diff options
Diffstat (limited to 'serve.go')
| -rw-r--r-- | serve.go | 65 |
1 files changed, 35 insertions, 30 deletions
@@ -74,29 +74,33 @@ func In(b string, sl map[string]int) bool { func runServ(k *cli.Context) { execDir, _ := base.ExecDir() newLogger(execDir) - log.Trace("new serv request " + log.Mode + ":" + log.Config) base.NewConfigContext() models.LoadModelsConfig() + + if models.UseSQLite3 { + os.Chdir(execDir) + } + models.SetEngine() keys := strings.Split(os.Args[2], "-") if len(keys) != 2 { - fmt.Println("auth file format error") + println("auth file format error") log.Error("auth file format error") return } keyId, err := strconv.ParseInt(keys[1], 10, 64) if err != nil { - fmt.Println("auth file format error") - log.Error("auth file format error") + println("auth file format error") + log.Error("auth file format error", err) return } user, err := models.GetUserByKeyId(keyId) if err != nil { - fmt.Println("You have no right to access") - log.Error("You have no right to access") + println("You have no right to access") + log.Error("SSH visit error: %v", err) return } @@ -107,13 +111,14 @@ func runServ(k *cli.Context) { } verb, args := parseCmd(cmd) - rRepo := strings.Trim(args, "'") - rr := strings.SplitN(rRepo, "/", 2) + repoPath := strings.Trim(args, "'") + rr := strings.SplitN(repoPath, "/", 2) if len(rr) != 2 { println("Unavilable repository", args) log.Error("Unavilable repository %v", args) return } + repoUserName := rr[0] repoName := rr[1] if strings.HasSuffix(repoName, ".git") { repoName = repoName[:len(repoName)-4] @@ -122,46 +127,46 @@ func runServ(k *cli.Context) { isWrite := In(verb, COMMANDS_WRITE) isRead := In(verb, COMMANDS_READONLY) - /*//repo, err := models.GetRepositoryByName(user.Id, repoName) - //var isExist bool = true + repoUser, err := models.GetUserByName(repoUserName) if err != nil { - if err == models.ErrRepoNotExist { - //isExist = false - if isRead { - println("Repository", user.Name+"/"+repoName, "is not exist") - log.Error("Repository " + user.Name + "/" + repoName + " is not exist") - return - } - } else { - println("Get repository error:", err) - log.Error("Get repository error: " + err.Error()) - return - } - }*/ + fmt.Println("You have no right to access") + log.Error("Get user failed", err) + return + } // access check switch { case isWrite: - has, err := models.HasAccess(user.Name, repoName, models.AU_WRITABLE) + has, err := models.HasAccess(user.LowerName, path.Join(repoUserName, repoName), models.AU_WRITABLE) if err != nil { println("Inernel error:", err) log.Error(err.Error()) return - } - if !has { + } else if !has { println("You have no right to write this repository") - log.Error("You have no right to access this repository") + log.Error("User %s has no right to write repository %s", user.Name, repoPath) return } case isRead: - has, err := models.HasAccess(user.Name, repoName, models.AU_READABLE) + repo, err := models.GetRepositoryByName(repoUser.Id, repoName) + if err != nil { + println("Get repository error:", err) + log.Error("Get repository error: " + err.Error()) + return + } + + if !repo.IsPrivate { + break + } + + has, err := models.HasAccess(user.Name, repoPath, models.AU_READABLE) if err != nil { println("Inernel error") log.Error(err.Error()) return } if !has { - has, err = models.HasAccess(user.Name, repoName, models.AU_WRITABLE) + has, err = models.HasAccess(user.Name, repoPath, models.AU_WRITABLE) if err != nil { println("Inernel error") log.Error(err.Error()) @@ -184,7 +189,7 @@ func runServ(k *cli.Context) { os.Setenv("userId", strconv.Itoa(int(user.Id))) os.Setenv("repoName", repoName) - gitcmd := exec.Command(verb, rRepo) + gitcmd := exec.Command(verb, repoPath) gitcmd.Dir = base.RepoRootPath gitcmd.Stdout = os.Stdout gitcmd.Stdin = os.Stdin |