mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-03 17:34:02 +01:00
Merge branch 'access' of github.com:gogits/gogs into access
This commit is contained in:
commit
10e4b5b6c6
14 changed files with 164 additions and 139 deletions
|
@ -164,6 +164,11 @@ func runServ(c *cli.Context) {
|
||||||
println("You have no right to write this repository")
|
println("You have no right to write this repository")
|
||||||
log.GitLogger.Fatal(2, "User %s has no right to write repository %s", user.Name, repoPath)
|
log.GitLogger.Fatal(2, "User %s has no right to write repository %s", user.Name, repoPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if repo.IsMirror {
|
||||||
|
println("You can't write to a mirror repository")
|
||||||
|
log.GitLogger.Fatal(2, "User %s tried to write to a mirror repository %s", user.Name, repoPath)
|
||||||
|
}
|
||||||
case isRead:
|
case isRead:
|
||||||
if !repo.IsPrivate {
|
if !repo.IsPrivate {
|
||||||
break
|
break
|
||||||
|
|
|
@ -318,7 +318,7 @@ func runWeb(ctx *cli.Context) {
|
||||||
m.Get("/template/*", dev.TemplatePreview)
|
m.Get("/template/*", dev.TemplatePreview)
|
||||||
}
|
}
|
||||||
|
|
||||||
reqTrueOwner := middleware.RequireTrueOwner()
|
reqAdmin := middleware.RequireAdmin()
|
||||||
|
|
||||||
// Organization.
|
// Organization.
|
||||||
m.Group("/org", func() {
|
m.Group("/org", func() {
|
||||||
|
@ -393,7 +393,7 @@ func runWeb(ctx *cli.Context) {
|
||||||
m.Post("/:name", repo.GitHooksEditPost)
|
m.Post("/:name", repo.GitHooksEditPost)
|
||||||
}, middleware.GitHookService())
|
}, middleware.GitHookService())
|
||||||
})
|
})
|
||||||
}, reqSignIn, middleware.RepoAssignment(true), reqTrueOwner)
|
}, reqSignIn, middleware.RepoAssignment(true), reqAdmin)
|
||||||
|
|
||||||
m.Group("/:username/:reponame", func() {
|
m.Group("/:username/:reponame", func() {
|
||||||
m.Get("/action/:action", repo.Action)
|
m.Get("/action/:action", repo.Action)
|
||||||
|
|
|
@ -51,7 +51,8 @@ type Version struct {
|
||||||
// update _MIN_VER_DB accordingly
|
// update _MIN_VER_DB accordingly
|
||||||
var migrations = []Migration{
|
var migrations = []Migration{
|
||||||
NewMigration("generate collaboration from access", accessToCollaboration), // V0 -> V1
|
NewMigration("generate collaboration from access", accessToCollaboration), // V0 -> V1
|
||||||
NewMigration("refactor access table to use id's", accessRefactor), // V1 -> V2
|
NewMigration("make authorize 4 if team is owners", ownerTeamUpdate), // V1 -> V2
|
||||||
|
NewMigration("refactor access table to use id's", accessRefactor), // V2 -> V3
|
||||||
}
|
}
|
||||||
|
|
||||||
// Migrate database to current version
|
// Migrate database to current version
|
||||||
|
@ -212,31 +213,91 @@ func accessToCollaboration(x *xorm.Engine) (err error) {
|
||||||
return sess.Commit()
|
return sess.Commit()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func ownerTeamUpdate(x *xorm.Engine) (err error) {
|
||||||
|
if _, err := x.Exec("UPDATE team SET authorize=4 WHERE lower_name=?", "owners"); err != nil {
|
||||||
|
return fmt.Errorf("drop table: %v", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func accessRefactor(x *xorm.Engine) (err error) {
|
func accessRefactor(x *xorm.Engine) (err error) {
|
||||||
type (
|
type (
|
||||||
AccessMode int
|
AccessMode int
|
||||||
Access struct {
|
Access struct {
|
||||||
ID int64 `xorm:"pk autoincr"`
|
ID int64 `xorm:"pk autoincr"`
|
||||||
UserName string
|
|
||||||
RepoName string
|
|
||||||
UserID int64 `xorm:"UNIQUE(s)"`
|
UserID int64 `xorm:"UNIQUE(s)"`
|
||||||
RepoID int64 `xorm:"UNIQUE(s)"`
|
RepoID int64 `xorm:"UNIQUE(s)"`
|
||||||
Mode AccessMode
|
Mode AccessMode
|
||||||
}
|
}
|
||||||
|
UserRepo struct {
|
||||||
|
UserID int64
|
||||||
|
RepoID int64
|
||||||
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
var rawSQL string
|
// We consiously don't start a session yet as we make only reads for now, no writes
|
||||||
switch {
|
|
||||||
case setting.UseSQLite3, setting.UsePostgreSQL:
|
accessMap := make(map[UserRepo]AccessMode, 50)
|
||||||
rawSQL = "DROP INDEX IF EXISTS `UQE_access_S`"
|
|
||||||
case setting.UseMySQL:
|
results, err := x.Query("SELECT r.id as `repo_id`, r.is_private as `is_private`, r.owner_id as `owner_id`, u.type as `owner_type` FROM `repository` r LEFT JOIN user u ON r.owner_id=u.id")
|
||||||
rawSQL = "DROP INDEX `UQE_access_S` ON `access`"
|
if err != nil {
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
if _, err = x.Exec(rawSQL); err != nil &&
|
for _, repo := range results {
|
||||||
!strings.Contains(err.Error(), "check that column/key exists") {
|
repoID := com.StrTo(repo["repo_id"]).MustInt64()
|
||||||
return fmt.Errorf("drop index: %v", err)
|
isPrivate := com.StrTo(repo["is_private"]).MustInt() > 0
|
||||||
|
ownerID := com.StrTo(repo["owner_id"]).MustInt64()
|
||||||
|
ownerIsOrganization := com.StrTo(repo["owner_type"]).MustInt() > 0
|
||||||
|
|
||||||
|
results, err := x.Query("SELECT user_id FROM collaboration WHERE repo_id=?", repoID)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("select repos: %v", err)
|
||||||
|
}
|
||||||
|
for _, user := range results {
|
||||||
|
userID := com.StrTo(user["user_id"]).MustInt64()
|
||||||
|
accessMap[UserRepo{userID, repoID}] = 2 // WRITE ACCESS
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !ownerIsOrganization {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
minAccessLevel := AccessMode(0)
|
||||||
|
if !isPrivate {
|
||||||
|
minAccessLevel = 1
|
||||||
|
}
|
||||||
|
|
||||||
|
repoString := "$" + string(repo["repo_id"]) + "|"
|
||||||
|
|
||||||
|
results, err = x.Query("SELECT id, authorize, repo_ids FROM team WHERE org_id=? AND authorize > ? ORDER BY authorize ASC", ownerID, int(minAccessLevel))
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("select teams from org: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, team := range results {
|
||||||
|
if !strings.Contains(string(team["repo_ids"]), repoString) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
teamID := com.StrTo(team["id"]).MustInt64()
|
||||||
|
mode := AccessMode(com.StrTo(team["authorize"]).MustInt())
|
||||||
|
|
||||||
|
results, err := x.Query("SELECT uid FROM team_user WHERE team_id=?", teamID)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("select users from team: %v", err)
|
||||||
|
}
|
||||||
|
for _, user := range results {
|
||||||
|
userID := com.StrTo(user["uid"]).MustInt64()
|
||||||
|
accessMap[UserRepo{userID, repoID}] = mode
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Drop table can't be in a session (at least not in sqlite)
|
||||||
|
if _, err = x.Exec("DROP TABLE access"); err != nil {
|
||||||
|
return fmt.Errorf("drop table: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Now we start writing so we make a session
|
||||||
sess := x.NewSession()
|
sess := x.NewSession()
|
||||||
defer sessionRelease(sess)
|
defer sessionRelease(sess)
|
||||||
if err = sess.Begin(); err != nil {
|
if err = sess.Begin(); err != nil {
|
||||||
|
@ -247,55 +308,12 @@ func accessRefactor(x *xorm.Engine) (err error) {
|
||||||
return fmt.Errorf("sync: %v", err)
|
return fmt.Errorf("sync: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
accesses := make([]*Access, 0, 50)
|
accesses := make([]*Access, 0, len(accessMap))
|
||||||
if err = sess.Iterate(new(Access), func(idx int, bean interface{}) error {
|
for ur, mode := range accessMap {
|
||||||
a := bean.(*Access)
|
accesses = append(accesses, &Access{UserID: ur.UserID, RepoID: ur.RepoID, Mode: mode})
|
||||||
|
|
||||||
// Update username to user ID.
|
|
||||||
users, err := sess.Query("SELECT `id` FROM `user` WHERE lower_name=?", a.UserName)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("query user: %v", err)
|
|
||||||
} else if len(users) < 1 {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
a.UserID = com.StrTo(users[0]["id"]).MustInt64()
|
|
||||||
|
|
||||||
// Update repository name(username/reponame) to repository ID.
|
|
||||||
names := strings.Split(a.RepoName, "/")
|
|
||||||
ownerName := names[0]
|
|
||||||
repoName := names[1]
|
|
||||||
|
|
||||||
// Check if user is the owner of the repository.
|
|
||||||
ownerID := a.UserID
|
|
||||||
if ownerName != a.UserName {
|
|
||||||
users, err := sess.Query("SELECT `id` FROM `user` WHERE lower_name=?", ownerName)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("query owner: %v", err)
|
|
||||||
} else if len(users) < 1 {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
ownerID = com.StrTo(users[0]["id"]).MustInt64()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
repos, err := sess.Query("SELECT `id` FROM `repository` WHERE owner_id=? AND lower_name=?", ownerID, repoName)
|
_, err = sess.Insert(accesses)
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("query repository: %v", err)
|
|
||||||
} else if len(repos) < 1 {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
a.RepoID = com.StrTo(repos[0]["id"]).MustInt64()
|
|
||||||
|
|
||||||
accesses = append(accesses, a)
|
|
||||||
return nil
|
|
||||||
}); err != nil {
|
|
||||||
return fmt.Errorf("iterate: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
for i := range accesses {
|
|
||||||
if _, err = sess.Id(accesses[i].ID).Update(accesses[i]); err != nil {
|
|
||||||
return fmt.Errorf("update: %v", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return sess.Commit()
|
return sess.Commit()
|
||||||
}
|
}
|
||||||
|
|
|
@ -666,6 +666,11 @@ func UpdateTeam(t *Team, authChanged bool) (err error) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
t.LowerName = strings.ToLower(t.Name)
|
||||||
|
if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// Update access for team members if needed.
|
// Update access for team members if needed.
|
||||||
if authChanged {
|
if authChanged {
|
||||||
if err = t.getRepositories(sess); err != nil {
|
if err = t.getRepositories(sess); err != nil {
|
||||||
|
@ -679,10 +684,6 @@ func UpdateTeam(t *Team, authChanged bool) (err error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
t.LowerName = strings.ToLower(t.Name)
|
|
||||||
if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return sess.Commit()
|
return sess.Commit()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -38,15 +38,25 @@ type Context struct {
|
||||||
IsSigned bool
|
IsSigned bool
|
||||||
IsBasicAuth bool
|
IsBasicAuth bool
|
||||||
|
|
||||||
Repo struct {
|
Repo RepoContext
|
||||||
|
|
||||||
|
Org struct {
|
||||||
IsOwner bool
|
IsOwner bool
|
||||||
IsTrueOwner bool
|
IsMember bool
|
||||||
|
IsAdminTeam bool // In owner team or team that has admin permission level.
|
||||||
|
Organization *models.User
|
||||||
|
OrgLink string
|
||||||
|
|
||||||
|
Team *models.Team
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type RepoContext struct {
|
||||||
|
AccessMode models.AccessMode
|
||||||
IsWatching bool
|
IsWatching bool
|
||||||
IsBranch bool
|
IsBranch bool
|
||||||
IsTag bool
|
IsTag bool
|
||||||
IsCommit bool
|
IsCommit bool
|
||||||
IsAdmin bool // Current user is admin level.
|
|
||||||
HasAccess bool
|
|
||||||
Repository *models.Repository
|
Repository *models.Repository
|
||||||
Owner *models.User
|
Owner *models.User
|
||||||
Commit *git.Commit
|
Commit *git.Commit
|
||||||
|
@ -62,15 +72,14 @@ type Context struct {
|
||||||
Mirror *models.Mirror
|
Mirror *models.Mirror
|
||||||
}
|
}
|
||||||
|
|
||||||
Org struct {
|
// Return if the current user has write access for this repository
|
||||||
IsOwner bool
|
func (r RepoContext) IsOwner() bool {
|
||||||
IsMember bool
|
return r.AccessMode >= models.ACCESS_MODE_WRITE
|
||||||
IsAdminTeam bool // In owner team or team that has admin permission level.
|
|
||||||
Organization *models.User
|
|
||||||
OrgLink string
|
|
||||||
|
|
||||||
Team *models.Team
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Return if the current user has read access for this repository
|
||||||
|
func (r RepoContext) HasAccess() bool {
|
||||||
|
return r.AccessMode >= models.ACCESS_MODE_READ
|
||||||
}
|
}
|
||||||
|
|
||||||
// HasError returns true if error occurs in form validation.
|
// HasError returns true if error occurs in form validation.
|
||||||
|
|
|
@ -58,24 +58,19 @@ func ApiRepoAssignment() macaron.Handler {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if ctx.IsSigned {
|
|
||||||
mode, err := models.AccessLevel(ctx.User, repo)
|
mode, err := models.AccessLevel(ctx.User, repo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL})
|
ctx.JSON(500, &base.ApiJsonErr{"AccessLevel: " + err.Error(), base.DOC_URL})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx.Repo.IsOwner = mode >= models.ACCESS_MODE_WRITE
|
ctx.Repo.AccessMode = mode
|
||||||
ctx.Repo.IsAdmin = mode >= models.ACCESS_MODE_READ
|
|
||||||
ctx.Repo.IsTrueOwner = mode >= models.ACCESS_MODE_OWNER
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check access.
|
// Check access.
|
||||||
if repo.IsPrivate && !ctx.Repo.IsOwner {
|
if ctx.Repo.AccessMode == models.ACCESS_MODE_NONE {
|
||||||
ctx.Error(404)
|
ctx.Error(404)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ctx.Repo.HasAccess = true
|
|
||||||
|
|
||||||
ctx.Repo.Repository = repo
|
ctx.Repo.Repository = repo
|
||||||
}
|
}
|
||||||
|
@ -239,26 +234,18 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if ctx.IsSigned {
|
|
||||||
mode, err := models.AccessLevel(ctx.User, repo)
|
mode, err := models.AccessLevel(ctx.User, repo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Handle(500, "AccessLevel", err)
|
ctx.Handle(500, "AccessLevel", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ctx.Repo.IsOwner = mode >= models.ACCESS_MODE_WRITE
|
ctx.Repo.AccessMode = mode
|
||||||
ctx.Repo.IsAdmin = mode >= models.ACCESS_MODE_READ
|
|
||||||
ctx.Repo.IsTrueOwner = mode >= models.ACCESS_MODE_OWNER
|
|
||||||
if !ctx.Repo.IsTrueOwner && ctx.Repo.Owner.IsOrganization() {
|
|
||||||
ctx.Repo.IsTrueOwner = ctx.Repo.Owner.IsOwnedBy(ctx.User.Id)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check access.
|
// Check access.
|
||||||
if repo.IsPrivate && !ctx.Repo.IsOwner {
|
if ctx.Repo.AccessMode == models.ACCESS_MODE_NONE {
|
||||||
ctx.Handle(404, "no access right", err)
|
ctx.Handle(404, "no access right", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ctx.Repo.HasAccess = true
|
|
||||||
|
|
||||||
ctx.Data["HasAccess"] = true
|
ctx.Data["HasAccess"] = true
|
||||||
|
|
||||||
|
@ -306,8 +293,8 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
|
||||||
ctx.Data["Title"] = u.Name + "/" + repo.Name
|
ctx.Data["Title"] = u.Name + "/" + repo.Name
|
||||||
ctx.Data["Repository"] = repo
|
ctx.Data["Repository"] = repo
|
||||||
ctx.Data["Owner"] = ctx.Repo.Repository.Owner
|
ctx.Data["Owner"] = ctx.Repo.Repository.Owner
|
||||||
ctx.Data["IsRepositoryOwner"] = ctx.Repo.IsOwner
|
ctx.Data["IsRepositoryOwner"] = ctx.Repo.AccessMode >= models.ACCESS_MODE_WRITE
|
||||||
ctx.Data["IsRepositoryTrueOwner"] = ctx.Repo.IsTrueOwner
|
ctx.Data["IsRepositoryAdmin"] = ctx.Repo.AccessMode >= models.ACCESS_MODE_ADMIN
|
||||||
|
|
||||||
ctx.Data["DisableSSH"] = setting.DisableSSH
|
ctx.Data["DisableSSH"] = setting.DisableSSH
|
||||||
ctx.Repo.CloneLink, err = repo.CloneLink()
|
ctx.Repo.CloneLink, err = repo.CloneLink()
|
||||||
|
@ -361,9 +348,9 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func RequireTrueOwner() macaron.Handler {
|
func RequireAdmin() macaron.Handler {
|
||||||
return func(ctx *Context) {
|
return func(ctx *Context) {
|
||||||
if !ctx.Repo.IsTrueOwner && !ctx.Repo.IsAdmin {
|
if ctx.Repo.AccessMode < models.ACCESS_MODE_ADMIN {
|
||||||
if !ctx.IsSigned {
|
if !ctx.IsSigned {
|
||||||
ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
|
ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
|
||||||
ctx.Redirect(setting.AppSubUrl + "/user/login")
|
ctx.Redirect(setting.AppSubUrl + "/user/login")
|
||||||
|
|
|
@ -12,7 +12,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func GetRepoRawFile(ctx *middleware.Context) {
|
func GetRepoRawFile(ctx *middleware.Context) {
|
||||||
if ctx.Repo.Repository.IsPrivate && !ctx.Repo.HasAccess {
|
if !ctx.Repo.HasAccess() {
|
||||||
ctx.Error(404)
|
ctx.Error(404)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -158,6 +158,11 @@ func Http(ctx *middleware.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !isPull && repo.IsMirror {
|
||||||
|
ctx.Handle(401, "can't push to mirror", nil)
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -230,7 +230,7 @@ func CreateIssuePost(ctx *middleware.Context, form auth.CreateIssueForm) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Only collaborators can assign.
|
// Only collaborators can assign.
|
||||||
if !ctx.Repo.IsOwner {
|
if !ctx.Repo.IsOwner() {
|
||||||
form.AssigneeId = 0
|
form.AssigneeId = 0
|
||||||
}
|
}
|
||||||
issue := &models.Issue{
|
issue := &models.Issue{
|
||||||
|
@ -434,7 +434,7 @@ func ViewIssue(ctx *middleware.Context) {
|
||||||
ctx.Data["Title"] = issue.Name
|
ctx.Data["Title"] = issue.Name
|
||||||
ctx.Data["Issue"] = issue
|
ctx.Data["Issue"] = issue
|
||||||
ctx.Data["Comments"] = comments
|
ctx.Data["Comments"] = comments
|
||||||
ctx.Data["IsIssueOwner"] = ctx.Repo.IsOwner || (ctx.IsSigned && issue.PosterId == ctx.User.Id)
|
ctx.Data["IsIssueOwner"] = ctx.Repo.IsOwner() || (ctx.IsSigned && issue.PosterId == ctx.User.Id)
|
||||||
ctx.Data["IsRepoToolbarIssues"] = true
|
ctx.Data["IsRepoToolbarIssues"] = true
|
||||||
ctx.Data["IsRepoToolbarIssuesList"] = false
|
ctx.Data["IsRepoToolbarIssuesList"] = false
|
||||||
ctx.HTML(200, ISSUE_VIEW)
|
ctx.HTML(200, ISSUE_VIEW)
|
||||||
|
@ -457,7 +457,7 @@ func UpdateIssue(ctx *middleware.Context, form auth.CreateIssueForm) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if ctx.User.Id != issue.PosterId && !ctx.Repo.IsOwner {
|
if ctx.User.Id != issue.PosterId && !ctx.Repo.IsOwner() {
|
||||||
ctx.Error(403)
|
ctx.Error(403)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -484,7 +484,7 @@ func UpdateIssue(ctx *middleware.Context, form auth.CreateIssueForm) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func UpdateIssueLabel(ctx *middleware.Context) {
|
func UpdateIssueLabel(ctx *middleware.Context) {
|
||||||
if !ctx.Repo.IsOwner {
|
if !ctx.Repo.IsOwner() {
|
||||||
ctx.Error(403)
|
ctx.Error(403)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -560,7 +560,7 @@ func UpdateIssueLabel(ctx *middleware.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func UpdateIssueMilestone(ctx *middleware.Context) {
|
func UpdateIssueMilestone(ctx *middleware.Context) {
|
||||||
if !ctx.Repo.IsOwner {
|
if !ctx.Repo.IsOwner() {
|
||||||
ctx.Error(403)
|
ctx.Error(403)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -606,7 +606,7 @@ func UpdateIssueMilestone(ctx *middleware.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func UpdateAssignee(ctx *middleware.Context) {
|
func UpdateAssignee(ctx *middleware.Context) {
|
||||||
if !ctx.Repo.IsOwner {
|
if !ctx.Repo.IsOwner() {
|
||||||
ctx.Error(403)
|
ctx.Error(403)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -752,7 +752,7 @@ func Comment(ctx *middleware.Context) {
|
||||||
|
|
||||||
// Check if issue owner changes the status of issue.
|
// Check if issue owner changes the status of issue.
|
||||||
var newStatus string
|
var newStatus string
|
||||||
if ctx.Repo.IsOwner || issue.PosterId == ctx.User.Id {
|
if ctx.Repo.IsOwner() || issue.PosterId == ctx.User.Id {
|
||||||
newStatus = ctx.Query("change_status")
|
newStatus = ctx.Query("change_status")
|
||||||
}
|
}
|
||||||
if len(newStatus) > 0 {
|
if len(newStatus) > 0 {
|
||||||
|
|
|
@ -41,7 +41,7 @@ func Releases(ctx *middleware.Context) {
|
||||||
tags := make([]*models.Release, len(rawTags))
|
tags := make([]*models.Release, len(rawTags))
|
||||||
for i, rawTag := range rawTags {
|
for i, rawTag := range rawTags {
|
||||||
for j, rel := range rels {
|
for j, rel := range rels {
|
||||||
if rel == nil || (rel.IsDraft && !ctx.Repo.IsOwner) {
|
if rel == nil || (rel.IsDraft && !ctx.Repo.IsOwner()) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
if rel.TagName == rawTag {
|
if rel.TagName == rawTag {
|
||||||
|
@ -140,7 +140,7 @@ func Releases(ctx *middleware.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewRelease(ctx *middleware.Context) {
|
func NewRelease(ctx *middleware.Context) {
|
||||||
if !ctx.Repo.IsOwner {
|
if !ctx.Repo.IsOwner() {
|
||||||
ctx.Handle(403, "release.ReleasesNew", nil)
|
ctx.Handle(403, "release.ReleasesNew", nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -153,7 +153,7 @@ func NewRelease(ctx *middleware.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewReleasePost(ctx *middleware.Context, form auth.NewReleaseForm) {
|
func NewReleasePost(ctx *middleware.Context, form auth.NewReleaseForm) {
|
||||||
if !ctx.Repo.IsOwner {
|
if !ctx.Repo.IsOwner() {
|
||||||
ctx.Handle(403, "release.ReleasesNew", nil)
|
ctx.Handle(403, "release.ReleasesNew", nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -211,7 +211,7 @@ func NewReleasePost(ctx *middleware.Context, form auth.NewReleaseForm) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func EditRelease(ctx *middleware.Context) {
|
func EditRelease(ctx *middleware.Context) {
|
||||||
if !ctx.Repo.IsOwner {
|
if !ctx.Repo.IsOwner() {
|
||||||
ctx.Handle(403, "release.ReleasesEdit", nil)
|
ctx.Handle(403, "release.ReleasesEdit", nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -234,7 +234,7 @@ func EditRelease(ctx *middleware.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func EditReleasePost(ctx *middleware.Context, form auth.EditReleaseForm) {
|
func EditReleasePost(ctx *middleware.Context, form auth.EditReleaseForm) {
|
||||||
if !ctx.Repo.IsOwner {
|
if !ctx.Repo.IsOwner() {
|
||||||
ctx.Handle(403, "release.EditReleasePost", nil)
|
ctx.Handle(403, "release.EditReleasePost", nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -349,7 +349,7 @@ func Action(ctx *middleware.Context) {
|
||||||
case "unstar":
|
case "unstar":
|
||||||
err = models.StarRepo(ctx.User.Id, ctx.Repo.Repository.Id, false)
|
err = models.StarRepo(ctx.User.Id, ctx.Repo.Repository.Id, false)
|
||||||
case "desc":
|
case "desc":
|
||||||
if !ctx.Repo.IsOwner {
|
if !ctx.Repo.IsOwner() {
|
||||||
ctx.Error(404)
|
ctx.Error(404)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -49,7 +49,7 @@
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
<li id="repo-header-fork">
|
<li id="repo-header-fork">
|
||||||
<a id="repo-header-fork-btn" {{if or (not $.IsRepositoryTrueOwner) $.Owner.IsOrganization}}href="{{AppSubUrl}}/repo/fork?fork_id={{.Id}}"{{end}}>
|
<a id="repo-header-fork-btn" {{if or (not $.IsRepositoryAdmin) $.Owner.IsOrganization}}href="{{AppSubUrl}}/repo/fork?fork_id={{.Id}}"{{end}}>
|
||||||
<button class="btn btn-gray text-bold btn-radius">
|
<button class="btn btn-gray text-bold btn-radius">
|
||||||
<i class="octicon octicon-repo-forked"></i>{{$.i18n.Tr "repo.fork"}}
|
<i class="octicon octicon-repo-forked"></i>{{$.i18n.Tr "repo.fork"}}
|
||||||
<span class="num">{{.NumForks}}</span>
|
<span class="num">{{.NumForks}}</span>
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
<!-- <li>
|
<!-- <li>
|
||||||
<a class="radius" href="#"><i class="octicon octicon-organization"></i>contributors <span class="num right label label-gray label-radius">43</span></a>
|
<a class="radius" href="#"><i class="octicon octicon-organization"></i>contributors <span class="num right label label-gray label-radius">43</span></a>
|
||||||
</li> -->
|
</li> -->
|
||||||
{{if .IsRepositoryTrueOwner}}
|
{{if .IsRepositoryAdmin}}
|
||||||
<li class="border-bottom"></li>
|
<li class="border-bottom"></li>
|
||||||
<li>
|
<li>
|
||||||
<a class="radius" href="{{.RepoLink}}/settings"><i class="octicon octicon-tools"></i>{{.i18n.Tr "repo.settings"}}</a>
|
<a class="radius" href="{{.RepoLink}}/settings"><i class="octicon octicon-tools"></i>{{.i18n.Tr "repo.settings"}}</a>
|
||||||
|
|
|
@ -35,7 +35,7 @@
|
||||||
<li><a href="#">Pulse</a></li>
|
<li><a href="#">Pulse</a></li>
|
||||||
<li><a href="#">Network</a></li>
|
<li><a href="#">Network</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
</li> -->{{end}}{{if .IsRepositoryTrueOwner}}
|
</li> -->{{end}}{{if .IsRepositoryAdmin}}
|
||||||
<li class="{{if .IsRepoToolbarSetting}}active{{end}}"><a href="{{.RepoLink}}/settings">Settings</a>
|
<li class="{{if .IsRepoToolbarSetting}}active{{end}}"><a href="{{.RepoLink}}/settings">Settings</a>
|
||||||
</li>{{end}}
|
</li>{{end}}
|
||||||
</ul>
|
</ul>
|
||||||
|
|
Loading…
Reference in a new issue