5 files changed, 42 insertions, 50 deletions
diff --git a/internal/db/repo.go b/internal/db/repo.go
index 9f889bc2..bb2cd52e 100644
--- a/internal/db/repo.go
+++ b/internal/db/repo.go
@@ -391,8 +391,17 @@ func (repo *Repository) APIFormatLegacy(permission *api.Permission, user ...*Use
 	if repo.IsFork {
 		p := &api.Permission{Pull: true}
 		if len(user) != 0 {
-			p.Admin = user[0].IsAdminOfRepo(repo)
-			p.Push = user[0].IsWriterOfRepo(repo)
+			accessMode := Perms.AccessMode(
+				context.TODO(),
+				user[0].ID,
+				repo.ID,
+				AccessModeOptions{
+					OwnerID: repo.OwnerID,
+					Private: repo.IsPrivate,
+				},
+			)
+			p.Admin = accessMode >= AccessModeAdmin
+			p.Push = accessMode >= AccessModeWrite
 		}
 		apiRepo.Parent = repo.BaseRepo.APIFormatLegacy(p)
 	}
diff --git a/internal/db/two_factors.go b/internal/db/two_factors.go
index 2dba2a02..6125dda7 100644
--- a/internal/db/two_factors.go
+++ b/internal/db/two_factors.go
@@ -32,8 +32,8 @@ type TwoFactorsStore interface {
 	// GetByUserID returns the 2FA token of given user. It returns
 	// ErrTwoFactorNotFound when not found.
 	GetByUserID(ctx context.Context, userID int64) (*TwoFactor, error)
-	// IsUserEnabled returns true if the user has enabled 2FA.
-	IsUserEnabled(ctx context.Context, userID int64) bool
+	// IsEnabled returns true if the user has enabled 2FA.
+	IsEnabled(ctx context.Context, userID int64) bool
 }
 
 var TwoFactors TwoFactorsStore
@@ -114,7 +114,7 @@ func (db *twoFactors) GetByUserID(ctx context.Context, userID int64) (*TwoFactor
 	return tf, nil
 }
 
-func (db *twoFactors) IsUserEnabled(ctx context.Context, userID int64) bool {
+func (db *twoFactors) IsEnabled(ctx context.Context, userID int64) bool {
 	var count int64
 	err := db.WithContext(ctx).Model(new(TwoFactor)).Where("user_id = ?", userID).Count(&count).Error
 	if err != nil {
diff --git a/internal/db/two_factors_test.go b/internal/db/two_factors_test.go
index 386e96ca..36e4eeca 100644
--- a/internal/db/two_factors_test.go
+++ b/internal/db/two_factors_test.go
@@ -58,7 +58,7 @@ func TestTwoFactors(t *testing.T) {
 	}{
 		{"Create", twoFactorsCreate},
 		{"GetByUserID", twoFactorsGetByUserID},
-		{"IsUserEnabled", twoFactorsIsUserEnabled},
+		{"IsEnabled", twoFactorsIsEnabled},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			t.Cleanup(func() {
@@ -109,13 +109,13 @@ func twoFactorsGetByUserID(t *testing.T, db *twoFactors) {
 	assert.Equal(t, wantErr, err)
 }
 
-func twoFactorsIsUserEnabled(t *testing.T, db *twoFactors) {
+func twoFactorsIsEnabled(t *testing.T, db *twoFactors) {
 	ctx := context.Background()
 
 	// Create a 2FA token for user 1
 	err := db.Create(ctx, 1, "secure-key", "secure-secret")
 	require.NoError(t, err)
 
-	assert.True(t, db.IsUserEnabled(ctx, 1))
-	assert.False(t, db.IsUserEnabled(ctx, 2))
+	assert.True(t, db.IsEnabled(ctx, 1))
+	assert.False(t, db.IsEnabled(ctx, 2))
 }
diff --git a/internal/db/user.go b/internal/db/user.go
index 6a2aa296..3fff95d4 100644
--- a/internal/db/user.go
+++ b/internal/db/user.go
@@ -53,46 +53,6 @@ func (u *User) AfterSet(colName string, _ xorm.Cell) {
 	}
 }
 
-// IsAdminOfRepo returns true if user has admin or higher access of repository.
-func (u *User) IsAdminOfRepo(repo *Repository) bool {
-	return Perms.Authorize(context.TODO(), u.ID, repo.ID, AccessModeAdmin,
-		AccessModeOptions{
-			OwnerID: repo.OwnerID,
-			Private: repo.IsPrivate,
-		},
-	)
-}
-
-// IsWriterOfRepo returns true if user has write access to given repository.
-func (u *User) IsWriterOfRepo(repo *Repository) bool {
-	return Perms.Authorize(context.TODO(), u.ID, repo.ID, AccessModeWrite,
-		AccessModeOptions{
-			OwnerID: repo.OwnerID,
-			Private: repo.IsPrivate,
-		},
-	)
-}
-
-// IsOrganization returns true if user is actually a organization.
-func (u *User) IsOrganization() bool {
-	return u.Type == UserTypeOrganization
-}
-
-// IsUserOrgOwner returns true if user is in the owner team of given organization.
-func (u *User) IsUserOrgOwner(orgId int64) bool {
-	return IsOrganizationOwner(orgId, u.ID)
-}
-
-// IsPublicMember returns true if user public his/her membership in give organization.
-func (u *User) IsPublicMember(orgId int64) bool {
-	return IsPublicMembership(orgId, u.ID)
-}
-
-// IsEnabledTwoFactor returns true if user has enabled two-factor authentication.
-func (u *User) IsEnabledTwoFactor() bool {
-	return TwoFactors.IsUserEnabled(context.TODO(), u.ID)
-}
-
 func (u *User) getOrganizationCount(e Engine) (int64, error) {
 	return e.Where("uid=?", u.ID).Count(new(OrgUser))
 }
diff --git a/internal/db/users.go b/internal/db/users.go
index ca755fc6..bdd6501b 100644
--- a/internal/db/users.go
+++ b/internal/db/users.go
@@ -511,11 +511,16 @@ func (u *User) AfterFind(_ *gorm.DB) error {
 	return nil
 }
 
-// IsLocal returns true if user is created as local account.
+// IsLocal returns true if the user is created as local account.
 func (u *User) IsLocal() bool {
 	return u.LoginSource <= 0
 }
 
+// IsOrganization returns true if the user is an organization.
+func (u *User) IsOrganization() bool {
+	return u.Type == UserTypeOrganization
+}
+
 // APIFormat returns the API format of a user.
 func (u *User) APIFormat() *api.User {
 	return &api.User{
@@ -626,3 +631,21 @@ func (u *User) AvatarURL() string {
 func (u *User) IsFollowing(followID int64) bool {
 	return Follows.IsFollowing(context.TODO(), u.ID, followID)
 }
+
+// IsUserOrgOwner returns true if the user is in the owner team of the given
+// organization.
+//
+// TODO(unknwon): This is also used in templates, which should be fixed by
+// having a dedicated type `template.User`.
+func (u *User) IsUserOrgOwner(orgId int64) bool {
+	return IsOrganizationOwner(orgId, u.ID)
+}
+
+// IsPublicMember returns true if the user has public membership of the given
+// organization.
+//
+// TODO(unknwon): This is also used in templates, which should be fixed by
+// having a dedicated type `template.User`.
+func (u *User) IsPublicMember(orgId int64) bool {
+	return IsPublicMembership(orgId, u.ID)
+}