summaryrefslogtreecommitdiffstats
path: root/routers/repo/http.go
diff options
context:
space:
mode:
Diffstat (limited to 'routers/repo/http.go')
-rw-r--r--routers/repo/http.go37
1 files changed, 10 insertions, 27 deletions
diff --git a/routers/repo/http.go b/routers/repo/http.go
index 5b469754ad..ec5fbe6c0d 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -182,36 +182,19 @@ func HTTP(ctx *context.Context) {
}
}
- if !isPublicPull {
- has, err := models.HasAccess(authUser.ID, repo, accessMode)
- if err != nil {
- ctx.ServerError("HasAccess", err)
- return
- } else if !has {
- if accessMode == models.AccessModeRead {
- has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite)
- if err != nil {
- ctx.ServerError("HasAccess2", err)
- return
- } else if !has {
- ctx.HandleText(http.StatusForbidden, "User permission denied")
- return
- }
- } else {
- ctx.HandleText(http.StatusForbidden, "User permission denied")
- return
- }
- }
+ perm, err := models.GetUserRepoPermission(repo, authUser)
+ if err != nil {
+ ctx.ServerError("GetUserRepoPermission", err)
+ return
+ }
- if !isPull && repo.IsMirror {
- ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
- return
- }
+ if !perm.CanAccess(accessMode, unitType) {
+ ctx.HandleText(http.StatusForbidden, "User permission denied")
+ return
}
- if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {
- ctx.HandleText(http.StatusForbidden, fmt.Sprintf("User %s does not have allowed access to repository %s 's code",
- authUser.Name, repo.RepoPath()))
+ if !isPull && repo.IsMirror {
+ ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
return
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-24 22:50:19 +0000