1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-26 13:29:12 -05:00
forgejo/models
zeripath 0b4a8be26b
Ensure that restricted users can access repos for which they are members (#17460)
There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 10:54:40 +08:00
..
appstate Sync gitea app path for git hooks and authorized keys when starting (#17335) 2021-10-21 17:22:43 +08:00
avatars Avatar refactor, move avatar code from models to models.avatars, remove duplicated code (#17123) 2021-10-06 01:25:46 +02:00
db Use a variable but a function for IsProd because of a slight performance increment (#17368) 2021-10-20 16:37:19 +02:00
fixtures Ensure that restricted users can access repos for which they are members (#17460) 2021-10-28 10:54:40 +08:00
issues Fix history count failure (#17351) 2021-10-21 18:06:19 +08:00
login Move session to models/login (#17338) 2021-10-17 19:51:56 +01:00
migrations Refactor update checker to use AppState (#17387) 2021-10-21 17:10:49 +01:00
access.go Nicely handle missing user in collaborations (#17049) 2021-09-27 19:07:19 +01:00
access_test.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
action.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
action_list.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
action_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
admin.go Fix problem when database ID is not incremented as expected (#17229) 2021-10-06 15:36:24 -05:00
admin_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
attachment.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
attachment_test.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
branches.go Add a simple way to rename branch like gh (#15870) 2021-10-08 19:03:04 +02:00
branches_test.go Add a simple way to rename branch like gh (#15870) 2021-10-08 19:03:04 +02:00
commit.go Replace list.List with slices (#16311) 2021-08-09 14:08:51 -04:00
commit_status.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
commit_status_test.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
consistency.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
consistency_test.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
engine_test.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
error.go Move twofactor to models/login (#17143) 2021-09-25 15:00:12 +02:00
error_oauth2.go gofmt (#1662) 2017-05-04 13:54:56 +08:00
external_login_user.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
fixture_generation.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
fixture_test.go refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
gpg_key.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
gpg_key_add.go Handle duplicate keys on GPG key ring (#17242) 2021-10-07 23:10:14 +03:00
gpg_key_commit_verification.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
gpg_key_common.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
gpg_key_import.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
gpg_key_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
gpg_key_verify.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
helper.go Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) 2021-09-27 16:55:12 +01:00
helper_directory.go refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
helper_environment.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue.go Fix issue content history problems, improve UI (#17404) 2021-10-23 22:47:38 +08:00
issue_assignees.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
issue_assignees_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
issue_comment.go Save and view issue/comment content history (#16909) 2021-10-10 18:40:03 -04:00
issue_comment_list.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
issue_comment_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
issue_dependency.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
issue_dependency_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
issue_label.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
issue_label_test.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
issue_list.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
issue_list_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
issue_lock.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
issue_milestone.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
issue_milestone_test.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
issue_reaction.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
issue_reaction_test.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
issue_stopwatch.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
issue_stopwatch_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
issue_test.go Fix issue content history problems, improve UI (#17404) 2021-10-23 22:47:38 +08:00
issue_tracked_time.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
issue_tracked_time_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
issue_user.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
issue_user_test.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
issue_watch.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
issue_watch_test.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
issue_xref.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
issue_xref_test.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
lfs.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
lfs_lock.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
main_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
migrate.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
notification.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
notification_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
org.go [API] Add endpount to get user org permissions (#17232) 2021-10-12 12:47:19 +02:00
org_team.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
org_team_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
org_test.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
project.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
project_board.go Kanban colored boards (#16647) 2021-09-29 22:53:12 +02:00
project_issue.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
project_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
protected_tag.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
protected_tag_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
pull.go Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) 2021-10-05 16:41:48 +02:00
pull_list.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
pull_sign.go Move twofactor to models/login (#17143) 2021-09-25 15:00:12 +02:00
pull_test.go Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) 2021-10-05 16:41:48 +02:00
release.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
repo.go Ensure that git daemon export ok is created for mirrors (#17243) 2021-10-13 20:47:02 +01:00
repo_activity.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
repo_archiver.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
repo_avatar.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
repo_branch.go Move newbranch to standalone package (#9627) 2020-01-14 11:38:04 +08:00
repo_collaboration.go Nicely handle missing user in collaborations (#17049) 2021-09-27 19:07:19 +01:00
repo_collaboration_test.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
repo_generate.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
repo_generate_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
repo_indexer.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
repo_issue.go Add EnableTimetracking option to app settings (#3719) 2018-04-09 23:15:32 +08:00
repo_language_stats.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
repo_list.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
repo_list_test.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
repo_mirror.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
repo_permission.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
repo_permission_test.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
repo_pushmirror.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
repo_pushmirror_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
repo_redirect.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
repo_redirect_test.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
repo_sign.go Move twofactor to models/login (#17143) 2021-09-25 15:00:12 +02:00
repo_test.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
repo_transfer.go Nicely handle missing user in collaborations (#17049) 2021-09-27 19:07:19 +01:00
repo_transfer_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
repo_unit.go Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) 2021-09-27 16:55:12 +01:00
repo_watch.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
repo_watch_test.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
review.go Fix unwanted team review request deletion (#17257) 2021-10-07 22:39:59 +02:00
review_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
ssh_key.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
ssh_key_authorized_keys.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
ssh_key_authorized_principals.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
ssh_key_deploy.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
ssh_key_fingerprint.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
ssh_key_parse.go refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
ssh_key_principals.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
ssh_key_test.go Add support for ed25519_sk and ecdsa_sk SSH keys (#13462) 2021-01-20 20:36:55 +00:00
star.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
star_test.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
statistic.go Add metrics to get issues by repository (#17225) 2021-10-05 20:39:37 +02:00
task.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
token.go Fix problem when database ID is not incremented as expected (#17229) 2021-10-06 15:36:24 -05:00
token_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
topic.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
topic_test.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
unit.go Kanban board (#8346) 2020-08-16 23:07:38 -04:00
update.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
upload.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
user.go Add user status filter to admin user management page (#16770) 2021-10-12 20:11:35 +02:00
user_avatar.go In many cases user avatar link should be an absolute URL with http host (#17420) 2021-10-25 13:01:16 +08:00
user_follow.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
user_follow_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
user_heatmap.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
user_heatmap_test.go Allow mocking timeutil (#17354) 2021-10-18 21:12:26 +01:00
user_mail.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
user_mail_test.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
user_openid.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
user_openid_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
user_redirect.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
user_redirect_test.go DBContext is just a Context (#17100) 2021-09-23 23:45:36 +08:00
user_test.go Add user status filter to admin user management page (#16770) 2021-10-12 20:11:35 +02:00
userlist.go Move twofactor to models/login (#17143) 2021-09-25 15:00:12 +02:00
userlist_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
webhook.go Move login related structs and functions to models/login (#17093) 2021-09-24 19:32:56 +08:00
webhook_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
wiki.go Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) 2020-11-27 21:42:08 -05:00
wiki_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00