tyler.durden/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-05-05 15:10:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

permission check

Browse Source
This commit is contained in:
Lunny Xiao 2022-11-23 16:18:07 +08:00 committed by Jason Song
parent fdd3c0434e
commit 324d6711da
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
routers/api/v1/api.go
View File

@ -199,7 +199,12 @@ func repoAssignment() func(ctx *context.APIContext) {
return
}
ctx.Repo.Permission.AccessMode = perm_model.AccessModeAdmin
if task.IsForkPullRequest {
ctx.Repo.Permission.AccessMode = perm_model.AccessModeRead
} else {
ctx.Repo.Permission.AccessMode = perm_model.AccessModeWrite
}
if err := ctx.Repo.Repository.LoadUnits(ctx); err != nil {
ctx.Error(http.StatusInternalServerError, "LoadUnits", err)
return

13
routers/web/repo/http.go
View File

@ -199,12 +199,25 @@ func httpBase(ctx *context.Context) (h *serviceHandler) {
ctx.PlainText(http.StatusForbidden, "User permission denied")
return
}
if task.IsForkPullRequest {
if accessMode > perm.AccessModeRead {
ctx.PlainText(http.StatusForbidden, "User permission denied")
return
}
} else {
if accessMode > perm.AccessModeWrite {
ctx.PlainText(http.StatusForbidden, "User permission denied")
return
}
}
} else {
p, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return
}
if !p.CanAccess(accessMode, unitType) {
ctx.PlainText(http.StatusForbidden, "User permission denied")
return