mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2147 Commits
17 Branches
Tree: ee68a826a5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ee68a826a5'
${ noResults }
gitea/models/access.go

access.go 4.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. type AccessMode int

  8. 

  9. const (

  10. 	ACCESS_MODE_NONE AccessMode = iota

  11. 	ACCESS_MODE_READ

  12. 	ACCESS_MODE_WRITE

  13. 	ACCESS_MODE_ADMIN

  14. 	ACCESS_MODE_OWNER

  15. )

  16. 

  17. // Access represents the highest access level of a user to the repository. The only access type

  18. // that is not in this table is the real owner of a repository. In case of an organization

  19. // repository, the members of the owners team are in this table.

  20. type Access struct {

  21. 	ID     int64 `xorm:"pk autoincr"`

  22. 	UserID int64 `xorm:"UNIQUE(s)"`

  23. 	RepoID int64 `xorm:"UNIQUE(s)"`

  24. 	Mode   AccessMode

  25. }

  26. 

  27. func accessLevel(e Engine, u *User, repo *Repository) (AccessMode, error) {

  28. 	mode := ACCESS_MODE_NONE

  29. 	if !repo.IsPrivate {

  30. 		mode = ACCESS_MODE_READ

  31. 	}

  32. 

  33. 	if u != nil {

  34. 		if u.Id == repo.OwnerId {

  35. 			return ACCESS_MODE_OWNER, nil

  36. 		}

  37. 

  38. 		a := &Access{UserID: u.Id, RepoID: repo.Id}

  39. 		if has, err := e.Get(a); !has || err != nil {

  40. 			return mode, err

  41. 		}

  42. 		return a.Mode, nil

  43. 	}

  44. 

  45. 	return mode, nil

  46. }

  47. 

  48. // AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the

  49. // user does not have access. User can be nil!

  50. func AccessLevel(u *User, repo *Repository) (AccessMode, error) {

  51. 	return accessLevel(x, u, repo)

  52. }

  53. 

  54. func hasAccess(e Engine, u *User, repo *Repository, testMode AccessMode) (bool, error) {

  55. 	mode, err := accessLevel(e, u, repo)

  56. 	return testMode <= mode, err

  57. }

  58. 

  59. // HasAccess returns true if someone has the request access level. User can be nil!

  60. func HasAccess(u *User, repo *Repository, testMode AccessMode) (bool, error) {

  61. 	return hasAccess(x, u, repo, testMode)

  62. }

  63. 

  64. // GetAccessibleRepositories finds all repositories where a user has access to,

  65. // besides his own.

  66. func (u *User) GetAccessibleRepositories() (map[*Repository]AccessMode, error) {

  67. 	accesses := make([]*Access, 0, 10)

  68. 	if err := x.Find(&accesses, &Access{UserID: u.Id}); err != nil {

  69. 		return nil, err

  70. 	}

  71. 

  72. 	repos := make(map[*Repository]AccessMode, len(accesses))

  73. 	for _, access := range accesses {

  74. 		repo, err := GetRepositoryById(access.RepoID)

  75. 		if err != nil {

  76. 			return nil, err

  77. 		}

  78. 		if err = repo.GetOwner(); err != nil {

  79. 			return nil, err

  80. 		} else if repo.OwnerId == u.Id {

  81. 			continue

  82. 		}

  83. 		repos[repo] = access.Mode

  84. 	}

  85. 

  86. 	return repos, nil

  87. }

  88. 

  89. func maxAccessMode(modes ...AccessMode) AccessMode {

  90. 	max := ACCESS_MODE_NONE

  91. 	for _, mode := range modes {

  92. 		if mode > max {

  93. 			max = mode

  94. 		}

  95. 	}

  96. 	return max

  97. }

  98. 

  99. func (repo *Repository) recalculateTeamAccesses(e Engine, mode AccessMode) error {

  100. 

  101. 	return nil

  102. }

  103. 

  104. func (repo *Repository) recalculateAccesses(e Engine) error {

  105. 	accessMap := make(map[int64]AccessMode, 20)

  106. 

  107. 	// FIXME: should be able to have read-only access.

  108. 	// Give all collaborators write access.

  109. 	collaborators, err := repo.getCollaborators(e)

  110. 	if err != nil {

  111. 		return err

  112. 	}

  113. 	for _, c := range collaborators {

  114. 		accessMap[c.Id] = ACCESS_MODE_WRITE

  115. 	}

  116. 

  117. 	if err := repo.getOwner(e); err != nil {

  118. 		return err

  119. 	}

  120. 	if repo.Owner.IsOrganization() {

  121. 		if err = repo.Owner.getTeams(e); err != nil {

  122. 			return err

  123. 		}

  124. 

  125. 		for _, team := range repo.Owner.Teams {

  126. 			if team.IsOwnerTeam() {

  127. 				team.Authorize = ACCESS_MODE_OWNER

  128. 			}

  129. 

  130. 			if err = team.getMembers(e); err != nil {

  131. 				return err

  132. 			}

  133. 			for _, u := range team.Members {

  134. 				accessMap[u.Id] = maxAccessMode(accessMap[u.Id], team.Authorize)

  135. 			}

  136. 		}

  137. 	}

  138. 

  139. 	// FIXME: do corss-comparison so reduce deletions and additions to the minimum?

  140. 

  141. 	minMode := ACCESS_MODE_READ

  142. 	if !repo.IsPrivate {

  143. 		minMode = ACCESS_MODE_WRITE

  144. 	}

  145. 

  146. 	newAccesses := make([]Access, 0, len(accessMap))

  147. 	for userID, mode := range accessMap {

  148. 		if mode < minMode {

  149. 			continue

  150. 		}

  151. 		newAccesses = append(newAccesses, Access{

  152. 			UserID: userID,

  153. 			RepoID: repo.Id,

  154. 			Mode:   mode,

  155. 		})

  156. 	}

  157. 

  158. 	// Delete old accesses and insert new ones for repository.

  159. 	if _, err = e.Delete(&Access{RepoID: repo.Id}); err != nil {

  160. 		return err

  161. 	} else if _, err = e.Insert(newAccesses); err != nil {

  162. 		return err

  163. 	}

  164. 

  165. 	return nil

  166. }

  167. 

  168. // RecalculateAccesses recalculates all accesses for repository.

  169. func (r *Repository) RecalculateAccesses() error {

  170. 	return r.recalculateAccesses(x)

  171. }