From eabbddcd98717ef20d8475e819f403c50f4a9787 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Wed, 28 Nov 2018 19:26:14 +0800 Subject: Restrict permission check on repositories and fix some problems (#5314) * fix units permission problems * fix some bugs and merge LoadUnits to repoAssignment * refactor permission struct and add some copyright heads * remove unused codes * fix routes units check * improve permission check * add unit tests for permission * fix typo * fix tests * fix some routes * fix api permission check * improve permission check * fix some permission check * fix tests * fix tests * improve some permission check * fix some permission check * refactor AccessLevel * fix bug * fix tests * fix tests * fix tests * fix AccessLevel * rename CanAccess * fix tests * fix comment * fix bug * add missing unit for test repos * fix bug * rename some functions * fix routes check --- routers/private/internal.go | 36 +++++++++++++++--------------------- 1 file changed, 15 insertions(+), 21 deletions(-) (limited to 'routers/private') diff --git a/routers/private/internal.go b/routers/private/internal.go index 23e0122642..0221b1fee8 100644 --- a/routers/private/internal.go +++ b/routers/private/internal.go @@ -38,8 +38,8 @@ func GetRepositoryByOwnerAndName(ctx *macaron.Context) { ctx.JSON(200, repo) } -//AccessLevel chainload to models.AccessLevel -func AccessLevel(ctx *macaron.Context) { +//CheckUnitUser chainload to models.CheckUnitUser +func CheckUnitUser(ctx *macaron.Context) { repoID := ctx.ParamsInt64(":repoid") userID := ctx.ParamsInt64(":userid") repo, err := models.GetRepositoryByID(repoID) @@ -49,32 +49,27 @@ func AccessLevel(ctx *macaron.Context) { }) return } - al, err := models.AccessLevel(userID, repo) - if err != nil { - ctx.JSON(500, map[string]interface{}{ - "err": err.Error(), - }) - return + + var user *models.User + if userID > 0 { + user, err = models.GetUserByID(userID) + if err != nil { + ctx.JSON(500, map[string]interface{}{ + "err": err.Error(), + }) + return + } } - ctx.JSON(200, al) -} -//CheckUnitUser chainload to models.CheckUnitUser -func CheckUnitUser(ctx *macaron.Context) { - repoID := ctx.ParamsInt64(":repoid") - userID := ctx.ParamsInt64(":userid") - repo, err := models.GetRepositoryByID(repoID) + perm, err := models.GetUserRepoPermission(repo, user) if err != nil { ctx.JSON(500, map[string]interface{}{ "err": err.Error(), }) return } - if repo.CheckUnitUser(userID, ctx.QueryBool("isAdmin"), models.UnitType(ctx.QueryInt("unitType"))) { - ctx.PlainText(200, []byte("success")) - return - } - ctx.PlainText(404, []byte("no access")) + + ctx.JSON(200, perm.UnitAccessMode(models.UnitType(ctx.QueryInt("unitType")))) } // RegisterRoutes registers all internal APIs routes to web application. @@ -85,7 +80,6 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("/ssh/:id/user", GetUserByKeyID) m.Post("/ssh/:id/update", UpdatePublicKey) m.Post("/repositories/:repoid/keys/:keyid/update", UpdateDeployKey) - m.Get("/repositories/:repoid/user/:userid/accesslevel", AccessLevel) m.Get("/repositories/:repoid/user/:userid/checkunituser", CheckUnitUser) m.Get("/repositories/:repoid/has-keys/:keyid", HasDeployKey) m.Post("/push/update", PushUpdate) -- cgit v1.2.3