Restricting access to fork functioanlity to users with Code access (#2542)
Signed-off-by: Jonas Franz <info@jonasfranz.software>
This commit is contained in:
parent
fc0c6f48c7
commit
91788e0200
3 changed files with 74 additions and 3 deletions
|
@ -648,7 +648,7 @@ func (repo *Repository) UpdateSize() error {
|
||||||
|
|
||||||
// CanBeForked returns true if repository meets the requirements of being forked.
|
// CanBeForked returns true if repository meets the requirements of being forked.
|
||||||
func (repo *Repository) CanBeForked() bool {
|
func (repo *Repository) CanBeForked() bool {
|
||||||
return !repo.IsBare
|
return !repo.IsBare && repo.UnitEnabled(UnitTypeCode)
|
||||||
}
|
}
|
||||||
|
|
||||||
// CanEnablePulls returns true if repository meets the requirements of accepting pulls.
|
// CanEnablePulls returns true if repository meets the requirements of accepting pulls.
|
||||||
|
|
|
@ -162,6 +162,75 @@ func RedirectToRepo(ctx *Context, redirectRepoID int64) {
|
||||||
ctx.Redirect(redirectPath)
|
ctx.Redirect(redirectPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// RepoIDAssignment returns an macaron handler which assigns the repo to the context.
|
||||||
|
func RepoIDAssignment() macaron.Handler {
|
||||||
|
return func(ctx *Context) {
|
||||||
|
var (
|
||||||
|
err error
|
||||||
|
)
|
||||||
|
|
||||||
|
repoID := ctx.ParamsInt64(":repoid")
|
||||||
|
|
||||||
|
// Get repository.
|
||||||
|
repo, err := models.GetRepositoryByID(repoID)
|
||||||
|
if err != nil {
|
||||||
|
if models.IsErrRepoNotExist(err) {
|
||||||
|
ctx.Handle(404, "GetRepositoryByID", nil)
|
||||||
|
} else {
|
||||||
|
ctx.Handle(500, "GetRepositoryByID", err)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = repo.GetOwner(); err != nil {
|
||||||
|
ctx.Handle(500, "GetOwner", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Admin has super access.
|
||||||
|
if ctx.IsSigned && ctx.User.IsAdmin {
|
||||||
|
ctx.Repo.AccessMode = models.AccessModeOwner
|
||||||
|
} else {
|
||||||
|
var userID int64
|
||||||
|
if ctx.User != nil {
|
||||||
|
userID = ctx.User.ID
|
||||||
|
}
|
||||||
|
mode, err := models.AccessLevel(userID, repo)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Handle(500, "AccessLevel", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
ctx.Repo.AccessMode = mode
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check access.
|
||||||
|
if ctx.Repo.AccessMode == models.AccessModeNone {
|
||||||
|
if ctx.Query("go-get") == "1" {
|
||||||
|
earlyResponseForGoGetMeta(ctx)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
ctx.Handle(404, "no access right", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
ctx.Data["HasAccess"] = true
|
||||||
|
|
||||||
|
if repo.IsMirror {
|
||||||
|
ctx.Repo.Mirror, err = models.GetMirrorByRepoID(repo.ID)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Handle(500, "GetMirror", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
ctx.Data["MirrorEnablePrune"] = ctx.Repo.Mirror.EnablePrune
|
||||||
|
ctx.Data["MirrorInterval"] = ctx.Repo.Mirror.Interval
|
||||||
|
ctx.Data["Mirror"] = ctx.Repo.Mirror
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.Repo.Repository = repo
|
||||||
|
ctx.Data["RepoName"] = ctx.Repo.Repository.Name
|
||||||
|
ctx.Data["IsBareRepo"] = ctx.Repo.Repository.IsBare
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// RepoAssignment returns a macaron to handle repository assignment
|
// RepoAssignment returns a macaron to handle repository assignment
|
||||||
func RepoAssignment() macaron.Handler {
|
func RepoAssignment() macaron.Handler {
|
||||||
return func(ctx *Context) {
|
return func(ctx *Context) {
|
||||||
|
|
|
@ -416,8 +416,10 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
m.Post("/create", bindIgnErr(auth.CreateRepoForm{}), repo.CreatePost)
|
m.Post("/create", bindIgnErr(auth.CreateRepoForm{}), repo.CreatePost)
|
||||||
m.Get("/migrate", repo.Migrate)
|
m.Get("/migrate", repo.Migrate)
|
||||||
m.Post("/migrate", bindIgnErr(auth.MigrateRepoForm{}), repo.MigratePost)
|
m.Post("/migrate", bindIgnErr(auth.MigrateRepoForm{}), repo.MigratePost)
|
||||||
m.Combo("/fork/:repoid").Get(repo.Fork).
|
m.Group("/fork", func() {
|
||||||
|
m.Combo("/:repoid").Get(repo.Fork).
|
||||||
Post(bindIgnErr(auth.CreateRepoForm{}), repo.ForkPost)
|
Post(bindIgnErr(auth.CreateRepoForm{}), repo.ForkPost)
|
||||||
|
}, context.RepoIDAssignment(), context.UnitTypes(), context.LoadRepoUnits(), context.CheckUnit(models.UnitTypeCode))
|
||||||
}, reqSignIn)
|
}, reqSignIn)
|
||||||
|
|
||||||
m.Group("/:username/:reponame", func() {
|
m.Group("/:username/:reponame", func() {
|
||||||
|
|
Reference in a new issue