of an hour without leading zeros 0 through 23 - "h", "03", // 12-hour format of an hour with leading zeros 01 through 12 - "H", "15", // 24-hour format of an hour with leading zeros 00 through 23 - - "a", "pm", // Lowercase Ante meridiem and Post meridiem am or pm - "A", "PM", // Uppercase Ante meridiem and Post meridiem AM or PM - - "i", "04", // Minutes with leading zeros 00 to 59 - "s", "05", // Seconds, with leading zeros 00 through 59 - - // time zone - "T", "MST", - "P", "-07:00", - "O", "-0700", - - // RFC 2822 - "r", time.RFC1123Z, -} - -// Parse Date use PHP time format. -func DateParse(dateString, format string) (time.Time, error) { - replacer := strings.NewReplacer(datePatterns...) - format = replacer.Replace(format) - return time.ParseInLocation(format, dateString, time.Local) -} - -// Date takes a PHP like date func to Go's time format. -func DateFormat(t time.Time, format string) string { - replacer := strings.NewReplacer(datePatterns...) - format = replacer.Replace(format) - return t.Format(format) -} diff --git a/modules/git/signature.go b/modules/git/signature.go index 20f647d266..ad9c1b39b7 100644 --- a/modules/git/signature.go +++ b/modules/git/signature.go @@ -17,24 +17,35 @@ type Signature struct { When time.Time } -// Helper to get a signature from the commit line, which looks like this: +// Helper to get a signature from the commit line, which looks like these: // author Patrick Gundlach <gundlach@speedata.de> 1378823654 +0200 +// author Patrick Gundlach <gundlach@speedata.de> Thu, 07 Apr 2005 22:13:13 +0200 // but without the "author " at the beginning (this method should) // be used for author and committer. // -// FIXME: include timezone! -func newSignatureFromCommitline(line []byte) (*Signature, error) { +// FIXME: include timezone for timestamp! +func newSignatureFromCommitline(line []byte) (_ *Signature, err error) { sig := new(Signature) emailstart := bytes.IndexByte(line, '<') sig.Name = string(line[:emailstart-1]) emailstop := bytes.IndexByte(line, '>') sig.Email = string(line[emailstart+1 : emailstop]) - timestop := bytes.IndexByte(line[emailstop+2:], ' ') - timestring := string(line[emailstop+2 : emailstop+2+timestop]) - seconds, err := strconv.ParseInt(timestring, 10, 64) - if err != nil { - return nil, err + + // Check date format. + firstChar := line[emailstop+2] + if firstChar >= 48 && firstChar <= 57 { + timestop := bytes.IndexByte(line[emailstop+2:], ' ') + timestring := string(line[emailstop+2 : emailstop+2+timestop]) + seconds, err := strconv.ParseInt(timestring, 10, 64) + if err != nil { + return nil, err + } + sig.When = time.Unix(seconds, 0) + } else { + sig.When, err = time.Parse(time.RFC1123Z, string(line[emailstop+2:])) + if err != nil { + return nil, err + } } - sig.When = time.Unix(seconds, 0) return sig, nil } diff --git a/modules/mailer/mailer.go b/modules/mailer/mailer.go index f658427c1a..74a3fca578 100644 --- a/modules/mailer/mailer.go +++ b/modules/mailer/mailer.go @@ -10,6 +10,7 @@ import ( "net" "net/mail" "net/smtp" + "os" "strings" "github.com/gogits/gogs/modules/log" @@ -103,6 +104,15 @@ func sendMail(settings *setting.Mailer, recipients []string, msgContent []byte) return err } + hostname, err := os.Hostname() + if err != nil { + return err + } + + if err = client.Hello(hostname); err != nil { + return err + } + // If not using SMTPS, alway use STARTTLS if available hasStartTLS, _ := client.Extension("STARTTLS") if !isSecureConn && hasStartTLS { diff --git a/modules/middleware/context.go b/modules/middleware/context.go index 28be3a3025..dc3b5cad16 100644 --- a/modules/middleware/context.go +++ b/modules/middleware/context.go @@ -38,29 +38,7 @@ type Context struct { IsSigned bool IsBasicAuth bool - Repo struct { - IsOwner bool - IsTrueOwner bool - IsWatching bool - IsBranch bool - IsTag bool - IsCommit bool - IsAdmin bool // Current user is admin level. - HasAccess bool - Repository *models.Repository - Owner *models.User - Commit *git.Commit - Tag *git.Tag - GitRepo *git.Repository - BranchName string - TagName string - TreeName string - CommitId string - RepoLink string - CloneLink models.CloneLink - CommitsCount int - Mirror *models.Mirror - } + Repo RepoContext Org struct { IsOwner bool @@ -73,6 +51,37 @@ type Context struct { } } +type RepoContext struct { + AccessMode models.AccessMode + IsWatching bool + IsBranch bool + IsTag bool + IsCommit bool + Repository *models.Repository + Owner *models.User + Commit *git.Commit + Tag *git.Tag + GitRepo *git.Repository + BranchName string + TagName string + TreeName string + CommitId string + RepoLink string + CloneLink models.CloneLink + CommitsCount int + Mirror *models.Mirror +} + +// Return if the current user has write access for this repository +func (r RepoContext) IsOwner() bool { + return r.AccessMode >= models.ACCESS_MODE_WRITE +} + +// Return if the current user has read access for this repository +func (r RepoContext) HasAccess() bool { + return r.AccessMode >= models.ACCESS_MODE_READ +} + // HasError returns true if error occurs in form validation. func (ctx *Context) HasApiError() bool { hasErr, ok := ctx.Data["HasError"] @@ -130,6 +139,18 @@ func (ctx *Context) Handle(status int, title string, err error) { ctx.HTML(status, base.TplName(fmt.Sprintf("status/%d", status))) } +func (ctx *Context) HandleAPI(status int, obj interface{}) { + var message string + if err, ok := obj.(error); ok { + message = err.Error() + } else { + message = obj.(string) + } + ctx.JSON(status, map[string]string{ + "message": message, + }) +} + func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) { modtime := time.Now() for _, p := range params { diff --git a/modules/middleware/org.go b/modules/middleware/org.go index e687258617..0e544fe4a2 100644 --- a/modules/middleware/org.go +++ b/modules/middleware/org.go @@ -87,7 +87,7 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler { return } ctx.Data["Team"] = ctx.Org.Team - ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize == models.ORG_ADMIN + ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.ACCESS_MODE_ADMIN } ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam if requireAdminTeam && !ctx.Org.IsAdminTeam { diff --git a/modules/middleware/repo.go b/modules/middleware/repo.go index 1ab158dd6d..3350c03d22 100644 --- a/modules/middleware/repo.go +++ b/modules/middleware/repo.go @@ -5,7 +5,6 @@ package middleware import ( - "errors" "fmt" "net/url" "strings" @@ -29,17 +28,10 @@ func ApiRepoAssignment() macaron.Handler { err error ) - // Collaborators who have write access can be seen as owners. - if ctx.IsSigned { - ctx.Repo.IsOwner, err = models.HasAccess(ctx.User.Name, userName+"/"+repoName, models.WRITABLE) - if err != nil { - ctx.JSON(500, &base.ApiJsonErr{"HasAccess: " + err.Error(), base.DOC_URL}) - return - } - ctx.Repo.IsTrueOwner = ctx.User.LowerName == strings.ToLower(userName) - } - - if !ctx.Repo.IsTrueOwner { + // Check if the user is the same as the repository owner. + if ctx.IsSigned && ctx.User.LowerName == strings.ToLower(userName) { + u = ctx.User + } else { u, err = models.GetUserByName(userName) if err != nil { if err == models.ErrUserNotExist { @@ -49,66 +41,36 @@ func ApiRepoAssignment() macaron.Handler { } return } - } else { - u = ctx.User } ctx.Repo.Owner = u - // Organization owner team members are true owners as well. - if ctx.IsSigned && ctx.Repo.Owner.IsOrganization() && ctx.Repo.Owner.IsOwnedBy(ctx.User.Id) { - ctx.Repo.IsTrueOwner = true - } - // Get repository. repo, err := models.GetRepositoryByName(u.Id, repoName) if err != nil { if err == models.ErrRepoNotExist { ctx.Error(404) - return + } else { + ctx.JSON(500, &base.ApiJsonErr{"GetRepositoryByName: " + err.Error(), base.DOC_URL}) } - ctx.JSON(500, &base.ApiJsonErr{"GetRepositoryByName: " + err.Error(), base.DOC_URL}) return } else if err = repo.GetOwner(); err != nil { ctx.JSON(500, &base.ApiJsonErr{"GetOwner: " + err.Error(), base.DOC_URL}) return } - // Check if the mirror repository owner(mirror repository doesn't have access). - if ctx.IsSigned && !ctx.Repo.IsOwner { - if repo.OwnerId == ctx.User.Id { - ctx.Repo.IsOwner = true - } - // Check if current user has admin permission to repository. - if u.IsOrganization() { - auth, err := models.GetHighestAuthorize(u.Id, ctx.User.Id, repo.Id, 0) - if err != nil { - ctx.JSON(500, &base.ApiJsonErr{"GetHighestAuthorize: " + err.Error(), base.DOC_URL}) - return - } - if auth == models.ORG_ADMIN { - ctx.Repo.IsOwner = true - ctx.Repo.IsAdmin = true - } - } + mode, err := models.AccessLevel(ctx.User, repo) + if err != nil { + ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL}) + return } - // Check access. - if repo.IsPrivate && !ctx.Repo.IsOwner { - if ctx.User == nil { - ctx.Error(404) - return - } + ctx.Repo.AccessMode = mode - hasAccess, err := models.HasAccess(ctx.User.Name, ctx.Repo.Owner.Name+"/"+repo.Name, models.READABLE) - if err != nil { - ctx.JSON(500, &base.ApiJsonErr{"HasAccess: " + err.Error(), base.DOC_URL}) - return - } else if !hasAccess { - ctx.Error(404) - return - } + // Check access. + if ctx.Repo.AccessMode == models.ACCESS_MODE_NONE { + ctx.Error(404) + return } - ctx.Repo.HasAccess = true ctx.Repo.Repository = repo } @@ -242,101 +204,49 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler { refName = ctx.Params(":path") } - // Collaborators who have write access can be seen as owners. - if ctx.IsSigned { - ctx.Repo.IsOwner, err = models.HasAccess(ctx.User.Name, userName+"/"+repoName, models.WRITABLE) - if err != nil { - ctx.Handle(500, "HasAccess", err) - return - } - ctx.Repo.IsTrueOwner = ctx.User.LowerName == strings.ToLower(userName) - } - - if !ctx.Repo.IsTrueOwner { + // Check if the user is the same as the repository owner + if ctx.IsSigned && ctx.User.LowerName == strings.ToLower(userName) { + u = ctx.User + } else { u, err = models.GetUserByName(userName) if err != nil { if err == models.ErrUserNotExist { ctx.Handle(404, "GetUserByName", err) - } else if redirect { - log.Error(4, "GetUserByName", err) - ctx.Redirect(setting.AppSubUrl + "/") } else { ctx.Handle(500, "GetUserByName", err) } return } - } else { - u = ctx.User - } - - if u == nil { - if redirect { - ctx.Redirect(setting.AppSubUrl + "/") - return - } - ctx.Handle(404, "RepoAssignment", errors.New("invliad user account for single repository")) - return } ctx.Repo.Owner = u - // Organization owner team members are true owners as well. - if ctx.IsSigned && ctx.Repo.Owner.IsOrganization() && ctx.Repo.Owner.IsOwnedBy(ctx.User.Id) { - ctx.Repo.IsTrueOwner = true - } - // Get repository. repo, err := models.GetRepositoryByName(u.Id, repoName) if err != nil { if err == models.ErrRepoNotExist { ctx.Handle(404, "GetRepositoryByName", err) - return - } else if redirect { - ctx.Redirect(setting.AppSubUrl + "/") - return + } else { + ctx.Handle(500, "GetRepositoryByName", err) } - ctx.Handle(500, "GetRepositoryByName", err) return } else if err = repo.GetOwner(); err != nil { ctx.Handle(500, "GetOwner", err) return } - // Check if the mirror repository owner(mirror repository doesn't have access). - if ctx.IsSigned && !ctx.Repo.IsOwner { - if repo.OwnerId == ctx.User.Id { - ctx.Repo.IsOwner = true - } - // Check if current user has admin permission to repository. - if u.IsOrganization() { - auth, err := models.GetHighestAuthorize(u.Id, ctx.User.Id, repo.Id, 0) - if err != nil { - ctx.Handle(500, "GetHighestAuthorize", err) - return - } - if auth == models.ORG_ADMIN { - ctx.Repo.IsOwner = true - ctx.Repo.IsAdmin = true - } - } + mode, err := models.AccessLevel(ctx.User, repo) + if err != nil { + ctx.Handle(500, "AccessLevel", err) + return } + ctx.Repo.AccessMode = mode // Check access. - if repo.IsPrivate && !ctx.Repo.IsOwner { - if ctx.User == nil { - ctx.Handle(404, "HasAccess", nil) - return - } - - hasAccess, err := models.HasAccess(ctx.User.Name, ctx.Repo.Owner.Name+"/"+repo.Name, models.READABLE) - if err != nil { - ctx.Handle(500, "HasAccess", err) - return - } else if !hasAccess { - ctx.Handle(404, "HasAccess", nil) - return - } + if ctx.Repo.AccessMode == models.ACCESS_MODE_NONE { + ctx.Handle(404, "no access right", err) + return } - ctx.Repo.HasAccess = true + ctx.Data["HasAccess"] = true if repo.IsMirror { @@ -383,8 +293,8 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler { ctx.Data["Title"] = u.Name + "/" + repo.Name ctx.Data["Repository"] = repo ctx.Data["Owner"] = ctx.Repo.Repository.Owner - ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner - ctx.Data["IsRepositoryTrueOwner"] = ctx.Repo.IsTrueOwner + ctx.Data["IsRepositoryOwner"] = ctx.Repo.AccessMode >= models.ACCESS_MODE_WRITE + ctx.Data["IsRepositoryAdmin"] = ctx.Repo.AccessMode >= models.ACCESS_MODE_ADMIN ctx.Data["DisableSSH"] = setting.DisableSSH ctx.Repo.CloneLink, err = repo.CloneLink() @@ -394,8 +304,7 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler { } ctx.Data["CloneLink"] = ctx.Repo.CloneLink - if ctx.Repo.Repository.IsGoget { - ctx.Data["GoGetLink"] = fmt.Sprintf("%s%s/%s", setting.AppUrl, u.LowerName, repo.LowerName) + if ctx.Query("go-get") == "1" { ctx.Data["GoGetImport"] = fmt.Sprintf("%s/%s/%s", setting.Domain, u.LowerName, repo.LowerName) } @@ -439,9 +348,9 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler { } } -func RequireTrueOwner() macaron.Handler { +func RequireAdmin() macaron.Handler { return func(ctx *Context) { - if !ctx.Repo.IsTrueOwner && !ctx.Repo.IsAdmin { + if ctx.Repo.AccessMode < models.ACCESS_MODE_ADMIN { if !ctx.IsSigned { ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl) ctx.Redirect(setting.AppSubUrl + "/user/login") diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 32284b4236..fd07c17f23 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -67,11 +67,16 @@ var ( CookieRememberName string ReverseProxyAuthUser string + // Database settings. + UseSQLite3 bool + UseMySQL bool + UsePostgreSQL bool + // Webhook settings. Webhook struct { - TaskInterval int - DeliverTimeout int - AllowInsecureCertification bool + TaskInterval int + DeliverTimeout int + SkipTLSVerify bool } // Repository settings. @@ -240,7 +245,10 @@ func NewConfigContext() { ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER") sec = Cfg.Section("attachment") - AttachmentPath = path.Join(workDir, sec.Key("PATH").MustString("data/attachments")) + AttachmentPath = sec.Key("PATH").MustString("data/attachments") + if !filepath.IsAbs(AttachmentPath) { + AttachmentPath = path.Join(workDir, AttachmentPath) + } AttachmentAllowedTypes = sec.Key("ALLOWED_TYPES").MustString("image/jpeg|image/png") AttachmentMaxSize = sec.Key("MAX_SIZE").MustInt64(32) AttachmentMaxFiles = sec.Key("MAX_FILES").MustInt(10) @@ -264,10 +272,6 @@ func NewConfigContext() { "StampNano": time.StampNano, }[Cfg.Section("time").Key("FORMAT").MustString("RFC1123")] - if err = os.MkdirAll(AttachmentPath, os.ModePerm); err != nil { - log.Fatal(4, "Could not create directory %s: %s", AttachmentPath, err) - } - RunUser = Cfg.Section("").Key("RUN_USER").String() curUser := os.Getenv("USER") if len(curUser) == 0 { @@ -290,15 +294,14 @@ func NewConfigContext() { } else { RepoRootPath = filepath.Clean(RepoRootPath) } - if err = os.MkdirAll(RepoRootPath, os.ModePerm); err != nil { - log.Fatal(4, "Fail to create repository root path(%s): %v", RepoRootPath, err) - } ScriptType = sec.Key("SCRIPT_TYPE").MustString("bash") sec = Cfg.Section("picture") PictureService = sec.Key("SERVICE").In("server", []string{"server"}) - AvatarUploadPath = path.Join(workDir, sec.Key("AVATAR_UPLOAD_PATH").MustString("data/avatars")) - os.MkdirAll(AvatarUploadPath, os.ModePerm) + AvatarUploadPath = sec.Key("AVATAR_UPLOAD_PATH").MustString("data/avatars") + if !filepath.IsAbs(AvatarUploadPath) { + AvatarUploadPath = path.Join(workDir, AvatarUploadPath) + } switch sec.Key("GRAVATAR_SOURCE").MustString("gravatar") { case "duoshuo": GravatarSource = "http://gravatar.duoshuo.com/avatar/" @@ -363,9 +366,11 @@ func newLogService() { log.Fatal(4, "Unknown log mode: %s", mode) } + validLevels := []string{"Trace", "Debug", "Info", "Warn", "Error", "Critical"} // Log level. - levelName := Cfg.Section("log."+mode).Key("LEVEL").In("Trace", - []string{"Trace", "Debug", "Info", "Warn", "Error", "Critical"}) + levelName := Cfg.Section("log."+mode).Key("LEVEL").In( + Cfg.Section("log").Key("LEVEL").In("Trace", validLevels), + validLevels) level, ok := logLevels[levelName] if !ok { log.Fatal(4, "Unknown log level: %s", levelName) @@ -519,7 +524,7 @@ func newWebhookService() { sec := Cfg.Section("webhook") Webhook.TaskInterval = sec.Key("TASK_INTERVAL").MustInt(1) Webhook.DeliverTimeout = sec.Key("DELIVER_TIMEOUT").MustInt(5) - Webhook.AllowInsecureCertification = sec.Key("ALLOW_INSECURE_CERTIFICATION").MustBool() + Webhook.SkipTLSVerify = sec.Key("SKIP_TLS_VERIFY").MustBool() } func NewServices() { |