mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-21 12:44:49 -05:00
fix admin lost permission caused by #947
This commit is contained in:
parent
25d6e2a660
commit
6362462da8
4 changed files with 14 additions and 9 deletions
|
@ -250,7 +250,7 @@ func runServ(c *cli.Context) error {
|
|||
user.Name, requestedMode, repoPath)
|
||||
}
|
||||
|
||||
if !repo.CheckUnitUser(user.ID, unitType) {
|
||||
if !repo.CheckUnitUser(user.ID, user.IsAdmin, unitType) {
|
||||
fail("You do not have allowed for this action",
|
||||
"User %s does not have allowed access to repository %s 's code",
|
||||
user.Name, repoPath)
|
||||
|
|
|
@ -330,8 +330,8 @@ func (repo *Repository) getUnits(e Engine) (err error) {
|
|||
}
|
||||
|
||||
// CheckUnitUser check whether user could visit the unit of this repository
|
||||
func (repo *Repository) CheckUnitUser(userID int64, unitType UnitType) bool {
|
||||
if err := repo.getUnitsByUserID(x, userID); err != nil {
|
||||
func (repo *Repository) CheckUnitUser(userID int64, isAdmin bool, unitType UnitType) bool {
|
||||
if err := repo.getUnitsByUserID(x, userID, isAdmin); err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
|
@ -344,11 +344,11 @@ func (repo *Repository) CheckUnitUser(userID int64, unitType UnitType) bool {
|
|||
}
|
||||
|
||||
// LoadUnitsByUserID loads units according userID's permissions
|
||||
func (repo *Repository) LoadUnitsByUserID(userID int64) error {
|
||||
return repo.getUnitsByUserID(x, userID)
|
||||
func (repo *Repository) LoadUnitsByUserID(userID int64, isAdmin bool) error {
|
||||
return repo.getUnitsByUserID(x, userID, isAdmin)
|
||||
}
|
||||
|
||||
func (repo *Repository) getUnitsByUserID(e Engine, userID int64) (err error) {
|
||||
func (repo *Repository) getUnitsByUserID(e Engine, userID int64, isAdmin bool) (err error) {
|
||||
if repo.Units != nil {
|
||||
return nil
|
||||
}
|
||||
|
@ -358,7 +358,7 @@ func (repo *Repository) getUnitsByUserID(e Engine, userID int64) (err error) {
|
|||
return err
|
||||
}
|
||||
|
||||
if !repo.Owner.IsOrganization() || userID == 0 {
|
||||
if !repo.Owner.IsOrganization() || userID == 0 || isAdmin {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -496,11 +496,16 @@ func RequireRepoWriter() macaron.Handler {
|
|||
// LoadRepoUnits loads repsitory's units, it should be called after repository and user loaded
|
||||
func LoadRepoUnits() macaron.Handler {
|
||||
return func(ctx *Context) {
|
||||
var isAdmin bool
|
||||
if ctx.User != nil && ctx.User.IsAdmin {
|
||||
isAdmin = true
|
||||
}
|
||||
|
||||
var userID int64
|
||||
if ctx.User != nil {
|
||||
userID = ctx.User.ID
|
||||
}
|
||||
err := ctx.Repo.Repository.LoadUnitsByUserID(userID)
|
||||
err := ctx.Repo.Repository.LoadUnitsByUserID(userID, isAdmin)
|
||||
if err != nil {
|
||||
ctx.Handle(500, "LoadUnitsByUserID", err)
|
||||
return
|
||||
|
|
|
@ -206,7 +206,7 @@ func HTTP(ctx *context.Context) {
|
|||
}
|
||||
}
|
||||
|
||||
if !repo.CheckUnitUser(authUser.ID, unitType) {
|
||||
if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {
|
||||
ctx.HandleText(http.StatusForbidden, fmt.Sprintf("User %s does not have allowed access to repository %s 's code",
|
||||
authUser.Name, repo.RepoPath()))
|
||||
return
|
||||
|
|
Loading…
Reference in a new issue