diff options
| author | ᴜɴᴋɴᴡᴏɴ <u@gogs.io> | 2020-04-04 21:14:15 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-04 21:14:15 +0800 |
| commit | 34145c990d4fd9f278f29cdf9c61378a75e9b934 (patch) | |
| tree | 7b151bbd5aef9e487759953e3a775a82244d268d /internal/db/perms.go | |
| parent | 2bd9d0b9c8238ded727cd98a3ace20b53c10a44f (diff) | |
lfs: implement HTTP routes (#6035)
* Bootstrap with GORM
* Fix lint error
* Set conn max lifetime to one minute
* Fallback to use gorm v1
* Define HTTP routes
* Finish authentication
* Save token updated
* Add docstring
* Finish authorization
* serveBatch rundown
* Define types in lfsutil
* Finish Batch
* authutil
* Finish basic
* Formalize response error
* Fix lint errors
* authutil: add tests
* dbutil: add tests
* lfsutil: add tests
* strutil: add tests
* Formalize 401 response
Diffstat (limited to 'internal/db/perms.go')
| -rw-r--r-- | internal/db/perms.go | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/internal/db/perms.go b/internal/db/perms.go new file mode 100644 index 00000000..6dc5d423 --- /dev/null +++ b/internal/db/perms.go @@ -0,0 +1,56 @@ +// Copyright 2020 The Gogs Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package db + +import ( + "github.com/jinzhu/gorm" + log "unknwon.dev/clog/v2" +) + +// PermsStore is the persistent interface for permissions. +// +// NOTE: All methods are sorted in alphabetical order. +type PermsStore interface { + // AccessMode returns the access mode of given user has to the repository. + AccessMode(userID int64, repo *Repository) AccessMode + // Authorize returns true if the user has as good as desired access mode to + // the repository. + Authorize(userID int64, repo *Repository, desired AccessMode) bool +} + +var Perms PermsStore + +type perms struct { + *gorm.DB +} + +func (db *perms) AccessMode(userID int64, repo *Repository) AccessMode { + var mode AccessMode + // Everyone has read access to public repository. + if !repo.IsPrivate { + mode = AccessModeRead + } + + // Quick check to avoid a DB query. + if userID <= 0 { + return mode + } + + if userID == repo.OwnerID { + return AccessModeOwner + } + + access := new(Access) + err := db.Where("user_id = ? AND repo_id = ?", userID, repo.ID).First(access).Error + if err != nil { + log.Error("Failed to get access [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err) + return mode + } + return access.Mode +} + +func (db *perms) Authorize(userID int64, repo *Repository, desired AccessMode) bool { + return desired <= db.AccessMode(userID, repo) +} |