diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/middleware/context.go | 1 | ||||
-rw-r--r-- | modules/middleware/org.go | 14 | ||||
-rw-r--r-- | modules/middleware/repo.go | 23 |
3 files changed, 30 insertions, 8 deletions
diff --git a/modules/middleware/context.go b/modules/middleware/context.go index 80975e999e..3ef1b1d620 100644 --- a/modules/middleware/context.go +++ b/modules/middleware/context.go @@ -46,6 +46,7 @@ type Context struct { IsBranch bool IsTag bool IsCommit bool + IsAdmin bool // Current user is admin level. HasAccess bool Repository *models.Repository Owner *models.User diff --git a/modules/middleware/org.go b/modules/middleware/org.go index c85221a5ab..ee4460b274 100644 --- a/modules/middleware/org.go +++ b/modules/middleware/org.go @@ -8,6 +8,7 @@ import ( "github.com/Unknwon/macaron" "github.com/gogits/gogs/models" + "github.com/gogits/gogs/modules/log" ) func OrgAssignment(redirect bool, args ...bool) macaron.Handler { @@ -35,6 +36,7 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler { if err == models.ErrUserNotExist { ctx.Handle(404, "GetUserByName", err) } else if redirect { + log.Error(4, "GetUserByName", err) ctx.Redirect("/") } else { ctx.Handle(500, "GetUserByName", err) @@ -52,17 +54,14 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler { } else { if org.IsOrgMember(ctx.User.Id) { ctx.Org.IsMember = true - // TODO: ctx.Org.IsAdminTeam } } } if (requireMember && !ctx.Org.IsMember) || - (requireOwner && !ctx.Org.IsOwner) || - (requireAdminTeam && !ctx.Org.IsAdminTeam) { + (requireOwner && !ctx.Org.IsOwner) { ctx.Handle(404, "OrgAssignment", err) return } - ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam ctx.Data["IsOrganizationOwner"] = ctx.Org.IsOwner ctx.Org.OrgLink = "/org/" + org.Name @@ -76,6 +75,7 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler { if err == models.ErrTeamNotExist { ctx.Handle(404, "GetTeam", err) } else if redirect { + log.Error(4, "GetTeam", err) ctx.Redirect("/") } else { ctx.Handle(500, "GetTeam", err) @@ -83,6 +83,12 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler { return } ctx.Data["Team"] = ctx.Org.Team + ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize == models.ORG_ADMIN + } + ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam + if requireAdminTeam && !ctx.Org.IsAdminTeam { + ctx.Handle(404, "OrgAssignment", err) + return } } } diff --git a/modules/middleware/repo.go b/modules/middleware/repo.go index 3db1932af0..68a9a2d7fb 100644 --- a/modules/middleware/repo.go +++ b/modules/middleware/repo.go @@ -59,6 +59,7 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler { if err == models.ErrUserNotExist { ctx.Handle(404, "GetUserByName", err) } else if redirect { + log.Error(4, "GetUserByName", err) ctx.Redirect("/") } else { ctx.Handle(500, "GetUserByName", err) @@ -84,7 +85,7 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler { ctx.Repo.IsTrueOwner = true } - // get repository + // Get repository. repo, err := models.GetRepositoryByName(u.Id, repoName) if err != nil { if err == models.ErrRepoNotExist { @@ -102,8 +103,22 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler { } // Check if the mirror repository owner(mirror repository doesn't have access). - if ctx.IsSigned && !ctx.Repo.IsOwner && repo.OwnerId == ctx.User.Id { - ctx.Repo.IsOwner = true + if ctx.IsSigned && !ctx.Repo.IsOwner { + if repo.OwnerId == ctx.User.Id { + ctx.Repo.IsOwner = true + } + // Check if current user has admin permission to repository. + if u.IsOrganization() { + auth, err := models.GetHighestAuthorize(u.Id, ctx.User.Id, 0, repo.Id) + if err != nil { + ctx.Handle(500, "GetHighestAuthorize", err) + return + } + if auth == models.ORG_ADMIN { + ctx.Repo.IsOwner = true + ctx.Repo.IsAdmin = true + } + } } // Check access. @@ -281,7 +296,7 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler { func RequireTrueOwner() macaron.Handler { return func(ctx *Context) { - if !ctx.Repo.IsTrueOwner { + if !ctx.Repo.IsTrueOwner && !ctx.Repo.IsAdmin { if !ctx.IsSigned { ctx.SetCookie("redirect_to", "/"+url.QueryEscape(ctx.Req.RequestURI)) ctx.Redirect("/user/login") |