parent
f4c1f43644
commit
934124c641
@ -127,7 +127,8 @@ func (p *Permission) LogString() string {
|
||||
}
|
||||
|
||||
// GetUserRepoPermission returns the user permissions to the repository
|
||||
func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (perm Permission, err error) {
|
||||
func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (Permission, error) {
|
||||
var perm Permission
|
||||
if log.IsTrace() {
|
||||
defer func() {
|
||||
if user == nil {
|
||||
@ -147,30 +148,31 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use
|
||||
// TODO: anonymous user visit public unit of private repo???
|
||||
if user == nil && repo.IsPrivate {
|
||||
perm.AccessMode = perm_model.AccessModeNone
|
||||
return
|
||||
return perm, nil
|
||||
}
|
||||
|
||||
var is bool
|
||||
var isCollaborator bool
|
||||
var err error
|
||||
if user != nil {
|
||||
is, err = repo_model.IsCollaborator(ctx, repo.ID, user.ID)
|
||||
isCollaborator, err = repo_model.IsCollaborator(ctx, repo.ID, user.ID)
|
||||
if err != nil {
|
||||
return perm, err
|
||||
}
|
||||
}
|
||||
|
||||
if err = repo.LoadOwner(ctx); err != nil {
|
||||
return
|
||||
if err := repo.LoadOwner(ctx); err != nil {
|
||||
return perm, err
|
||||
}
|
||||
|
||||
// Prevent strangers from checking out public repo of private organization/users
|
||||
// Allow user if they are collaborator of a repo within a private user or a private organization but not a member of the organization itself
|
||||
if !organization.HasOrgOrUserVisible(ctx, repo.Owner, user) && !is {
|
||||
if !organization.HasOrgOrUserVisible(ctx, repo.Owner, user) && !isCollaborator {
|
||||
perm.AccessMode = perm_model.AccessModeNone
|
||||
return
|
||||
return perm, nil
|
||||
}
|
||||
|
||||
if err = repo.LoadUnits(ctx); err != nil {
|
||||
return
|
||||
if err := repo.LoadUnits(ctx); err != nil {
|
||||
return perm, err
|
||||
}
|
||||
|
||||
perm.Units = repo.Units
|
||||
@ -178,32 +180,32 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use
|
||||
// anonymous visit public repo
|
||||
if user == nil {
|
||||
perm.AccessMode = perm_model.AccessModeRead
|
||||
return
|
||||
return perm, nil
|
||||
}
|
||||
|
||||
// Admin or the owner has super access to the repository
|
||||
if user.IsAdmin || user.ID == repo.OwnerID {
|
||||
perm.AccessMode = perm_model.AccessModeOwner
|
||||
return
|
||||
return perm, nil
|
||||
}
|
||||
|
||||
// plain user
|
||||
perm.AccessMode, err = accessLevel(ctx, user, repo)
|
||||
if err != nil {
|
||||
return
|
||||
return perm, err
|
||||
}
|
||||
|
||||
if err = repo.LoadOwner(ctx); err != nil {
|
||||
return
|
||||
if err := repo.LoadOwner(ctx); err != nil {
|
||||
return perm, err
|
||||
}
|
||||
if !repo.Owner.IsOrganization() {
|
||||
return
|
||||
return perm, nil
|
||||
}
|
||||
|
||||
perm.UnitsMode = make(map[unit.Type]perm_model.AccessMode)
|
||||
|
||||
// Collaborators on organization
|
||||
if is {
|
||||
if isCollaborator {
|
||||
for _, u := range repo.Units {
|
||||
perm.UnitsMode[u.Type] = perm.AccessMode
|
||||
}
|
||||
@ -212,7 +214,7 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use
|
||||
// get units mode from teams
|
||||
teams, err := organization.GetUserRepoTeams(ctx, repo.OwnerID, user.ID, repo.ID)
|
||||
if err != nil {
|
||||
return
|
||||
return perm, err
|
||||
}
|
||||
|
||||
// if user in an owner team
|
||||
@ -220,7 +222,7 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use
|
||||
if team.AccessMode >= perm_model.AccessModeAdmin {
|
||||
perm.AccessMode = perm_model.AccessModeOwner
|
||||
perm.UnitsMode = nil
|
||||
return
|
||||
return perm, nil
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -339,7 +339,7 @@ func (s releaseMetaSearch) Less(i, j int) bool {
|
||||
// GetReleaseAttachments retrieves the attachments for releases
|
||||
func GetReleaseAttachments(ctx context.Context, rels ...*Release) (err error) {
|
||||
if len(rels) == 0 {
|
||||
return
|
||||
return nil
|
||||
}
|
||||
|
||||
// To keep this efficient as possible sort all releases by id,
|
||||
|
Loading…
Reference in New Issue
Block a user