Browse Source

models/access: hasAccess only need userID not user object

pull/4185/head
Unknwon 8 years ago
parent
commit
b78e03934d
No known key found for this signature in database
GPG Key ID: 25B575AE3213B2B3
  1. 2
      cmd/serv.go
  2. 2
      gogs.go
  3. 30
      models/access.go
  4. 2
      models/issue.go
  5. 6
      models/org_team.go
  6. 4
      models/repo.go
  7. 2
      models/ssh_key.go
  8. 10
      models/user.go
  9. 6
      modules/context/repo.go
  10. 2
      routers/api/v1/api.go
  11. 2
      routers/repo/http.go
  12. 2
      routers/repo/pull.go
  13. 2
      routers/user/home.go
  14. 2
      templates/.VERSION

2
cmd/serv.go

@ -199,7 +199,7 @@ func runServ(c *cli.Context) error {
fail("Internal error", "Fail to get user by key ID '%d': %v", key.ID, err)
}
mode, err := models.AccessLevel(user, repo)
mode, err := models.AccessLevel(user.ID, repo)
if err != nil {
fail("Internal error", "Fail to check access: %v", err)
}

2
gogs.go

@ -16,7 +16,7 @@ import (
"github.com/gogits/gogs/modules/setting"
)
const APP_VER = "0.9.166.0223 / 0.10 RC"
const APP_VER = "0.9.167.0223 / 0.10 RC"
func init() {
setting.AppVer = APP_VER

30
models/access.go

@ -57,41 +57,45 @@ type Access struct {
Mode AccessMode
}
func accessLevel(e Engine, u *User, repo *Repository) (AccessMode, error) {
func accessLevel(e Engine, userID int64, repo *Repository) (AccessMode, error) {
mode := ACCESS_MODE_NONE
// Everyone has read access to public repository
if !repo.IsPrivate {
mode = ACCESS_MODE_READ
}
if u == nil {
if userID <= 0 {
return mode, nil
}
if u.ID == repo.OwnerID {
if userID == repo.OwnerID {
return ACCESS_MODE_OWNER, nil
}
a := &Access{UserID: u.ID, RepoID: repo.ID}
if has, err := e.Get(a); !has || err != nil {
access := &Access{
UserID: userID,
RepoID: repo.ID,
}
if has, err := e.Get(access); !has || err != nil {
return mode, err
}
return a.Mode, nil
return access.Mode, nil
}
// AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
// user does not have access. User can be nil!
func AccessLevel(u *User, repo *Repository) (AccessMode, error) {
return accessLevel(x, u, repo)
// user does not have access.
func AccessLevel(userID int64, repo *Repository) (AccessMode, error) {
return accessLevel(x, userID, repo)
}
func hasAccess(e Engine, u *User, repo *Repository, testMode AccessMode) (bool, error) {
mode, err := accessLevel(e, u, repo)
func hasAccess(e Engine, userID int64, repo *Repository, testMode AccessMode) (bool, error) {
mode, err := accessLevel(e, userID, repo)
return mode >= testMode, err
}
// HasAccess returns true if someone has the request access level. User can be nil!
func HasAccess(u *User, repo *Repository, testMode AccessMode) (bool, error) {
return hasAccess(x, u, repo, testMode)
func HasAccess(userID int64, repo *Repository, testMode AccessMode) (bool, error) {
return hasAccess(x, userID, repo, testMode)
}
// GetRepositoryAccesses finds all repositories with their access mode where a user has access but does not own.

2
models/issue.go

@ -618,7 +618,7 @@ func newIssue(e *xorm.Session, opts NewIssueOptions) (err error) {
// Assume assignee is invalid and drop silently.
opts.Issue.AssigneeID = 0
if assignee != nil {
valid, err := hasAccess(e, assignee, opts.Repo, ACCESS_MODE_READ)
valid, err := hasAccess(e, assignee.ID, opts.Repo, ACCESS_MODE_READ)
if err != nil {
return fmt.Errorf("hasAccess [user_id: %d, repo_id: %d]: %v", assignee.ID, opts.Repo.ID, err)
}

6
models/org_team.go

@ -166,15 +166,15 @@ func (t *Team) removeRepository(e Engine, repo *Repository, recalculate bool) (e
if err = t.getMembers(e); err != nil {
return fmt.Errorf("get team members: %v", err)
}
for _, u := range t.Members {
has, err := hasAccess(e, u, repo, ACCESS_MODE_READ)
for _, member := range t.Members {
has, err := hasAccess(e, member.ID, repo, ACCESS_MODE_READ)
if err != nil {
return err
} else if has {
continue
}
if err = watchRepo(e, u.ID, repo.ID, false); err != nil {
if err = watchRepo(e, member.ID, repo.ID, false); err != nil {
return err
}
}

4
models/repo.go

@ -419,8 +419,8 @@ func (repo *Repository) ComposeCompareURL(oldCommitID, newCommitID string) strin
return fmt.Sprintf("%s/%s/compare/%s...%s", repo.MustOwner().Name, repo.Name, oldCommitID, newCommitID)
}
func (repo *Repository) HasAccess(u *User) bool {
has, _ := HasAccess(u, repo, ACCESS_MODE_READ)
func (repo *Repository) HasAccess(userID int64) bool {
has, _ := HasAccess(userID, repo, ACCESS_MODE_READ)
return has
}

2
models/ssh_key.go

@ -736,7 +736,7 @@ func DeleteDeployKey(doer *User, id int64) error {
if err != nil {
return fmt.Errorf("GetRepositoryByID: %v", err)
}
yes, err := HasAccess(doer, repo, ACCESS_MODE_ADMIN)
yes, err := HasAccess(doer.ID, repo, ACCESS_MODE_ADMIN)
if err != nil {
return fmt.Errorf("HasAccess: %v", err)
} else if !yes {

10
models/user.go

@ -385,18 +385,18 @@ func (u *User) DeleteAvatar() error {
// IsAdminOfRepo returns true if user has admin or higher access of repository.
func (u *User) IsAdminOfRepo(repo *Repository) bool {
has, err := HasAccess(u, repo, ACCESS_MODE_ADMIN)
has, err := HasAccess(u.ID, repo, ACCESS_MODE_ADMIN)
if err != nil {
log.Error(3, "HasAccess: %v", err)
log.Error(2, "HasAccess: %v", err)
}
return has
}
// IsWriterOfRepo returns true if user has write access to given repository.
func (u *User) IsWriterOfRepo(repo *Repository) bool {
has, err := HasAccess(u, repo, ACCESS_MODE_WRITE)
has, err := HasAccess(u.ID, repo, ACCESS_MODE_WRITE)
if err != nil {
log.Error(3, "HasAccess: %v", err)
log.Error(2, "HasAccess: %v", err)
}
return has
}
@ -911,7 +911,7 @@ func GetUserByID(id int64) (*User, error) {
// GetAssigneeByID returns the user with write access of repository by given ID.
func GetAssigneeByID(repo *Repository, userID int64) (*User, error) {
has, err := HasAccess(&User{ID: userID}, repo, ACCESS_MODE_READ)
has, err := HasAccess(userID, repo, ACCESS_MODE_READ)
if err != nil {
return nil, err
} else if !has {

6
modules/context/repo.go

@ -206,7 +206,11 @@ func RepoAssignment(args ...bool) macaron.Handler {
if ctx.IsSigned && ctx.User.IsAdmin {
ctx.Repo.AccessMode = models.ACCESS_MODE_OWNER
} else {
mode, err := models.AccessLevel(ctx.User, repo)
var userID int64
if ctx.IsSigned {
userID = ctx.User.ID
}
mode, err := models.AccessLevel(userID, repo)
if err != nil {
ctx.Handle(500, "AccessLevel", err)
return

2
routers/api/v1/api.go

@ -65,7 +65,7 @@ func repoAssignment() macaron.Handler {
if ctx.IsSigned && ctx.User.IsAdmin {
ctx.Repo.AccessMode = models.ACCESS_MODE_OWNER
} else {
mode, err := models.AccessLevel(ctx.User, repo)
mode, err := models.AccessLevel(ctx.User.ID, repo)
if err != nil {
ctx.Error(500, "AccessLevel", err)
return

2
routers/repo/http.go

@ -127,7 +127,7 @@ func HTTPContexter() macaron.Handler {
if isPull {
mode = models.ACCESS_MODE_READ
}
has, err := models.HasAccess(authUser, repo, mode)
has, err := models.HasAccess(authUser.ID, repo, mode)
if err != nil {
ctx.Handle(http.StatusInternalServerError, "HasAccess", err)
return

2
routers/repo/pull.go

@ -49,7 +49,7 @@ func getForkRepository(ctx *context.Context) *models.Repository {
return nil
}
if !forkRepo.CanBeForked() || !forkRepo.HasAccess(ctx.User) {
if !forkRepo.CanBeForked() || !forkRepo.HasAccess(ctx.User.ID) {
ctx.Handle(404, "getForkRepository", nil)
return nil
}

2
routers/user/home.go

@ -293,7 +293,7 @@ func Issues(ctx *context.Context) {
}
// Check if user has access to given repository.
if !repo.IsOwnedBy(ctxUser.ID) && !repo.HasAccess(ctxUser) {
if !repo.IsOwnedBy(ctxUser.ID) && !repo.HasAccess(ctxUser.ID) {
ctx.Handle(404, "Issues", fmt.Errorf("#%d", repoID))
return
}

2
templates/.VERSION

@ -1 +1 @@
0.9.166.0223 / 0.10 RC
0.9.167.0223 / 0.10 RC
Loading…
Cancel
Save