summaryrefslogtreecommitdiffstats
path: root/routers/repo
diff options
context:
space:
mode:
Diffstat (limited to 'routers/repo')
-rw-r--r--routers/repo/issue.go54
-rw-r--r--routers/repo/issue_watch.go18
-rw-r--r--routers/repo/pull.go19
-rw-r--r--routers/repo/wiki.go10
4 files changed, 100 insertions, 1 deletions
diff --git a/routers/repo/issue.go b/routers/repo/issue.go
index 7a681033af..42661ef738 100644
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@@ -1163,6 +1163,24 @@ func NewComment(ctx *context.Context, form auth.CreateCommentForm) {
}
if !ctx.IsSigned || (ctx.User.ID != issue.PosterID && !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull)) {
+ if log.IsTrace() {
+ if ctx.IsSigned {
+ issueType := "issues"
+ if issue.IsPull {
+ issueType = "pulls"
+ }
+ log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+
+ "User in Repo has Permissions: %-+v",
+ ctx.User,
+ log.NewColoredIDValue(issue.PosterID),
+ issueType,
+ ctx.Repo.Repository,
+ ctx.Repo.Permission)
+ } else {
+ log.Trace("Permission Denied: Not logged in")
+ }
+ }
+
ctx.Error(403)
}
@@ -1353,6 +1371,24 @@ func ChangeIssueReaction(ctx *context.Context, form auth.ReactionForm) {
}
if !ctx.IsSigned || (ctx.User.ID != issue.PosterID && !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull)) {
+ if log.IsTrace() {
+ if ctx.IsSigned {
+ issueType := "issues"
+ if issue.IsPull {
+ issueType = "pulls"
+ }
+ log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+
+ "User in Repo has Permissions: %-+v",
+ ctx.User,
+ log.NewColoredIDValue(issue.PosterID),
+ issueType,
+ ctx.Repo.Repository,
+ ctx.Repo.Permission)
+ } else {
+ log.Trace("Permission Denied: Not logged in")
+ }
+ }
+
ctx.Error(403)
return
}
@@ -1432,6 +1468,24 @@ func ChangeCommentReaction(ctx *context.Context, form auth.ReactionForm) {
}
if !ctx.IsSigned || (ctx.User.ID != comment.PosterID && !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull)) {
+ if log.IsTrace() {
+ if ctx.IsSigned {
+ issueType := "issues"
+ if comment.Issue.IsPull {
+ issueType = "pulls"
+ }
+ log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+
+ "User in Repo has Permissions: %-+v",
+ ctx.User,
+ log.NewColoredIDValue(comment.Issue.PosterID),
+ issueType,
+ ctx.Repo.Repository,
+ ctx.Repo.Permission)
+ } else {
+ log.Trace("Permission Denied: Not logged in")
+ }
+ }
+
ctx.Error(403)
return
} else if comment.Type != models.CommentTypeComment && comment.Type != models.CommentTypeCode {
diff --git a/routers/repo/issue_watch.go b/routers/repo/issue_watch.go
index c6a436801a..eae663495a 100644
--- a/routers/repo/issue_watch.go
+++ b/routers/repo/issue_watch.go
@@ -11,6 +11,7 @@ import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/context"
+ "code.gitea.io/gitea/modules/log"
)
// IssueWatch sets issue watching
@@ -21,6 +22,23 @@ func IssueWatch(ctx *context.Context) {
}
if !ctx.IsSigned || (ctx.User.ID != issue.PosterID && !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull)) {
+ if log.IsTrace() {
+ if ctx.IsSigned {
+ issueType := "issues"
+ if issue.IsPull {
+ issueType = "pulls"
+ }
+ log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+
+ "User in Repo has Permissions: %-+v",
+ ctx.User,
+ log.NewColoredIDValue(issue.PosterID),
+ issueType,
+ ctx.Repo.Repository,
+ ctx.Repo.Permission)
+ } else {
+ log.Trace("Permission Denied: Not logged in")
+ }
+ }
ctx.Error(403)
return
}
diff --git a/routers/repo/pull.go b/routers/repo/pull.go
index 0616ee2c77..70a1443e8a 100644
--- a/routers/repo/pull.go
+++ b/routers/repo/pull.go
@@ -64,6 +64,18 @@ func getForkRepository(ctx *context.Context) *models.Repository {
}
if forkRepo.IsEmpty || !perm.CanRead(models.UnitTypeCode) {
+ if log.IsTrace() {
+ if forkRepo.IsEmpty {
+ log.Trace("Empty fork repository %-v", forkRepo)
+ } else {
+ log.Trace("Permission Denied: User %-v cannot read %-v of forkRepo %-v\n"+
+ "User in forkRepo has Permissions: %-+v",
+ ctx.User,
+ models.UnitTypeCode,
+ ctx.Repo,
+ perm)
+ }
+ }
ctx.NotFound("getForkRepository", nil)
return nil
}
@@ -704,7 +716,12 @@ func ParseCompareInfo(ctx *context.Context) (*models.User, *models.Repository, *
return nil, nil, nil, nil, "", ""
}
if !perm.CanReadIssuesOrPulls(true) {
- log.Trace("ParseCompareInfo[%d]: cannot create/read pull requests", baseRepo.ID)
+ if log.IsTrace() {
+ log.Trace("Permission Denied: User: %-v cannot create/read pull requests in Repo: %-v\nUser in headRepo has Permissions: %-+v",
+ ctx.User,
+ headRepo,
+ perm)
+ }
ctx.NotFound("ParseCompareInfo", nil)
return nil, nil, nil, nil, "", ""
}
diff --git a/routers/repo/wiki.go b/routers/repo/wiki.go
index c0fb370dd9..43149c0340 100644
--- a/routers/repo/wiki.go
+++ b/routers/repo/wiki.go
@@ -16,6 +16,7 @@ import (
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/git"
+ "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/markup"
"code.gitea.io/gitea/modules/markup/markdown"
"code.gitea.io/gitea/modules/util"
@@ -32,6 +33,15 @@ const (
func MustEnableWiki(ctx *context.Context) {
if !ctx.Repo.CanRead(models.UnitTypeWiki) &&
!ctx.Repo.CanRead(models.UnitTypeExternalWiki) {
+ if log.IsTrace() {
+ log.Trace("Permission Denied: User %-v cannot read %-v or %-v of repo %-v\n"+
+ "User in repo has Permissions: %-+v",
+ ctx.User,
+ models.UnitTypeWiki,
+ models.UnitTypeExternalWiki,
+ ctx.Repo.Repository,
+ ctx.Repo.Permission)
+ }
ctx.NotFound("MustEnableWiki", nil)
return
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-11 20:05:07 +0000