kevadesu/forgejo
1
0
Fork 1
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-07-16 00:49:23 +02:00
Code Issues Projects Releases Packages Wiki Activity

[v12.0/forgejo] fix: corrupted wiki unit default permission (#8234 follow-up) (#8439)
Some checks failed
testing-integration / test-sqlite (push) Has been cancelled
testing / backend-checks (push) Has been cancelled
/ release (push) Has been cancelled
testing-integration / test-unit (push) Has been cancelled
testing / frontend-checks (push) Has been cancelled
testing / test-unit (push) Has been cancelled
testing / test-e2e (push) Has been cancelled
testing / test-remote-cacher (redis) (push) Has been cancelled
testing / test-remote-cacher (valkey) (push) Has been cancelled
testing / test-remote-cacher (garnet) (push) Has been cancelled
testing / test-remote-cacher (redict) (push) Has been cancelled
testing / test-mysql (push) Has been cancelled
testing / test-pgsql (push) Has been cancelled
testing / test-sqlite (push) Has been cancelled
testing / security-check (push) Has been cancelled

Browse source 
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/8258

Closes #8119, follow-up of #8234

#8234 "only" fixed the case when a new wiki setting was applied.

However it lacked 2 aspects:
- fixing the already corrupted unit permission in the database (required a migration)
- fixing the API route

Both aspects should now be covered.

Additionally, I commented out the unused `UnitAccessMode` and indicated that they are only used for the wiki-unit (hopefully saving some time to future code-readers).

### Testing

- go to a commit before #8234 (e.g. 285f66b782)
- create 3 repositories
  - save the wiki settings of the second, without any change
  - set the wiki of the third to be globally writable
- verify the `default_permissions` column in the database, of the unit `5`: 0, 2, 3
- stop Forgejo, switch to this PR and start Forgejo
- verify that the logs writes `Migration[35]: Fix wiki unit default permission`
- verify the `default_permissions` column in the database, of the unit `5`: 0, 0, 3

Before:

![2025-06-23-150055.png](/attachments/1eb92507-b8b4-422c-921c-4296a91172e7)

After:

![2025-06-23-150853.png](/attachments/c7b53397-54fe-487d-89da-e10b26538cde)

- [x] I did not document these changes and I do not expect someone else to do it.
- [x] I do not want this change to show in the release notes.

Co-authored-by: oliverpool <git@olivier.pfad.fr>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8439
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
This commit is contained in:
forgejo-backport-action 2025-07-07 20:23:20 +02:00 committed by Earl Warren
parent d4c9c01f2d
commit 1d838c8d5e
5 changed files with 70 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
models/forgejo_migrations/migrate.go
View file

@ -109,6 +109,8 @@ var migrations = []*Migration{
NewMigration("Add `notify-email` column to `action_run` table", AddNotifyEmailToActionRun), NewMigration("Add `notify-email` column to `action_run` table", AddNotifyEmailToActionRun),
// v34 -> v35 // v34 -> v35
NewMigration("Noop because of https://codeberg.org/forgejo/forgejo/issues/8373", NoopAddIndexToActionRunStopped), NewMigration("Noop because of https://codeberg.org/forgejo/forgejo/issues/8373", NoopAddIndexToActionRunStopped),
// v35 -> v36
NewMigration("Fix wiki unit default permission", FixWikiUnitDefaultPermission),
} }
// GetCurrentDBVersion returns the current Forgejo database version. // GetCurrentDBVersion returns the current Forgejo database version.

55
models/forgejo_migrations/v36.go Normal file
View file

@ -0,0 +1,55 @@
// Copyright 2025 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: GPL-3.0-or-later
package forgejo_migrations //nolint:revive
import (
"xorm.io/xorm"
)
func FixWikiUnitDefaultPermission(x *xorm.Engine) error {
// Type is Unit's Type
type Type int
// Enumerate all the unit types
const (
TypeInvalid Type = iota // 0 invalid
TypeCode // 1 code
TypeIssues // 2 issues
TypePullRequests // 3 PRs
TypeReleases // 4 Releases
TypeWiki // 5 Wiki
TypeExternalWiki // 6 ExternalWiki
TypeExternalTracker // 7 ExternalTracker
TypeProjects // 8 Projects
TypePackages // 9 Packages
TypeActions // 10 Actions
)
// RepoUnitAccessMode specifies the users access mode to a repo unit
type UnitAccessMode int
const (
// UnitAccessModeUnset - no unit mode set
UnitAccessModeUnset UnitAccessMode = iota // 0
// UnitAccessModeNone no access
UnitAccessModeNone // 1
// UnitAccessModeRead read access
UnitAccessModeRead // 2
// UnitAccessModeWrite write access
UnitAccessModeWrite // 3
)
_ = UnitAccessModeNone
_ = UnitAccessModeWrite
type RepoUnit struct {
DefaultPermissions UnitAccessMode `xorm:"NOT NULL DEFAULT 0"`
}
_, err := x.Where("type = ?", TypeWiki).
Where("default_permissions = ?", UnitAccessModeRead).
Cols("default_permissions").
Update(RepoUnit{
DefaultPermissions: UnitAccessModeUnset,
})
return err
}

17
models/repo/repo_unit.go
View file

@ -41,27 +41,30 @@ func (err ErrUnitTypeNotExist) Unwrap() error {
} }
// RepoUnitAccessMode specifies the users access mode to a repo unit // RepoUnitAccessMode specifies the users access mode to a repo unit
// Only UnitAccessModeWrite is used by the wiki, to mark it as instance-writable
type UnitAccessMode int type UnitAccessMode int
const ( const (
// UnitAccessModeUnset - no unit mode set // UnitAccessModeUnset - no unit mode set
UnitAccessModeUnset UnitAccessMode = iota // 0 UnitAccessModeUnset UnitAccessMode = iota // 0
// UnitAccessModeNone no access // UnitAccessModeNone no access
UnitAccessModeNone // 1 // UnitAccessModeNone UnitAccessMode = 1
// UnitAccessModeRead read access // UnitAccessModeRead read access
UnitAccessModeRead // 2 // UnitAccessModeRead UnitAccessMode = 2
// UnitAccessModeWrite write access // UnitAccessModeWrite write access
UnitAccessModeWrite // 3 UnitAccessModeWrite UnitAccessMode = 3
) )
func (mode UnitAccessMode) ToAccessMode(modeIfUnset perm.AccessMode) perm.AccessMode { func (mode UnitAccessMode) ToAccessMode(modeIfUnset perm.AccessMode) perm.AccessMode {
switch mode { switch mode {
case UnitAccessModeUnset: case UnitAccessModeUnset:
return modeIfUnset return modeIfUnset
case UnitAccessModeNone: // case UnitAccessModeNone:
return perm.AccessModeNone // return perm.AccessModeNone
case UnitAccessModeRead: // case UnitAccessModeRead:
return perm.AccessModeRead // return perm.AccessModeRead
case UnitAccessModeWrite: case UnitAccessModeWrite:
return perm.AccessModeWrite return perm.AccessModeWrite
default: default:

4
models/repo/repo_unit_test.go
View file

@ -34,8 +34,8 @@ func TestActionsConfig(t *testing.T) {
} }
func TestRepoUnitAccessMode(t *testing.T) { func TestRepoUnitAccessMode(t *testing.T) {
assert.Equal(t, perm.AccessModeNone, UnitAccessModeNone.ToAccessMode(perm.AccessModeAdmin)) // assert.Equal(t, perm.AccessModeNone, UnitAccessModeNone.ToAccessMode(perm.AccessModeAdmin))
assert.Equal(t, perm.AccessModeRead, UnitAccessModeRead.ToAccessMode(perm.AccessModeAdmin)) // assert.Equal(t, perm.AccessModeRead, UnitAccessModeRead.ToAccessMode(perm.AccessModeAdmin))
assert.Equal(t, perm.AccessModeWrite, UnitAccessModeWrite.ToAccessMode(perm.AccessModeAdmin)) assert.Equal(t, perm.AccessModeWrite, UnitAccessModeWrite.ToAccessMode(perm.AccessModeAdmin))
assert.Equal(t, perm.AccessModeRead, UnitAccessModeUnset.ToAccessMode(perm.AccessModeRead)) assert.Equal(t, perm.AccessModeRead, UnitAccessModeUnset.ToAccessMode(perm.AccessModeRead))
} }

2
routers/api/v1/repo/repo.go
View file

@ -861,7 +861,7 @@ func updateRepoUnits(ctx *context.APIContext, owner string, repo *repo_model.Rep
if *opts.GloballyEditableWiki { if *opts.GloballyEditableWiki {
wikiPermissions = repo_model.UnitAccessModeWrite wikiPermissions = repo_model.UnitAccessModeWrite
} else { } else {
wikiPermissions = repo_model.UnitAccessModeRead wikiPermissions = repo_model.UnitAccessModeUnset
} }
} }