forked from kevadesu/forgejo
Move access and repo permission to models/perm/access (#19350)
* Move access and repo permission to models/perm/access * Remove unnecessary code
This commit is contained in:
parent
8e8e936ada
commit
cbd45471b1
72 changed files with 608 additions and 511 deletions
|
@ -32,7 +32,7 @@ func RequireRepoWriter(unitType unit.Type) func(ctx *Context) {
|
|||
// CanEnableEditor checks if the user is allowed to write to the branch of the repo
|
||||
func CanEnableEditor() func(ctx *Context) {
|
||||
return func(ctx *Context) {
|
||||
if !ctx.Repo.Permission.CanWriteToBranch(ctx.Doer, ctx.Repo.BranchName) {
|
||||
if !ctx.Repo.CanWriteToBranch(ctx.Doer, ctx.Repo.BranchName) {
|
||||
ctx.NotFound("CanWriteToBranch denies permission", nil)
|
||||
return
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
access_model "code.gitea.io/gitea/models/perm/access"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
unit_model "code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
|
@ -54,7 +55,7 @@ type PullRequest struct {
|
|||
|
||||
// Repository contains information to operate a repository
|
||||
type Repository struct {
|
||||
models.Permission
|
||||
access_model.Permission
|
||||
IsWatching bool
|
||||
IsViewBranch bool
|
||||
IsViewTag bool
|
||||
|
@ -77,9 +78,14 @@ type Repository struct {
|
|||
PullRequest *PullRequest
|
||||
}
|
||||
|
||||
// CanWriteToBranch checks if the branch is writable by the user
|
||||
func (r *Repository) CanWriteToBranch(user *user_model.User, branch string) bool {
|
||||
return models.CanMaintainerWriteToBranch(r.Permission, branch, user)
|
||||
}
|
||||
|
||||
// CanEnableEditor returns true if repository is editable and user has proper access level.
|
||||
func (r *Repository) CanEnableEditor(user *user_model.User) bool {
|
||||
return r.IsViewBranch && r.Permission.CanWriteToBranch(user, r.BranchName) && r.Repository.CanEnableEditor() && !r.Repository.IsArchived
|
||||
return r.IsViewBranch && r.CanWriteToBranch(user, r.BranchName) && r.Repository.CanEnableEditor() && !r.Repository.IsArchived
|
||||
}
|
||||
|
||||
// CanCreateBranch returns true if repository is editable and user has proper access level.
|
||||
|
@ -285,7 +291,7 @@ func RetrieveTemplateRepo(ctx *Context, repo *repo_model.Repository) {
|
|||
return
|
||||
}
|
||||
|
||||
perm, err := models.GetUserRepoPermission(ctx, templateRepo, ctx.Doer)
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, templateRepo, ctx.Doer)
|
||||
if err != nil {
|
||||
ctx.ServerError("GetUserRepoPermission", err)
|
||||
return
|
||||
|
@ -351,7 +357,7 @@ func repoAssignment(ctx *Context, repo *repo_model.Repository) {
|
|||
return
|
||||
}
|
||||
|
||||
ctx.Repo.Permission, err = models.GetUserRepoPermission(ctx, repo, ctx.Doer)
|
||||
ctx.Repo.Permission, err = access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
|
||||
if err != nil {
|
||||
ctx.ServerError("GetUserRepoPermission", err)
|
||||
return
|
||||
|
|
|
@ -17,6 +17,7 @@ import (
|
|||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/organization"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
access_model "code.gitea.io/gitea/models/perm/access"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
|
@ -44,16 +45,16 @@ func ToBranch(repo *repo_model.Repository, b *git.Branch, c *git.Commit, bp *mod
|
|||
var canPush bool
|
||||
var err error
|
||||
if user != nil {
|
||||
hasPerm, err = models.HasAccessUnit(user, repo, unit.TypeCode, perm.AccessModeWrite)
|
||||
hasPerm, err = access_model.HasAccessUnit(db.DefaultContext, user, repo, unit.TypeCode, perm.AccessModeWrite)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
perms, err := models.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
perms, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
canPush = perms.CanWriteToBranch(user, b.Name)
|
||||
canPush = models.CanMaintainerWriteToBranch(perms, b.Name, user)
|
||||
}
|
||||
|
||||
return &api.Branch{
|
||||
|
@ -82,7 +83,7 @@ func ToBranch(repo *repo_model.Repository, b *git.Branch, c *git.Commit, bp *mod
|
|||
}
|
||||
|
||||
if user != nil {
|
||||
permission, err := models.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
permission, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -7,8 +7,8 @@ package convert
|
|||
import (
|
||||
"context"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/packages"
|
||||
access_model "code.gitea.io/gitea/models/perm/access"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
api "code.gitea.io/gitea/modules/structs"
|
||||
)
|
||||
|
@ -17,7 +17,7 @@ import (
|
|||
func ToPackage(ctx context.Context, pd *packages.PackageDescriptor, doer *user_model.User) (*api.Package, error) {
|
||||
var repo *api.Repository
|
||||
if pd.Repository != nil {
|
||||
permission, err := models.GetUserRepoPermission(ctx, pd.Repository, doer)
|
||||
permission, err := access_model.GetUserRepoPermission(ctx, pd.Repository, doer)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -10,6 +10,7 @@ import (
|
|||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
access_model "code.gitea.io/gitea/models/perm/access"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/git"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
|
@ -43,7 +44,7 @@ func ToAPIPullRequest(ctx context.Context, pr *models.PullRequest, doer *user_mo
|
|||
return nil
|
||||
}
|
||||
|
||||
p, err := models.GetUserRepoPermission(ctx, pr.BaseRepo, doer)
|
||||
p, err := access_model.GetUserRepoPermission(ctx, pr.BaseRepo, doer)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission[%d]: %v", pr.BaseRepoID, err)
|
||||
p.AccessMode = perm.AccessModeNone
|
||||
|
@ -132,7 +133,7 @@ func ToAPIPullRequest(ctx context.Context, pr *models.PullRequest, doer *user_mo
|
|||
}
|
||||
|
||||
if pr.HeadRepo != nil && pr.Flow == models.PullRequestFlowGithub {
|
||||
p, err := models.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
|
||||
p, err := access_model.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission[%d]: %v", pr.HeadRepoID, err)
|
||||
p.AccessMode = perm.AccessModeNone
|
||||
|
|
|
@ -11,6 +11,7 @@ import (
|
|||
"code.gitea.io/gitea/models/db"
|
||||
packages_model "code.gitea.io/gitea/models/packages"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
access_model "code.gitea.io/gitea/models/perm/access"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
"code.gitea.io/gitea/models/unit"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
|
@ -52,7 +53,7 @@ func (m *webhookNotifier) NotifyIssueClearLabels(doer *user_model.User, issue *m
|
|||
return
|
||||
}
|
||||
|
||||
mode, _ := models.AccessLevel(issue.Poster, issue.Repo)
|
||||
mode, _ := access_model.AccessLevel(issue.Poster, issue.Repo)
|
||||
var err error
|
||||
if issue.IsPull {
|
||||
if err = issue.LoadPullRequest(); err != nil {
|
||||
|
@ -82,8 +83,8 @@ func (m *webhookNotifier) NotifyIssueClearLabels(doer *user_model.User, issue *m
|
|||
}
|
||||
|
||||
func (m *webhookNotifier) NotifyForkRepository(doer *user_model.User, oldRepo, repo *repo_model.Repository) {
|
||||
oldMode, _ := models.AccessLevel(doer, oldRepo)
|
||||
mode, _ := models.AccessLevel(doer, repo)
|
||||
oldMode, _ := access_model.AccessLevel(doer, oldRepo)
|
||||
mode, _ := access_model.AccessLevel(doer, repo)
|
||||
|
||||
// forked webhook
|
||||
if err := webhook_services.PrepareWebhooks(oldRepo, webhook.HookEventFork, &api.ForkPayload{
|
||||
|
@ -151,7 +152,7 @@ func (m *webhookNotifier) NotifyIssueChangeAssignee(doer *user_model.User, issue
|
|||
defer finished()
|
||||
|
||||
if issue.IsPull {
|
||||
mode, _ := models.AccessLevelUnit(doer, issue.Repo, unit.TypePullRequests)
|
||||
mode, _ := access_model.AccessLevelUnit(doer, issue.Repo, unit.TypePullRequests)
|
||||
|
||||
if err := issue.LoadPullRequest(); err != nil {
|
||||
log.Error("LoadPullRequest failed: %v", err)
|
||||
|
@ -175,7 +176,7 @@ func (m *webhookNotifier) NotifyIssueChangeAssignee(doer *user_model.User, issue
|
|||
return
|
||||
}
|
||||
} else {
|
||||
mode, _ := models.AccessLevelUnit(doer, issue.Repo, unit.TypeIssues)
|
||||
mode, _ := access_model.AccessLevelUnit(doer, issue.Repo, unit.TypeIssues)
|
||||
apiIssue := &api.IssuePayload{
|
||||
Index: issue.Index,
|
||||
Issue: convert.ToAPIIssue(issue),
|
||||
|
@ -199,7 +200,7 @@ func (m *webhookNotifier) NotifyIssueChangeTitle(doer *user_model.User, issue *m
|
|||
ctx, _, finished := process.GetManager().AddContext(graceful.GetManager().HammerContext(), fmt.Sprintf("webhook.NotifyIssueChangeTitle User: %s[%d] Issue[%d] #%d in [%d]", doer.Name, doer.ID, issue.ID, issue.Index, issue.RepoID))
|
||||
defer finished()
|
||||
|
||||
mode, _ := models.AccessLevel(issue.Poster, issue.Repo)
|
||||
mode, _ := access_model.AccessLevel(issue.Poster, issue.Repo)
|
||||
var err error
|
||||
if issue.IsPull {
|
||||
if err = issue.LoadPullRequest(); err != nil {
|
||||
|
@ -243,7 +244,7 @@ func (m *webhookNotifier) NotifyIssueChangeStatus(doer *user_model.User, issue *
|
|||
ctx, _, finished := process.GetManager().AddContext(graceful.GetManager().HammerContext(), fmt.Sprintf("webhook.NotifyIssueChangeStatus User: %s[%d] Issue[%d] #%d in [%d]", doer.Name, doer.ID, issue.ID, issue.Index, issue.RepoID))
|
||||
defer finished()
|
||||
|
||||
mode, _ := models.AccessLevel(issue.Poster, issue.Repo)
|
||||
mode, _ := access_model.AccessLevel(issue.Poster, issue.Repo)
|
||||
var err error
|
||||
if issue.IsPull {
|
||||
if err = issue.LoadPullRequest(); err != nil {
|
||||
|
@ -292,7 +293,7 @@ func (m *webhookNotifier) NotifyNewIssue(issue *models.Issue, mentions []*user_m
|
|||
return
|
||||
}
|
||||
|
||||
mode, _ := models.AccessLevel(issue.Poster, issue.Repo)
|
||||
mode, _ := access_model.AccessLevel(issue.Poster, issue.Repo)
|
||||
if err := webhook_services.PrepareWebhooks(issue.Repo, webhook.HookEventIssues, &api.IssuePayload{
|
||||
Action: api.HookIssueOpened,
|
||||
Index: issue.Index,
|
||||
|
@ -321,7 +322,7 @@ func (m *webhookNotifier) NotifyNewPullRequest(pull *models.PullRequest, mention
|
|||
return
|
||||
}
|
||||
|
||||
mode, _ := models.AccessLevel(pull.Issue.Poster, pull.Issue.Repo)
|
||||
mode, _ := access_model.AccessLevel(pull.Issue.Poster, pull.Issue.Repo)
|
||||
if err := webhook_services.PrepareWebhooks(pull.Issue.Repo, webhook.HookEventPullRequest, &api.PullRequestPayload{
|
||||
Action: api.HookIssueOpened,
|
||||
Index: pull.Issue.Index,
|
||||
|
@ -337,7 +338,7 @@ func (m *webhookNotifier) NotifyIssueChangeContent(doer *user_model.User, issue
|
|||
ctx, _, finished := process.GetManager().AddContext(graceful.GetManager().HammerContext(), fmt.Sprintf("webhook.NotifyIssueChangeContent User: %s[%d] Issue[%d] #%d in [%d]", doer.Name, doer.ID, issue.ID, issue.Index, issue.RepoID))
|
||||
defer finished()
|
||||
|
||||
mode, _ := models.AccessLevel(issue.Poster, issue.Repo)
|
||||
mode, _ := access_model.AccessLevel(issue.Poster, issue.Repo)
|
||||
var err error
|
||||
if issue.IsPull {
|
||||
issue.PullRequest.Issue = issue
|
||||
|
@ -389,7 +390,7 @@ func (m *webhookNotifier) NotifyUpdateComment(doer *user_model.User, c *models.C
|
|||
return
|
||||
}
|
||||
|
||||
mode, _ := models.AccessLevel(doer, c.Issue.Repo)
|
||||
mode, _ := access_model.AccessLevel(doer, c.Issue.Repo)
|
||||
if c.Issue.IsPull {
|
||||
err = webhook_services.PrepareWebhooks(c.Issue.Repo, webhook.HookEventPullRequestComment, &api.IssueCommentPayload{
|
||||
Action: api.HookIssueCommentEdited,
|
||||
|
@ -428,7 +429,7 @@ func (m *webhookNotifier) NotifyUpdateComment(doer *user_model.User, c *models.C
|
|||
func (m *webhookNotifier) NotifyCreateIssueComment(doer *user_model.User, repo *repo_model.Repository,
|
||||
issue *models.Issue, comment *models.Comment, mentions []*user_model.User,
|
||||
) {
|
||||
mode, _ := models.AccessLevel(doer, repo)
|
||||
mode, _ := access_model.AccessLevel(doer, repo)
|
||||
|
||||
var err error
|
||||
if issue.IsPull {
|
||||
|
@ -473,7 +474,7 @@ func (m *webhookNotifier) NotifyDeleteComment(doer *user_model.User, comment *mo
|
|||
return
|
||||
}
|
||||
|
||||
mode, _ := models.AccessLevel(doer, comment.Issue.Repo)
|
||||
mode, _ := access_model.AccessLevel(doer, comment.Issue.Repo)
|
||||
|
||||
if comment.Issue.IsPull {
|
||||
err = webhook_services.PrepareWebhooks(comment.Issue.Repo, webhook.HookEventPullRequestComment, &api.IssueCommentPayload{
|
||||
|
@ -518,7 +519,7 @@ func (m *webhookNotifier) NotifyIssueChangeLabels(doer *user_model.User, issue *
|
|||
return
|
||||
}
|
||||
|
||||
mode, _ := models.AccessLevel(issue.Poster, issue.Repo)
|
||||
mode, _ := access_model.AccessLevel(issue.Poster, issue.Repo)
|
||||
if issue.IsPull {
|
||||
if err = issue.LoadPullRequest(); err != nil {
|
||||
log.Error("loadPullRequest: %v", err)
|
||||
|
@ -566,7 +567,7 @@ func (m *webhookNotifier) NotifyIssueChangeMilestone(doer *user_model.User, issu
|
|||
return
|
||||
}
|
||||
|
||||
mode, _ := models.AccessLevel(doer, issue.Repo)
|
||||
mode, _ := access_model.AccessLevel(doer, issue.Repo)
|
||||
if issue.IsPull {
|
||||
err = issue.PullRequest.LoadIssue()
|
||||
if err != nil {
|
||||
|
@ -640,7 +641,7 @@ func (*webhookNotifier) NotifyMergePullRequest(pr *models.PullRequest, doer *use
|
|||
return
|
||||
}
|
||||
|
||||
mode, err := models.AccessLevel(doer, pr.Issue.Repo)
|
||||
mode, err := access_model.AccessLevel(doer, pr.Issue.Repo)
|
||||
if err != nil {
|
||||
log.Error("models.AccessLevel: %v", err)
|
||||
return
|
||||
|
@ -676,7 +677,7 @@ func (m *webhookNotifier) NotifyPullRequestChangeTargetBranch(doer *user_model.U
|
|||
return
|
||||
}
|
||||
issue.PullRequest.Issue = issue
|
||||
mode, _ := models.AccessLevel(issue.Poster, issue.Repo)
|
||||
mode, _ := access_model.AccessLevel(issue.Poster, issue.Repo)
|
||||
err = webhook_services.PrepareWebhooks(issue.Repo, webhook.HookEventPullRequest, &api.PullRequestPayload{
|
||||
Action: api.HookIssueEdited,
|
||||
Index: issue.Index,
|
||||
|
@ -719,7 +720,7 @@ func (m *webhookNotifier) NotifyPullRequestReview(pr *models.PullRequest, review
|
|||
return
|
||||
}
|
||||
|
||||
mode, err := models.AccessLevel(review.Issue.Poster, review.Issue.Repo)
|
||||
mode, err := access_model.AccessLevel(review.Issue.Poster, review.Issue.Repo)
|
||||
if err != nil {
|
||||
log.Error("models.AccessLevel: %v", err)
|
||||
return
|
||||
|
@ -801,7 +802,7 @@ func sendReleaseHook(doer *user_model.User, rel *models.Release, action api.Hook
|
|||
return
|
||||
}
|
||||
|
||||
mode, _ := models.AccessLevel(doer, rel.Repo)
|
||||
mode, _ := access_model.AccessLevel(doer, rel.Repo)
|
||||
if err := webhook_services.PrepareWebhooks(rel.Repo, webhook.HookEventRelease, &api.ReleasePayload{
|
||||
Action: action,
|
||||
Release: convert.ToRelease(rel),
|
||||
|
|
|
@ -574,7 +574,7 @@ func Avatar(item interface{}, others ...interface{}) template.HTML {
|
|||
if src != "" {
|
||||
return AvatarHTML(src, size, class, t.DisplayName())
|
||||
}
|
||||
case *models.Collaborator:
|
||||
case *repo_model.Collaborator:
|
||||
src := t.AvatarLinkWithSize(size * setting.Avatar.RenderedSizeFactor)
|
||||
if src != "" {
|
||||
return AvatarHTML(src, size, class, t.DisplayName())
|
||||
|
|
|
@ -13,7 +13,7 @@ import (
|
|||
"net/url"
|
||||
"testing"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
access_model "code.gitea.io/gitea/models/perm/access"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
|
@ -61,7 +61,7 @@ func LoadRepo(t *testing.T, ctx *context.Context, repoID int64) {
|
|||
ctx.Repo.Owner, err = user_model.GetUserByID(ctx.Repo.Repository.OwnerID)
|
||||
assert.NoError(t, err)
|
||||
ctx.Repo.RepoLink = ctx.Repo.Repository.Link()
|
||||
ctx.Repo.Permission, err = models.GetUserRepoPermission(ctx, ctx.Repo.Repository, ctx.Doer)
|
||||
ctx.Repo.Permission, err = access_model.GetUserRepoPermission(ctx, ctx.Repo.Repository, ctx.Doer)
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue