Merge remote-tracking branch 'mine/access_refactor' into access_refactor
Conflicts: cmd/serve.go models/access.go models/migrations/migrations.go models/org.go models/repo.go models/user.go modules/middleware/org.go modules/middleware/repo.go routers/api/v1/repo.go routers/org/teams.go routers/repo/http.go routers/user/home.go
This commit is contained in:
Peter Smit
commit
6c1ee384f1
10 changed files with 44 additions and 42 deletions
14
cmd/serve.go
14
cmd/serve.go
|
|
@ -67,14 +67,14 @@ func parseCmd(cmd string) (string, string) {
|
|||
|
||||
var (
|
||||
COMMANDS_READONLY = map[string]models.AccessMode{
|
||||
"git-upload-pack": models.WriteAccess,
|
||||
"git upload-pack": models.WriteAccess,
|
||||
"git-upload-archive": models.WriteAccess,
|
||||
"git-upload-pack": models.ACCESS_MODE_WRITE,
|
||||
"git upload-pack": models.ACCESS_MODE_WRITE,
|
||||
"git-upload-archive": models.ACCESS_MODE_WRITE,
|
||||
}
|
||||
|
||||
COMMANDS_WRITE = map[string]models.AccessMode{
|
||||
"git-receive-pack": models.ReadAccess,
|
||||
"git receive-pack": models.ReadAccess,
|
||||
"git-receive-pack": models.ACCESS_MODE_READ,
|
||||
"git receive-pack": models.ACCESS_MODE_READ,
|
||||
}
|
||||
)
|
||||
|
||||
|
|
@ -155,7 +155,7 @@ func runServ(k *cli.Context) {
|
|||
|
||||
switch {
|
||||
case isWrite:
|
||||
has, err := models.HasAccess(user, repo, models.WriteAccess)
|
||||
has, err := models.HasAccess(user, repo, models.ACCESS_MODE_WRITE)
|
||||
if err != nil {
|
||||
println("Gogs: internal error:", err.Error())
|
||||
log.GitLogger.Fatal(2, "Fail to check write access:", err)
|
||||
|
|
@ -168,7 +168,7 @@ func runServ(k *cli.Context) {
|
|||
break
|
||||
}
|
||||
|
||||
has, err := models.HasAccess(user, repo, models.ReadAccess)
|
||||
has, err := models.HasAccess(user, repo, models.ACCESS_MODE_READ)
|
||||
if err != nil {
|
||||
println("Gogs: internal error:", err.Error())
|
||||
log.GitLogger.Fatal(2, "Fail to check read access:", err)
|
||||
|
|
|
|||
|
|
@ -7,15 +7,15 @@ package models
|
|||
type AccessMode int
|
||||
|
||||
const (
|
||||
NoAccess AccessMode = iota
|
||||
ReadAccess
|
||||
WriteAccess
|
||||
AdminAccess
|
||||
OwnerAccess
|
||||
ACCESS_MODE_NONE AccessMode = iota
|
||||
ACCESS_MODE_READ
|
||||
ACCESS_MODE_WRITE
|
||||
ACCESS_MODE_ADMIN
|
||||
ACCESS_MODE_OWNER
|
||||
)
|
||||
|
||||
func maxAccessMode(modes ...AccessMode) AccessMode {
|
||||
max := NoAccess
|
||||
max := ACCESS_MODE_NONE
|
||||
for _, mode := range modes {
|
||||
if mode > max {
|
||||
max = mode
|
||||
|
|
@ -43,14 +43,14 @@ func HasAccess(u *User, r *Repository, testMode AccessMode) (bool, error) {
|
|||
// Return the Access a user has to a repository. Will return NoneAccess if the
|
||||
// user does not have access. User can be nil!
|
||||
func AccessLevel(u *User, r *Repository) (AccessMode, error) {
|
||||
mode := NoAccess
|
||||
mode := ACCESS_MODE_NONE
|
||||
if !r.IsPrivate {
|
||||
mode = ReadAccess
|
||||
mode = ACCESS_MODE_READ
|
||||
}
|
||||
|
||||
if u != nil {
|
||||
if u.Id == r.OwnerId {
|
||||
return OwnerAccess, nil
|
||||
return ACCESS_MODE_OWNER, nil
|
||||
}
|
||||
|
||||
a := &Access{UserID: u.Id, RepoID: r.Id}
|
||||
|
|
@ -98,7 +98,7 @@ func (r *Repository) RecalcAccessSess() error {
|
|||
return err
|
||||
}
|
||||
for _, c := range collaborators {
|
||||
accessMap[c.Id] = WriteAccess
|
||||
accessMap[c.Id] = ACCESS_MODE_WRITE
|
||||
}
|
||||
|
||||
if err := r.GetOwner(); err != nil {
|
||||
|
|
@ -123,9 +123,9 @@ func (r *Repository) RecalcAccessSess() error {
|
|||
}
|
||||
}
|
||||
|
||||
minMode := ReadAccess
|
||||
minMode := ACCESS_MODE_READ
|
||||
if !r.IsPrivate {
|
||||
minMode = WriteAccess
|
||||
minMode = ACCESS_MODE_WRITE
|
||||
}
|
||||
|
||||
newAccesses := make([]Access, 0, len(accessMap))
|
||||
|
|
|
|||
|
|
@ -134,7 +134,7 @@ func CreateOrganization(org, owner *User) (*User, error) {
|
|||
OrgId: org.Id,
|
||||
LowerName: strings.ToLower(OWNER_TEAM),
|
||||
Name: OWNER_TEAM,
|
||||
Authorize: OwnerAccess,
|
||||
Authorize: ACCESS_MODE_OWNER,
|
||||
NumMembers: 1,
|
||||
}
|
||||
if _, err = sess.Insert(t); err != nil {
|
||||
|
|
|
|||
|
|
@ -395,6 +395,7 @@ func ChangeUserName(u *User, newUserName string) (err error) {
|
|||
if !IsLegalName(newUserName) {
|
||||
return ErrUserNameIllegal
|
||||
}
|
||||
|
||||
return os.Rename(UserPath(u.LowerName), UserPath(newUserName))
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ func OrgAssignment(redirect bool, args ...bool) macaron.Handler {
|
|||
return
|
||||
}
|
||||
ctx.Data["Team"] = ctx.Org.Team
|
||||
ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.AdminAccess
|
||||
ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.ACCESS_MODE_ADMIN
|
||||
}
|
||||
ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
|
||||
if requireAdminTeam && !ctx.Org.IsAdminTeam {
|
||||
|
|
|
|||
|
|
@ -64,9 +64,10 @@ func ApiRepoAssignment() macaron.Handler {
|
|||
ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL})
|
||||
return
|
||||
}
|
||||
ctx.Repo.IsOwner = mode >= models.WriteAccess
|
||||
ctx.Repo.IsAdmin = mode >= models.ReadAccess
|
||||
ctx.Repo.IsTrueOwner = mode >= models.OwnerAccess
|
||||
|
||||
ctx.Repo.IsOwner = mode >= models.ACCESS_MODE_WRITE
|
||||
ctx.Repo.IsAdmin = mode >= models.ACCESS_MODE_READ
|
||||
ctx.Repo.IsTrueOwner = mode >= models.ACCESS_MODE_OWNER
|
||||
}
|
||||
|
||||
// Check access.
|
||||
|
|
@ -244,9 +245,9 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
|
|||
ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL})
|
||||
return
|
||||
}
|
||||
ctx.Repo.IsOwner = mode >= models.WriteAccess
|
||||
ctx.Repo.IsAdmin = mode >= models.ReadAccess
|
||||
ctx.Repo.IsTrueOwner = mode >= models.OwnerAccess
|
||||
ctx.Repo.IsOwner = mode >= models.ACCESS_MODE_WRITE
|
||||
ctx.Repo.IsAdmin = mode >= models.ACCESS_MODE_READ
|
||||
ctx.Repo.IsTrueOwner = mode >= models.ACCESS_MODE_OWNER
|
||||
}
|
||||
|
||||
// Check access.
|
||||
|
|
|
|||
|
|
@ -255,7 +255,7 @@ func ListMyRepos(ctx *middleware.Context) {
|
|||
return
|
||||
}
|
||||
|
||||
repos[i] = ToApiRepository(repo.Owner, repo, api.Permission{false, access >= models.WriteAccess, true})
|
||||
repos[i] = ToApiRepository(repo.Owner, repo, api.Permission{false, access >= models.ACCESS_MODE_WRITE, true})
|
||||
|
||||
// FIXME: cache result to reduce DB query?
|
||||
if repo.Owner.IsOrganization() && repo.Owner.IsOwnedBy(ctx.User.Id) {
|
||||
|
|
|
|||
|
|
@ -168,11 +168,11 @@ func NewTeamPost(ctx *middleware.Context, form auth.CreateTeamForm) {
|
|||
var auth models.AccessMode
|
||||
switch form.Permission {
|
||||
case "read":
|
||||
auth = models.ReadAccess
|
||||
auth = models.ACCESS_MODE_READ
|
||||
case "write":
|
||||
auth = models.WriteAccess
|
||||
auth = models.ACCESS_MODE_WRITE
|
||||
case "admin":
|
||||
auth = models.AdminAccess
|
||||
auth = models.ACCESS_MODE_ADMIN
|
||||
default:
|
||||
ctx.Error(401)
|
||||
return
|
||||
|
|
@ -249,11 +249,11 @@ func EditTeamPost(ctx *middleware.Context, form auth.CreateTeamForm) {
|
|||
var auth models.AccessMode
|
||||
switch form.Permission {
|
||||
case "read":
|
||||
auth = models.ReadAccess
|
||||
auth = models.ACCESS_MODE_READ
|
||||
case "write":
|
||||
auth = models.WriteAccess
|
||||
auth = models.ACCESS_MODE_WRITE
|
||||
case "admin":
|
||||
auth = models.AdminAccess
|
||||
auth = models.ACCESS_MODE_ADMIN
|
||||
default:
|
||||
ctx.Error(401)
|
||||
return
|
||||
|
|
|
|||
|
|
@ -137,9 +137,9 @@ func Http(ctx *middleware.Context) {
|
|||
}
|
||||
|
||||
if !isPublicPull {
|
||||
var tp = models.WriteAccess
|
||||
var tp = models.ACCESS_MODE_WRITE
|
||||
if isPull {
|
||||
tp = models.ReadAccess
|
||||
tp = models.ACCESS_MODE_READ
|
||||
}
|
||||
|
||||
has, err := models.HasAccess(authUser, repo, tp)
|
||||
|
|
@ -147,8 +147,8 @@ func Http(ctx *middleware.Context) {
|
|||
ctx.Handle(401, "no basic auth and digit auth", nil)
|
||||
return
|
||||
} else if !has {
|
||||
if tp == models.ReadAccess {
|
||||
has, err = models.HasAccess(authUser, repo, models.WriteAccess)
|
||||
if tp == models.ACCESS_MODE_READ {
|
||||
has, err = models.HasAccess(authUser, repo, models.ACCESS_MODE_WRITE)
|
||||
if err != nil || !has {
|
||||
ctx.Handle(401, "no basic auth and digit auth", nil)
|
||||
return
|
||||
|
|
@ -288,7 +288,7 @@ func serviceRpc(rpc string, hr handler) {
|
|||
|
||||
access := hasAccess(r, hr.Config, dir, rpc, true)
|
||||
if access == false {
|
||||
renderNoAccess(w)
|
||||
renderACCESS_MODE_NONE(w)
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -515,7 +515,7 @@ func renderNotFound(w http.ResponseWriter) {
|
|||
w.Write([]byte("Not Found"))
|
||||
}
|
||||
|
||||
func renderNoAccess(w http.ResponseWriter) {
|
||||
func renderACCESS_MODE_NONE(w http.ResponseWriter) {
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
w.Write([]byte("Forbidden"))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ func Dashboard(ctx *middleware.Context) {
|
|||
feeds := make([]*models.Action, 0, len(actions))
|
||||
for _, act := range actions {
|
||||
if act.IsPrivate {
|
||||
if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ReadAccess); !has {
|
||||
if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ACCESS_MODE_READ); !has {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
|
@ -211,7 +211,7 @@ func Profile(ctx *middleware.Context) {
|
|||
continue
|
||||
}
|
||||
if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true},
|
||||
models.ReadAccess); !has {
|
||||
models.ACCESS_MODE_READ); !has {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue