1
0
mirror of https://github.com/go-gitea/gitea synced 2024-12-24 03:35:55 +01:00

Merge remote-tracking branch 'mine/access_refactor' into access_refactor

Conflicts:
	cmd/serve.go
	models/access.go
	models/migrations/migrations.go
	models/org.go
	models/repo.go
	models/user.go
	modules/middleware/org.go
	modules/middleware/repo.go
	routers/api/v1/repo.go
	routers/org/teams.go
	routers/repo/http.go
	routers/user/home.go
This commit is contained in:
Peter Smit 2015-02-12 14:25:07 +02:00
commit 6c1ee384f1
10 changed files with 44 additions and 42 deletions

@ -67,14 +67,14 @@ func parseCmd(cmd string) (string, string) {
var (
COMMANDS_READONLY = map[string]models.AccessMode{
"git-upload-pack": models.WriteAccess,
"git upload-pack": models.WriteAccess,
"git-upload-archive": models.WriteAccess,
"git-upload-pack": models.ACCESS_MODE_WRITE,
"git upload-pack": models.ACCESS_MODE_WRITE,
"git-upload-archive": models.ACCESS_MODE_WRITE,
}
COMMANDS_WRITE = map[string]models.AccessMode{
"git-receive-pack": models.ReadAccess,
"git receive-pack": models.ReadAccess,
"git-receive-pack": models.ACCESS_MODE_READ,
"git receive-pack": models.ACCESS_MODE_READ,
}
)
@ -155,7 +155,7 @@ func runServ(k *cli.Context) {
switch {
case isWrite:
has, err := models.HasAccess(user, repo, models.WriteAccess)
has, err := models.HasAccess(user, repo, models.ACCESS_MODE_WRITE)
if err != nil {
println("Gogs: internal error:", err.Error())
log.GitLogger.Fatal(2, "Fail to check write access:", err)
@ -168,7 +168,7 @@ func runServ(k *cli.Context) {
break
}
has, err := models.HasAccess(user, repo, models.ReadAccess)
has, err := models.HasAccess(user, repo, models.ACCESS_MODE_READ)
if err != nil {
println("Gogs: internal error:", err.Error())
log.GitLogger.Fatal(2, "Fail to check read access:", err)

@ -7,15 +7,15 @@ package models
type AccessMode int
const (
NoAccess AccessMode = iota
ReadAccess
WriteAccess
AdminAccess
OwnerAccess
ACCESS_MODE_NONE AccessMode = iota
ACCESS_MODE_READ
ACCESS_MODE_WRITE
ACCESS_MODE_ADMIN
ACCESS_MODE_OWNER
)
func maxAccessMode(modes ...AccessMode) AccessMode {
max := NoAccess
max := ACCESS_MODE_NONE
for _, mode := range modes {
if mode > max {
max = mode
@ -43,14 +43,14 @@ func HasAccess(u *User, r *Repository, testMode AccessMode) (bool, error) {
// Return the Access a user has to a repository. Will return NoneAccess if the
// user does not have access. User can be nil!
func AccessLevel(u *User, r *Repository) (AccessMode, error) {
mode := NoAccess
mode := ACCESS_MODE_NONE
if !r.IsPrivate {
mode = ReadAccess
mode = ACCESS_MODE_READ
}
if u != nil {
if u.Id == r.OwnerId {
return OwnerAccess, nil
return ACCESS_MODE_OWNER, nil
}
a := &Access{UserID: u.Id, RepoID: r.Id}
@ -98,7 +98,7 @@ func (r *Repository) RecalcAccessSess() error {
return err
}
for _, c := range collaborators {
accessMap[c.Id] = WriteAccess
accessMap[c.Id] = ACCESS_MODE_WRITE
}
if err := r.GetOwner(); err != nil {
@ -123,9 +123,9 @@ func (r *Repository) RecalcAccessSess() error {
}
}
minMode := ReadAccess
minMode := ACCESS_MODE_READ
if !r.IsPrivate {
minMode = WriteAccess
minMode = ACCESS_MODE_WRITE
}
newAccesses := make([]Access, 0, len(accessMap))

@ -134,7 +134,7 @@ func CreateOrganization(org, owner *User) (*User, error) {
OrgId: org.Id,
LowerName: strings.ToLower(OWNER_TEAM),
Name: OWNER_TEAM,
Authorize: OwnerAccess,
Authorize: ACCESS_MODE_OWNER,
NumMembers: 1,
}
if _, err = sess.Insert(t); err != nil {

@ -395,6 +395,7 @@ func ChangeUserName(u *User, newUserName string) (err error) {
if !IsLegalName(newUserName) {
return ErrUserNameIllegal
}
return os.Rename(UserPath(u.LowerName), UserPath(newUserName))
}

@ -87,7 +87,7 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler {
return
}
ctx.Data["Team"] = ctx.Org.Team
ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.AdminAccess
ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.ACCESS_MODE_ADMIN
}
ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
if requireAdminTeam && !ctx.Org.IsAdminTeam {

@ -64,9 +64,10 @@ func ApiRepoAssignment() macaron.Handler {
ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL})
return
}
ctx.Repo.IsOwner = mode >= models.WriteAccess
ctx.Repo.IsAdmin = mode >= models.ReadAccess
ctx.Repo.IsTrueOwner = mode >= models.OwnerAccess
ctx.Repo.IsOwner = mode >= models.ACCESS_MODE_WRITE
ctx.Repo.IsAdmin = mode >= models.ACCESS_MODE_READ
ctx.Repo.IsTrueOwner = mode >= models.ACCESS_MODE_OWNER
}
// Check access.
@ -244,9 +245,9 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL})
return
}
ctx.Repo.IsOwner = mode >= models.WriteAccess
ctx.Repo.IsAdmin = mode >= models.ReadAccess
ctx.Repo.IsTrueOwner = mode >= models.OwnerAccess
ctx.Repo.IsOwner = mode >= models.ACCESS_MODE_WRITE
ctx.Repo.IsAdmin = mode >= models.ACCESS_MODE_READ
ctx.Repo.IsTrueOwner = mode >= models.ACCESS_MODE_OWNER
}
// Check access.

@ -255,7 +255,7 @@ func ListMyRepos(ctx *middleware.Context) {
return
}
repos[i] = ToApiRepository(repo.Owner, repo, api.Permission{false, access >= models.WriteAccess, true})
repos[i] = ToApiRepository(repo.Owner, repo, api.Permission{false, access >= models.ACCESS_MODE_WRITE, true})
// FIXME: cache result to reduce DB query?
if repo.Owner.IsOrganization() && repo.Owner.IsOwnedBy(ctx.User.Id) {

@ -168,11 +168,11 @@ func NewTeamPost(ctx *middleware.Context, form auth.CreateTeamForm) {
var auth models.AccessMode
switch form.Permission {
case "read":
auth = models.ReadAccess
auth = models.ACCESS_MODE_READ
case "write":
auth = models.WriteAccess
auth = models.ACCESS_MODE_WRITE
case "admin":
auth = models.AdminAccess
auth = models.ACCESS_MODE_ADMIN
default:
ctx.Error(401)
return
@ -249,11 +249,11 @@ func EditTeamPost(ctx *middleware.Context, form auth.CreateTeamForm) {
var auth models.AccessMode
switch form.Permission {
case "read":
auth = models.ReadAccess
auth = models.ACCESS_MODE_READ
case "write":
auth = models.WriteAccess
auth = models.ACCESS_MODE_WRITE
case "admin":
auth = models.AdminAccess
auth = models.ACCESS_MODE_ADMIN
default:
ctx.Error(401)
return

@ -137,9 +137,9 @@ func Http(ctx *middleware.Context) {
}
if !isPublicPull {
var tp = models.WriteAccess
var tp = models.ACCESS_MODE_WRITE
if isPull {
tp = models.ReadAccess
tp = models.ACCESS_MODE_READ
}
has, err := models.HasAccess(authUser, repo, tp)
@ -147,8 +147,8 @@ func Http(ctx *middleware.Context) {
ctx.Handle(401, "no basic auth and digit auth", nil)
return
} else if !has {
if tp == models.ReadAccess {
has, err = models.HasAccess(authUser, repo, models.WriteAccess)
if tp == models.ACCESS_MODE_READ {
has, err = models.HasAccess(authUser, repo, models.ACCESS_MODE_WRITE)
if err != nil || !has {
ctx.Handle(401, "no basic auth and digit auth", nil)
return
@ -288,7 +288,7 @@ func serviceRpc(rpc string, hr handler) {
access := hasAccess(r, hr.Config, dir, rpc, true)
if access == false {
renderNoAccess(w)
renderACCESS_MODE_NONE(w)
return
}
@ -515,7 +515,7 @@ func renderNotFound(w http.ResponseWriter) {
w.Write([]byte("Not Found"))
}
func renderNoAccess(w http.ResponseWriter) {
func renderACCESS_MODE_NONE(w http.ResponseWriter) {
w.WriteHeader(http.StatusForbidden)
w.Write([]byte("Forbidden"))
}

@ -103,7 +103,7 @@ func Dashboard(ctx *middleware.Context) {
feeds := make([]*models.Action, 0, len(actions))
for _, act := range actions {
if act.IsPrivate {
if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ReadAccess); !has {
if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ACCESS_MODE_READ); !has {
continue
}
}
@ -211,7 +211,7 @@ func Profile(ctx *middleware.Context) {
continue
}
if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true},
models.ReadAccess); !has {
models.ACCESS_MODE_READ); !has {
continue
}
}