mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-07-11 22:49:17 +02:00
fix: corrupted wiki unit default permission (#8234 follow-up) (#8258)
Some checks are pending
testing-integration / test-sqlite (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-e2e (push) Blocked by required conditions
testing / test-remote-cacher (redis) (push) Blocked by required conditions
testing / test-remote-cacher (valkey) (push) Blocked by required conditions
testing / test-remote-cacher (garnet) (push) Blocked by required conditions
testing / test-remote-cacher (redict) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
/ release (push) Waiting to run
testing-integration / test-unit (push) Waiting to run
Some checks are pending
testing-integration / test-sqlite (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-e2e (push) Blocked by required conditions
testing / test-remote-cacher (redis) (push) Blocked by required conditions
testing / test-remote-cacher (valkey) (push) Blocked by required conditions
testing / test-remote-cacher (garnet) (push) Blocked by required conditions
testing / test-remote-cacher (redict) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
/ release (push) Waiting to run
testing-integration / test-unit (push) Waiting to run
Closes #8119, follow-up of #8234
#8234 "only" fixed the case when a new wiki setting was applied.
However it lacked 2 aspects:
- fixing the already corrupted unit permission in the database (required a migration)
- fixing the API route
Both aspects should now be covered.
Additionally, I commented out the unused `UnitAccessMode` and indicated that they are only used for the wiki-unit (hopefully saving some time to future code-readers).
### Testing
- go to a commit before #8234 (e.g. 285f66b782
)
- create 3 repositories
- save the wiki settings of the second, without any change
- set the wiki of the third to be globally writable
- verify the `default_permissions` column in the database, of the unit `5`: 0, 2, 3
- stop Forgejo, switch to this PR and start Forgejo
- verify that the logs writes `Migration[35]: Fix wiki unit default permission`
- verify the `default_permissions` column in the database, of the unit `5`: 0, 0, 3
Before:

After:

- [x] I did not document these changes and I do not expect someone else to do it.
- [x] I do not want this change to show in the release notes.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8258
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
This commit is contained in:
parent
c69e8cde7a
commit
cee2aae4ca
5 changed files with 70 additions and 10 deletions
|
@ -109,6 +109,8 @@ var migrations = []*Migration{
|
|||
NewMigration("Add `notify-email` column to `action_run` table", AddNotifyEmailToActionRun),
|
||||
// v34 -> v35
|
||||
NewMigration("Noop because of https://codeberg.org/forgejo/forgejo/issues/8373", NoopAddIndexToActionRunStopped),
|
||||
// v35 -> v36
|
||||
NewMigration("Fix wiki unit default permission", FixWikiUnitDefaultPermission),
|
||||
}
|
||||
|
||||
// GetCurrentDBVersion returns the current Forgejo database version.
|
||||
|
|
55
models/forgejo_migrations/v36.go
Normal file
55
models/forgejo_migrations/v36.go
Normal file
|
@ -0,0 +1,55 @@
|
|||
// Copyright 2025 The Forgejo Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
package forgejo_migrations
|
||||
|
||||
import (
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
func FixWikiUnitDefaultPermission(x *xorm.Engine) error {
|
||||
// Type is Unit's Type
|
||||
type Type int
|
||||
|
||||
// Enumerate all the unit types
|
||||
const (
|
||||
TypeInvalid Type = iota // 0 invalid
|
||||
TypeCode // 1 code
|
||||
TypeIssues // 2 issues
|
||||
TypePullRequests // 3 PRs
|
||||
TypeReleases // 4 Releases
|
||||
TypeWiki // 5 Wiki
|
||||
TypeExternalWiki // 6 ExternalWiki
|
||||
TypeExternalTracker // 7 ExternalTracker
|
||||
TypeProjects // 8 Projects
|
||||
TypePackages // 9 Packages
|
||||
TypeActions // 10 Actions
|
||||
)
|
||||
|
||||
// RepoUnitAccessMode specifies the users access mode to a repo unit
|
||||
type UnitAccessMode int
|
||||
|
||||
const (
|
||||
// UnitAccessModeUnset - no unit mode set
|
||||
UnitAccessModeUnset UnitAccessMode = iota // 0
|
||||
// UnitAccessModeNone no access
|
||||
UnitAccessModeNone // 1
|
||||
// UnitAccessModeRead read access
|
||||
UnitAccessModeRead // 2
|
||||
// UnitAccessModeWrite write access
|
||||
UnitAccessModeWrite // 3
|
||||
)
|
||||
_ = UnitAccessModeNone
|
||||
_ = UnitAccessModeWrite
|
||||
|
||||
type RepoUnit struct {
|
||||
DefaultPermissions UnitAccessMode `xorm:"NOT NULL DEFAULT 0"`
|
||||
}
|
||||
_, err := x.Where("type = ?", TypeWiki).
|
||||
Where("default_permissions = ?", UnitAccessModeRead).
|
||||
Cols("default_permissions").
|
||||
Update(RepoUnit{
|
||||
DefaultPermissions: UnitAccessModeUnset,
|
||||
})
|
||||
return err
|
||||
}
|
|
@ -41,27 +41,30 @@ func (err ErrUnitTypeNotExist) Unwrap() error {
|
|||
}
|
||||
|
||||
// RepoUnitAccessMode specifies the users access mode to a repo unit
|
||||
// Only UnitAccessModeWrite is used by the wiki, to mark it as instance-writable
|
||||
type UnitAccessMode int
|
||||
|
||||
const (
|
||||
// UnitAccessModeUnset - no unit mode set
|
||||
UnitAccessModeUnset UnitAccessMode = iota // 0
|
||||
|
||||
// UnitAccessModeNone no access
|
||||
UnitAccessModeNone // 1
|
||||
// UnitAccessModeNone UnitAccessMode = 1
|
||||
// UnitAccessModeRead read access
|
||||
UnitAccessModeRead // 2
|
||||
// UnitAccessModeRead UnitAccessMode = 2
|
||||
|
||||
// UnitAccessModeWrite write access
|
||||
UnitAccessModeWrite // 3
|
||||
UnitAccessModeWrite UnitAccessMode = 3
|
||||
)
|
||||
|
||||
func (mode UnitAccessMode) ToAccessMode(modeIfUnset perm.AccessMode) perm.AccessMode {
|
||||
switch mode {
|
||||
case UnitAccessModeUnset:
|
||||
return modeIfUnset
|
||||
case UnitAccessModeNone:
|
||||
return perm.AccessModeNone
|
||||
case UnitAccessModeRead:
|
||||
return perm.AccessModeRead
|
||||
// case UnitAccessModeNone:
|
||||
// return perm.AccessModeNone
|
||||
// case UnitAccessModeRead:
|
||||
// return perm.AccessModeRead
|
||||
case UnitAccessModeWrite:
|
||||
return perm.AccessModeWrite
|
||||
default:
|
||||
|
|
|
@ -34,8 +34,8 @@ func TestActionsConfig(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestRepoUnitAccessMode(t *testing.T) {
|
||||
assert.Equal(t, perm.AccessModeNone, UnitAccessModeNone.ToAccessMode(perm.AccessModeAdmin))
|
||||
assert.Equal(t, perm.AccessModeRead, UnitAccessModeRead.ToAccessMode(perm.AccessModeAdmin))
|
||||
// assert.Equal(t, perm.AccessModeNone, UnitAccessModeNone.ToAccessMode(perm.AccessModeAdmin))
|
||||
// assert.Equal(t, perm.AccessModeRead, UnitAccessModeRead.ToAccessMode(perm.AccessModeAdmin))
|
||||
assert.Equal(t, perm.AccessModeWrite, UnitAccessModeWrite.ToAccessMode(perm.AccessModeAdmin))
|
||||
assert.Equal(t, perm.AccessModeRead, UnitAccessModeUnset.ToAccessMode(perm.AccessModeRead))
|
||||
}
|
||||
|
|
|
@ -861,7 +861,7 @@ func updateRepoUnits(ctx *context.APIContext, owner string, repo *repo_model.Rep
|
|||
if *opts.GloballyEditableWiki {
|
||||
wikiPermissions = repo_model.UnitAccessModeWrite
|
||||
} else {
|
||||
wikiPermissions = repo_model.UnitAccessModeRead
|
||||
wikiPermissions = repo_model.UnitAccessModeUnset
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue