refactor AccessLevel

go-gitea · lunny · Nov 28, 2018 · Nov 10, 2018 · Nov 11, 2018 · Nov 11, 2018
commit 11bde943868c9e7b50a7c6a4eef846c79fd2ecf6
diff --git a/models/access.go b/models/access.go
@@ -82,8 +82,16 @@ func accessLevel(e Engine, userID int64, repo *Repository) (AccessMode, error) {
 
 // AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
 // user does not have access.
-func AccessLevel(userID int64, repo *Repository) (AccessMode, error) {
- return accessLevel(x, userID, repo)
+func AccessLevel(user *User, repo *Repository) (AccessMode, error) {
+ return accessLevelUnit(user, repo, UnitTypeCode)
+}
+
+func accessLevelUnit(user *User, repo *Repository, unitType UnitType) (AccessMode, error) {
+ perm, err := GetUserRepoPermission(repo, user)
+ if err != nil {
+ return AccessModeNone, err
+ }
+ return perm.UnitAccessMode(UnitTypeCode), nil
 }
 
 func hasAccess(e Engine, userID int64, repo *Repository, testMode AccessMode) (bool, error) {

diff --git a/models/issue.go b/models/issue.go
@@ -385,7 +385,7 @@ func (issue *Issue) sendLabelUpdatedWebhook(doer *User) {
  return
  }
 
- mode, _ := AccessLevel(issue.Poster.ID, issue.Repo)
+ mode, _ := AccessLevel(issue.Poster, issue.Repo)
  if issue.IsPull {
  if err = issue.loadPullRequest(x); err != nil {
  log.Error(4, "loadPullRequest: %v", err)
@@ -533,7 +533,7 @@ func (issue *Issue) ClearLabels(doer *User) (err error) {
  return fmt.Errorf("loadPoster: %v", err)
  }
 
- mode, _ := AccessLevel(issue.Poster.ID, issue.Repo)
+ mode, _ := AccessLevel(issue.Poster, issue.Repo)
  if issue.IsPull {
  err = issue.PullRequest.LoadIssue()
  if err != nil {
@@ -727,7 +727,7 @@ func (issue *Issue) ChangeStatus(doer *User, repo *Repository, isClosed bool) (e
  }
  sess.Close()
 
- mode, _ := AccessLevel(issue.Poster.ID, issue.Repo)
+ mode, _ := AccessLevel(issue.Poster, issue.Repo)
  if issue.IsPull {
  // Merge pull request calls issue.changeStatus so we need to handle separately.
  issue.PullRequest.Issue = issue
@@ -789,7 +789,7 @@ func (issue *Issue) ChangeTitle(doer *User, title string) (err error) {
  return err
  }
 
- mode, _ := AccessLevel(issue.Poster.ID, issue.Repo)
+ mode, _ := AccessLevel(issue.Poster, issue.Repo)
  if issue.IsPull {
  issue.PullRequest.Issue = issue
  err = PrepareWebhooks(issue.Repo, HookEventPullRequest, &api.PullRequestPayload{
@@ -855,7 +855,7 @@ func (issue *Issue) ChangeContent(doer *User, content string) (err error) {
  return fmt.Errorf("UpdateIssueCols: %v", err)
  }
 
- mode, _ := AccessLevel(issue.Poster.ID, issue.Repo)
+ mode, _ := AccessLevel(issue.Poster, issue.Repo)
  if issue.IsPull {
  issue.PullRequest.Issue = issue
  err = PrepareWebhooks(issue.Repo, HookEventPullRequest, &api.PullRequestPayload{
@@ -1075,7 +1075,7 @@ func NewIssue(repo *Repository, issue *Issue, labelIDs []int64, assigneeIDs []in
  log.Error(4, "MailParticipants: %v", err)
  }
 
- mode, _ := AccessLevel(issue.Poster.ID, issue.Repo)
+ mode, _ := AccessLevel(issue.Poster, issue.Repo)
  if err = PrepareWebhooks(repo, HookEventIssues, &api.IssuePayload{
  Action: api.HookIssueOpened,
  Index: issue.Index,

diff --git a/models/issue_comment.go b/models/issue_comment.go
@@ -795,7 +795,7 @@ func CreateIssueComment(doer *User, repo *Repository, issue *Issue, content stri
  return nil, fmt.Errorf("CreateComment: %v", err)
  }
 
- mode, _ := AccessLevel(doer.ID, repo)
+ mode, _ := AccessLevel(doer, repo)
  if err = PrepareWebhooks(repo, HookEventIssueComment, &api.IssueCommentPayload{
  Action: api.HookIssueCommentCreated,
  Issue: issue.APIFormat(),
@@ -990,7 +990,7 @@ func UpdateComment(doer *User, c *Comment, oldContent string) error {
  return err
  }
 
- mode, _ := AccessLevel(doer.ID, c.Issue.Repo)
+ mode, _ := AccessLevel(doer, c.Issue.Repo)
  if err := PrepareWebhooks(c.Issue.Repo, HookEventIssueComment, &api.IssueCommentPayload{
  Action: api.HookIssueCommentEdited,
  Issue: c.Issue.APIFormat(),
@@ -1047,7 +1047,7 @@ func DeleteComment(doer *User, comment *Comment) error {
  return err
  }
 
- mode, _ := AccessLevel(doer.ID, comment.Issue.Repo)
+ mode, _ := AccessLevel(doer, comment.Issue.Repo)
 
  if err := PrepareWebhooks(comment.Issue.Repo, HookEventIssueComment, &api.IssueCommentPayload{
  Action: api.HookIssueCommentDeleted,

diff --git a/models/issue_milestone.go b/models/issue_milestone.go
@@ -377,7 +377,7 @@ func ChangeMilestoneAssign(issue *Issue, doer *User, oldMilestoneID int64) (err
  return err
  }
 
- mode, _ := AccessLevel(doer.ID, issue.Repo)
+ mode, _ := AccessLevel(doer, issue.Repo)
  if issue.IsPull {
  err = issue.PullRequest.LoadIssue()
  if err != nil {

diff --git a/models/org_team_test.go b/models/org_team_test.go
@@ -243,7 +243,7 @@ func TestDeleteTeam(t *testing.T) {
  // check that team members don't have "leftover" access to repos
  user := AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)
  repo := AssertExistsAndLoadBean(t, &Repository{ID: 3}).(*Repository)
- accessMode, err := AccessLevel(user.ID, repo)
+ accessMode, err := AccessLevel(user, repo)
  assert.NoError(t, err)
  assert.True(t, accessMode < AccessModeWrite)
 }

diff --git a/models/pull.go b/models/pull.go
@@ -458,7 +458,7 @@ func (pr *PullRequest) Merge(doer *User, baseGitRepo *git.Repository, mergeStyle
  return nil
  }
 
- mode, _ := AccessLevel(doer.ID, pr.Issue.Repo)
+ mode, _ := AccessLevel(doer, pr.Issue.Repo)
  if err = PrepareWebhooks(pr.Issue.Repo, HookEventPullRequest, &api.PullRequestPayload{
  Action: api.HookIssueClosed,
  Index: pr.Index,
@@ -787,7 +787,7 @@ func NewPullRequest(repo *Repository, pull *Issue, labelIDs []int64, uuids []str
 
  pr.Issue = pull
  pull.PullRequest = pr
- mode, _ := AccessLevel(pull.Poster.ID, repo)
+ mode, _ := AccessLevel(pull.Poster, repo)
  if err = PrepareWebhooks(repo, HookEventPullRequest, &api.PullRequestPayload{
  Action: api.HookIssueOpened,
  Index: pull.Index,

diff --git a/models/release.go b/models/release.go
@@ -200,7 +200,7 @@ func CreateRelease(gitRepo *git.Repository, rel *Release, attachmentUUIDs []stri
  if err := rel.LoadAttributes(); err != nil {
  log.Error(2, "LoadAttributes: %v", err)
  } else {
- mode, _ := AccessLevel(rel.PublisherID, rel.Repo)
+ mode, _ := AccessLevel(rel.Publisher, rel.Repo)
  if err := PrepareWebhooks(rel.Repo, HookEventRelease, &api.ReleasePayload{
  Action: api.HookReleasePublished,
  Release: rel.APIFormat(),
@@ -392,7 +392,7 @@ func UpdateRelease(doer *User, gitRepo *git.Repository, rel *Release, attachment
 
  err = addReleaseAttachments(rel.ID, attachmentUUIDs)
 
- mode, _ := accessLevel(x, doer.ID, rel.Repo)
+ mode, _ := AccessLevel(doer, rel.Repo)
  if err1 := PrepareWebhooks(rel.Repo, HookEventRelease, &api.ReleasePayload{
  Action: api.HookReleaseUpdated,
  Release: rel.APIFormat(),
@@ -454,7 +454,7 @@ func DeleteReleaseByID(id int64, u *User, delTag bool) error {
  return fmt.Errorf("LoadAttributes: %v", err)
  }
 
- mode, _ := accessLevel(x, u.ID, rel.Repo)
+ mode, _ := AccessLevel(u, rel.Repo)
  if err := PrepareWebhooks(rel.Repo, HookEventRelease, &api.ReleasePayload{
  Action: api.HookReleaseDeleted,
  Release: rel.APIFormat(),

diff --git a/models/repo.go b/models/repo.go
@@ -2429,8 +2429,8 @@ func ForkRepository(doer, u *User, oldRepo *Repository, name, desc string) (_ *R
  return nil, err
  }
 
- oldMode, _ := AccessLevel(doer.ID, oldRepo)
- mode, _ := AccessLevel(doer.ID, repo)
+ oldMode, _ := AccessLevel(doer, oldRepo)
+ mode, _ := AccessLevel(doer, repo)
 
  if err = PrepareWebhooks(oldRepo, HookEventFork, &api.ForkPayload{
  Forkee: oldRepo.APIFormat(oldMode),

diff --git a/modules/context/repo.go b/modules/context/repo.go
@@ -204,7 +204,7 @@ func repoAssignment(ctx *Context, repo *models.Repository) {
  var err error
  ctx.Repo.Permission, err = models.GetUserRepoPermission(repo, ctx.User)
  if err != nil {
- ctx.ServerError("AccessLevel", err)
+ ctx.ServerError("GetUserRepoPermission", err)
  return
  }
 

diff --git a/modules/private/internal.go b/modules/private/internal.go
@@ -53,7 +53,7 @@ func newInternalRequest(url, method string) *httplib.Request {
 // CheckUnitUser check whether user could visit the unit of this repository
 func CheckUnitUser(userID, repoID int64, isAdmin bool, unitType models.UnitType) (*models.AccessMode, error) {
  reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/user/%d/checkunituser?isAdmin=%t&unitType=%d", repoID, userID, isAdmin, unitType)
- log.GitLogger.Trace("AccessLevel: %s", reqURL)
+ log.GitLogger.Trace("CheckUnitUser: %s", reqURL)
 
  resp, err := newInternalRequest(reqURL, "GET").Response()
  if err != nil {
@@ -75,7 +75,7 @@ func CheckUnitUser(userID, repoID int64, isAdmin bool, unitType models.UnitType)
 
 // AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
 // user does not have access.
-func AccessLevel(userID, repoID int64) (*models.AccessMode, error) {
+/*func AccessLevel(userID, repoID int64) (*models.AccessMode, error) {
  reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/user/%d/accesslevel", repoID, userID)
  log.GitLogger.Trace("AccessLevel: %s", reqURL)
 
@@ -95,7 +95,7 @@ func AccessLevel(userID, repoID int64) (*models.AccessMode, error) {
  }
 
  return &a, nil
-}
+}*/
 
 // GetRepositoryByOwnerAndName returns the repository by given ownername and reponame.
 func GetRepositoryByOwnerAndName(ownerName, repoName string) (*models.Repository, error) {

diff --git a/routers/api/v1/org/team.go b/routers/api/v1/org/team.go
@@ -311,7 +311,7 @@ func GetTeamRepos(ctx *context.APIContext) {
  }
  repos := make([]*api.Repository, len(team.Repos))
  for i, repo := range team.Repos {
- access, err := models.AccessLevel(ctx.User.ID, repo)
+ access, err := models.AccessLevel(ctx.User, repo)
  if err != nil {
  ctx.Error(500, "GetTeamRepos", err)
  return
@@ -366,7 +366,7 @@ func AddTeamRepository(ctx *context.APIContext) {
  if ctx.Written() {
  return
  }
- if access, err := models.AccessLevel(ctx.User.ID, repo); err != nil {
+ if access, err := models.AccessLevel(ctx.User, repo); err != nil {
  ctx.Error(500, "AccessLevel", err)
  return
  } else if access < models.AccessModeAdmin {
@@ -413,7 +413,7 @@ func RemoveTeamRepository(ctx *context.APIContext) {
  if ctx.Written() {
  return
  }
- if access, err := models.AccessLevel(ctx.User.ID, repo); err != nil {
+ if access, err := models.AccessLevel(ctx.User, repo); err != nil {
  ctx.Error(500, "AccessLevel", err)
  return
  } else if access < models.AccessModeAdmin {

diff --git a/routers/api/v1/repo/fork.go b/routers/api/v1/repo/fork.go
@@ -7,7 +7,6 @@ package repo
 import (
  "code.gitea.io/gitea/models"
  "code.gitea.io/gitea/modules/context"
- "code.gitea.io/gitea/routers/api/v1/utils"
 
  api "code.gitea.io/sdk/gitea"
 )
@@ -40,7 +39,7 @@ func ListForks(ctx *context.APIContext) {
  }
  apiForks := make([]*api.Repository, len(forks))
  for i, fork := range forks {
- access, err := models.AccessLevel(utils.UserID(ctx), fork)
+ access, err := models.AccessLevel(ctx.User, fork)
  if err != nil {
  ctx.Error(500, "AccessLevel", err)
  return

diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
@@ -184,11 +184,6 @@ func Search(ctx *context.APIContext) {
  return
  }
 
- var userID int64
- if ctx.IsSigned {
- userID = ctx.User.ID
- }
-
  results := make([]*api.Repository, len(repos))
  for i, repo := range repos {
  if err = repo.GetOwner(); err != nil {
@@ -198,7 +193,7 @@ func Search(ctx *context.APIContext) {
  })
  return
  }
- accessMode, err := models.AccessLevel(userID, repo)
+ accessMode, err := models.AccessLevel(ctx.User, repo)
  if err != nil {
  ctx.JSON(500, api.SearchError{
  OK: false,

diff --git a/routers/api/v1/user/repo.go b/routers/api/v1/user/repo.go
@@ -17,13 +17,10 @@ func listUserRepos(ctx *context.APIContext, u *models.User, private bool) {
  ctx.Error(500, "GetUserRepositories", err)
  return
  }
+
  apiRepos := make([]*api.Repository, 0, len(repos))
- var ctxUserID int64
- if ctx.User != nil {
- ctxUserID = ctx.User.ID
- }
  for i := range repos {
- access, err := models.AccessLevel(ctxUserID, repos[i])
+ access, err := models.AccessLevel(ctx.User, repos[i])
  if err != nil {
  ctx.Error(500, "AccessLevel", err)
  return

diff --git a/routers/api/v1/user/star.go b/routers/api/v1/user/star.go
@@ -13,15 +13,15 @@ import (
 
 // getStarredRepos returns the repos that the user with the specified userID has
 // starred
-func getStarredRepos(userID int64, private bool) ([]*api.Repository, error) {
- starredRepos, err := models.GetStarredRepos(userID, private)
+func getStarredRepos(user *models.User, private bool) ([]*api.Repository, error) {
+ starredRepos, err := models.GetStarredRepos(user.ID, private)
  if err != nil {
  return nil, err
  }
 
  repos := make([]*api.Repository, len(starredRepos))
  for i, starred := range starredRepos {
- access, err := models.AccessLevel(userID, starred)
+ access, err := models.AccessLevel(user, starred)
  if err != nil {
  return nil, err
  }
@@ -48,7 +48,7 @@ func GetStarredRepos(ctx *context.APIContext) {
  // "$ref": "#/responses/RepositoryList"
  user := GetUserByParams(ctx)
  private := user.ID == ctx.User.ID
- repos, err := getStarredRepos(user.ID, private)
+ repos, err := getStarredRepos(user, private)
  if err != nil {
  ctx.Error(500, "getStarredRepos", err)
  }
@@ -65,7 +65,7 @@ func GetMyStarredRepos(ctx *context.APIContext) {
  // responses:
  // "200":
  // "$ref": "#/responses/RepositoryList"
- repos, err := getStarredRepos(ctx.User.ID, true)
+ repos, err := getStarredRepos(ctx.User, true)
  if err != nil {
  ctx.Error(500, "getStarredRepos", err)
  }

diff --git a/routers/api/v1/user/watch.go b/routers/api/v1/user/watch.go
@@ -14,15 +14,15 @@ import (
 
 // getWatchedRepos returns the repos that the user with the specified userID is
 // watching
-func getWatchedRepos(userID int64, private bool) ([]*api.Repository, error) {
- watchedRepos, err := models.GetWatchedRepos(userID, private)
+func getWatchedRepos(user *models.User, private bool) ([]*api.Repository, error) {
+ watchedRepos, err := models.GetWatchedRepos(user.ID, private)
  if err != nil {
  return nil, err
  }
 
  repos := make([]*api.Repository, len(watchedRepos))
  for i, watched := range watchedRepos {
- access, err := models.AccessLevel(userID, watched)
+ access, err := models.AccessLevel(user, watched)
  if err != nil {
  return nil, err
  }
@@ -49,7 +49,7 @@ func GetWatchedRepos(ctx *context.APIContext) {
  // "$ref": "#/responses/RepositoryList"
  user := GetUserByParams(ctx)
  private := user.ID == ctx.User.ID
- repos, err := getWatchedRepos(user.ID, private)
+ repos, err := getWatchedRepos(user, private)
  if err != nil {
  ctx.Error(500, "getWatchedRepos", err)
  }
@@ -66,7 +66,7 @@ func GetMyWatchedRepos(ctx *context.APIContext) {
  // responses:
  // "200":
  // "$ref": "#/responses/RepositoryList"
- repos, err := getWatchedRepos(ctx.User.ID, true)
+ repos, err := getWatchedRepos(ctx.User, true)
  if err != nil {
  ctx.Error(500, "getWatchedRepos", err)
  }

diff --git a/routers/private/internal.go b/routers/private/internal.go
@@ -39,7 +39,7 @@ func GetRepositoryByOwnerAndName(ctx *macaron.Context) {
 }
 
 //AccessLevel chainload to models.AccessLevel
-func AccessLevel(ctx *macaron.Context) {
+/*func AccessLevel(ctx *macaron.Context) {
  repoID := ctx.ParamsInt64(":repoid")
  userID := ctx.ParamsInt64(":userid")
  repo, err := models.GetRepositoryByID(repoID)
@@ -57,7 +57,7 @@ func AccessLevel(ctx *macaron.Context) {
  return
  }
  ctx.JSON(200, al)
-}
+}*/
 
 //CheckUnitUser chainload to models.CheckUnitUser
 func CheckUnitUser(ctx *macaron.Context) {
@@ -98,7 +98,7 @@ func RegisterRoutes(m *macaron.Macaron) {
  m.Get("/ssh/:id/user", GetUserByKeyID)
  m.Post("/ssh/:id/update", UpdatePublicKey)
  m.Post("/repositories/:repoid/keys/:keyid/update", UpdateDeployKey)
- m.Get("/repositories/:repoid/user/:userid/accesslevel", AccessLevel)
+ //m.Get("/repositories/:repoid/user/:userid/accesslevel", AccessLevel)
  m.Get("/repositories/:repoid/user/:userid/checkunituser", CheckUnitUser)
  m.Get("/repositories/:repoid/has-keys/:keyid", HasDeployKey)
  m.Post("/push/update", PushUpdate)