mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-21 12:44:49 -05:00
fix admin lost permission caused by #947
This commit is contained in:
parent
25d6e2a660
commit
6362462da8
4 changed files with 14 additions and 9 deletions
|
@ -250,7 +250,7 @@ func runServ(c *cli.Context) error {
|
||||||
user.Name, requestedMode, repoPath)
|
user.Name, requestedMode, repoPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
if !repo.CheckUnitUser(user.ID, unitType) {
|
if !repo.CheckUnitUser(user.ID, user.IsAdmin, unitType) {
|
||||||
fail("You do not have allowed for this action",
|
fail("You do not have allowed for this action",
|
||||||
"User %s does not have allowed access to repository %s 's code",
|
"User %s does not have allowed access to repository %s 's code",
|
||||||
user.Name, repoPath)
|
user.Name, repoPath)
|
||||||
|
|
|
@ -330,8 +330,8 @@ func (repo *Repository) getUnits(e Engine) (err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// CheckUnitUser check whether user could visit the unit of this repository
|
// CheckUnitUser check whether user could visit the unit of this repository
|
||||||
func (repo *Repository) CheckUnitUser(userID int64, unitType UnitType) bool {
|
func (repo *Repository) CheckUnitUser(userID int64, isAdmin bool, unitType UnitType) bool {
|
||||||
if err := repo.getUnitsByUserID(x, userID); err != nil {
|
if err := repo.getUnitsByUserID(x, userID, isAdmin); err != nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -344,11 +344,11 @@ func (repo *Repository) CheckUnitUser(userID int64, unitType UnitType) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadUnitsByUserID loads units according userID's permissions
|
// LoadUnitsByUserID loads units according userID's permissions
|
||||||
func (repo *Repository) LoadUnitsByUserID(userID int64) error {
|
func (repo *Repository) LoadUnitsByUserID(userID int64, isAdmin bool) error {
|
||||||
return repo.getUnitsByUserID(x, userID)
|
return repo.getUnitsByUserID(x, userID, isAdmin)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (repo *Repository) getUnitsByUserID(e Engine, userID int64) (err error) {
|
func (repo *Repository) getUnitsByUserID(e Engine, userID int64, isAdmin bool) (err error) {
|
||||||
if repo.Units != nil {
|
if repo.Units != nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -358,7 +358,7 @@ func (repo *Repository) getUnitsByUserID(e Engine, userID int64) (err error) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if !repo.Owner.IsOrganization() || userID == 0 {
|
if !repo.Owner.IsOrganization() || userID == 0 || isAdmin {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -496,11 +496,16 @@ func RequireRepoWriter() macaron.Handler {
|
||||||
// LoadRepoUnits loads repsitory's units, it should be called after repository and user loaded
|
// LoadRepoUnits loads repsitory's units, it should be called after repository and user loaded
|
||||||
func LoadRepoUnits() macaron.Handler {
|
func LoadRepoUnits() macaron.Handler {
|
||||||
return func(ctx *Context) {
|
return func(ctx *Context) {
|
||||||
|
var isAdmin bool
|
||||||
|
if ctx.User != nil && ctx.User.IsAdmin {
|
||||||
|
isAdmin = true
|
||||||
|
}
|
||||||
|
|
||||||
var userID int64
|
var userID int64
|
||||||
if ctx.User != nil {
|
if ctx.User != nil {
|
||||||
userID = ctx.User.ID
|
userID = ctx.User.ID
|
||||||
}
|
}
|
||||||
err := ctx.Repo.Repository.LoadUnitsByUserID(userID)
|
err := ctx.Repo.Repository.LoadUnitsByUserID(userID, isAdmin)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Handle(500, "LoadUnitsByUserID", err)
|
ctx.Handle(500, "LoadUnitsByUserID", err)
|
||||||
return
|
return
|
||||||
|
|
|
@ -206,7 +206,7 @@ func HTTP(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if !repo.CheckUnitUser(authUser.ID, unitType) {
|
if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {
|
||||||
ctx.HandleText(http.StatusForbidden, fmt.Sprintf("User %s does not have allowed access to repository %s 's code",
|
ctx.HandleText(http.StatusForbidden, fmt.Sprintf("User %s does not have allowed access to repository %s 's code",
|
||||||
authUser.Name, repo.RepoPath()))
|
authUser.Name, repo.RepoPath()))
|
||||||
return
|
return
|
||||||
|
|
Loading…
Reference in a new issue