-
-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict permission check on repositories and fix some problems #5314
Merged
Merged
Changes from 1 commit
Commits
Show all changes
32 commits
Select commit
Hold shift + click to select a range
0bf41c2
fix units permission problems
lunny 15f80b9
fix some bugs and merge LoadUnits to repoAssignment
lunny 40d552c
refactor permission struct and add some copyright heads
lunny d80fea2
remove unused codes
lunny fb4a2cb
fix routes units check
lunny a21bfde
improve permission check
lunny 422ba40
add unit tests for permission
lunny dae595b
fix typo
lunny 6bed0d4
fix tests
lunny d5ba3a0
fix some routes
lunny 426980d
fix api permission check
lunny 50d1287
improve permission check
lunny 95d9a58
fix some permission check
lunny 5df61b6
fix tests
lunny 4ee6e1f
fix tests
lunny de04377
improve some permission check
lunny 66fd8f3
fix some permission check
lunny 11bde94
refactor AccessLevel
lunny ba60cc8
fix bug
lunny a978acc
fix tests
lunny d161315
fix tests
lunny e5e165c
fix tests
lunny 9253015
fix AccessLevel
lunny 2f65f7a
rename CanAccess
lunny 962be78
fix tests
lunny 9742d63
fix comment
lunny 2db05db
fix bug
lunny 3620109
add missing unit for test repos
lunny 861b3b2
fix bug
lunny b677d04
rename some functions
lunny 79365d8
fix routes check
lunny d54bc51
Merge branch 'master' into lunny/fix_units_permissions
lunny File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
improve permission check
- Loading branch information
commit a21bfde663bf1452e55d7ce41aaef57bbcddb1ca
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -32,7 +32,12 @@ func (p *Permission) HasAccess() bool { | |
// UnitAccessMode returns current user accessmode to the specify unit of the repository | ||
func (p *Permission) UnitAccessMode(unitType UnitType) AccessMode { | ||
if p.UnitsMode == nil { | ||
return p.AccessMode | ||
for _, u := range p.Units { | ||
if u.Type == unitType { | ||
return p.AccessMode | ||
} | ||
} | ||
return AccessModeNone | ||
} | ||
return p.UnitsMode[unitType] | ||
} | ||
|
@@ -62,7 +67,8 @@ func GetUserRepoPermission(repo *Repository, user *User) (Permission, error) { | |
} | ||
|
||
func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permission, err error) { | ||
// anonymous user visit private repo. TODO: anonymous user visit public unit of private repo??? | ||
// anonymous user visit private repo. | ||
// TODO: anonymous user visit public unit of private repo??? | ||
if user == nil && repo.IsPrivate { | ||
perm.AccessMode = AccessModeNone | ||
return | ||
|
@@ -99,6 +105,13 @@ func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permiss | |
return | ||
} | ||
|
||
// Collaborators on organization repos will not be limited by teams units | ||
if isCollaborator, err := repo.isCollaborator(e, user.ID); err != nil { | ||
return perm, err | ||
} else if isCollaborator { | ||
return perm, nil | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Similarly. |
||
} | ||
|
||
teams, err := getUserRepoTeams(e, repo.OwnerID, user.ID, repo.ID) | ||
if err != nil { | ||
return | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All of the other returns rely on the default named return values.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because this
err
is a local variable not thaterr
return variable.