diff options
Diffstat (limited to 'internal/route')
| -rw-r--r-- | internal/route/api/v1/api.go | 18 | ||||
| -rw-r--r-- | internal/route/lfs/route.go | 7 | ||||
| -rw-r--r-- | internal/route/lfs/route_test.go | 4 | ||||
| -rw-r--r-- | internal/route/repo/http.go | 7 |
4 files changed, 23 insertions, 13 deletions
diff --git a/internal/route/api/v1/api.go b/internal/route/api/v1/api.go index 993ce8a3..13de45b2 100644 --- a/internal/route/api/v1/api.go +++ b/internal/route/api/v1/api.go @@ -45,11 +45,11 @@ func repoAssignment() macaron.Handler { } c.Repo.Owner = owner - r, err := db.GetRepositoryByName(owner.ID, reponame) + repo, err := db.Repos.GetByName(owner.ID, reponame) if err != nil { c.NotFoundOrError(err, "get repository by name") return - } else if err = r.GetOwner(); err != nil { + } else if err = repo.GetOwner(); err != nil { c.Error(err, "get owner") return } @@ -57,12 +57,12 @@ func repoAssignment() macaron.Handler { if c.IsTokenAuth && c.User.IsAdmin { c.Repo.AccessMode = db.AccessModeOwner } else { - mode, err := db.UserAccessMode(c.UserID(), r) - if err != nil { - c.Error(err, "get user access mode") - return - } - c.Repo.AccessMode = mode + c.Repo.AccessMode = db.Perms.AccessMode(c.UserID(), repo.ID, + db.AccessModeOptions{ + OwnerID: repo.OwnerID, + Private: repo.IsPrivate, + }, + ) } if !c.Repo.HasAccess() { @@ -70,7 +70,7 @@ func repoAssignment() macaron.Handler { return } - c.Repo.Repository = r + c.Repo.Repository = repo } } diff --git a/internal/route/lfs/route.go b/internal/route/lfs/route.go index 40cb95eb..ff1bd591 100644 --- a/internal/route/lfs/route.go +++ b/internal/route/lfs/route.go @@ -131,7 +131,12 @@ func authorize(mode db.AccessMode) macaron.Handler { return } - if !db.Perms.Authorize(actor.ID, repo, mode) { + if !db.Perms.Authorize(actor.ID, repo.ID, mode, + db.AccessModeOptions{ + OwnerID: repo.OwnerID, + Private: repo.IsPrivate, + }, + ) { c.Status(http.StatusNotFound) return } diff --git a/internal/route/lfs/route_test.go b/internal/route/lfs/route_test.go index b6ef1ebc..9571c89d 100644 --- a/internal/route/lfs/route_test.go +++ b/internal/route/lfs/route_test.go @@ -209,7 +209,7 @@ func Test_authorize(t *testing.T) { }, }, mockPermsStore: &db.MockPermsStore{ - MockAuthorize: func(userID int64, repo *db.Repository, desired db.AccessMode) bool { + MockAuthorize: func(userID, repoID int64, desired db.AccessMode, opts db.AccessModeOptions) bool { return desired <= db.AccessModeRead }, }, @@ -230,7 +230,7 @@ func Test_authorize(t *testing.T) { }, }, mockPermsStore: &db.MockPermsStore{ - MockAuthorize: func(userID int64, repo *db.Repository, desired db.AccessMode) bool { + MockAuthorize: func(userID, repoID int64, desired db.AccessMode, opts db.AccessModeOptions) bool { return desired <= db.AccessModeRead }, }, diff --git a/internal/route/repo/http.go b/internal/route/repo/http.go index f4a77a28..e14569f1 100644 --- a/internal/route/repo/http.go +++ b/internal/route/repo/http.go @@ -165,7 +165,12 @@ Please create and use personal access token on user settings page`) if isPull { mode = db.AccessModeRead } - if !db.Perms.Authorize(authUser.ID, repo, mode) { + if !db.Perms.Authorize(authUser.ID, repo.ID, mode, + db.AccessModeOptions{ + OwnerID: repo.OwnerID, + Private: repo.IsPrivate, + }, + ) { askCredentials(c, http.StatusForbidden, "User permission denied") return } |