summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/auth/auth.go30
-rw-r--r--modules/middleware/repo.go96
2 files changed, 111 insertions, 15 deletions
diff --git a/modules/auth/auth.go b/modules/auth/auth.go
index 1a7606a790..da89c20c1b 100644
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -25,21 +25,7 @@ func SignedInId(req *http.Request, sess session.Store) int64 {
return 0
}
- uid := sess.Get("uid")
- if uid == nil {
- return 0
- }
- if id, ok := uid.(int64); ok {
- if _, err := models.GetUserById(id); err != nil {
- if err != models.ErrUserNotExist {
- log.Error(4, "GetUserById: %v", err)
- }
- return 0
- }
- return id
- }
-
- // API calls also need to check access token.
+ // API calls need to check access token.
if strings.HasPrefix(req.URL.Path, "/api/") {
auHead := req.Header.Get("Authorization")
if len(auHead) > 0 {
@@ -56,6 +42,20 @@ func SignedInId(req *http.Request, sess session.Store) int64 {
}
}
}
+
+ uid := sess.Get("uid")
+ if uid == nil {
+ return 0
+ }
+ if id, ok := uid.(int64); ok {
+ if _, err := models.GetUserById(id); err != nil {
+ if err != models.ErrUserNotExist {
+ log.Error(4, "GetUserById: %v", err)
+ }
+ return 0
+ }
+ return id
+ }
return 0
}
diff --git a/modules/middleware/repo.go b/modules/middleware/repo.go
index 8608ca8fa0..eb1aa128ae 100644
--- a/modules/middleware/repo.go
+++ b/modules/middleware/repo.go
@@ -18,6 +18,102 @@ import (
"github.com/gogits/gogs/modules/setting"
)
+// FIXME: response error in JSON.
+func ApiRepoAssignment() macaron.Handler {
+ return func(ctx *Context) {
+ userName := ctx.Params(":username")
+ repoName := ctx.Params(":reponame")
+
+ var (
+ u *models.User
+ err error
+ )
+
+ // Collaborators who have write access can be seen as owners.
+ if ctx.IsSigned {
+ ctx.Repo.IsOwner, err = models.HasAccess(ctx.User.Name, userName+"/"+repoName, models.WRITABLE)
+ if err != nil {
+ ctx.Handle(500, "HasAccess", err)
+ return
+ }
+ ctx.Repo.IsTrueOwner = ctx.User.LowerName == strings.ToLower(userName)
+ }
+
+ if !ctx.Repo.IsTrueOwner {
+ u, err = models.GetUserByName(userName)
+ if err != nil {
+ if err == models.ErrUserNotExist {
+ ctx.Error(404)
+ } else {
+ ctx.Handle(500, "GetUserByName", err)
+ }
+ return
+ }
+ } else {
+ u = ctx.User
+ }
+ ctx.Repo.Owner = u
+
+ // Organization owner team members are true owners as well.
+ if ctx.IsSigned && ctx.Repo.Owner.IsOrganization() && ctx.Repo.Owner.IsOrgOwner(ctx.User.Id) {
+ ctx.Repo.IsTrueOwner = true
+ }
+
+ // Get repository.
+ repo, err := models.GetRepositoryByName(u.Id, repoName)
+ if err != nil {
+ if err == models.ErrRepoNotExist {
+ ctx.Error(404)
+ return
+ }
+ ctx.Handle(500, "GetRepositoryByName", err)
+ return
+ } else if err = repo.GetOwner(); err != nil {
+ ctx.Handle(500, "GetOwner", err)
+ return
+ }
+
+ // Check if the mirror repository owner(mirror repository doesn't have access).
+ if ctx.IsSigned && !ctx.Repo.IsOwner {
+ if repo.OwnerId == ctx.User.Id {
+ ctx.Repo.IsOwner = true
+ }
+ // Check if current user has admin permission to repository.
+ if u.IsOrganization() {
+ auth, err := models.GetHighestAuthorize(u.Id, ctx.User.Id, repo.Id, 0)
+ if err != nil {
+ ctx.Handle(500, "GetHighestAuthorize", err)
+ return
+ }
+ if auth == models.ORG_ADMIN {
+ ctx.Repo.IsOwner = true
+ ctx.Repo.IsAdmin = true
+ }
+ }
+ }
+
+ // Check access.
+ if repo.IsPrivate && !ctx.Repo.IsOwner {
+ if ctx.User == nil {
+ ctx.Error(404)
+ return
+ }
+
+ hasAccess, err := models.HasAccess(ctx.User.Name, ctx.Repo.Owner.Name+"/"+repo.Name, models.READABLE)
+ if err != nil {
+ ctx.Handle(500, "HasAccess", err)
+ return
+ } else if !hasAccess {
+ ctx.Error(404)
+ return
+ }
+ }
+ ctx.Repo.HasAccess = true
+
+ ctx.Repo.Repository = repo
+ }
+}
+
// RepoRef handles repository reference name including those contain `/`.
func RepoRef() macaron.Handler {
return func(ctx *Context) {