refactor permission struct and add some copyright heads

go-gitea · lunny · Nov 28, 2018 · Nov 10, 2018 · Nov 11, 2018 · Nov 11, 2018
commit 40d552c1373ba12c22913408dd8f1d8bb4f34447
diff --git a/models/repo_permission.go b/models/repo_permission.go
@@ -0,0 +1,135 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+// Permission contains all the permissions related variables to a repository for a user
+type Permission struct {
+ AccessMode AccessMode
+ Units []*RepoUnit
+ UnitsMode map[UnitType]AccessMode
+}
+
+// IsOwner returns true if current user is the owner of repository.
+func (p *Permission) IsOwner() bool {
+ return p.AccessMode >= AccessModeOwner
+}
+
+// IsAdmin returns true if current user has admin or higher access of repository.
+func (p *Permission) IsAdmin() bool {
+ return p.AccessMode >= AccessModeAdmin
+}
+
+// HasAccess returns true if the current user has at least read access to any unit of this repository
+func (p *Permission) HasAccess() bool {
+ if p.UnitsMode == nil {
+ return p.AccessMode >= AccessModeRead
+ }
+ return len(p.UnitsMode) > 0
+}
+
+// UnitAccessMode returns current user accessmode to the specify unit of the repository
+func (p *Permission) UnitAccessMode(unitType UnitType) AccessMode {
+ if p.UnitsMode == nil {
+ return p.AccessMode
+ }
+ return p.UnitsMode[unitType]
+}
+
+// CanAccess returns true if user has read access to the unit of the repository
+func (p *Permission) CanAccess(unitType UnitType) bool {
+ return p.UnitAccessMode(unitType) >= AccessModeRead
+}
+
+// CanWrite returns true if user could write to this unit
+func (p *Permission) CanWrite(unitType UnitType) bool {
+ return p.UnitAccessMode(unitType) >= AccessModeWrite
+}
+
+// CanWriteIssuesOrPulls returns true if isPull is true and user could write to pull requests and
+// returns true if isPull is false and user could write to issues
+func (p *Permission) CanWriteIssuesOrPulls(isPull bool) bool {
+ if isPull {
+ return p.CanWrite(UnitTypePullRequests)
+ }
+ return p.CanWrite(UnitTypeIssues)
+}
+
+// GetUserRepoPermission returns the user permissions to the repository
+func GetUserRepoPermission(repo *Repository, user *User) (Permission, error) {
+ return getUserRepoPermission(x, repo, user)
+}
+
+func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permission, err error) {
+ // anonymous user visit private repo. TODO: anonymous user visit public unit of private repo???
+ if user == nil && repo.IsPrivate {
+ perm.AccessMode = AccessModeNone
+ return
+ }
+
+ if err = repo.getUnits(e); err != nil {
+ return
+ }
+
+ perm.Units = repo.Units
+
+ // anonymous visit public repo
+ if user == nil {
+ perm.AccessMode = AccessModeRead
+ return
+ }
+
+ // Admin has super access or user is the owner of the repository
+ if user.IsAdmin || user.ID == repo.OwnerID {
+ perm.AccessMode = AccessModeOwner
+ return
+ }
+
+ // plain user
+ perm.AccessMode, err = accessLevel(e, user.ID, repo)
+ if err != nil {
+ return
+ }
+
+ if err = repo.getOwner(e); err != nil {
+ return
+ }
+ if !repo.Owner.IsOrganization() {
+ return
+ }
+
+ teams, err := getUserRepoTeams(e, repo.OwnerID, user.ID, repo.ID)
+ if err != nil {
+ return
+ }
+
+ perm.UnitsMode = make(map[UnitType]AccessMode)
+ for _, u := range repo.Units {
+ var found bool
+ for _, team := range teams {
+ if team.unitEnabled(e, u.Type) {
+ m := perm.UnitsMode[u.Type]
+ if m < team.Authorize {
+ perm.UnitsMode[u.Type] = team.Authorize
+ }
+ found = true
+ }
+ }
+
+ if !found && !repo.IsPrivate {
+ perm.UnitsMode[u.Type] = AccessModeRead
+ }
+ }
+
+ perm.Units = make([]*RepoUnit, 0, len(repo.Units))
+ for t, _ := range perm.UnitsMode {
+ for _, u := range repo.Units {
+ if u.Type == t {
+ perm.Units = append(perm.Units, u)
+ }
+ }
+ }
+
+ return
+}
diff --git a/models/repo_unit.go b/models/repo_unit.go
@@ -166,10 +166,7 @@ func (r *RepoUnit) IssuesConfig() *IssuesConfig {
 func (r *RepoUnit) ExternalTrackerConfig() *ExternalTrackerConfig {
  return r.Config.(*ExternalTrackerConfig)
 }
+
 func getUnitsByRepoID(e Engine, repoID int64) (units []*RepoUnit, err error) {
  return units, e.Where("repo_id = ?", repoID).Find(&units)
 }
-
-func getUnitsByRepoIDAndIDs(e Engine, repoID int64, types []UnitType) (units []*RepoUnit, err error) {
- return units, e.Where("repo_id = ?", repoID).In("`type`", types).Find(&units)
-}
diff --git a/modules/context/permission.go b/modules/context/permission.go
diff --git a/modules/context/repo.go b/modules/context/repo.go
@@ -32,7 +32,7 @@ type PullRequest struct {
 
 // Repository contains information to operate a repository
 type Repository struct {
- Permission
+ models.Permission
  IsWatching bool
  IsViewBranch bool
  IsViewTag bool
@@ -201,29 +201,12 @@ func RedirectToRepo(ctx *Context, redirectRepoID int64) {
 }
 
 func repoAssignment(ctx *Context, repo *models.Repository) {
- var userID int64
- // Admin has super access.
- if ctx.IsSigned && ctx.User.IsAdmin {
- ctx.Repo.Permission.AccessMode = models.AccessModeOwner
- } else {
- if ctx.User != nil {
- userID = ctx.User.ID
- }
- mode, err := models.AccessLevel(userID, repo)
- if err != nil {
- ctx.ServerError("AccessLevel", err)
- return
- }
- ctx.Repo.Permission.AccessMode = mode
- }
-
- err := repo.LoadUnitsByUserID(userID, ctx.Repo.IsAdmin())
+ var err error
+ ctx.Repo.Permission, err = models.GetUserRepoPermission(repo, ctx.User)
  if err != nil {
- ctx.ServerError("LoadUnitsByUserID", err)
+ ctx.ServerError("AccessLevel", err)
  return
  }
- ctx.Repo.Permission.Units = repo.Units
- ctx.Repo.Permission.UnitsMode = repo.UnitsMode
 
  // Check access.
  if ctx.Repo.Permission.AccessMode == models.AccessModeNone {
@@ -269,10 +252,6 @@ func RepoIDAssignment() macaron.Handler {
  return
  }
 
- if err = repo.GetOwner(); err != nil {
- ctx.ServerError("GetOwner", err)
- return
- }
  repoAssignment(ctx, repo)
  }
 }

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
@@ -1,5 +1,5 @@
 // Copyright 2015 The Gogs Authors. All rights reserved.
-// Copyright 2018 The Gitea Authors. All rights reserved.
+// Copyright 2016 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 

diff --git a/routers/api/v1/repo/collaborators.go b/routers/api/v1/repo/collaborators.go
@@ -1,4 +1,5 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 

diff --git a/routers/api/v1/repo/file.go b/routers/api/v1/repo/file.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 

diff --git a/routers/api/v1/repo/issue_label.go b/routers/api/v1/repo/issue_label.go
@@ -1,4 +1,5 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 

diff --git a/routers/api/v1/repo/label.go b/routers/api/v1/repo/label.go
@@ -1,4 +1,5 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 

diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
@@ -405,7 +405,7 @@ func EditPullRequest(ctx *context.APIContext, form api.EditPullRequestOption) {
  }
  }
 
- if ctx.Repo.IsWriter() && (form.Labels != nil && len(form.Labels) > 0) {
+ if ctx.Repo.CanWrite(models.UnitTypePullRequests) && (form.Labels != nil && len(form.Labels) > 0) {
  labels, err := models.GetLabelsInRepoByIDs(ctx.Repo.Repository.ID, form.Labels)
  if err != nil {
  ctx.Error(500, "GetLabelsInRepoByIDsError", err)

diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 

diff --git a/routers/repo/branch.go b/routers/repo/branch.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 

diff --git a/routers/repo/issue.go b/routers/repo/issue.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -818,8 +819,9 @@ func ViewIssue(ctx *context.Context) {
  ctx.Data["NumParticipants"] = len(participants)
  ctx.Data["Issue"] = issue
  ctx.Data["ReadOnly"] = true
- ctx.Data["IsIssueOwner"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) || (ctx.IsSigned && issue.IsPoster(ctx.User.ID))
  ctx.Data["SignInLink"] = setting.AppSubURL + "/user/login?redirect_to=" + ctx.Data["Link"].(string)
+ ctx.Data["IsIssuePoster"] = ctx.IsSigned && issue.IsPoster(ctx.User.ID)
+ ctx.Data["IsIssueWriter"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)
  ctx.HTML(200, tplIssueView)
 }
 

diff --git a/routers/repo/release.go b/routers/repo/release.go
@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 

diff --git a/routers/repo/wiki.go b/routers/repo/wiki.go
@@ -1,4 +1,5 @@
 // Copyright 2015 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -239,7 +240,6 @@ func WikiPages(ctx *context.Context) {
  ctx.Data["Title"] = ctx.Tr("repo.wiki.pages")
  ctx.Data["PageIsWiki"] = true
  ctx.Data["CanWriteWiki"] = ctx.Repo.CanWrite(models.UnitTypeWiki)
-
  if !ctx.Repo.Repository.HasWiki() {
  ctx.Redirect(ctx.Repo.RepoLink + "/wiki")
  return

diff --git a/templates/repo/issue/view_content.tmpl b/templates/repo/issue/view_content.tmpl
@@ -20,7 +20,7 @@
  <span class="text grey"><a {{if gt .Issue.Poster.ID 0}}href="{{.Issue.Poster.HomeLink}}"{{end}}>{{.Issue.Poster.Name}}</a> {{.i18n.Tr "repo.issues.commented_at" .Issue.HashTag $createdStr | Safe}}</span>
  <div class="ui right actions">
  {{template "repo/issue/view_content/add_reaction" Dict "ctx" $ "ActionURL" (Printf "%s/issues/%d/reactions" $.RepoLink .Issue.Index) }}
- {{if .IsIssueOwner}}
+ {{if or .IsIssueWriter .IsIssuePoster}}
  <div class="item action">
  <a class="edit-content" href="#"><i class="octicon octicon-pencil"></i></a>
  </div>
@@ -79,7 +79,7 @@
  {{.CsrfTokenHtml}}
  <input id="status" name="status" type="hidden">
  <div class="text right">
- {{if and .IsIssueOwner (not .DisableStatusChange)}}
+ {{if and (or .IsIssueWriter .IsIssuePoster) (not .DisableStatusChange)}}
  {{if .Issue.IsClosed}}
  <div id="status-button" class="ui green basic button" tabindex="6" data-status="{{.i18n.Tr "repo.issues.reopen_issue"}}" data-status-and-comment="{{.i18n.Tr "repo.issues.reopen_comment_issue"}}" data-status-val="reopen">
  {{.i18n.Tr "repo.issues.reopen_issue"}}