mirror of
https://github.com/go-gitea/gitea
synced 2024-12-24 11:34:36 +01:00
Extended permission checks. (#20517)
This commit is contained in:
parent
8b0e07e368
commit
a846bfefd8
1 changed files with 18 additions and 1 deletions
|
@ -11,6 +11,7 @@ import (
|
||||||
"code.gitea.io/gitea/models/organization"
|
"code.gitea.io/gitea/models/organization"
|
||||||
packages_model "code.gitea.io/gitea/models/packages"
|
packages_model "code.gitea.io/gitea/models/packages"
|
||||||
"code.gitea.io/gitea/models/perm"
|
"code.gitea.io/gitea/models/perm"
|
||||||
|
"code.gitea.io/gitea/models/unit"
|
||||||
user_model "code.gitea.io/gitea/models/user"
|
user_model "code.gitea.io/gitea/models/user"
|
||||||
"code.gitea.io/gitea/modules/structs"
|
"code.gitea.io/gitea/modules/structs"
|
||||||
)
|
)
|
||||||
|
@ -52,14 +53,30 @@ func packageAssignment(ctx *Context, errCb func(int, string, interface{})) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ctx.Package.Owner.IsOrganization() {
|
if ctx.Package.Owner.IsOrganization() {
|
||||||
|
org := organization.OrgFromUser(ctx.Package.Owner)
|
||||||
|
|
||||||
// 1. Get user max authorize level for the org (may be none, if user is not member of the org)
|
// 1. Get user max authorize level for the org (may be none, if user is not member of the org)
|
||||||
if ctx.Doer != nil {
|
if ctx.Doer != nil {
|
||||||
var err error
|
var err error
|
||||||
ctx.Package.AccessMode, err = organization.OrgFromUser(ctx.Package.Owner).GetOrgUserMaxAuthorizeLevel(ctx.Doer.ID)
|
ctx.Package.AccessMode, err = org.GetOrgUserMaxAuthorizeLevel(ctx.Doer.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errCb(http.StatusInternalServerError, "GetOrgUserMaxAuthorizeLevel", err)
|
errCb(http.StatusInternalServerError, "GetOrgUserMaxAuthorizeLevel", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
// If access mode is less than write check every team for more permissions
|
||||||
|
if ctx.Package.AccessMode < perm.AccessModeWrite {
|
||||||
|
teams, err := organization.GetUserOrgTeams(ctx, org.ID, ctx.Doer.ID)
|
||||||
|
if err != nil {
|
||||||
|
errCb(http.StatusInternalServerError, "GetUserOrgTeams", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
for _, t := range teams {
|
||||||
|
perm := t.UnitAccessModeCtx(ctx, unit.TypePackages)
|
||||||
|
if ctx.Package.AccessMode < perm {
|
||||||
|
ctx.Package.AccessMode = perm
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// 2. If authorize level is none, check if org is visible to user
|
// 2. If authorize level is none, check if org is visible to user
|
||||||
if ctx.Package.AccessMode == perm.AccessModeNone && organization.HasOrgOrUserVisible(ctx, ctx.Package.Owner, ctx.Doer) {
|
if ctx.Package.AccessMode == perm.AccessModeNone && organization.HasOrgOrUserVisible(ctx, ctx.Package.Owner, ctx.Doer) {
|
||||||
|
|
Loading…
Reference in a new issue