diff --git a/cmd/hook.go b/cmd/hook.go index 228b79f7f0..a62ffdde5f 100644 --- a/cmd/hook.go +++ b/cmd/hook.go @@ -185,6 +185,7 @@ Gitea or set your environment appropriately.`, "") userID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64) prID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPRID), 10, 64) deployKeyID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvDeployKeyID), 10, 64) + actionPerm, _ := strconv.ParseInt(os.Getenv(repo_module.EnvActionPerm), 10, 64) hookOptions := private.HookOptions{ UserID: userID, @@ -194,6 +195,7 @@ Gitea or set your environment appropriately.`, "") GitPushOptions: pushOptions(), PullRequestID: prID, DeployKeyID: deployKeyID, + ActionPerm: int(actionPerm), } scanner := bufio.NewScanner(os.Stdin) diff --git a/modules/private/hook.go b/modules/private/hook.go index 027014270a..9533eaae59 100644 --- a/modules/private/hook.go +++ b/modules/private/hook.go @@ -57,6 +57,7 @@ type HookOptions struct { PullRequestID int64 DeployKeyID int64 // if the pusher is a DeployKey, then UserID is the repo's org user. IsWiki bool + ActionPerm int } // SSHLogOption ssh log options diff --git a/modules/repository/env.go b/modules/repository/env.go index 646bf35cc6..30edd1c9e3 100644 --- a/modules/repository/env.go +++ b/modules/repository/env.go @@ -27,6 +27,7 @@ const ( EnvPRID = "GITEA_PR_ID" EnvIsInternal = "GITEA_INTERNAL_PUSH" EnvAppURL = "GITEA_ROOT_URL" + EnvActionPerm = "GITEA_ACTION_PERM" ) // InternalPushingEnvironment returns an os environment to switch off hooks on push diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go index 3faf307dff..eb00596181 100644 --- a/routers/private/hook_pre_receive.go +++ b/routers/private/hook_pre_receive.go @@ -466,7 +466,7 @@ func (ctx *preReceiveContext) loadPusherAndPermission() bool { if ctx.opts.UserID == user_model.ActionsUserID { ctx.user = user_model.NewActionsUser() - ctx.userPerm.AccessMode = perm_model.AccessModeAdmin + ctx.userPerm.AccessMode = perm_model.AccessMode(ctx.opts.ActionPerm) if err := ctx.Repo.Repository.LoadUnits(ctx); err != nil { log.Error("Unable to get User id %d Error: %v", ctx.opts.UserID, err) ctx.JSON(http.StatusInternalServerError, private.Response{ diff --git a/routers/web/repo/http.go b/routers/web/repo/http.go index f8e47a8774..2c91ed6178 100644 --- a/routers/web/repo/http.go +++ b/routers/web/repo/http.go @@ -181,6 +181,14 @@ func httpBase(ctx *context.Context) (h *serviceHandler) { return } + environ = []string{ + repo_module.EnvRepoUsername + "=" + username, + repo_module.EnvRepoName + "=" + reponame, + repo_module.EnvPusherName + "=" + ctx.Doer.Name, + repo_module.EnvPusherID + fmt.Sprintf("=%d", ctx.Doer.ID), + repo_module.EnvAppURL + "=" + setting.AppURL, + } + if repoExist { // Because of special ref "refs/for" .. , need delay write permission check if git.SupportProcReceive { @@ -204,11 +212,13 @@ func httpBase(ctx *context.Context) (h *serviceHandler) { ctx.PlainText(http.StatusForbidden, "User permission denied") return } + environ = append(environ, fmt.Sprintf("%s=%d", repo_module.EnvActionPerm, perm.AccessModeRead)) } else { if accessMode > perm.AccessModeWrite { ctx.PlainText(http.StatusForbidden, "User permission denied") return } + environ = append(environ, fmt.Sprintf("%s=%d", repo_module.EnvActionPerm, perm.AccessModeWrite)) } } else { p, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer) @@ -229,14 +239,6 @@ func httpBase(ctx *context.Context) (h *serviceHandler) { } } - environ = []string{ - repo_module.EnvRepoUsername + "=" + username, - repo_module.EnvRepoName + "=" + reponame, - repo_module.EnvPusherName + "=" + ctx.Doer.Name, - repo_module.EnvPusherID + fmt.Sprintf("=%d", ctx.Doer.ID), - repo_module.EnvAppURL + "=" + setting.AppURL, - } - if !ctx.Doer.KeepEmailPrivate { environ = append(environ, repo_module.EnvPusherEmail+"="+ctx.Doer.Email) }