fix: corrupted wiki unit default permission (#8234 follow-up) (#8258)
Some checks are pending
testing-integration / test-sqlite (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-e2e (push) Blocked by required conditions
testing / test-remote-cacher (redis) (push) Blocked by required conditions
testing / test-remote-cacher (valkey) (push) Blocked by required conditions
testing / test-remote-cacher (garnet) (push) Blocked by required conditions
testing / test-remote-cacher (redict) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
/ release (push) Waiting to run
testing-integration / test-unit (push) Waiting to run

Closes #8119, follow-up of #8234

#8234 "only" fixed the case when a new wiki setting was applied.

However it lacked 2 aspects:
- fixing the already corrupted unit permission in the database (required a migration)
- fixing the API route

Both aspects should now be covered.

Additionally, I commented out the unused `UnitAccessMode` and indicated that they are only used for the wiki-unit (hopefully saving some time to future code-readers).

### Testing

- go to a commit before #8234 (e.g. 285f66b782)
- create 3 repositories
  - save the wiki settings of the second, without any change
  - set the wiki of the third to be globally writable
- verify the `default_permissions` column in the database, of the unit `5`: 0, 2, 3
- stop Forgejo, switch to this PR and start Forgejo
- verify that the logs writes `Migration[35]: Fix wiki unit default permission`
- verify the `default_permissions` column in the database, of the unit `5`: 0, 0, 3

Before:

![2025-06-23-150055.png](/attachments/1eb92507-b8b4-422c-921c-4296a91172e7)

After:

![2025-06-23-150853.png](/attachments/c7b53397-54fe-487d-89da-e10b26538cde)

- [x] I did not document these changes and I do not expect someone else to do it.
- [x] I do not want this change to show in the release notes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8258
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
This commit is contained in:
oliverpool 2025-07-07 18:04:00 +02:00 committed by Earl Warren
parent c69e8cde7a
commit cee2aae4ca
5 changed files with 70 additions and 10 deletions

View file

@ -109,6 +109,8 @@ var migrations = []*Migration{
NewMigration("Add `notify-email` column to `action_run` table", AddNotifyEmailToActionRun),
// v34 -> v35
NewMigration("Noop because of https://codeberg.org/forgejo/forgejo/issues/8373", NoopAddIndexToActionRunStopped),
// v35 -> v36
NewMigration("Fix wiki unit default permission", FixWikiUnitDefaultPermission),
}
// GetCurrentDBVersion returns the current Forgejo database version.

View file

@ -0,0 +1,55 @@
// Copyright 2025 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: GPL-3.0-or-later
package forgejo_migrations
import (
"xorm.io/xorm"
)
func FixWikiUnitDefaultPermission(x *xorm.Engine) error {
// Type is Unit's Type
type Type int
// Enumerate all the unit types
const (
TypeInvalid Type = iota // 0 invalid
TypeCode // 1 code
TypeIssues // 2 issues
TypePullRequests // 3 PRs
TypeReleases // 4 Releases
TypeWiki // 5 Wiki
TypeExternalWiki // 6 ExternalWiki
TypeExternalTracker // 7 ExternalTracker
TypeProjects // 8 Projects
TypePackages // 9 Packages
TypeActions // 10 Actions
)
// RepoUnitAccessMode specifies the users access mode to a repo unit
type UnitAccessMode int
const (
// UnitAccessModeUnset - no unit mode set
UnitAccessModeUnset UnitAccessMode = iota // 0
// UnitAccessModeNone no access
UnitAccessModeNone // 1
// UnitAccessModeRead read access
UnitAccessModeRead // 2
// UnitAccessModeWrite write access
UnitAccessModeWrite // 3
)
_ = UnitAccessModeNone
_ = UnitAccessModeWrite
type RepoUnit struct {
DefaultPermissions UnitAccessMode `xorm:"NOT NULL DEFAULT 0"`
}
_, err := x.Where("type = ?", TypeWiki).
Where("default_permissions = ?", UnitAccessModeRead).
Cols("default_permissions").
Update(RepoUnit{
DefaultPermissions: UnitAccessModeUnset,
})
return err
}

View file

@ -41,27 +41,30 @@ func (err ErrUnitTypeNotExist) Unwrap() error {
}
// RepoUnitAccessMode specifies the users access mode to a repo unit
// Only UnitAccessModeWrite is used by the wiki, to mark it as instance-writable
type UnitAccessMode int
const (
// UnitAccessModeUnset - no unit mode set
UnitAccessModeUnset UnitAccessMode = iota // 0
// UnitAccessModeNone no access
UnitAccessModeNone // 1
// UnitAccessModeNone UnitAccessMode = 1
// UnitAccessModeRead read access
UnitAccessModeRead // 2
// UnitAccessModeRead UnitAccessMode = 2
// UnitAccessModeWrite write access
UnitAccessModeWrite // 3
UnitAccessModeWrite UnitAccessMode = 3
)
func (mode UnitAccessMode) ToAccessMode(modeIfUnset perm.AccessMode) perm.AccessMode {
switch mode {
case UnitAccessModeUnset:
return modeIfUnset
case UnitAccessModeNone:
return perm.AccessModeNone
case UnitAccessModeRead:
return perm.AccessModeRead
// case UnitAccessModeNone:
// return perm.AccessModeNone
// case UnitAccessModeRead:
// return perm.AccessModeRead
case UnitAccessModeWrite:
return perm.AccessModeWrite
default:

View file

@ -34,8 +34,8 @@ func TestActionsConfig(t *testing.T) {
}
func TestRepoUnitAccessMode(t *testing.T) {
assert.Equal(t, perm.AccessModeNone, UnitAccessModeNone.ToAccessMode(perm.AccessModeAdmin))
assert.Equal(t, perm.AccessModeRead, UnitAccessModeRead.ToAccessMode(perm.AccessModeAdmin))
// assert.Equal(t, perm.AccessModeNone, UnitAccessModeNone.ToAccessMode(perm.AccessModeAdmin))
// assert.Equal(t, perm.AccessModeRead, UnitAccessModeRead.ToAccessMode(perm.AccessModeAdmin))
assert.Equal(t, perm.AccessModeWrite, UnitAccessModeWrite.ToAccessMode(perm.AccessModeAdmin))
assert.Equal(t, perm.AccessModeRead, UnitAccessModeUnset.ToAccessMode(perm.AccessModeRead))
}

View file

@ -861,7 +861,7 @@ func updateRepoUnits(ctx *context.APIContext, owner string, repo *repo_model.Rep
if *opts.GloballyEditableWiki {
wikiPermissions = repo_model.UnitAccessModeWrite
} else {
wikiPermissions = repo_model.UnitAccessModeRead
wikiPermissions = repo_model.UnitAccessModeUnset
}
}