aboutsummaryrefslogtreecommitdiff
path: root/models
diff options
context:
space:
mode:
Diffstat (limited to 'models')
-rw-r--r--models/access.go30
-rw-r--r--models/issue.go2
-rw-r--r--models/org_team.go6
-rw-r--r--models/repo.go4
-rw-r--r--models/ssh_key.go2
-rw-r--r--models/user.go10
6 files changed, 29 insertions, 25 deletions
diff --git a/models/access.go b/models/access.go
index e780c3d0..0844a0fe 100644
--- a/models/access.go
+++ b/models/access.go
@@ -57,41 +57,45 @@ type Access struct {
Mode AccessMode
}
-func accessLevel(e Engine, u *User, repo *Repository) (AccessMode, error) {
+func accessLevel(e Engine, userID int64, repo *Repository) (AccessMode, error) {
mode := ACCESS_MODE_NONE
+ // Everyone has read access to public repository
if !repo.IsPrivate {
mode = ACCESS_MODE_READ
}
- if u == nil {
+ if userID <= 0 {
return mode, nil
}
- if u.ID == repo.OwnerID {
+ if userID == repo.OwnerID {
return ACCESS_MODE_OWNER, nil
}
- a := &Access{UserID: u.ID, RepoID: repo.ID}
- if has, err := e.Get(a); !has || err != nil {
+ access := &Access{
+ UserID: userID,
+ RepoID: repo.ID,
+ }
+ if has, err := e.Get(access); !has || err != nil {
return mode, err
}
- return a.Mode, nil
+ return access.Mode, nil
}
// AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
-// user does not have access. User can be nil!
-func AccessLevel(u *User, repo *Repository) (AccessMode, error) {
- return accessLevel(x, u, repo)
+// user does not have access.
+func AccessLevel(userID int64, repo *Repository) (AccessMode, error) {
+ return accessLevel(x, userID, repo)
}
-func hasAccess(e Engine, u *User, repo *Repository, testMode AccessMode) (bool, error) {
- mode, err := accessLevel(e, u, repo)
+func hasAccess(e Engine, userID int64, repo *Repository, testMode AccessMode) (bool, error) {
+ mode, err := accessLevel(e, userID, repo)
return mode >= testMode, err
}
// HasAccess returns true if someone has the request access level. User can be nil!
-func HasAccess(u *User, repo *Repository, testMode AccessMode) (bool, error) {
- return hasAccess(x, u, repo, testMode)
+func HasAccess(userID int64, repo *Repository, testMode AccessMode) (bool, error) {
+ return hasAccess(x, userID, repo, testMode)
}
// GetRepositoryAccesses finds all repositories with their access mode where a user has access but does not own.
diff --git a/models/issue.go b/models/issue.go
index 76032668..f9e20daf 100644
--- a/models/issue.go
+++ b/models/issue.go
@@ -618,7 +618,7 @@ func newIssue(e *xorm.Session, opts NewIssueOptions) (err error) {
// Assume assignee is invalid and drop silently.
opts.Issue.AssigneeID = 0
if assignee != nil {
- valid, err := hasAccess(e, assignee, opts.Repo, ACCESS_MODE_READ)
+ valid, err := hasAccess(e, assignee.ID, opts.Repo, ACCESS_MODE_READ)
if err != nil {
return fmt.Errorf("hasAccess [user_id: %d, repo_id: %d]: %v", assignee.ID, opts.Repo.ID, err)
}
diff --git a/models/org_team.go b/models/org_team.go
index c9f6f5d1..217febdf 100644
--- a/models/org_team.go
+++ b/models/org_team.go
@@ -166,15 +166,15 @@ func (t *Team) removeRepository(e Engine, repo *Repository, recalculate bool) (e
if err = t.getMembers(e); err != nil {
return fmt.Errorf("get team members: %v", err)
}
- for _, u := range t.Members {
- has, err := hasAccess(e, u, repo, ACCESS_MODE_READ)
+ for _, member := range t.Members {
+ has, err := hasAccess(e, member.ID, repo, ACCESS_MODE_READ)
if err != nil {
return err
} else if has {
continue
}
- if err = watchRepo(e, u.ID, repo.ID, false); err != nil {
+ if err = watchRepo(e, member.ID, repo.ID, false); err != nil {
return err
}
}
diff --git a/models/repo.go b/models/repo.go
index 67adf20d..dfa04d88 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -419,8 +419,8 @@ func (repo *Repository) ComposeCompareURL(oldCommitID, newCommitID string) strin
return fmt.Sprintf("%s/%s/compare/%s...%s", repo.MustOwner().Name, repo.Name, oldCommitID, newCommitID)
}
-func (repo *Repository) HasAccess(u *User) bool {
- has, _ := HasAccess(u, repo, ACCESS_MODE_READ)
+func (repo *Repository) HasAccess(userID int64) bool {
+ has, _ := HasAccess(userID, repo, ACCESS_MODE_READ)
return has
}
diff --git a/models/ssh_key.go b/models/ssh_key.go
index 231ae1e1..387fc016 100644
--- a/models/ssh_key.go
+++ b/models/ssh_key.go
@@ -736,7 +736,7 @@ func DeleteDeployKey(doer *User, id int64) error {
if err != nil {
return fmt.Errorf("GetRepositoryByID: %v", err)
}
- yes, err := HasAccess(doer, repo, ACCESS_MODE_ADMIN)
+ yes, err := HasAccess(doer.ID, repo, ACCESS_MODE_ADMIN)
if err != nil {
return fmt.Errorf("HasAccess: %v", err)
} else if !yes {
diff --git a/models/user.go b/models/user.go
index a5b1f9f5..5c93b077 100644
--- a/models/user.go
+++ b/models/user.go
@@ -385,18 +385,18 @@ func (u *User) DeleteAvatar() error {
// IsAdminOfRepo returns true if user has admin or higher access of repository.
func (u *User) IsAdminOfRepo(repo *Repository) bool {
- has, err := HasAccess(u, repo, ACCESS_MODE_ADMIN)
+ has, err := HasAccess(u.ID, repo, ACCESS_MODE_ADMIN)
if err != nil {
- log.Error(3, "HasAccess: %v", err)
+ log.Error(2, "HasAccess: %v", err)
}
return has
}
// IsWriterOfRepo returns true if user has write access to given repository.
func (u *User) IsWriterOfRepo(repo *Repository) bool {
- has, err := HasAccess(u, repo, ACCESS_MODE_WRITE)
+ has, err := HasAccess(u.ID, repo, ACCESS_MODE_WRITE)
if err != nil {
- log.Error(3, "HasAccess: %v", err)
+ log.Error(2, "HasAccess: %v", err)
}
return has
}
@@ -911,7 +911,7 @@ func GetUserByID(id int64) (*User, error) {
// GetAssigneeByID returns the user with write access of repository by given ID.
func GetAssigneeByID(repo *Repository, userID int64) (*User, error) {
- has, err := HasAccess(&User{ID: userID}, repo, ACCESS_MODE_READ)
+ has, err := HasAccess(userID, repo, ACCESS_MODE_READ)
if err != nil {
return nil, err
} else if !has {
Powered by cgit, Themed by Ted Yin.