1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
// Copyright 2025 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package setting
import (
"net/http"
"slices"
"strconv"
"code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/templates"
"code.gitea.io/gitea/services/context"
)
const tplRepoSettingsPublicAccess templates.TplName = "repo/settings/public_access"
func parsePublicAccessMode(permission string, allowed []string) (ret struct {
AnonymousAccessMode, EveryoneAccessMode perm.AccessMode
},
) {
ret.AnonymousAccessMode = perm.AccessModeNone
ret.EveryoneAccessMode = perm.AccessModeNone
// if site admin forces repositories to be private, then do not allow any other access mode,
// otherwise the "force private" setting would be bypassed
if setting.Repository.ForcePrivate {
return ret
}
if !slices.Contains(allowed, permission) {
return ret
}
switch permission {
case paAnonymousRead:
ret.AnonymousAccessMode = perm.AccessModeRead
case paEveryoneRead:
ret.EveryoneAccessMode = perm.AccessModeRead
case paEveryoneWrite:
ret.EveryoneAccessMode = perm.AccessModeWrite
}
return ret
}
const (
paNotSet = "not-set"
paAnonymousRead = "anonymous-read"
paEveryoneRead = "everyone-read"
paEveryoneWrite = "everyone-write"
)
type repoUnitPublicAccess struct {
UnitType unit.Type
FormKey string
DisplayName string
PublicAccessTypes []string
UnitPublicAccess string
}
func repoUnitPublicAccesses(ctx *context.Context) []*repoUnitPublicAccess {
accesses := []*repoUnitPublicAccess{
{
UnitType: unit.TypeCode,
DisplayName: ctx.Locale.TrString("repo.code"),
PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
},
{
UnitType: unit.TypeIssues,
DisplayName: ctx.Locale.TrString("issues"),
PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
},
{
UnitType: unit.TypePullRequests,
DisplayName: ctx.Locale.TrString("pull_requests"),
PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
},
{
UnitType: unit.TypeReleases,
DisplayName: ctx.Locale.TrString("repo.releases"),
PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
},
{
UnitType: unit.TypeWiki,
DisplayName: ctx.Locale.TrString("repo.wiki"),
PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead, paEveryoneWrite},
},
{
UnitType: unit.TypeProjects,
DisplayName: ctx.Locale.TrString("repo.projects"),
PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
},
{
UnitType: unit.TypePackages,
DisplayName: ctx.Locale.TrString("repo.packages"),
PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
},
{
UnitType: unit.TypeActions,
DisplayName: ctx.Locale.TrString("repo.actions"),
PublicAccessTypes: []string{paAnonymousRead, paEveryoneRead},
},
}
for _, ua := range accesses {
ua.FormKey = "repo-unit-access-" + strconv.Itoa(int(ua.UnitType))
for _, u := range ctx.Repo.Repository.Units {
if u.Type == ua.UnitType {
ua.UnitPublicAccess = paNotSet
switch {
case u.EveryoneAccessMode == perm.AccessModeWrite:
ua.UnitPublicAccess = paEveryoneWrite
case u.EveryoneAccessMode == perm.AccessModeRead:
ua.UnitPublicAccess = paEveryoneRead
case u.AnonymousAccessMode == perm.AccessModeRead:
ua.UnitPublicAccess = paAnonymousRead
}
break
}
}
}
return slices.DeleteFunc(accesses, func(ua *repoUnitPublicAccess) bool {
return ua.UnitPublicAccess == ""
})
}
func PublicAccess(ctx *context.Context) {
ctx.Data["PageIsSettingsPublicAccess"] = true
ctx.Data["RepoUnitPublicAccesses"] = repoUnitPublicAccesses(ctx)
ctx.Data["GlobalForcePrivate"] = setting.Repository.ForcePrivate
if setting.Repository.ForcePrivate {
ctx.Flash.Error(ctx.Tr("form.repository_force_private"), true)
}
ctx.HTML(http.StatusOK, tplRepoSettingsPublicAccess)
}
func PublicAccessPost(ctx *context.Context) {
accesses := repoUnitPublicAccesses(ctx)
for _, ua := range accesses {
formVal := ctx.FormString(ua.FormKey)
parsed := parsePublicAccessMode(formVal, ua.PublicAccessTypes)
err := repo.UpdateRepoUnitPublicAccess(ctx, &repo.RepoUnit{
RepoID: ctx.Repo.Repository.ID,
Type: ua.UnitType,
AnonymousAccessMode: parsed.AnonymousAccessMode,
EveryoneAccessMode: parsed.EveryoneAccessMode,
})
if err != nil {
ctx.ServerError("UpdateRepoUnitPublicAccess", err)
return
}
}
ctx.Flash.Success(ctx.Tr("repo.settings.update_settings_success"))
ctx.Redirect(ctx.Repo.Repository.Link() + "/settings/public_access")
}
|
