diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/auth/auth.go | 30 | ||||
-rw-r--r-- | modules/middleware/repo.go | 96 |
2 files changed, 111 insertions, 15 deletions
diff --git a/modules/auth/auth.go b/modules/auth/auth.go index 1a7606a790..da89c20c1b 100644 --- a/modules/auth/auth.go +++ b/modules/auth/auth.go @@ -25,21 +25,7 @@ func SignedInId(req *http.Request, sess session.Store) int64 { return 0 } - uid := sess.Get("uid") - if uid == nil { - return 0 - } - if id, ok := uid.(int64); ok { - if _, err := models.GetUserById(id); err != nil { - if err != models.ErrUserNotExist { - log.Error(4, "GetUserById: %v", err) - } - return 0 - } - return id - } - - // API calls also need to check access token. + // API calls need to check access token. if strings.HasPrefix(req.URL.Path, "/api/") { auHead := req.Header.Get("Authorization") if len(auHead) > 0 { @@ -56,6 +42,20 @@ func SignedInId(req *http.Request, sess session.Store) int64 { } } } + + uid := sess.Get("uid") + if uid == nil { + return 0 + } + if id, ok := uid.(int64); ok { + if _, err := models.GetUserById(id); err != nil { + if err != models.ErrUserNotExist { + log.Error(4, "GetUserById: %v", err) + } + return 0 + } + return id + } return 0 } diff --git a/modules/middleware/repo.go b/modules/middleware/repo.go index 8608ca8fa0..eb1aa128ae 100644 --- a/modules/middleware/repo.go +++ b/modules/middleware/repo.go @@ -18,6 +18,102 @@ import ( "github.com/gogits/gogs/modules/setting" ) +// FIXME: response error in JSON. +func ApiRepoAssignment() macaron.Handler { + return func(ctx *Context) { + userName := ctx.Params(":username") + repoName := ctx.Params(":reponame") + + var ( + u *models.User + err error + ) + + // Collaborators who have write access can be seen as owners. + if ctx.IsSigned { + ctx.Repo.IsOwner, err = models.HasAccess(ctx.User.Name, userName+"/"+repoName, models.WRITABLE) + if err != nil { + ctx.Handle(500, "HasAccess", err) + return + } + ctx.Repo.IsTrueOwner = ctx.User.LowerName == strings.ToLower(userName) + } + + if !ctx.Repo.IsTrueOwner { + u, err = models.GetUserByName(userName) + if err != nil { + if err == models.ErrUserNotExist { + ctx.Error(404) + } else { + ctx.Handle(500, "GetUserByName", err) + } + return + } + } else { + u = ctx.User + } + ctx.Repo.Owner = u + + // Organization owner team members are true owners as well. + if ctx.IsSigned && ctx.Repo.Owner.IsOrganization() && ctx.Repo.Owner.IsOrgOwner(ctx.User.Id) { + ctx.Repo.IsTrueOwner = true + } + + // Get repository. + repo, err := models.GetRepositoryByName(u.Id, repoName) + if err != nil { + if err == models.ErrRepoNotExist { + ctx.Error(404) + return + } + ctx.Handle(500, "GetRepositoryByName", err) + return + } else if err = repo.GetOwner(); err != nil { + ctx.Handle(500, "GetOwner", err) + return + } + + // Check if the mirror repository owner(mirror repository doesn't have access). + if ctx.IsSigned && !ctx.Repo.IsOwner { + if repo.OwnerId == ctx.User.Id { + ctx.Repo.IsOwner = true + } + // Check if current user has admin permission to repository. + if u.IsOrganization() { + auth, err := models.GetHighestAuthorize(u.Id, ctx.User.Id, repo.Id, 0) + if err != nil { + ctx.Handle(500, "GetHighestAuthorize", err) + return + } + if auth == models.ORG_ADMIN { + ctx.Repo.IsOwner = true + ctx.Repo.IsAdmin = true + } + } + } + + // Check access. + if repo.IsPrivate && !ctx.Repo.IsOwner { + if ctx.User == nil { + ctx.Error(404) + return + } + + hasAccess, err := models.HasAccess(ctx.User.Name, ctx.Repo.Owner.Name+"/"+repo.Name, models.READABLE) + if err != nil { + ctx.Handle(500, "HasAccess", err) + return + } else if !hasAccess { + ctx.Error(404) + return + } + } + ctx.Repo.HasAccess = true + + ctx.Repo.Repository = repo + } +} + // RepoRef handles repository reference name including those contain `/`. func RepoRef() macaron.Handler { return func(ctx *Context) { |