rename CanAccess

go-gitea · lunny · Nov 28, 2018 · Nov 10, 2018 · Nov 11, 2018 · Nov 11, 2018
commit 2f65f7a8bc03b83d9a4f53b3572cd28d7e8be08b
diff --git a/models/issue.go b/models/issue.go
@@ -956,7 +956,7 @@ func newIssue(e *xorm.Session, doer *User, opts NewIssueOptions) (err error) {
  }
  valid, err := canBeAssigned(e, user, opts.Repo)
  if err != nil {
- return fmt.Errorf("hasAccess [user_id: %d, repo_id: %d]: %v", assigneeID, opts.Repo.ID, err)
+ return fmt.Errorf("canBeAssigned [user_id: %d, repo_id: %d]: %v", assigneeID, opts.Repo.ID, err)
  }
  if !valid {
  return ErrUserDoesNotHaveAccessToRepo{UserID: assigneeID, RepoName: opts.Repo.Name}

diff --git a/models/lfs_lock.go b/models/lfs_lock.go
@@ -143,7 +143,7 @@ func CheckLFSAccessForRepo(u *User, repo *Repository, mode AccessMode) error {
  if err != nil {
  return err
  }
- if !perm.CanWrite(UnitTypeCode) {
+ if !perm.CanAccess(mode, UnitTypeCode) {
  return ErrLFSUnauthorizedAction{repo.ID, u.DisplayName(), mode}
  }
  return nil

diff --git a/models/repo.go b/models/repo.go
@@ -325,6 +325,9 @@ func (repo *Repository) CheckUnitUser(userID int64, isAdmin bool, unitType UnitT
 }
 
 func (repo *Repository) checkUnitUser(e Engine, userID int64, isAdmin bool, unitType UnitType) bool {
+ if isAdmin {
+ return true
+ }
  user, err := getUserByID(e, userID)
  if err != nil {
  return false
@@ -334,7 +337,7 @@ func (repo *Repository) checkUnitUser(e Engine, userID int64, isAdmin bool, unit
  return false
  }
 
- return perm.CanAccess(unitType)
+ return perm.CanRead(unitType)
 }
 
 // UnitEnabled if this repository has the given unit enabled
@@ -350,21 +353,6 @@ func (repo *Repository) UnitEnabled(tp UnitType) bool {
  return false
 }
 
-// AnyUnitEnabled if this repository has the any of the given units enabled
-func (repo *Repository) AnyUnitEnabled(tps ...UnitType) bool {
- if err := repo.getUnits(x); err != nil {
- log.Warn("Error loading repository (ID: %d) units: %s", repo.ID, err.Error())
- }
- for _, unit := range repo.Units {
- for _, tp := range tps {
- if unit.Type == tp {
- return true
- }
- }
- }
- return false
-}
-
 var (
  // ErrUnitNotExist organization does not exist
  ErrUnitNotExist = errors.New("Unit does not exist")

diff --git a/models/repo_permission.go b/models/repo_permission.go
@@ -43,23 +43,28 @@ func (p *Permission) UnitAccessMode(unitType UnitType) AccessMode {
 }
 
 // CanAccess returns true if user has read access to the unit of the repository
-func (p *Permission) CanAccess(unitType UnitType) bool {
- return p.UnitAccessMode(unitType) >= AccessModeRead
+func (p *Permission) CanAccess(mode AccessMode, unitType UnitType) bool {
+ return p.UnitAccessMode(unitType) >= mode
 }
 
 // CanAccessAny returns true if user has read access to any of the units of the repository
-func (p *Permission) CanAccessAny(unitTypes ...UnitType) bool {
+func (p *Permission) CanAccessAny(mode AccessMode, unitTypes ...UnitType) bool {
  for _, u := range unitTypes {
- if p.CanAccess(u) {
+ if p.CanAccess(mode, u) {
  return true
  }
  }
  return false
 }
 
+// CanWrite returns true if user could write to this unit
+func (p *Permission) CanRead(unitType UnitType) bool {
+ return p.CanAccess(AccessModeRead, unitType)
+}
+
 // CanWrite returns true if user could write to this unit
 func (p *Permission) CanWrite(unitType UnitType) bool {
- return p.UnitAccessMode(unitType) >= AccessModeWrite
+ return p.CanAccess(AccessModeWrite, unitType)
 }
 
 // CanWriteIssuesOrPulls returns true if isPull is true and user could write to pull requests and
@@ -75,9 +80,9 @@ func (p *Permission) CanWriteIssuesOrPulls(isPull bool) bool {
 // returns true if isPull is false and user could read to issues
 func (p *Permission) CanReadIssuesOrPulls(isPull bool) bool {
  if isPull {
- return p.CanAccess(UnitTypePullRequests)
+ return p.CanRead(UnitTypePullRequests)
  }
- return p.CanAccess(UnitTypeIssues)
+ return p.CanRead(UnitTypeIssues)
 }
 
 // GetUserRepoPermission returns the user permissions to the repository

diff --git a/modules/context/permission.go b/modules/context/permission.go
@@ -44,7 +44,7 @@ func RequireRepoWriterOr(unitTypes ...models.UnitType) macaron.Handler {
 // RequireRepoReader returns a macaron middleware for requiring repository read to the specify unitType
 func RequireRepoReader(unitType models.UnitType) macaron.Handler {
  return func(ctx *Context) {
- if !ctx.Repo.CanAccess(unitType) {
+ if !ctx.Repo.CanRead(unitType) {
  ctx.NotFound(ctx.Req.RequestURI, nil)
  return
  }
@@ -55,7 +55,7 @@ func RequireRepoReader(unitType models.UnitType) macaron.Handler {
 func RequireRepoReaderOr(unitTypes ...models.UnitType) macaron.Handler {
  return func(ctx *Context) {
  for _, unitType := range unitTypes {
- if ctx.Repo.CanAccess(unitType) {
+ if ctx.Repo.CanRead(unitType) {
  return
  }
  }

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
@@ -221,7 +221,7 @@ func reqAdmin() macaron.Handler {
 
 func reqRepoReader(unitType models.UnitType) macaron.Handler {
  return func(ctx *context.Context) {
- if !ctx.Repo.CanAccess(unitType) {
+ if !ctx.Repo.CanRead(unitType) {
  ctx.Error(403)
  return
  }
@@ -343,22 +343,22 @@ func orgAssignment(args ...bool) macaron.Handler {
 }
 
 func mustEnableIssues(ctx *context.APIContext) {
- if !ctx.Repo.CanAccess(models.UnitTypeIssues) {
+ if !ctx.Repo.CanRead(models.UnitTypeIssues) {
  ctx.Status(404)
  return
  }
 }
 
 func mustAllowPulls(ctx *context.Context) {
- if !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanAccess(models.UnitTypePullRequests)) {
+ if !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanRead(models.UnitTypePullRequests)) {
  ctx.Status(404)
  return
  }
 }
 
 func mustEnableIssuesOrPulls(ctx *context.Context) {
- if !ctx.Repo.CanAccess(models.UnitTypeIssues) &&
- !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanAccess(models.UnitTypePullRequests)) {
+ if !ctx.Repo.CanRead(models.UnitTypeIssues) &&
+ !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanRead(models.UnitTypePullRequests)) {
  ctx.Status(404)
  return
  }

diff --git a/routers/repo/activity.go b/routers/repo/activity.go
@@ -45,9 +45,9 @@ func Activity(ctx *context.Context) {
 
  var err error
  if ctx.Data["Activity"], err = models.GetActivityStats(ctx.Repo.Repository.ID, timeFrom,
- ctx.Repo.CanAccess(models.UnitTypeReleases),
- ctx.Repo.CanAccess(models.UnitTypeIssues),
- ctx.Repo.CanAccess(models.UnitTypePullRequests)); err != nil {
+ ctx.Repo.CanRead(models.UnitTypeReleases),
+ ctx.Repo.CanRead(models.UnitTypeIssues),
+ ctx.Repo.CanRead(models.UnitTypePullRequests)); err != nil {
  ctx.ServerError("GetActivityStats", err)
  return
  }

diff --git a/routers/repo/issue.go b/routers/repo/issue.go
@@ -64,8 +64,8 @@ var (
 
 // MustEnableIssues check if repository enable internal issues
 func MustEnableIssues(ctx *context.Context) {
- if !ctx.Repo.CanAccess(models.UnitTypeIssues) &&
- !ctx.Repo.CanAccess(models.UnitTypeExternalTracker) {
+ if !ctx.Repo.CanRead(models.UnitTypeIssues) &&
+ !ctx.Repo.CanRead(models.UnitTypeExternalTracker) {
  ctx.NotFound("MustEnableIssues", nil)
  return
  }
@@ -79,7 +79,7 @@ func MustEnableIssues(ctx *context.Context) {
 
 // MustAllowPulls check if repository enable pull requests and user have right to do that
 func MustAllowPulls(ctx *context.Context) {
- if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.CanAccess(models.UnitTypePullRequests) {
+ if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.CanRead(models.UnitTypePullRequests) {
  ctx.NotFound("MustAllowPulls", nil)
  return
  }
@@ -859,8 +859,8 @@ func GetActionIssue(ctx *context.Context) *models.Issue {
 }
 
 func checkIssueRights(ctx *context.Context, issue *models.Issue) {
- if issue.IsPull && !ctx.Repo.CanAccess(models.UnitTypePullRequests) ||
- !issue.IsPull && !ctx.Repo.CanAccess(models.UnitTypeIssues) {
+ if issue.IsPull && !ctx.Repo.CanRead(models.UnitTypePullRequests) ||
+ !issue.IsPull && !ctx.Repo.CanRead(models.UnitTypeIssues) {
  ctx.NotFound("IssueOrPullRequestUnitNotAllowed", nil)
  }
 }
@@ -885,8 +885,8 @@ func getActionIssues(ctx *context.Context) []*models.Issue {
  return nil
  }
  // Check access rights for all issues
- issueUnitEnabled := ctx.Repo.CanAccess(models.UnitTypeIssues)
- prUnitEnabled := ctx.Repo.CanAccess(models.UnitTypePullRequests)
+ issueUnitEnabled := ctx.Repo.CanRead(models.UnitTypeIssues)
+ prUnitEnabled := ctx.Repo.CanRead(models.UnitTypePullRequests)
  for _, issue := range issues {
  if issue.IsPull && !prUnitEnabled || !issue.IsPull && !issueUnitEnabled {
  ctx.NotFound("IssueOrPullRequestUnitNotAllowed", nil)

diff --git a/routers/repo/pull.go b/routers/repo/pull.go
@@ -63,7 +63,7 @@ func getForkRepository(ctx *context.Context) *models.Repository {
  return nil
  }
 
- if forkRepo.IsBare || !perm.CanAccess(models.UnitTypeCode) {
+ if forkRepo.IsBare || !perm.CanRead(models.UnitTypeCode) {
  ctx.NotFound("getForkRepository", nil)
  return nil
  }

diff --git a/routers/repo/wiki.go b/routers/repo/wiki.go
@@ -31,8 +31,8 @@ const (
 
 // MustEnableWiki check if wiki is enabled, if external then redirect
 func MustEnableWiki(ctx *context.Context) {
- if !ctx.Repo.CanAccess(models.UnitTypeWiki) &&
- !ctx.Repo.CanAccess(models.UnitTypeExternalWiki) {
+ if !ctx.Repo.CanRead(models.UnitTypeWiki) &&
+ !ctx.Repo.CanRead(models.UnitTypeExternalWiki) {
  ctx.NotFound("MustEnableWiki", nil)
  return
  }

diff --git a/routers/user/home.go b/routers/user/home.go
@@ -291,7 +291,7 @@ func Issues(ctx *context.Context) {
  ctx.ServerError("GetUserRepoPermission", fmt.Errorf("[%d]%v", repoID, err))
  return
  }
- if !perm.CanAccess(models.UnitTypeIssues) {
+ if !perm.CanRead(models.UnitTypeIssues) {
  ctx.Status(404)
  return
  }