0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-12-22 10:14:05 +01:00

Fix Permission in API returned repository struct (#25388)

The old code generates `structs.Repository.Permissions` with only
`access.Permission.AccessMode`, however, it should check the units too,
or the value could be incorrect. For example,
`structs.Repository.Permissions.Push` could be false even the doer has
write access to code unit.

Should fix
https://github.com/renovatebot/renovate/issues/14059#issuecomment-1047961128
(Not reported by it, I just found it when I was looking into this bug)

---

Review tips:

The major changes are
- `modules/structs/repo.go`
https://github.com/go-gitea/gitea/pull/25388/files#diff-870406f6857117f8b03611c43fca0ab9ed6d6e76a2d0069a7c1f17e8fa9092f7
- `services/convert/repository.go`
https://github.com/go-gitea/gitea/pull/25388/files#diff-7736f6d2ae894c9edb7729a80ab89aa183b888a26a811a0c1fdebd18726a7101

And other changes are passive.
This commit is contained in:
Jason Song 2023-06-22 21:08:08 +08:00 committed by GitHub
parent 7fb539677b
commit 174213530d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
22 changed files with 174 additions and 153 deletions

View file

@ -10,9 +10,9 @@ import (
// Permission represents a set of permissions // Permission represents a set of permissions
type Permission struct { type Permission struct {
Admin bool `json:"admin"` Admin bool `json:"admin"` // Admin indicates if the user is an administrator of the repository.
Push bool `json:"push"` Push bool `json:"push"` // Push indicates if the user can push code to the repository.
Pull bool `json:"pull"` Pull bool `json:"pull"` // Pull indicates if the user can pull code from the repository.
} }
// InternalTracker represents settings for internal tracker // InternalTracker represents settings for internal tracker

View file

@ -561,12 +561,12 @@ func GetTeamRepos(ctx *context.APIContext) {
} }
repos := make([]*api.Repository, len(teamRepos)) repos := make([]*api.Repository, len(teamRepos))
for i, repo := range teamRepos { for i, repo := range teamRepos {
access, err := access_model.AccessLevel(ctx, ctx.Doer, repo) permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
if err != nil { if err != nil {
ctx.Error(http.StatusInternalServerError, "GetTeamRepos", err) ctx.Error(http.StatusInternalServerError, "GetTeamRepos", err)
return return
} }
repos[i] = convert.ToRepo(ctx, repo, access) repos[i] = convert.ToRepo(ctx, repo, permission)
} }
ctx.SetTotalCountHeader(int64(team.NumRepos)) ctx.SetTotalCountHeader(int64(team.NumRepos))
ctx.JSON(http.StatusOK, repos) ctx.JSON(http.StatusOK, repos)
@ -612,13 +612,13 @@ func GetTeamRepo(ctx *context.APIContext) {
return return
} }
access, err := access_model.AccessLevel(ctx, ctx.Doer, repo) permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
if err != nil { if err != nil {
ctx.Error(http.StatusInternalServerError, "GetTeamRepos", err) ctx.Error(http.StatusInternalServerError, "GetTeamRepos", err)
return return
} }
ctx.JSON(http.StatusOK, convert.ToRepo(ctx, repo, access)) ctx.JSON(http.StatusOK, convert.ToRepo(ctx, repo, permission))
} }
// getRepositoryByParams get repository by a team's organization ID and repo name // getRepositoryByParams get repository by a team's organization ID and repo name

View file

@ -60,12 +60,12 @@ func ListForks(ctx *context.APIContext) {
} }
apiForks := make([]*api.Repository, len(forks)) apiForks := make([]*api.Repository, len(forks))
for i, fork := range forks { for i, fork := range forks {
access, err := access_model.AccessLevel(ctx, ctx.Doer, fork) permission, err := access_model.GetUserRepoPermission(ctx, fork, ctx.Doer)
if err != nil { if err != nil {
ctx.Error(http.StatusInternalServerError, "AccessLevel", err) ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
return return
} }
apiForks[i] = convert.ToRepo(ctx, fork, access) apiForks[i] = convert.ToRepo(ctx, fork, permission)
} }
ctx.SetTotalCountHeader(int64(ctx.Repo.Repository.NumForks)) ctx.SetTotalCountHeader(int64(ctx.Repo.Repository.NumForks))
@ -152,5 +152,5 @@ func CreateFork(ctx *context.APIContext) {
} }
// TODO change back to 201 // TODO change back to 201
ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx, fork, perm.AccessModeOwner)) ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx, fork, access_model.Permission{AccessMode: perm.AccessModeOwner}))
} }

View file

@ -8,6 +8,7 @@ import (
"net/http" "net/http"
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access"
"code.gitea.io/gitea/models/webhook" "code.gitea.io/gitea/models/webhook"
"code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/git" "code.gitea.io/gitea/modules/git"
@ -185,7 +186,7 @@ func TestHook(ctx *context.APIContext) {
Commits: []*api.PayloadCommit{commit}, Commits: []*api.PayloadCommit{commit},
TotalCommits: 1, TotalCommits: 1,
HeadCommit: commit, HeadCommit: commit,
Repo: convert.ToRepo(ctx, ctx.Repo.Repository, perm.AccessModeNone), Repo: convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeNone}),
Pusher: convert.ToUserWithAccessMode(ctx, ctx.Doer, perm.AccessModeNone), Pusher: convert.ToUserWithAccessMode(ctx, ctx.Doer, perm.AccessModeNone),
Sender: convert.ToUserWithAccessMode(ctx, ctx.Doer, perm.AccessModeNone), Sender: convert.ToUserWithAccessMode(ctx, ctx.Doer, perm.AccessModeNone),
}); err != nil { }); err != nil {

View file

@ -13,6 +13,7 @@ import (
asymkey_model "code.gitea.io/gitea/models/asymkey" asymkey_model "code.gitea.io/gitea/models/asymkey"
"code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access"
repo_model "code.gitea.io/gitea/models/repo" repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/setting"
@ -27,13 +28,13 @@ import (
func appendPrivateInformation(ctx stdCtx.Context, apiKey *api.DeployKey, key *asymkey_model.DeployKey, repository *repo_model.Repository) (*api.DeployKey, error) { func appendPrivateInformation(ctx stdCtx.Context, apiKey *api.DeployKey, key *asymkey_model.DeployKey, repository *repo_model.Repository) (*api.DeployKey, error) {
apiKey.ReadOnly = key.Mode == perm.AccessModeRead apiKey.ReadOnly = key.Mode == perm.AccessModeRead
if repository.ID == key.RepoID { if repository.ID == key.RepoID {
apiKey.Repository = convert.ToRepo(ctx, repository, key.Mode) apiKey.Repository = convert.ToRepo(ctx, repository, access_model.Permission{AccessMode: key.Mode})
} else { } else {
repo, err := repo_model.GetRepositoryByID(ctx, key.RepoID) repo, err := repo_model.GetRepositoryByID(ctx, key.RepoID)
if err != nil { if err != nil {
return apiKey, err return apiKey, err
} }
apiKey.Repository = convert.ToRepo(ctx, repo, key.Mode) apiKey.Repository = convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: key.Mode})
} }
return apiKey, nil return apiKey, nil
} }

View file

@ -14,6 +14,7 @@ import (
"code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/organization" "code.gitea.io/gitea/models/organization"
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access"
repo_model "code.gitea.io/gitea/models/repo" repo_model "code.gitea.io/gitea/models/repo"
user_model "code.gitea.io/gitea/models/user" user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/context"
@ -211,7 +212,7 @@ func Migrate(ctx *context.APIContext) {
} }
log.Trace("Repository migrated: %s/%s", repoOwner.Name, form.RepoName) log.Trace("Repository migrated: %s/%s", repoOwner.Name, form.RepoName)
ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, perm.AccessModeAdmin)) ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeAdmin}))
} }
func handleMigrateError(ctx *context.APIContext, repoOwner *user_model.User, remoteAddr string, err error) { func handleMigrateError(ctx *context.APIContext, repoOwner *user_model.User, remoteAddr string, err error) {

View file

@ -211,14 +211,14 @@ func Search(ctx *context.APIContext) {
}) })
return return
} }
accessMode, err := access_model.AccessLevel(ctx, ctx.Doer, repo) permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
if err != nil { if err != nil {
ctx.JSON(http.StatusInternalServerError, api.SearchError{ ctx.JSON(http.StatusInternalServerError, api.SearchError{
OK: false, OK: false,
Error: err.Error(), Error: err.Error(),
}) })
} }
results[i] = convert.ToRepo(ctx, repo, accessMode) results[i] = convert.ToRepo(ctx, repo, permission)
} }
ctx.SetLinkHeader(int(count), opts.PageSize) ctx.SetLinkHeader(int(count), opts.PageSize)
ctx.SetTotalCountHeader(count) ctx.SetTotalCountHeader(count)
@ -272,7 +272,7 @@ func CreateUserRepo(ctx *context.APIContext, owner *user_model.User, opt api.Cre
ctx.Error(http.StatusInternalServerError, "GetRepositoryByID", err) ctx.Error(http.StatusInternalServerError, "GetRepositoryByID", err)
} }
ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, perm.AccessModeOwner)) ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}))
} }
// Create one repository of mine // Create one repository of mine
@ -419,7 +419,7 @@ func Generate(ctx *context.APIContext) {
} }
log.Trace("Repository generated [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name) log.Trace("Repository generated [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name)
ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, perm.AccessModeOwner)) ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}))
} }
// CreateOrgRepoDeprecated create one repository of the organization // CreateOrgRepoDeprecated create one repository of the organization
@ -537,7 +537,7 @@ func Get(ctx *context.APIContext) {
return return
} }
ctx.JSON(http.StatusOK, convert.ToRepo(ctx, ctx.Repo.Repository, ctx.Repo.AccessMode)) ctx.JSON(http.StatusOK, convert.ToRepo(ctx, ctx.Repo.Repository, ctx.Repo.Permission))
} }
// GetByID returns a single Repository // GetByID returns a single Repository
@ -568,15 +568,15 @@ func GetByID(ctx *context.APIContext) {
return return
} }
perm, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer) permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
if err != nil { if err != nil {
ctx.Error(http.StatusInternalServerError, "AccessLevel", err) ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
return return
} else if !perm.HasAccess() { } else if !permission.HasAccess() {
ctx.NotFound() ctx.NotFound()
return return
} }
ctx.JSON(http.StatusOK, convert.ToRepo(ctx, repo, perm.AccessMode)) ctx.JSON(http.StatusOK, convert.ToRepo(ctx, repo, permission))
} }
// Edit edit repository properties // Edit edit repository properties
@ -638,7 +638,7 @@ func Edit(ctx *context.APIContext) {
return return
} }
ctx.JSON(http.StatusOK, convert.ToRepo(ctx, repo, ctx.Repo.AccessMode)) ctx.JSON(http.StatusOK, convert.ToRepo(ctx, repo, ctx.Repo.Permission))
} }
// updateBasicProperties updates the basic properties of a repo: Name, Description, Website and Visibility // updateBasicProperties updates the basic properties of a repo: Name, Description, Website and Visibility

View file

@ -264,7 +264,7 @@ func GetCombinedCommitStatusByRef(ctx *context.APIContext) {
return return
} }
combiStatus := convert.ToCombinedStatus(ctx, statuses, convert.ToRepo(ctx, repo, ctx.Repo.AccessMode)) combiStatus := convert.ToCombinedStatus(ctx, statuses, convert.ToRepo(ctx, repo, ctx.Repo.Permission))
ctx.SetTotalCountHeader(count) ctx.SetTotalCountHeader(count)
ctx.JSON(http.StatusOK, combiStatus) ctx.JSON(http.StatusOK, combiStatus)

View file

@ -10,6 +10,7 @@ import (
"code.gitea.io/gitea/models" "code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/organization" "code.gitea.io/gitea/models/organization"
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access"
repo_model "code.gitea.io/gitea/models/repo" repo_model "code.gitea.io/gitea/models/repo"
user_model "code.gitea.io/gitea/models/user" user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/context"
@ -122,12 +123,12 @@ func Transfer(ctx *context.APIContext) {
if ctx.Repo.Repository.Status == repo_model.RepositoryPendingTransfer { if ctx.Repo.Repository.Status == repo_model.RepositoryPendingTransfer {
log.Trace("Repository transfer initiated: %s -> %s", oldFullname, ctx.Repo.Repository.FullName()) log.Trace("Repository transfer initiated: %s -> %s", oldFullname, ctx.Repo.Repository.FullName())
ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, ctx.Repo.Repository, perm.AccessModeAdmin)) ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeAdmin}))
return return
} }
log.Trace("Repository transferred: %s -> %s", oldFullname, ctx.Repo.Repository.FullName()) log.Trace("Repository transferred: %s -> %s", oldFullname, ctx.Repo.Repository.FullName())
ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx, ctx.Repo.Repository, perm.AccessModeAdmin)) ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeAdmin}))
} }
// AcceptTransfer accept a repo transfer // AcceptTransfer accept a repo transfer
@ -165,7 +166,7 @@ func AcceptTransfer(ctx *context.APIContext) {
return return
} }
ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx, ctx.Repo.Repository, ctx.Repo.AccessMode)) ctx.JSON(http.StatusAccepted, convert.ToRepo(ctx, ctx.Repo.Repository, ctx.Repo.Permission))
} }
// RejectTransfer reject a repo transfer // RejectTransfer reject a repo transfer
@ -203,7 +204,7 @@ func RejectTransfer(ctx *context.APIContext) {
return return
} }
ctx.JSON(http.StatusOK, convert.ToRepo(ctx, ctx.Repo.Repository, ctx.Repo.AccessMode)) ctx.JSON(http.StatusOK, convert.ToRepo(ctx, ctx.Repo.Repository, ctx.Repo.Permission))
} }
func acceptOrRejectRepoTransfer(ctx *context.APIContext, accept bool) error { func acceptOrRejectRepoTransfer(ctx *context.APIContext, accept bool) error {

View file

@ -9,6 +9,7 @@ import (
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access" access_model "code.gitea.io/gitea/models/perm/access"
repo_model "code.gitea.io/gitea/models/repo" repo_model "code.gitea.io/gitea/models/repo"
unit_model "code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user" user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/context"
api "code.gitea.io/gitea/modules/structs" api "code.gitea.io/gitea/modules/structs"
@ -38,13 +39,13 @@ func listUserRepos(ctx *context.APIContext, u *user_model.User, private bool) {
apiRepos := make([]*api.Repository, 0, len(repos)) apiRepos := make([]*api.Repository, 0, len(repos))
for i := range repos { for i := range repos {
access, err := access_model.AccessLevel(ctx, ctx.Doer, repos[i]) permission, err := access_model.GetUserRepoPermission(ctx, repos[i], ctx.Doer)
if err != nil { if err != nil {
ctx.Error(http.StatusInternalServerError, "AccessLevel", err) ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
return return
} }
if ctx.IsSigned && ctx.Doer.IsAdmin || access >= perm.AccessModeRead { if ctx.IsSigned && ctx.Doer.IsAdmin || permission.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeRead {
apiRepos = append(apiRepos, convert.ToRepo(ctx, repos[i], access)) apiRepos = append(apiRepos, convert.ToRepo(ctx, repos[i], permission))
} }
} }
@ -123,11 +124,11 @@ func ListMyRepos(ctx *context.APIContext) {
ctx.Error(http.StatusInternalServerError, "LoadOwner", err) ctx.Error(http.StatusInternalServerError, "LoadOwner", err)
return return
} }
accessMode, err := access_model.AccessLevel(ctx, ctx.Doer, repo) permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
if err != nil { if err != nil {
ctx.Error(http.StatusInternalServerError, "AccessLevel", err) ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
} }
results[i] = convert.ToRepo(ctx, repo, accessMode) results[i] = convert.ToRepo(ctx, repo, permission)
} }
ctx.SetLinkHeader(int(count), opts.ListOptions.PageSize) ctx.SetLinkHeader(int(count), opts.ListOptions.PageSize)

View file

@ -28,11 +28,11 @@ func getStarredRepos(ctx std_context.Context, user *user_model.User, private boo
repos := make([]*api.Repository, len(starredRepos)) repos := make([]*api.Repository, len(starredRepos))
for i, starred := range starredRepos { for i, starred := range starredRepos {
access, err := access_model.AccessLevel(ctx, user, starred) permission, err := access_model.GetUserRepoPermission(ctx, starred, user)
if err != nil { if err != nil {
return nil, err return nil, err
} }
repos[i] = convert.ToRepo(ctx, starred, access) repos[i] = convert.ToRepo(ctx, starred, permission)
} }
return repos, nil return repos, nil
} }

View file

@ -26,11 +26,11 @@ func getWatchedRepos(ctx std_context.Context, user *user_model.User, private boo
repos := make([]*api.Repository, len(watchedRepos)) repos := make([]*api.Repository, len(watchedRepos))
for i, watched := range watchedRepos { for i, watched := range watchedRepos {
access, err := access_model.AccessLevel(ctx, user, watched) permission, err := access_model.GetUserRepoPermission(ctx, watched, user)
if err != nil { if err != nil {
return nil, 0, err return nil, 0, err
} }
repos[i] = convert.ToRepo(ctx, watched, access) repos[i] = convert.ToRepo(ctx, watched, permission)
} }
return repos, total, nil return repos, total, nil
} }

View file

@ -13,6 +13,7 @@ import (
"strings" "strings"
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access"
user_model "code.gitea.io/gitea/models/user" user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/models/webhook" "code.gitea.io/gitea/models/webhook"
"code.gitea.io/gitea/modules/base" "code.gitea.io/gitea/modules/base"
@ -685,7 +686,7 @@ func TestWebhook(ctx *context.Context) {
Commits: []*api.PayloadCommit{apiCommit}, Commits: []*api.PayloadCommit{apiCommit},
TotalCommits: 1, TotalCommits: 1,
HeadCommit: apiCommit, HeadCommit: apiCommit,
Repo: convert.ToRepo(ctx, ctx.Repo.Repository, perm.AccessModeNone), Repo: convert.ToRepo(ctx, ctx.Repo.Repository, access_model.Permission{AccessMode: perm.AccessModeNone}),
Pusher: apiUser, Pusher: apiUser,
Sender: apiUser, Sender: apiUser,
} }

View file

@ -45,13 +45,13 @@ func (n *actionsNotifier) NotifyNewIssue(ctx context.Context, issue *issues_mode
log.Error("issue.LoadPoster: %v", err) log.Error("issue.LoadPoster: %v", err)
return return
} }
mode, _ := access_model.AccessLevel(ctx, issue.Poster, issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
newNotifyInputFromIssue(issue, webhook_module.HookEventIssues).WithPayload(&api.IssuePayload{ newNotifyInputFromIssue(issue, webhook_module.HookEventIssues).WithPayload(&api.IssuePayload{
Action: api.HookIssueOpened, Action: api.HookIssueOpened,
Index: issue.Index, Index: issue.Index,
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, issue.Poster, nil), Sender: convert.ToUser(ctx, issue.Poster, nil),
}).Notify(withMethod(ctx, "NotifyNewIssue")) }).Notify(withMethod(ctx, "NotifyNewIssue"))
} }
@ -59,7 +59,7 @@ func (n *actionsNotifier) NotifyNewIssue(ctx context.Context, issue *issues_mode
// NotifyIssueChangeStatus notifies close or reopen issue to notifiers // NotifyIssueChangeStatus notifies close or reopen issue to notifiers
func (n *actionsNotifier) NotifyIssueChangeStatus(ctx context.Context, doer *user_model.User, commitID string, issue *issues_model.Issue, _ *issues_model.Comment, isClosed bool) { func (n *actionsNotifier) NotifyIssueChangeStatus(ctx context.Context, doer *user_model.User, commitID string, issue *issues_model.Issue, _ *issues_model.Comment, isClosed bool) {
ctx = withMethod(ctx, "NotifyIssueChangeStatus") ctx = withMethod(ctx, "NotifyIssueChangeStatus")
mode, _ := access_model.AccessLevel(ctx, issue.Poster, issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
if issue.IsPull { if issue.IsPull {
if err := issue.LoadPullRequest(ctx); err != nil { if err := issue.LoadPullRequest(ctx); err != nil {
log.Error("LoadPullRequest: %v", err) log.Error("LoadPullRequest: %v", err)
@ -69,7 +69,7 @@ func (n *actionsNotifier) NotifyIssueChangeStatus(ctx context.Context, doer *use
apiPullRequest := &api.PullRequestPayload{ apiPullRequest := &api.PullRequestPayload{
Index: issue.Index, Index: issue.Index,
PullRequest: convert.ToAPIPullRequest(db.DefaultContext, issue.PullRequest, nil), PullRequest: convert.ToAPIPullRequest(db.DefaultContext, issue.PullRequest, nil),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
CommitID: commitID, CommitID: commitID,
} }
@ -88,7 +88,7 @@ func (n *actionsNotifier) NotifyIssueChangeStatus(ctx context.Context, doer *use
apiIssue := &api.IssuePayload{ apiIssue := &api.IssuePayload{
Index: issue.Index, Index: issue.Index,
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
} }
if isClosed { if isClosed {
@ -118,7 +118,7 @@ func (n *actionsNotifier) NotifyIssueChangeLabels(ctx context.Context, doer *use
return return
} }
mode, _ := access_model.AccessLevel(ctx, issue.Poster, issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
if issue.IsPull { if issue.IsPull {
if err = issue.LoadPullRequest(ctx); err != nil { if err = issue.LoadPullRequest(ctx); err != nil {
log.Error("loadPullRequest: %v", err) log.Error("loadPullRequest: %v", err)
@ -134,7 +134,7 @@ func (n *actionsNotifier) NotifyIssueChangeLabels(ctx context.Context, doer *use
Action: api.HookIssueLabelUpdated, Action: api.HookIssueLabelUpdated,
Index: issue.Index, Index: issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil), PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
Repository: convert.ToRepo(ctx, issue.Repo, perm_model.AccessModeNone), Repository: convert.ToRepo(ctx, issue.Repo, access_model.Permission{AccessMode: perm_model.AccessModeNone}),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}). }).
WithPullRequest(issue.PullRequest). WithPullRequest(issue.PullRequest).
@ -147,7 +147,7 @@ func (n *actionsNotifier) NotifyIssueChangeLabels(ctx context.Context, doer *use
Action: api.HookIssueLabelUpdated, Action: api.HookIssueLabelUpdated,
Index: issue.Index, Index: issue.Index,
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}). }).
Notify(ctx) Notify(ctx)
@ -159,7 +159,7 @@ func (n *actionsNotifier) NotifyCreateIssueComment(ctx context.Context, doer *us
) { ) {
ctx = withMethod(ctx, "NotifyCreateIssueComment") ctx = withMethod(ctx, "NotifyCreateIssueComment")
mode, _ := access_model.AccessLevel(ctx, doer, repo) permission, _ := access_model.GetUserRepoPermission(ctx, repo, doer)
if issue.IsPull { if issue.IsPull {
if err := issue.LoadPullRequest(ctx); err != nil { if err := issue.LoadPullRequest(ctx); err != nil {
@ -172,7 +172,7 @@ func (n *actionsNotifier) NotifyCreateIssueComment(ctx context.Context, doer *us
Action: api.HookIssueCommentCreated, Action: api.HookIssueCommentCreated,
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Comment: convert.ToComment(ctx, comment), Comment: convert.ToComment(ctx, comment),
Repository: convert.ToRepo(ctx, repo, mode), Repository: convert.ToRepo(ctx, repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
IsPull: true, IsPull: true,
}). }).
@ -186,7 +186,7 @@ func (n *actionsNotifier) NotifyCreateIssueComment(ctx context.Context, doer *us
Action: api.HookIssueCommentCreated, Action: api.HookIssueCommentCreated,
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Comment: convert.ToComment(ctx, comment), Comment: convert.ToComment(ctx, comment),
Repository: convert.ToRepo(ctx, repo, mode), Repository: convert.ToRepo(ctx, repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
IsPull: false, IsPull: false,
}). }).
@ -209,14 +209,14 @@ func (n *actionsNotifier) NotifyNewPullRequest(ctx context.Context, pull *issues
return return
} }
mode, _ := access_model.AccessLevel(ctx, pull.Issue.Poster, pull.Issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, pull.Issue.Repo, pull.Issue.Poster)
newNotifyInputFromIssue(pull.Issue, webhook_module.HookEventPullRequest). newNotifyInputFromIssue(pull.Issue, webhook_module.HookEventPullRequest).
WithPayload(&api.PullRequestPayload{ WithPayload(&api.PullRequestPayload{
Action: api.HookIssueOpened, Action: api.HookIssueOpened,
Index: pull.Issue.Index, Index: pull.Issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, pull, nil), PullRequest: convert.ToAPIPullRequest(ctx, pull, nil),
Repository: convert.ToRepo(ctx, pull.Issue.Repo, mode), Repository: convert.ToRepo(ctx, pull.Issue.Repo, permission),
Sender: convert.ToUser(ctx, pull.Issue.Poster, nil), Sender: convert.ToUser(ctx, pull.Issue.Poster, nil),
}). }).
WithPullRequest(pull). WithPullRequest(pull).
@ -228,7 +228,7 @@ func (n *actionsNotifier) NotifyCreateRepository(ctx context.Context, doer, u *u
newNotifyInput(repo, doer, webhook_module.HookEventRepository).WithPayload(&api.RepositoryPayload{ newNotifyInput(repo, doer, webhook_module.HookEventRepository).WithPayload(&api.RepositoryPayload{
Action: api.HookRepoCreated, Action: api.HookRepoCreated,
Repository: convert.ToRepo(ctx, repo, perm_model.AccessModeOwner), Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
Organization: convert.ToUser(ctx, u, nil), Organization: convert.ToUser(ctx, u, nil),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}).Notify(ctx) }).Notify(ctx)
@ -237,13 +237,13 @@ func (n *actionsNotifier) NotifyCreateRepository(ctx context.Context, doer, u *u
func (n *actionsNotifier) NotifyForkRepository(ctx context.Context, doer *user_model.User, oldRepo, repo *repo_model.Repository) { func (n *actionsNotifier) NotifyForkRepository(ctx context.Context, doer *user_model.User, oldRepo, repo *repo_model.Repository) {
ctx = withMethod(ctx, "NotifyForkRepository") ctx = withMethod(ctx, "NotifyForkRepository")
oldMode, _ := access_model.AccessLevel(ctx, doer, oldRepo) oldPermission, _ := access_model.GetUserRepoPermission(ctx, oldRepo, doer)
mode, _ := access_model.AccessLevel(ctx, doer, repo) permission, _ := access_model.GetUserRepoPermission(ctx, repo, doer)
// forked webhook // forked webhook
newNotifyInput(oldRepo, doer, webhook_module.HookEventFork).WithPayload(&api.ForkPayload{ newNotifyInput(oldRepo, doer, webhook_module.HookEventFork).WithPayload(&api.ForkPayload{
Forkee: convert.ToRepo(ctx, oldRepo, oldMode), Forkee: convert.ToRepo(ctx, oldRepo, oldPermission),
Repo: convert.ToRepo(ctx, repo, mode), Repo: convert.ToRepo(ctx, repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}).Notify(ctx) }).Notify(ctx)
@ -255,7 +255,7 @@ func (n *actionsNotifier) NotifyForkRepository(ctx context.Context, doer *user_m
WithRef(oldRepo.DefaultBranch). WithRef(oldRepo.DefaultBranch).
WithPayload(&api.RepositoryPayload{ WithPayload(&api.RepositoryPayload{
Action: api.HookRepoCreated, Action: api.HookRepoCreated,
Repository: convert.ToRepo(ctx, repo, perm_model.AccessModeOwner), Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
Organization: convert.ToUser(ctx, u, nil), Organization: convert.ToUser(ctx, u, nil),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}).Notify(ctx) }).Notify(ctx)
@ -285,9 +285,9 @@ func (n *actionsNotifier) NotifyPullRequestReview(ctx context.Context, pr *issue
return return
} }
mode, err := access_model.AccessLevel(ctx, review.Issue.Poster, review.Issue.Repo) permission, err := access_model.GetUserRepoPermission(ctx, review.Issue.Repo, review.Issue.Poster)
if err != nil { if err != nil {
log.Error("models.AccessLevel: %v", err) log.Error("models.GetUserRepoPermission: %v", err)
return return
} }
@ -297,7 +297,7 @@ func (n *actionsNotifier) NotifyPullRequestReview(ctx context.Context, pr *issue
Action: api.HookIssueReviewed, Action: api.HookIssueReviewed,
Index: review.Issue.Index, Index: review.Issue.Index,
PullRequest: convert.ToAPIPullRequest(db.DefaultContext, pr, nil), PullRequest: convert.ToAPIPullRequest(db.DefaultContext, pr, nil),
Repository: convert.ToRepo(ctx, review.Issue.Repo, mode), Repository: convert.ToRepo(ctx, review.Issue.Repo, permission),
Sender: convert.ToUser(ctx, review.Reviewer, nil), Sender: convert.ToUser(ctx, review.Reviewer, nil),
Review: &api.ReviewPayload{ Review: &api.ReviewPayload{
Type: string(reviewHookType), Type: string(reviewHookType),
@ -325,9 +325,9 @@ func (*actionsNotifier) NotifyMergePullRequest(ctx context.Context, doer *user_m
return return
} }
mode, err := access_model.AccessLevel(ctx, doer, pr.Issue.Repo) permission, err := access_model.GetUserRepoPermission(ctx, pr.Issue.Repo, doer)
if err != nil { if err != nil {
log.Error("models.AccessLevel: %v", err) log.Error("models.GetUserRepoPermission: %v", err)
return return
} }
@ -335,7 +335,7 @@ func (*actionsNotifier) NotifyMergePullRequest(ctx context.Context, doer *user_m
apiPullRequest := &api.PullRequestPayload{ apiPullRequest := &api.PullRequestPayload{
Index: pr.Issue.Index, Index: pr.Issue.Index,
PullRequest: convert.ToAPIPullRequest(db.DefaultContext, pr, nil), PullRequest: convert.ToAPIPullRequest(db.DefaultContext, pr, nil),
Repository: convert.ToRepo(ctx, pr.Issue.Repo, mode), Repository: convert.ToRepo(ctx, pr.Issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
Action: api.HookIssueClosed, Action: api.HookIssueClosed,
} }
@ -366,7 +366,7 @@ func (n *actionsNotifier) NotifyPushCommits(ctx context.Context, pusher *user_mo
CompareURL: setting.AppURL + commits.CompareURL, CompareURL: setting.AppURL + commits.CompareURL,
Commits: apiCommits, Commits: apiCommits,
HeadCommit: apiHeadCommit, HeadCommit: apiHeadCommit,
Repo: convert.ToRepo(ctx, repo, perm_model.AccessModeOwner), Repo: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
Pusher: apiPusher, Pusher: apiPusher,
Sender: apiPusher, Sender: apiPusher,
}). }).
@ -377,7 +377,7 @@ func (n *actionsNotifier) NotifyCreateRef(ctx context.Context, pusher *user_mode
ctx = withMethod(ctx, "NotifyCreateRef") ctx = withMethod(ctx, "NotifyCreateRef")
apiPusher := convert.ToUser(ctx, pusher, nil) apiPusher := convert.ToUser(ctx, pusher, nil)
apiRepo := convert.ToRepo(ctx, repo, perm_model.AccessModeNone) apiRepo := convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeNone})
newNotifyInput(repo, pusher, webhook_module.HookEventCreate). newNotifyInput(repo, pusher, webhook_module.HookEventCreate).
WithRef(refFullName.ShortName()). // FIXME: should we use a full ref name WithRef(refFullName.ShortName()). // FIXME: should we use a full ref name
@ -395,7 +395,7 @@ func (n *actionsNotifier) NotifyDeleteRef(ctx context.Context, pusher *user_mode
ctx = withMethod(ctx, "NotifyDeleteRef") ctx = withMethod(ctx, "NotifyDeleteRef")
apiPusher := convert.ToUser(ctx, pusher, nil) apiPusher := convert.ToUser(ctx, pusher, nil)
apiRepo := convert.ToRepo(ctx, repo, perm_model.AccessModeNone) apiRepo := convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeNone})
newNotifyInput(repo, pusher, webhook_module.HookEventDelete). newNotifyInput(repo, pusher, webhook_module.HookEventDelete).
WithRef(refFullName.ShortName()). // FIXME: should we use a full ref name WithRef(refFullName.ShortName()). // FIXME: should we use a full ref name
@ -429,7 +429,7 @@ func (n *actionsNotifier) NotifySyncPushCommits(ctx context.Context, pusher *use
Commits: apiCommits, Commits: apiCommits,
TotalCommits: commits.Len, TotalCommits: commits.Len,
HeadCommit: apiHeadCommit, HeadCommit: apiHeadCommit,
Repo: convert.ToRepo(ctx, repo, perm_model.AccessModeOwner), Repo: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
Pusher: apiPusher, Pusher: apiPusher,
Sender: apiPusher, Sender: apiPusher,
}). }).
@ -494,7 +494,7 @@ func (n *actionsNotifier) NotifyPullRequestSynchronized(ctx context.Context, doe
Action: api.HookIssueSynchronized, Action: api.HookIssueSynchronized,
Index: pr.Issue.Index, Index: pr.Issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, pr, nil), PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
Repository: convert.ToRepo(ctx, pr.Issue.Repo, perm_model.AccessModeNone), Repository: convert.ToRepo(ctx, pr.Issue.Repo, access_model.Permission{AccessMode: perm_model.AccessModeNone}),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}). }).
WithPullRequest(pr). WithPullRequest(pr).
@ -514,7 +514,7 @@ func (n *actionsNotifier) NotifyPullRequestChangeTargetBranch(ctx context.Contex
return return
} }
mode, _ := access_model.AccessLevel(ctx, pr.Issue.Poster, pr.Issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, pr.Issue.Repo, pr.Issue.Poster)
newNotifyInput(pr.Issue.Repo, doer, webhook_module.HookEventPullRequest). newNotifyInput(pr.Issue.Repo, doer, webhook_module.HookEventPullRequest).
WithPayload(&api.PullRequestPayload{ WithPayload(&api.PullRequestPayload{
Action: api.HookIssueEdited, Action: api.HookIssueEdited,
@ -525,7 +525,7 @@ func (n *actionsNotifier) NotifyPullRequestChangeTargetBranch(ctx context.Contex
}, },
}, },
PullRequest: convert.ToAPIPullRequest(ctx, pr, nil), PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
Repository: convert.ToRepo(ctx, pr.Issue.Repo, mode), Repository: convert.ToRepo(ctx, pr.Issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}). }).
WithPullRequest(pr). WithPullRequest(pr).
@ -537,7 +537,7 @@ func (n *actionsNotifier) NotifyNewWikiPage(ctx context.Context, doer *user_mode
newNotifyInput(repo, doer, webhook_module.HookEventWiki).WithPayload(&api.WikiPayload{ newNotifyInput(repo, doer, webhook_module.HookEventWiki).WithPayload(&api.WikiPayload{
Action: api.HookWikiCreated, Action: api.HookWikiCreated,
Repository: convert.ToRepo(ctx, repo, perm_model.AccessModeOwner), Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
Page: page, Page: page,
Comment: comment, Comment: comment,
@ -549,7 +549,7 @@ func (n *actionsNotifier) NotifyEditWikiPage(ctx context.Context, doer *user_mod
newNotifyInput(repo, doer, webhook_module.HookEventWiki).WithPayload(&api.WikiPayload{ newNotifyInput(repo, doer, webhook_module.HookEventWiki).WithPayload(&api.WikiPayload{
Action: api.HookWikiEdited, Action: api.HookWikiEdited,
Repository: convert.ToRepo(ctx, repo, perm_model.AccessModeOwner), Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
Page: page, Page: page,
Comment: comment, Comment: comment,
@ -561,7 +561,7 @@ func (n *actionsNotifier) NotifyDeleteWikiPage(ctx context.Context, doer *user_m
newNotifyInput(repo, doer, webhook_module.HookEventWiki).WithPayload(&api.WikiPayload{ newNotifyInput(repo, doer, webhook_module.HookEventWiki).WithPayload(&api.WikiPayload{
Action: api.HookWikiDeleted, Action: api.HookWikiDeleted,
Repository: convert.ToRepo(ctx, repo, perm_model.AccessModeOwner), Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm_model.AccessModeOwner}),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
Page: page, Page: page,
}).Notify(ctx) }).Notify(ctx)

View file

@ -222,14 +222,14 @@ func notifyRelease(ctx context.Context, doer *user_model.User, rel *repo_model.R
return return
} }
mode, _ := access_model.AccessLevel(ctx, doer, rel.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, rel.Repo, doer)
newNotifyInput(rel.Repo, doer, webhook_module.HookEventRelease). newNotifyInput(rel.Repo, doer, webhook_module.HookEventRelease).
WithRef(git.RefNameFromTag(rel.TagName).String()). WithRef(git.RefNameFromTag(rel.TagName).String()).
WithPayload(&api.ReleasePayload{ WithPayload(&api.ReleasePayload{
Action: action, Action: action,
Release: convert.ToRelease(ctx, rel), Release: convert.ToRelease(ctx, rel),
Repository: convert.ToRepo(ctx, rel.Repo, mode), Repository: convert.ToRepo(ctx, rel.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}). }).
Notify(ctx) Notify(ctx)

View file

@ -28,7 +28,7 @@ func ToActivity(ctx context.Context, ac *activities_model.Action, doer *user_mod
ActUserID: ac.ActUserID, ActUserID: ac.ActUserID,
ActUser: ToUser(ctx, ac.ActUser, doer), ActUser: ToUser(ctx, ac.ActUser, doer),
RepoID: ac.RepoID, RepoID: ac.RepoID,
Repo: ToRepo(ctx, ac.Repo, p.AccessMode), Repo: ToRepo(ctx, ac.Repo, p),
RefName: ac.RefName, RefName: ac.RefName,
IsPrivate: ac.IsPrivate, IsPrivate: ac.IsPrivate,
Content: ac.Content, Content: ac.Content,

View file

@ -9,6 +9,7 @@ import (
activities_model "code.gitea.io/gitea/models/activities" activities_model "code.gitea.io/gitea/models/activities"
"code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access"
api "code.gitea.io/gitea/modules/structs" api "code.gitea.io/gitea/modules/structs"
) )
@ -24,7 +25,7 @@ func ToNotificationThread(n *activities_model.Notification) *api.NotificationThr
// since user only get notifications when he has access to use minimal access mode // since user only get notifications when he has access to use minimal access mode
if n.Repository != nil { if n.Repository != nil {
result.Repository = ToRepo(db.DefaultContext, n.Repository, perm.AccessModeRead) result.Repository = ToRepo(db.DefaultContext, n.Repository, access_model.Permission{AccessMode: perm.AccessModeRead})
// This permission is not correct and we should not be reporting it // This permission is not correct and we should not be reporting it
for repository := result.Repository; repository != nil; repository = repository.Parent { for repository := result.Repository; repository != nil; repository = repository.Parent {

View file

@ -22,7 +22,7 @@ func ToPackage(ctx context.Context, pd *packages.PackageDescriptor, doer *user_m
} }
if permission.HasAccess() { if permission.HasAccess() {
repo = ToRepo(ctx, pd.Repository, permission.AccessMode) repo = ToRepo(ctx, pd.Repository, permission)
} }
} }

View file

@ -80,7 +80,7 @@ func ToAPIPullRequest(ctx context.Context, pr *issues_model.PullRequest, doer *u
Name: pr.BaseBranch, Name: pr.BaseBranch,
Ref: pr.BaseBranch, Ref: pr.BaseBranch,
RepoID: pr.BaseRepoID, RepoID: pr.BaseRepoID,
Repository: ToRepo(ctx, pr.BaseRepo, p.AccessMode), Repository: ToRepo(ctx, pr.BaseRepo, p),
}, },
Head: &api.PRBranchInfo{ Head: &api.PRBranchInfo{
Name: pr.HeadBranch, Name: pr.HeadBranch,
@ -152,7 +152,7 @@ func ToAPIPullRequest(ctx context.Context, pr *issues_model.PullRequest, doer *u
} }
apiPullRequest.Head.RepoID = pr.HeadRepo.ID apiPullRequest.Head.RepoID = pr.HeadRepo.ID
apiPullRequest.Head.Repository = ToRepo(ctx, pr.HeadRepo, p.AccessMode) apiPullRequest.Head.Repository = ToRepo(ctx, pr.HeadRepo, p)
headGitRepo, err := git.OpenRepository(ctx, pr.HeadRepo.RepoPath()) headGitRepo, err := git.OpenRepository(ctx, pr.HeadRepo.RepoPath())
if err != nil { if err != nil {

View file

@ -9,6 +9,7 @@ import (
"code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/db"
issues_model "code.gitea.io/gitea/models/issues" issues_model "code.gitea.io/gitea/models/issues"
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access"
repo_model "code.gitea.io/gitea/models/repo" repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unittest" "code.gitea.io/gitea/models/unittest"
"code.gitea.io/gitea/modules/git" "code.gitea.io/gitea/modules/git"
@ -31,7 +32,7 @@ func TestPullRequest_APIFormat(t *testing.T) {
Ref: "refs/pull/2/head", Ref: "refs/pull/2/head",
Sha: "4a357436d925b5c974181ff12a994538ddc5a269", Sha: "4a357436d925b5c974181ff12a994538ddc5a269",
RepoID: 1, RepoID: 1,
Repository: ToRepo(db.DefaultContext, headRepo, perm.AccessModeRead), Repository: ToRepo(db.DefaultContext, headRepo, access_model.Permission{AccessMode: perm.AccessModeRead}),
}, apiPullRequest.Head) }, apiPullRequest.Head)
// withOut HeadRepo // withOut HeadRepo

View file

@ -9,6 +9,7 @@ import (
"code.gitea.io/gitea/models" "code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access"
repo_model "code.gitea.io/gitea/models/repo" repo_model "code.gitea.io/gitea/models/repo"
unit_model "code.gitea.io/gitea/models/unit" unit_model "code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
@ -16,18 +17,26 @@ import (
) )
// ToRepo converts a Repository to api.Repository // ToRepo converts a Repository to api.Repository
func ToRepo(ctx context.Context, repo *repo_model.Repository, mode perm.AccessMode) *api.Repository { func ToRepo(ctx context.Context, repo *repo_model.Repository, permissionInRepo access_model.Permission) *api.Repository {
return innerToRepo(ctx, repo, mode, false) return innerToRepo(ctx, repo, permissionInRepo, false)
} }
func innerToRepo(ctx context.Context, repo *repo_model.Repository, mode perm.AccessMode, isParent bool) *api.Repository { func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInRepo access_model.Permission, isParent bool) *api.Repository {
var parent *api.Repository var parent *api.Repository
if permissionInRepo.Units == nil && permissionInRepo.UnitsMode == nil {
// If Units and UnitsMode are both nil, it means that it's a hard coded permission,
// like access_model.Permission{AccessMode: perm.AccessModeAdmin}.
// So we need to load units for the repo, or UnitAccessMode will always return perm.AccessModeNone.
_ = repo.LoadUnits(ctx) // the error is not important, so ignore it
permissionInRepo.Units = repo.Units
}
cloneLink := repo.CloneLink() cloneLink := repo.CloneLink()
permission := &api.Permission{ permission := &api.Permission{
Admin: mode >= perm.AccessModeAdmin, Admin: permissionInRepo.AccessMode >= perm.AccessModeAdmin,
Push: mode >= perm.AccessModeWrite, Push: permissionInRepo.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeWrite,
Pull: mode >= perm.AccessModeRead, Pull: permissionInRepo.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeRead,
} }
if !isParent { if !isParent {
err := repo.GetBaseRepo(ctx) err := repo.GetBaseRepo(ctx)
@ -35,7 +44,12 @@ func innerToRepo(ctx context.Context, repo *repo_model.Repository, mode perm.Acc
return nil return nil
} }
if repo.BaseRepo != nil { if repo.BaseRepo != nil {
parent = innerToRepo(ctx, repo.BaseRepo, mode, true) // FIXME: The permission of the parent repo is not correct.
// It's the permission of the current repo, so it's probably different from the parent repo.
// But there isn't a good way to get the permission of the parent repo, because the doer is not passed in.
// Use the permission of the current repo to keep the behavior consistent with the old API.
// Maybe the right way is setting the permission of the parent repo to nil, empty is better than wrong.
parent = innerToRepo(ctx, repo.BaseRepo, permissionInRepo, true)
} }
} }
@ -154,7 +168,7 @@ func innerToRepo(ctx context.Context, repo *repo_model.Repository, mode perm.Acc
return &api.Repository{ return &api.Repository{
ID: repo.ID, ID: repo.ID,
Owner: ToUserWithAccessMode(ctx, repo.Owner, mode), Owner: ToUserWithAccessMode(ctx, repo.Owner, permissionInRepo.AccessMode),
Name: repo.Name, Name: repo.Name,
FullName: repo.FullName(), FullName: repo.FullName(),
Description: repo.Description, Description: repo.Description,

View file

@ -11,7 +11,6 @@ import (
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
access_model "code.gitea.io/gitea/models/perm/access" access_model "code.gitea.io/gitea/models/perm/access"
repo_model "code.gitea.io/gitea/models/repo" repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user" user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/git" "code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
@ -50,7 +49,7 @@ func (m *webhookNotifier) NotifyIssueClearLabels(ctx context.Context, doer *user
return return
} }
mode, _ := access_model.AccessLevel(ctx, issue.Poster, issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
var err error var err error
if issue.IsPull { if issue.IsPull {
if err = issue.LoadPullRequest(ctx); err != nil { if err = issue.LoadPullRequest(ctx); err != nil {
@ -62,7 +61,7 @@ func (m *webhookNotifier) NotifyIssueClearLabels(ctx context.Context, doer *user
Action: api.HookIssueLabelCleared, Action: api.HookIssueLabelCleared,
Index: issue.Index, Index: issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil), PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}) })
} else { } else {
@ -70,7 +69,7 @@ func (m *webhookNotifier) NotifyIssueClearLabels(ctx context.Context, doer *user
Action: api.HookIssueLabelCleared, Action: api.HookIssueLabelCleared,
Index: issue.Index, Index: issue.Index,
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}) })
} }
@ -80,13 +79,13 @@ func (m *webhookNotifier) NotifyIssueClearLabels(ctx context.Context, doer *user
} }
func (m *webhookNotifier) NotifyForkRepository(ctx context.Context, doer *user_model.User, oldRepo, repo *repo_model.Repository) { func (m *webhookNotifier) NotifyForkRepository(ctx context.Context, doer *user_model.User, oldRepo, repo *repo_model.Repository) {
oldMode, _ := access_model.AccessLevel(ctx, doer, oldRepo) oldPermission, _ := access_model.GetUserRepoPermission(ctx, oldRepo, doer)
mode, _ := access_model.AccessLevel(ctx, doer, repo) permission, _ := access_model.GetUserRepoPermission(ctx, repo, doer)
// forked webhook // forked webhook
if err := PrepareWebhooks(ctx, EventSource{Repository: oldRepo}, webhook_module.HookEventFork, &api.ForkPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: oldRepo}, webhook_module.HookEventFork, &api.ForkPayload{
Forkee: convert.ToRepo(ctx, oldRepo, oldMode), Forkee: convert.ToRepo(ctx, oldRepo, oldPermission),
Repo: convert.ToRepo(ctx, repo, mode), Repo: convert.ToRepo(ctx, repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}); err != nil { }); err != nil {
log.Error("PrepareWebhooks [repo_id: %d]: %v", oldRepo.ID, err) log.Error("PrepareWebhooks [repo_id: %d]: %v", oldRepo.ID, err)
@ -98,7 +97,7 @@ func (m *webhookNotifier) NotifyForkRepository(ctx context.Context, doer *user_m
if u.IsOrganization() { if u.IsOrganization() {
if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventRepository, &api.RepositoryPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventRepository, &api.RepositoryPayload{
Action: api.HookRepoCreated, Action: api.HookRepoCreated,
Repository: convert.ToRepo(ctx, repo, perm.AccessModeOwner), Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
Organization: convert.ToUser(ctx, u, nil), Organization: convert.ToUser(ctx, u, nil),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}); err != nil { }); err != nil {
@ -111,7 +110,7 @@ func (m *webhookNotifier) NotifyCreateRepository(ctx context.Context, doer, u *u
// Add to hook queue for created repo after session commit. // Add to hook queue for created repo after session commit.
if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventRepository, &api.RepositoryPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventRepository, &api.RepositoryPayload{
Action: api.HookRepoCreated, Action: api.HookRepoCreated,
Repository: convert.ToRepo(ctx, repo, perm.AccessModeOwner), Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
Organization: convert.ToUser(ctx, u, nil), Organization: convert.ToUser(ctx, u, nil),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}); err != nil { }); err != nil {
@ -122,7 +121,7 @@ func (m *webhookNotifier) NotifyCreateRepository(ctx context.Context, doer, u *u
func (m *webhookNotifier) NotifyDeleteRepository(ctx context.Context, doer *user_model.User, repo *repo_model.Repository) { func (m *webhookNotifier) NotifyDeleteRepository(ctx context.Context, doer *user_model.User, repo *repo_model.Repository) {
if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventRepository, &api.RepositoryPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventRepository, &api.RepositoryPayload{
Action: api.HookRepoDeleted, Action: api.HookRepoDeleted,
Repository: convert.ToRepo(ctx, repo, perm.AccessModeOwner), Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
Organization: convert.ToUser(ctx, repo.MustOwner(ctx), nil), Organization: convert.ToUser(ctx, repo.MustOwner(ctx), nil),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}); err != nil { }); err != nil {
@ -134,7 +133,7 @@ func (m *webhookNotifier) NotifyMigrateRepository(ctx context.Context, doer, u *
// Add to hook queue for created repo after session commit. // Add to hook queue for created repo after session commit.
if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventRepository, &api.RepositoryPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventRepository, &api.RepositoryPayload{
Action: api.HookRepoCreated, Action: api.HookRepoCreated,
Repository: convert.ToRepo(ctx, repo, perm.AccessModeOwner), Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
Organization: convert.ToUser(ctx, u, nil), Organization: convert.ToUser(ctx, u, nil),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}); err != nil { }); err != nil {
@ -144,7 +143,7 @@ func (m *webhookNotifier) NotifyMigrateRepository(ctx context.Context, doer, u *
func (m *webhookNotifier) NotifyIssueChangeAssignee(ctx context.Context, doer *user_model.User, issue *issues_model.Issue, assignee *user_model.User, removed bool, comment *issues_model.Comment) { func (m *webhookNotifier) NotifyIssueChangeAssignee(ctx context.Context, doer *user_model.User, issue *issues_model.Issue, assignee *user_model.User, removed bool, comment *issues_model.Comment) {
if issue.IsPull { if issue.IsPull {
mode, _ := access_model.AccessLevelUnit(ctx, doer, issue.Repo, unit.TypePullRequests) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
if err := issue.LoadPullRequest(ctx); err != nil { if err := issue.LoadPullRequest(ctx); err != nil {
log.Error("LoadPullRequest failed: %v", err) log.Error("LoadPullRequest failed: %v", err)
@ -153,7 +152,7 @@ func (m *webhookNotifier) NotifyIssueChangeAssignee(ctx context.Context, doer *u
apiPullRequest := &api.PullRequestPayload{ apiPullRequest := &api.PullRequestPayload{
Index: issue.Index, Index: issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil), PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
} }
if removed { if removed {
@ -167,11 +166,11 @@ func (m *webhookNotifier) NotifyIssueChangeAssignee(ctx context.Context, doer *u
return return
} }
} else { } else {
mode, _ := access_model.AccessLevelUnit(ctx, doer, issue.Repo, unit.TypeIssues) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
apiIssue := &api.IssuePayload{ apiIssue := &api.IssuePayload{
Index: issue.Index, Index: issue.Index,
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
} }
if removed { if removed {
@ -188,7 +187,7 @@ func (m *webhookNotifier) NotifyIssueChangeAssignee(ctx context.Context, doer *u
} }
func (m *webhookNotifier) NotifyIssueChangeTitle(ctx context.Context, doer *user_model.User, issue *issues_model.Issue, oldTitle string) { func (m *webhookNotifier) NotifyIssueChangeTitle(ctx context.Context, doer *user_model.User, issue *issues_model.Issue, oldTitle string) {
mode, _ := access_model.AccessLevel(ctx, issue.Poster, issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
var err error var err error
if issue.IsPull { if issue.IsPull {
if err = issue.LoadPullRequest(ctx); err != nil { if err = issue.LoadPullRequest(ctx); err != nil {
@ -204,7 +203,7 @@ func (m *webhookNotifier) NotifyIssueChangeTitle(ctx context.Context, doer *user
}, },
}, },
PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil), PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}) })
} else { } else {
@ -217,7 +216,7 @@ func (m *webhookNotifier) NotifyIssueChangeTitle(ctx context.Context, doer *user
}, },
}, },
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}) })
} }
@ -228,7 +227,7 @@ func (m *webhookNotifier) NotifyIssueChangeTitle(ctx context.Context, doer *user
} }
func (m *webhookNotifier) NotifyIssueChangeStatus(ctx context.Context, doer *user_model.User, commitID string, issue *issues_model.Issue, actionComment *issues_model.Comment, isClosed bool) { func (m *webhookNotifier) NotifyIssueChangeStatus(ctx context.Context, doer *user_model.User, commitID string, issue *issues_model.Issue, actionComment *issues_model.Comment, isClosed bool) {
mode, _ := access_model.AccessLevel(ctx, issue.Poster, issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
var err error var err error
if issue.IsPull { if issue.IsPull {
if err = issue.LoadPullRequest(ctx); err != nil { if err = issue.LoadPullRequest(ctx); err != nil {
@ -239,7 +238,7 @@ func (m *webhookNotifier) NotifyIssueChangeStatus(ctx context.Context, doer *use
apiPullRequest := &api.PullRequestPayload{ apiPullRequest := &api.PullRequestPayload{
Index: issue.Index, Index: issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil), PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
CommitID: commitID, CommitID: commitID,
} }
@ -253,7 +252,7 @@ func (m *webhookNotifier) NotifyIssueChangeStatus(ctx context.Context, doer *use
apiIssue := &api.IssuePayload{ apiIssue := &api.IssuePayload{
Index: issue.Index, Index: issue.Index,
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
CommitID: commitID, CommitID: commitID,
} }
@ -279,12 +278,12 @@ func (m *webhookNotifier) NotifyNewIssue(ctx context.Context, issue *issues_mode
return return
} }
mode, _ := access_model.AccessLevel(ctx, issue.Poster, issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
if err := PrepareWebhooks(ctx, EventSource{Repository: issue.Repo}, webhook_module.HookEventIssues, &api.IssuePayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: issue.Repo}, webhook_module.HookEventIssues, &api.IssuePayload{
Action: api.HookIssueOpened, Action: api.HookIssueOpened,
Index: issue.Index, Index: issue.Index,
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, issue.Poster, nil), Sender: convert.ToUser(ctx, issue.Poster, nil),
}); err != nil { }); err != nil {
log.Error("PrepareWebhooks: %v", err) log.Error("PrepareWebhooks: %v", err)
@ -305,12 +304,12 @@ func (m *webhookNotifier) NotifyNewPullRequest(ctx context.Context, pull *issues
return return
} }
mode, _ := access_model.AccessLevel(ctx, pull.Issue.Poster, pull.Issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, pull.Issue.Repo, pull.Issue.Poster)
if err := PrepareWebhooks(ctx, EventSource{Repository: pull.Issue.Repo}, webhook_module.HookEventPullRequest, &api.PullRequestPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: pull.Issue.Repo}, webhook_module.HookEventPullRequest, &api.PullRequestPayload{
Action: api.HookIssueOpened, Action: api.HookIssueOpened,
Index: pull.Issue.Index, Index: pull.Issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, pull, nil), PullRequest: convert.ToAPIPullRequest(ctx, pull, nil),
Repository: convert.ToRepo(ctx, pull.Issue.Repo, mode), Repository: convert.ToRepo(ctx, pull.Issue.Repo, permission),
Sender: convert.ToUser(ctx, pull.Issue.Poster, nil), Sender: convert.ToUser(ctx, pull.Issue.Poster, nil),
}); err != nil { }); err != nil {
log.Error("PrepareWebhooks: %v", err) log.Error("PrepareWebhooks: %v", err)
@ -323,7 +322,7 @@ func (m *webhookNotifier) NotifyIssueChangeContent(ctx context.Context, doer *us
return return
} }
mode, _ := access_model.AccessLevel(ctx, issue.Poster, issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
var err error var err error
if issue.IsPull { if issue.IsPull {
if err := issue.LoadPullRequest(ctx); err != nil { if err := issue.LoadPullRequest(ctx); err != nil {
@ -339,7 +338,7 @@ func (m *webhookNotifier) NotifyIssueChangeContent(ctx context.Context, doer *us
}, },
}, },
PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil), PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}) })
} else { } else {
@ -352,7 +351,7 @@ func (m *webhookNotifier) NotifyIssueChangeContent(ctx context.Context, doer *us
}, },
}, },
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}) })
} }
@ -383,7 +382,7 @@ func (m *webhookNotifier) NotifyUpdateComment(ctx context.Context, doer *user_mo
eventType = webhook_module.HookEventIssueComment eventType = webhook_module.HookEventIssueComment
} }
mode, _ := access_model.AccessLevel(ctx, doer, c.Issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, c.Issue.Repo, doer)
if err := PrepareWebhooks(ctx, EventSource{Repository: c.Issue.Repo}, eventType, &api.IssueCommentPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: c.Issue.Repo}, eventType, &api.IssueCommentPayload{
Action: api.HookIssueCommentEdited, Action: api.HookIssueCommentEdited,
Issue: convert.ToAPIIssue(ctx, c.Issue), Issue: convert.ToAPIIssue(ctx, c.Issue),
@ -393,7 +392,7 @@ func (m *webhookNotifier) NotifyUpdateComment(ctx context.Context, doer *user_mo
From: oldContent, From: oldContent,
}, },
}, },
Repository: convert.ToRepo(ctx, c.Issue.Repo, mode), Repository: convert.ToRepo(ctx, c.Issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
IsPull: c.Issue.IsPull, IsPull: c.Issue.IsPull,
}); err != nil { }); err != nil {
@ -411,12 +410,12 @@ func (m *webhookNotifier) NotifyCreateIssueComment(ctx context.Context, doer *us
eventType = webhook_module.HookEventIssueComment eventType = webhook_module.HookEventIssueComment
} }
mode, _ := access_model.AccessLevel(ctx, doer, repo) permission, _ := access_model.GetUserRepoPermission(ctx, repo, doer)
if err := PrepareWebhooks(ctx, EventSource{Repository: issue.Repo}, eventType, &api.IssueCommentPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: issue.Repo}, eventType, &api.IssueCommentPayload{
Action: api.HookIssueCommentCreated, Action: api.HookIssueCommentCreated,
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Comment: convert.ToComment(ctx, comment), Comment: convert.ToComment(ctx, comment),
Repository: convert.ToRepo(ctx, repo, mode), Repository: convert.ToRepo(ctx, repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
IsPull: issue.IsPull, IsPull: issue.IsPull,
}); err != nil { }); err != nil {
@ -448,12 +447,12 @@ func (m *webhookNotifier) NotifyDeleteComment(ctx context.Context, doer *user_mo
eventType = webhook_module.HookEventIssueComment eventType = webhook_module.HookEventIssueComment
} }
mode, _ := access_model.AccessLevel(ctx, doer, comment.Issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, comment.Issue.Repo, doer)
if err := PrepareWebhooks(ctx, EventSource{Repository: comment.Issue.Repo}, eventType, &api.IssueCommentPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: comment.Issue.Repo}, eventType, &api.IssueCommentPayload{
Action: api.HookIssueCommentDeleted, Action: api.HookIssueCommentDeleted,
Issue: convert.ToAPIIssue(ctx, comment.Issue), Issue: convert.ToAPIIssue(ctx, comment.Issue),
Comment: convert.ToComment(ctx, comment), Comment: convert.ToComment(ctx, comment),
Repository: convert.ToRepo(ctx, comment.Issue.Repo, mode), Repository: convert.ToRepo(ctx, comment.Issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
IsPull: comment.Issue.IsPull, IsPull: comment.Issue.IsPull,
}); err != nil { }); err != nil {
@ -465,7 +464,7 @@ func (m *webhookNotifier) NotifyNewWikiPage(ctx context.Context, doer *user_mode
// Add to hook queue for created wiki page. // Add to hook queue for created wiki page.
if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventWiki, &api.WikiPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventWiki, &api.WikiPayload{
Action: api.HookWikiCreated, Action: api.HookWikiCreated,
Repository: convert.ToRepo(ctx, repo, perm.AccessModeOwner), Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
Page: page, Page: page,
Comment: comment, Comment: comment,
@ -478,7 +477,7 @@ func (m *webhookNotifier) NotifyEditWikiPage(ctx context.Context, doer *user_mod
// Add to hook queue for edit wiki page. // Add to hook queue for edit wiki page.
if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventWiki, &api.WikiPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventWiki, &api.WikiPayload{
Action: api.HookWikiEdited, Action: api.HookWikiEdited,
Repository: convert.ToRepo(ctx, repo, perm.AccessModeOwner), Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
Page: page, Page: page,
Comment: comment, Comment: comment,
@ -491,7 +490,7 @@ func (m *webhookNotifier) NotifyDeleteWikiPage(ctx context.Context, doer *user_m
// Add to hook queue for edit wiki page. // Add to hook queue for edit wiki page.
if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventWiki, &api.WikiPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventWiki, &api.WikiPayload{
Action: api.HookWikiDeleted, Action: api.HookWikiDeleted,
Repository: convert.ToRepo(ctx, repo, perm.AccessModeOwner), Repository: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
Page: page, Page: page,
}); err != nil { }); err != nil {
@ -514,7 +513,7 @@ func (m *webhookNotifier) NotifyIssueChangeLabels(ctx context.Context, doer *use
return return
} }
mode, _ := access_model.AccessLevel(ctx, issue.Poster, issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
if issue.IsPull { if issue.IsPull {
if err = issue.LoadPullRequest(ctx); err != nil { if err = issue.LoadPullRequest(ctx); err != nil {
log.Error("loadPullRequest: %v", err) log.Error("loadPullRequest: %v", err)
@ -528,7 +527,7 @@ func (m *webhookNotifier) NotifyIssueChangeLabels(ctx context.Context, doer *use
Action: api.HookIssueLabelUpdated, Action: api.HookIssueLabelUpdated,
Index: issue.Index, Index: issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil), PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
Repository: convert.ToRepo(ctx, issue.Repo, perm.AccessModeNone), Repository: convert.ToRepo(ctx, issue.Repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}) })
} else { } else {
@ -536,7 +535,7 @@ func (m *webhookNotifier) NotifyIssueChangeLabels(ctx context.Context, doer *use
Action: api.HookIssueLabelUpdated, Action: api.HookIssueLabelUpdated,
Index: issue.Index, Index: issue.Index,
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}) })
} }
@ -559,7 +558,7 @@ func (m *webhookNotifier) NotifyIssueChangeMilestone(ctx context.Context, doer *
return return
} }
mode, _ := access_model.AccessLevel(ctx, doer, issue.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
if issue.IsPull { if issue.IsPull {
err = issue.PullRequest.LoadIssue(ctx) err = issue.PullRequest.LoadIssue(ctx)
if err != nil { if err != nil {
@ -570,7 +569,7 @@ func (m *webhookNotifier) NotifyIssueChangeMilestone(ctx context.Context, doer *
Action: hookAction, Action: hookAction,
Index: issue.Index, Index: issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil), PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}) })
} else { } else {
@ -578,7 +577,7 @@ func (m *webhookNotifier) NotifyIssueChangeMilestone(ctx context.Context, doer *
Action: hookAction, Action: hookAction,
Index: issue.Index, Index: issue.Index,
Issue: convert.ToAPIIssue(ctx, issue), Issue: convert.ToAPIIssue(ctx, issue),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}) })
} }
@ -603,7 +602,7 @@ func (m *webhookNotifier) NotifyPushCommits(ctx context.Context, pusher *user_mo
Commits: apiCommits, Commits: apiCommits,
TotalCommits: commits.Len, TotalCommits: commits.Len,
HeadCommit: apiHeadCommit, HeadCommit: apiHeadCommit,
Repo: convert.ToRepo(ctx, repo, perm.AccessModeOwner), Repo: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
Pusher: apiPusher, Pusher: apiPusher,
Sender: apiPusher, Sender: apiPusher,
}); err != nil { }); err != nil {
@ -633,9 +632,9 @@ func (*webhookNotifier) NotifyMergePullRequest(ctx context.Context, doer *user_m
return return
} }
mode, err := access_model.AccessLevel(ctx, doer, pr.Issue.Repo) permission, err := access_model.GetUserRepoPermission(ctx, pr.Issue.Repo, doer)
if err != nil { if err != nil {
log.Error("models.AccessLevel: %v", err) log.Error("models.GetUserRepoPermission: %v", err)
return return
} }
@ -643,7 +642,7 @@ func (*webhookNotifier) NotifyMergePullRequest(ctx context.Context, doer *user_m
apiPullRequest := &api.PullRequestPayload{ apiPullRequest := &api.PullRequestPayload{
Index: pr.Issue.Index, Index: pr.Issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, pr, nil), PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
Repository: convert.ToRepo(ctx, pr.Issue.Repo, mode), Repository: convert.ToRepo(ctx, pr.Issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
Action: api.HookIssueClosed, Action: api.HookIssueClosed,
} }
@ -661,7 +660,7 @@ func (m *webhookNotifier) NotifyPullRequestChangeTargetBranch(ctx context.Contex
issue := pr.Issue issue := pr.Issue
mode, _ := access_model.AccessLevel(ctx, issue.Poster, issue.Repo) mode, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
if err := PrepareWebhooks(ctx, EventSource{Repository: issue.Repo}, webhook_module.HookEventPullRequest, &api.PullRequestPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: issue.Repo}, webhook_module.HookEventPullRequest, &api.PullRequestPayload{
Action: api.HookIssueEdited, Action: api.HookIssueEdited,
Index: issue.Index, Index: issue.Index,
@ -699,16 +698,16 @@ func (m *webhookNotifier) NotifyPullRequestReview(ctx context.Context, pr *issue
return return
} }
mode, err := access_model.AccessLevel(ctx, review.Issue.Poster, review.Issue.Repo) permission, err := access_model.GetUserRepoPermission(ctx, review.Issue.Repo, review.Issue.Poster)
if err != nil { if err != nil {
log.Error("models.AccessLevel: %v", err) log.Error("models.GetUserRepoPermission: %v", err)
return return
} }
if err := PrepareWebhooks(ctx, EventSource{Repository: review.Issue.Repo}, reviewHookType, &api.PullRequestPayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: review.Issue.Repo}, reviewHookType, &api.PullRequestPayload{
Action: api.HookIssueReviewed, Action: api.HookIssueReviewed,
Index: review.Issue.Index, Index: review.Issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, pr, nil), PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
Repository: convert.ToRepo(ctx, review.Issue.Repo, mode), Repository: convert.ToRepo(ctx, review.Issue.Repo, permission),
Sender: convert.ToUser(ctx, review.Reviewer, nil), Sender: convert.ToUser(ctx, review.Reviewer, nil),
Review: &api.ReviewPayload{ Review: &api.ReviewPayload{
Type: string(reviewHookType), Type: string(reviewHookType),
@ -724,7 +723,7 @@ func (m *webhookNotifier) NotifyPullRequestReviewRequest(ctx context.Context, do
log.Warn("NotifyPullRequestReviewRequest: issue is not a pull request: %v", issue.ID) log.Warn("NotifyPullRequestReviewRequest: issue is not a pull request: %v", issue.ID)
return return
} }
mode, _ := access_model.AccessLevelUnit(ctx, doer, issue.Repo, unit.TypePullRequests) permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
if err := issue.LoadPullRequest(ctx); err != nil { if err := issue.LoadPullRequest(ctx); err != nil {
log.Error("LoadPullRequest failed: %v", err) log.Error("LoadPullRequest failed: %v", err)
return return
@ -733,7 +732,7 @@ func (m *webhookNotifier) NotifyPullRequestReviewRequest(ctx context.Context, do
Index: issue.Index, Index: issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil), PullRequest: convert.ToAPIPullRequest(ctx, issue.PullRequest, nil),
RequestedReviewer: convert.ToUser(ctx, reviewer, nil), RequestedReviewer: convert.ToUser(ctx, reviewer, nil),
Repository: convert.ToRepo(ctx, issue.Repo, mode), Repository: convert.ToRepo(ctx, issue.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
} }
if isRequest { if isRequest {
@ -749,7 +748,7 @@ func (m *webhookNotifier) NotifyPullRequestReviewRequest(ctx context.Context, do
func (m *webhookNotifier) NotifyCreateRef(ctx context.Context, pusher *user_model.User, repo *repo_model.Repository, refFullName git.RefName, refID string) { func (m *webhookNotifier) NotifyCreateRef(ctx context.Context, pusher *user_model.User, repo *repo_model.Repository, refFullName git.RefName, refID string) {
apiPusher := convert.ToUser(ctx, pusher, nil) apiPusher := convert.ToUser(ctx, pusher, nil)
apiRepo := convert.ToRepo(ctx, repo, perm.AccessModeNone) apiRepo := convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeNone})
refName := refFullName.ShortName() refName := refFullName.ShortName()
if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventCreate, &api.CreatePayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventCreate, &api.CreatePayload{
@ -777,7 +776,7 @@ func (m *webhookNotifier) NotifyPullRequestSynchronized(ctx context.Context, doe
Action: api.HookIssueSynchronized, Action: api.HookIssueSynchronized,
Index: pr.Issue.Index, Index: pr.Issue.Index,
PullRequest: convert.ToAPIPullRequest(ctx, pr, nil), PullRequest: convert.ToAPIPullRequest(ctx, pr, nil),
Repository: convert.ToRepo(ctx, pr.Issue.Repo, perm.AccessModeNone), Repository: convert.ToRepo(ctx, pr.Issue.Repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}); err != nil { }); err != nil {
log.Error("PrepareWebhooks [pull_id: %v]: %v", pr.ID, err) log.Error("PrepareWebhooks [pull_id: %v]: %v", pr.ID, err)
@ -786,7 +785,7 @@ func (m *webhookNotifier) NotifyPullRequestSynchronized(ctx context.Context, doe
func (m *webhookNotifier) NotifyDeleteRef(ctx context.Context, pusher *user_model.User, repo *repo_model.Repository, refFullName git.RefName) { func (m *webhookNotifier) NotifyDeleteRef(ctx context.Context, pusher *user_model.User, repo *repo_model.Repository, refFullName git.RefName) {
apiPusher := convert.ToUser(ctx, pusher, nil) apiPusher := convert.ToUser(ctx, pusher, nil)
apiRepo := convert.ToRepo(ctx, repo, perm.AccessModeNone) apiRepo := convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner})
refName := refFullName.ShortName() refName := refFullName.ShortName()
if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventDelete, &api.DeletePayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: repo}, webhook_module.HookEventDelete, &api.DeletePayload{
@ -806,11 +805,11 @@ func sendReleaseHook(ctx context.Context, doer *user_model.User, rel *repo_model
return return
} }
mode, _ := access_model.AccessLevel(ctx, doer, rel.Repo) permission, _ := access_model.GetUserRepoPermission(ctx, rel.Repo, doer)
if err := PrepareWebhooks(ctx, EventSource{Repository: rel.Repo}, webhook_module.HookEventRelease, &api.ReleasePayload{ if err := PrepareWebhooks(ctx, EventSource{Repository: rel.Repo}, webhook_module.HookEventRelease, &api.ReleasePayload{
Action: action, Action: action,
Release: convert.ToRelease(ctx, rel), Release: convert.ToRelease(ctx, rel),
Repository: convert.ToRepo(ctx, rel.Repo, mode), Repository: convert.ToRepo(ctx, rel.Repo, permission),
Sender: convert.ToUser(ctx, doer, nil), Sender: convert.ToUser(ctx, doer, nil),
}); err != nil { }); err != nil {
log.Error("PrepareWebhooks: %v", err) log.Error("PrepareWebhooks: %v", err)
@ -845,7 +844,7 @@ func (m *webhookNotifier) NotifySyncPushCommits(ctx context.Context, pusher *use
Commits: apiCommits, Commits: apiCommits,
TotalCommits: commits.Len, TotalCommits: commits.Len,
HeadCommit: apiHeadCommit, HeadCommit: apiHeadCommit,
Repo: convert.ToRepo(ctx, repo, perm.AccessModeOwner), Repo: convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}),
Pusher: apiPusher, Pusher: apiPusher,
Sender: apiPusher, Sender: apiPusher,
}); err != nil { }); err != nil {