mirror of
https://github.com/go-gitea/gitea.git
synced 2026-04-26 23:50:46 +00:00
refactor: use named Permission field in Repository struct instead of anonymous embedding (#37441)
The `Repository` struct in `services/context/repo.go` embedded `access_model.Permission` anonymously, causing all permission methods to be promoted directly onto `Repository`. This made it unclear at call sites whether a method belonged to `Repository` itself or to its embedded `Permission`. ### Changes - **`services/context/repo.go`**: Replace anonymous `access_model.Permission` with named field `Permission access_model.Permission` - **49 files** updated to route permission method calls through the named field: ```go // Before ctx.Repo.IsAdmin() ctx.Repo.CanWrite(unit.TypeCode) ctx.Repo.CanReadIssuesOrPulls(isPull) slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite) // After ctx.Repo.Permission.IsAdmin() ctx.Repo.Permission.CanWrite(unit.TypeCode) ctx.Repo.Permission.CanReadIssuesOrPulls(isPull) slices.ContainsFunc(unitTypes, ctx.Repo.Permission.CanWrite) ``` Methods defined directly on `*Repository` (`CanWriteToBranch`, `CanCreateBranch`, etc.) are unchanged. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com>
This commit is contained in:
Copilot
GitHub
@@ -394,7 +394,7 @@ func reqSiteAdmin() func(ctx *context.APIContext) {
|
||||
// reqOwner user should be the owner of the repo or site admin.
|
||||
func reqOwner() func(ctx *context.APIContext) {
|
||||
return func(ctx *context.APIContext) {
|
||||
if !ctx.Repo.IsOwner() && !ctx.IsUserSiteAdmin() {
|
||||
if !ctx.Repo.Permission.IsOwner() && !ctx.IsUserSiteAdmin() {
|
||||
ctx.APIError(http.StatusForbidden, "user should be the owner of the repo")
|
||||
return
|
||||
}
|
||||
@@ -434,7 +434,7 @@ func reqRepoWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) {
|
||||
// reqRepoReader user should have specific read permission or be a repo admin or a site admin
|
||||
func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) {
|
||||
return func(ctx *context.APIContext) {
|
||||
if !ctx.Repo.CanRead(unitType) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() {
|
||||
if !ctx.Repo.Permission.CanRead(unitType) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() {
|
||||
ctx.APIError(http.StatusForbidden, "user should have specific read permission or be a repo admin or a site admin")
|
||||
return
|
||||
}
|
||||
@@ -633,7 +633,7 @@ func orgAssignment(args ...bool) func(ctx *context.APIContext) {
|
||||
}
|
||||
|
||||
func mustEnableIssues(ctx *context.APIContext) {
|
||||
if !ctx.Repo.CanRead(unit.TypeIssues) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeIssues) {
|
||||
if log.IsTrace() {
|
||||
if ctx.IsSigned {
|
||||
log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+
|
||||
@@ -656,7 +656,7 @@ func mustEnableIssues(ctx *context.APIContext) {
|
||||
}
|
||||
|
||||
func mustAllowPulls(ctx *context.APIContext) {
|
||||
if !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanRead(unit.TypePullRequests)) {
|
||||
if !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.Permission.CanRead(unit.TypePullRequests)) {
|
||||
if ctx.Repo.Repository.CanEnablePulls() && log.IsTrace() {
|
||||
if ctx.IsSigned {
|
||||
log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+
|
||||
@@ -679,8 +679,8 @@ func mustAllowPulls(ctx *context.APIContext) {
|
||||
}
|
||||
|
||||
func mustEnableIssuesOrPulls(ctx *context.APIContext) {
|
||||
if !ctx.Repo.CanRead(unit.TypeIssues) &&
|
||||
!(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanRead(unit.TypePullRequests)) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeIssues) &&
|
||||
!(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.Permission.CanRead(unit.TypePullRequests)) {
|
||||
if ctx.Repo.Repository.CanEnablePulls() && log.IsTrace() {
|
||||
if ctx.IsSigned {
|
||||
log.Trace("Permission Denied: User %-v cannot read %-v and %-v in Repo %-v\n"+
|
||||
@@ -705,7 +705,7 @@ func mustEnableIssuesOrPulls(ctx *context.APIContext) {
|
||||
}
|
||||
|
||||
func mustEnableWiki(ctx *context.APIContext) {
|
||||
if !(ctx.Repo.CanRead(unit.TypeWiki)) {
|
||||
if !(ctx.Repo.Permission.CanRead(unit.TypeWiki)) {
|
||||
ctx.APIErrorNotFound()
|
||||
return
|
||||
}
|
||||
|
||||
@@ -80,7 +80,7 @@ func GetBranch(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
br, err := convert.ToBranch(ctx, ctx.Repo.Repository, branchName, c, branchProtection, ctx.Doer, ctx.Repo.IsAdmin())
|
||||
br, err := convert.ToBranch(ctx, ctx.Repo.Repository, branchName, c, branchProtection, ctx.Doer, ctx.Repo.Permission.IsAdmin())
|
||||
if err != nil {
|
||||
ctx.APIErrorInternal(err)
|
||||
return
|
||||
@@ -271,7 +271,7 @@ func CreateBranch(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
br, err := convert.ToBranch(ctx, ctx.Repo.Repository, opt.BranchName, commit, branchProtection, ctx.Doer, ctx.Repo.IsAdmin())
|
||||
br, err := convert.ToBranch(ctx, ctx.Repo.Repository, opt.BranchName, commit, branchProtection, ctx.Doer, ctx.Repo.Permission.IsAdmin())
|
||||
if err != nil {
|
||||
ctx.APIErrorInternal(err)
|
||||
return
|
||||
@@ -366,7 +366,7 @@ func ListBranches(ctx *context.APIContext) {
|
||||
}
|
||||
|
||||
branchProtection := rules.GetFirstMatched(branches[i].Name)
|
||||
apiBranch, err := convert.ToBranch(ctx, ctx.Repo.Repository, branches[i].Name, c, branchProtection, ctx.Doer, ctx.Repo.IsAdmin())
|
||||
apiBranch, err := convert.ToBranch(ctx, ctx.Repo.Repository, branches[i].Name, c, branchProtection, ctx.Doer, ctx.Repo.Permission.IsAdmin())
|
||||
if err != nil {
|
||||
ctx.APIErrorInternal(err)
|
||||
return
|
||||
|
||||
@@ -442,14 +442,14 @@ func ListIssues(ctx *context.APIContext) {
|
||||
isPull = optional.Some(false)
|
||||
}
|
||||
|
||||
if isPull.Has() && !ctx.Repo.CanReadIssuesOrPulls(isPull.Value()) {
|
||||
if isPull.Has() && !ctx.Repo.Permission.CanReadIssuesOrPulls(isPull.Value()) {
|
||||
ctx.APIErrorNotFound()
|
||||
return
|
||||
}
|
||||
|
||||
if !isPull.Has() {
|
||||
canReadIssues := ctx.Repo.CanRead(unit.TypeIssues)
|
||||
canReadPulls := ctx.Repo.CanRead(unit.TypePullRequests)
|
||||
canReadIssues := ctx.Repo.Permission.CanRead(unit.TypeIssues)
|
||||
canReadPulls := ctx.Repo.Permission.CanRead(unit.TypePullRequests)
|
||||
if !canReadIssues && !canReadPulls {
|
||||
ctx.APIErrorNotFound()
|
||||
return
|
||||
@@ -591,7 +591,7 @@ func GetIssue(ctx *context.APIContext) {
|
||||
}
|
||||
return
|
||||
}
|
||||
if !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull) {
|
||||
ctx.APIErrorNotFound()
|
||||
return
|
||||
}
|
||||
@@ -638,7 +638,7 @@ func CreateIssue(ctx *context.APIContext) {
|
||||
|
||||
form := web.GetForm(ctx).(*api.CreateIssueOption)
|
||||
var deadlineUnix timeutil.TimeStamp
|
||||
if form.Deadline != nil && ctx.Repo.CanWrite(unit.TypeIssues) {
|
||||
if form.Deadline != nil && ctx.Repo.Permission.CanWrite(unit.TypeIssues) {
|
||||
deadlineUnix = timeutil.TimeStamp(form.Deadline.Unix())
|
||||
}
|
||||
|
||||
@@ -655,7 +655,7 @@ func CreateIssue(ctx *context.APIContext) {
|
||||
|
||||
assigneeIDs := make([]int64, 0)
|
||||
var err error
|
||||
if ctx.Repo.CanWrite(unit.TypeIssues) {
|
||||
if ctx.Repo.Permission.CanWrite(unit.TypeIssues) {
|
||||
issue.MilestoneID = form.Milestone
|
||||
assigneeIDs, err = issues_model.MakeIDsFromAPIAssigneesToAdd(ctx, form.Assignee, form.Assignees)
|
||||
if err != nil {
|
||||
@@ -775,7 +775,7 @@ func EditIssue(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
issue.Repo = ctx.Repo.Repository
|
||||
canWrite := ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)
|
||||
canWrite := ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)
|
||||
|
||||
err = issue.LoadAttributes(ctx)
|
||||
if err != nil {
|
||||
@@ -1020,7 +1020,7 @@ func UpdateIssueDeadline(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
ctx.APIError(http.StatusForbidden, "Not repo writer")
|
||||
return
|
||||
}
|
||||
|
||||
@@ -371,7 +371,7 @@ func getIssueAttachmentSafeRead(ctx *context.APIContext, issue *issues_model.Iss
|
||||
}
|
||||
|
||||
func canUserWriteIssueAttachment(ctx *context.APIContext, issue *issues_model.Issue) bool {
|
||||
canEditIssue := ctx.IsSigned && (ctx.Doer.ID == issue.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin() || ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull))
|
||||
canEditIssue := ctx.IsSigned && (ctx.Doer.ID == issue.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin() || ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull))
|
||||
if !canEditIssue {
|
||||
ctx.APIError(http.StatusForbidden, "user should have permission to write issue")
|
||||
return false
|
||||
|
||||
@@ -73,7 +73,7 @@ func ListIssueComments(ctx *context.APIContext) {
|
||||
ctx.APIErrorInternal(err)
|
||||
return
|
||||
}
|
||||
if !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull) {
|
||||
ctx.APIErrorNotFound()
|
||||
return
|
||||
}
|
||||
@@ -279,8 +279,8 @@ func ListRepoIssueComments(ctx *context.APIContext) {
|
||||
}
|
||||
|
||||
var isPull optional.Option[bool]
|
||||
canReadIssue := ctx.Repo.CanRead(unit.TypeIssues)
|
||||
canReadPull := ctx.Repo.CanRead(unit.TypePullRequests)
|
||||
canReadIssue := ctx.Repo.Permission.CanRead(unit.TypeIssues)
|
||||
canReadPull := ctx.Repo.Permission.CanRead(unit.TypePullRequests)
|
||||
if canReadIssue && canReadPull {
|
||||
isPull = optional.None[bool]()
|
||||
} else if canReadIssue {
|
||||
@@ -386,12 +386,12 @@ func CreateIssueComment(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull) {
|
||||
ctx.APIErrorNotFound()
|
||||
return
|
||||
}
|
||||
|
||||
if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
|
||||
if issue.IsLocked && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
|
||||
ctx.APIError(http.StatusForbidden, errors.New(ctx.Locale.TrString("repo.issues.comment_on_locked")))
|
||||
return
|
||||
}
|
||||
@@ -455,7 +455,7 @@ func GetIssueComment(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanReadIssuesOrPulls(comment.Issue.IsPull) {
|
||||
ctx.APIErrorNotFound()
|
||||
return
|
||||
}
|
||||
@@ -580,7 +580,7 @@ func editIssueComment(ctx *context.APIContext, form api.EditIssueCommentOption)
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {
|
||||
ctx.Status(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
@@ -689,7 +689,7 @@ func deleteIssueComment(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {
|
||||
ctx.Status(http.StatusForbidden)
|
||||
return
|
||||
} else if !comment.Type.HasContentSupport() {
|
||||
|
||||
@@ -358,7 +358,7 @@ func getIssueCommentSafe(ctx *context.APIContext) *issues_model.Comment {
|
||||
return nil
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanReadIssuesOrPulls(comment.Issue.IsPull) {
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -379,7 +379,7 @@ func getIssueCommentAttachmentSafeWrite(ctx *context.APIContext) *repo_model.Att
|
||||
}
|
||||
|
||||
func canUserWriteIssueCommentAttachment(ctx *context.APIContext, comment *issues_model.Comment) bool {
|
||||
canEditComment := ctx.IsSigned && (ctx.Doer.ID == comment.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin()) && ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)
|
||||
canEditComment := ctx.IsSigned && (ctx.Doer.ID == comment.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin()) && ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull)
|
||||
if !canEditComment {
|
||||
ctx.APIError(http.StatusForbidden, "user should have permission to edit comment")
|
||||
return false
|
||||
|
||||
@@ -173,7 +173,7 @@ func DeleteIssueLabel(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
ctx.Status(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
@@ -295,7 +295,7 @@ func ClearIssueLabels(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
ctx.Status(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
@@ -319,7 +319,7 @@ func prepareForReplaceOrAdd(ctx *context.APIContext, form api.IssueLabelsOption)
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
ctx.APIError(http.StatusForbidden, "write permission is required")
|
||||
return nil, nil, errors.New("permission denied")
|
||||
}
|
||||
|
||||
@@ -62,7 +62,7 @@ func LockIssue(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
ctx.APIError(http.StatusForbidden, errors.New("no permission to lock this issue"))
|
||||
return
|
||||
}
|
||||
@@ -129,7 +129,7 @@ func UnlockIssue(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
ctx.APIError(http.StatusForbidden, errors.New("no permission to unlock this issue"))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -71,7 +71,7 @@ func GetIssueCommentReactions(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanReadIssuesOrPulls(comment.Issue.IsPull) {
|
||||
ctx.APIError(http.StatusForbidden, errors.New("no permission to get reactions"))
|
||||
return
|
||||
}
|
||||
@@ -208,12 +208,12 @@ func changeIssueCommentReaction(ctx *context.APIContext, form api.EditReactionOp
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanReadIssuesOrPulls(comment.Issue.IsPull) {
|
||||
ctx.APIErrorNotFound()
|
||||
return
|
||||
}
|
||||
|
||||
if comment.Issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull) {
|
||||
if comment.Issue.IsLocked && !ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull) {
|
||||
ctx.APIError(http.StatusForbidden, errors.New("no permission to change reaction"))
|
||||
return
|
||||
}
|
||||
@@ -304,7 +304,7 @@ func GetIssueReactions(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull) {
|
||||
ctx.APIError(http.StatusForbidden, errors.New("no permission to get reactions"))
|
||||
return
|
||||
}
|
||||
@@ -428,7 +428,7 @@ func changeIssueReaction(ctx *context.APIContext, form api.EditReactionOption, i
|
||||
return
|
||||
}
|
||||
|
||||
if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
if issue.IsLocked && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
ctx.APIError(http.StatusForbidden, errors.New("no permission to change reaction"))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -178,7 +178,7 @@ func prepareIssueForStopwatch(ctx *context.APIContext) *issues_model.Issue {
|
||||
return nil
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
ctx.Status(http.StatusForbidden)
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -51,7 +51,7 @@ func MirrorSync(ctx *context.APIContext) {
|
||||
|
||||
repo := ctx.Repo.Repository
|
||||
|
||||
if !ctx.Repo.CanWrite(unit.TypeCode) {
|
||||
if !ctx.Repo.Permission.CanWrite(unit.TypeCode) {
|
||||
ctx.APIError(http.StatusForbidden, "Must have write access")
|
||||
}
|
||||
|
||||
|
||||
@@ -653,7 +653,7 @@ func EditPullRequest(ctx *context.APIContext) {
|
||||
return
|
||||
}
|
||||
|
||||
if !issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.CanWrite(unit.TypePullRequests) {
|
||||
if !issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWrite(unit.TypePullRequests) {
|
||||
ctx.Status(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
@@ -715,7 +715,7 @@ func EditPullRequest(ctx *context.APIContext) {
|
||||
// Pass one or more user logins to replace the set of assignees on this Issue.
|
||||
// Send an empty array ([]) to clear all assignees from the Issue.
|
||||
|
||||
if ctx.Repo.CanWrite(unit.TypePullRequests) && (form.Assignees != nil || len(form.Assignee) > 0) {
|
||||
if ctx.Repo.Permission.CanWrite(unit.TypePullRequests) && (form.Assignees != nil || len(form.Assignee) > 0) {
|
||||
err = issue_service.UpdateAssignees(ctx, issue, form.Assignee, form.Assignees, ctx.Doer)
|
||||
if err != nil {
|
||||
if user_model.IsErrUserNotExist(err) {
|
||||
@@ -729,7 +729,7 @@ func EditPullRequest(ctx *context.APIContext) {
|
||||
}
|
||||
}
|
||||
|
||||
if ctx.Repo.CanWrite(unit.TypePullRequests) && form.Milestone != 0 &&
|
||||
if ctx.Repo.Permission.CanWrite(unit.TypePullRequests) && form.Milestone != 0 &&
|
||||
issue.MilestoneID != form.Milestone {
|
||||
oldMilestoneID := issue.MilestoneID
|
||||
issue.MilestoneID = form.Milestone
|
||||
@@ -744,7 +744,7 @@ func EditPullRequest(ctx *context.APIContext) {
|
||||
}
|
||||
}
|
||||
|
||||
if ctx.Repo.CanWrite(unit.TypePullRequests) && form.Labels != nil {
|
||||
if ctx.Repo.Permission.CanWrite(unit.TypePullRequests) && form.Labels != nil {
|
||||
labels, err := issues_model.GetLabelsInRepoByIDs(ctx, ctx.Repo.Repository.ID, form.Labels)
|
||||
if err != nil {
|
||||
ctx.APIErrorInternal(err)
|
||||
|
||||
@@ -1003,7 +1003,7 @@ func UnDismissPullReview(ctx *context.APIContext) {
|
||||
}
|
||||
|
||||
func dismissReview(ctx *context.APIContext, msg string, isDismiss, dismissPriors bool) {
|
||||
if !ctx.Repo.IsAdmin() {
|
||||
if !ctx.Repo.Permission.IsAdmin() {
|
||||
ctx.APIError(http.StatusForbidden, "Must be repo admin")
|
||||
return
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ import (
|
||||
)
|
||||
|
||||
func canAccessReleaseDraft(ctx *context.APIContext) bool {
|
||||
if !ctx.IsSigned || !ctx.Repo.CanWrite(unit.TypeReleases) {
|
||||
if !ctx.IsSigned || !ctx.Repo.Permission.CanWrite(unit.TypeReleases) {
|
||||
return false
|
||||
}
|
||||
if ctx.Data["IsApiToken"] != true {
|
||||
|
||||
@@ -60,7 +60,7 @@ func GetReleaseByTag(ctx *context.APIContext) {
|
||||
}
|
||||
|
||||
if release.IsDraft { // only the users with write access can see draft releases
|
||||
if !ctx.IsSigned || !ctx.Repo.CanWrite(unit_model.TypeReleases) {
|
||||
if !ctx.IsSigned || !ctx.Repo.Permission.CanWrite(unit_model.TypeReleases) {
|
||||
ctx.APIErrorNotFound()
|
||||
return
|
||||
}
|
||||
|
||||
@@ -187,7 +187,7 @@ func changeRepoTeam(ctx *context.APIContext, add bool) {
|
||||
if !ctx.Repo.Owner.IsOrganization() {
|
||||
ctx.APIError(http.StatusMethodNotAllowed, "repo is not owned by an organization")
|
||||
}
|
||||
if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.IsOwner() {
|
||||
if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.Permission.IsOwner() {
|
||||
ctx.APIError(http.StatusForbidden, "user is nor repo admin nor owner")
|
||||
return
|
||||
}
|
||||
|
||||
@@ -57,7 +57,7 @@ func MustEnableActions(ctx *context.Context) {
|
||||
}
|
||||
|
||||
if ctx.Repo.Repository != nil {
|
||||
if !ctx.Repo.CanRead(unit.TypeActions) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeActions) {
|
||||
ctx.NotFound(nil)
|
||||
return
|
||||
}
|
||||
@@ -181,7 +181,7 @@ func prepareWorkflowTemplate(ctx *context.Context, commit *git.Commit) (workflow
|
||||
|
||||
ctx.Data["workflows"] = workflows
|
||||
ctx.Data["RepoLink"] = ctx.Repo.Repository.Link()
|
||||
ctx.Data["AllowDisableOrEnableWorkflow"] = ctx.Repo.IsAdmin()
|
||||
ctx.Data["AllowDisableOrEnableWorkflow"] = ctx.Repo.Permission.IsAdmin()
|
||||
actionsConfig := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
|
||||
ctx.Data["ActionsConfig"] = actionsConfig
|
||||
ctx.Data["CurWorkflow"] = curWorkflowID
|
||||
@@ -192,7 +192,7 @@ func prepareWorkflowTemplate(ctx *context.Context, commit *git.Commit) (workflow
|
||||
|
||||
func prepareWorkflowDispatchTemplate(ctx *context.Context, workflowInfos []WorkflowInfo, curWorkflowID string) {
|
||||
actionsConfig := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
|
||||
if curWorkflowID == "" || !ctx.Repo.CanWrite(unit.TypeActions) || actionsConfig.IsWorkflowDisabled(curWorkflowID) {
|
||||
if curWorkflowID == "" || !ctx.Repo.Permission.CanWrite(unit.TypeActions) || actionsConfig.IsWorkflowDisabled(curWorkflowID) {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -355,7 +355,7 @@ func prepareWorkflowList(ctx *context.Context, workflows []WorkflowInfo) {
|
||||
ctx.Data["Page"] = pager
|
||||
ctx.Data["HasWorkflowsOrRuns"] = len(workflows) > 0 || len(runs) > 0
|
||||
|
||||
ctx.Data["CanWriteRepoUnitActions"] = ctx.Repo.CanWrite(unit.TypeActions)
|
||||
ctx.Data["CanWriteRepoUnitActions"] = ctx.Repo.Permission.CanWrite(unit.TypeActions)
|
||||
}
|
||||
|
||||
// loadIsRefDeleted loads the IsRefDeleted field for each run in the list.
|
||||
|
||||
@@ -417,10 +417,10 @@ func fillViewRunResponseSummary(ctx *context_module.Context, resp *ViewResponse,
|
||||
resp.State.Run.Duration = run.Duration().String()
|
||||
resp.State.Run.TriggeredAt = run.Created.AsTime().Unix()
|
||||
}
|
||||
resp.State.Run.CanCancel = isLatestAttempt && !resp.State.Run.Done && ctx.Repo.CanWrite(unit.TypeActions)
|
||||
resp.State.Run.CanApprove = isLatestAttempt && run.NeedApproval && ctx.Repo.CanWrite(unit.TypeActions)
|
||||
resp.State.Run.CanRerun = isLatestAttempt && resp.State.Run.Done && ctx.Repo.CanWrite(unit.TypeActions)
|
||||
resp.State.Run.CanDeleteArtifact = resp.State.Run.Done && ctx.Repo.CanWrite(unit.TypeActions)
|
||||
resp.State.Run.CanCancel = isLatestAttempt && !resp.State.Run.Done && ctx.Repo.Permission.CanWrite(unit.TypeActions)
|
||||
resp.State.Run.CanApprove = isLatestAttempt && run.NeedApproval && ctx.Repo.Permission.CanWrite(unit.TypeActions)
|
||||
resp.State.Run.CanRerun = isLatestAttempt && resp.State.Run.Done && ctx.Repo.Permission.CanWrite(unit.TypeActions)
|
||||
resp.State.Run.CanDeleteArtifact = resp.State.Run.Done && ctx.Repo.Permission.CanWrite(unit.TypeActions)
|
||||
if resp.State.Run.CanRerun {
|
||||
for _, job := range jobs {
|
||||
if job.Status == actions_model.StatusFailure || job.Status == actions_model.StatusCancelled {
|
||||
|
||||
@@ -48,7 +48,7 @@ func Activity(ctx *context.Context) {
|
||||
ctx.Data["Period"] = period
|
||||
ctx.Data["PeriodText"] = ctx.Tr("repo.activity.period." + period)
|
||||
|
||||
canReadCode := ctx.Repo.CanRead(unit.TypeCode)
|
||||
canReadCode := ctx.Repo.Permission.CanRead(unit.TypeCode)
|
||||
if canReadCode {
|
||||
// GetActivityStats needs to read the default branch to get some information
|
||||
branchExist, _ := git_model.IsBranchExist(ctx, ctx.Repo.Repository.ID, ctx.Repo.Repository.DefaultBranch)
|
||||
@@ -62,9 +62,9 @@ func Activity(ctx *context.Context) {
|
||||
var err error
|
||||
// TODO: refactor these arguments to a struct
|
||||
ctx.Data["Activity"], err = activities_model.GetActivityStats(ctx, ctx.Repo.Repository, timeFrom,
|
||||
ctx.Repo.CanRead(unit.TypeReleases),
|
||||
ctx.Repo.CanRead(unit.TypeIssues),
|
||||
ctx.Repo.CanRead(unit.TypePullRequests),
|
||||
ctx.Repo.Permission.CanRead(unit.TypeReleases),
|
||||
ctx.Repo.Permission.CanRead(unit.TypeIssues),
|
||||
ctx.Repo.Permission.CanRead(unit.TypePullRequests),
|
||||
canReadCode,
|
||||
)
|
||||
if err != nil {
|
||||
|
||||
@@ -39,10 +39,10 @@ const (
|
||||
func Branches(ctx *context.Context) {
|
||||
ctx.Data["Title"] = "Branches"
|
||||
ctx.Data["AllowsPulls"] = ctx.Repo.Repository.AllowsPulls(ctx)
|
||||
ctx.Data["IsWriter"] = ctx.Repo.CanWrite(unit.TypeCode)
|
||||
ctx.Data["IsWriter"] = ctx.Repo.Permission.CanWrite(unit.TypeCode)
|
||||
ctx.Data["IsMirror"] = ctx.Repo.Repository.IsMirror
|
||||
// TODO: Can be replaced by ctx.Repo.PullRequestCtx.CanCreateNewPull()
|
||||
ctx.Data["CanPull"] = ctx.Repo.CanWrite(unit.TypeCode) ||
|
||||
ctx.Data["CanPull"] = ctx.Repo.Permission.CanWrite(unit.TypeCode) ||
|
||||
(ctx.IsSigned && repo_model.HasForkedRepo(ctx, ctx.Doer.ID, ctx.Repo.Repository.ID))
|
||||
ctx.Data["PageIsViewCode"] = true
|
||||
ctx.Data["PageIsBranches"] = true
|
||||
@@ -68,7 +68,7 @@ func Branches(ctx *context.Context) {
|
||||
ctx.ServerError("LoadBranches", err)
|
||||
return
|
||||
}
|
||||
if !ctx.Repo.CanRead(unit.TypeActions) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeActions) {
|
||||
for key := range commitStatuses {
|
||||
git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key])
|
||||
}
|
||||
|
||||
@@ -384,7 +384,7 @@ func Diff(ctx *context.Context) {
|
||||
if err != nil {
|
||||
log.Error("GetLatestCommitStatus: %v", err)
|
||||
}
|
||||
if !ctx.Repo.CanRead(unit_model.TypeActions) {
|
||||
if !ctx.Repo.Permission.CanRead(unit_model.TypeActions) {
|
||||
git_model.CommitStatusesHideActionsURL(ctx, statuses)
|
||||
}
|
||||
|
||||
@@ -466,7 +466,7 @@ func processGitCommits(ctx *context.Context, gitCommits []*git.Commit) ([]*git_m
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if !ctx.Repo.CanRead(unit_model.TypeActions) {
|
||||
if !ctx.Repo.Permission.CanRead(unit_model.TypeActions) {
|
||||
for _, commit := range commits {
|
||||
if commit.Status == nil {
|
||||
continue
|
||||
|
||||
@@ -707,11 +707,11 @@ func CompareDiff(ctx *context.Context) {
|
||||
}
|
||||
}
|
||||
|
||||
ctx.Data["IsProjectsEnabled"] = ctx.Repo.CanWrite(unit.TypeProjects)
|
||||
ctx.Data["IsProjectsEnabled"] = ctx.Repo.Permission.CanWrite(unit.TypeProjects)
|
||||
ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
|
||||
upload.AddUploadContext(ctx, "comment")
|
||||
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWrite(unit.TypePullRequests)
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWrite(unit.TypePullRequests)
|
||||
|
||||
if unit, err := ctx.Repo.Repository.GetUnit(ctx, unit.TypePullRequests); err == nil {
|
||||
config := unit.PullRequestsConfig()
|
||||
@@ -802,7 +802,7 @@ func ExcerptBlob(ctx *context.Context) {
|
||||
|
||||
diffBlobExcerptData.PullIssueIndex = ctx.FormInt64("pull_issue_index")
|
||||
if diffBlobExcerptData.PullIssueIndex > 0 {
|
||||
if !ctx.Repo.CanRead(unit.TypePullRequests) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypePullRequests) {
|
||||
ctx.NotFound(nil)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -81,7 +81,7 @@ func MustAllowUserComment(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
|
||||
if issue.IsLocked && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
|
||||
ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked"))
|
||||
ctx.Redirect(issue.Link())
|
||||
return
|
||||
@@ -90,8 +90,8 @@ func MustAllowUserComment(ctx *context.Context) {
|
||||
|
||||
// MustEnableIssues check if repository enable internal issues
|
||||
func MustEnableIssues(ctx *context.Context) {
|
||||
if !ctx.Repo.CanRead(unit.TypeIssues) &&
|
||||
!ctx.Repo.CanRead(unit.TypeExternalTracker) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeIssues) &&
|
||||
!ctx.Repo.Permission.CanRead(unit.TypeExternalTracker) {
|
||||
ctx.NotFound(nil)
|
||||
return
|
||||
}
|
||||
@@ -105,7 +105,7 @@ func MustEnableIssues(ctx *context.Context) {
|
||||
|
||||
// MustAllowPulls check if repository enable pull requests and user have right to do that
|
||||
func MustAllowPulls(ctx *context.Context) {
|
||||
if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.CanRead(unit.TypePullRequests) {
|
||||
if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.Permission.CanRead(unit.TypePullRequests) {
|
||||
ctx.NotFound(nil)
|
||||
return
|
||||
}
|
||||
@@ -195,8 +195,8 @@ func GetActionIssue(ctx *context.Context) *issues_model.Issue {
|
||||
}
|
||||
|
||||
func checkIssueRights(ctx *context.Context, issue *issues_model.Issue) {
|
||||
if issue.IsPull && !ctx.Repo.CanRead(unit.TypePullRequests) ||
|
||||
!issue.IsPull && !ctx.Repo.CanRead(unit.TypeIssues) {
|
||||
if issue.IsPull && !ctx.Repo.Permission.CanRead(unit.TypePullRequests) ||
|
||||
!issue.IsPull && !ctx.Repo.Permission.CanRead(unit.TypeIssues) {
|
||||
ctx.NotFound(nil)
|
||||
}
|
||||
}
|
||||
@@ -221,8 +221,8 @@ func getActionIssues(ctx *context.Context) issues_model.IssueList {
|
||||
return nil
|
||||
}
|
||||
// Check access rights for all issues
|
||||
issueUnitEnabled := ctx.Repo.CanRead(unit.TypeIssues)
|
||||
prUnitEnabled := ctx.Repo.CanRead(unit.TypePullRequests)
|
||||
issueUnitEnabled := ctx.Repo.Permission.CanRead(unit.TypeIssues)
|
||||
prUnitEnabled := ctx.Repo.Permission.CanRead(unit.TypePullRequests)
|
||||
for _, issue := range issues {
|
||||
if issue.RepoID != ctx.Repo.Repository.ID {
|
||||
ctx.NotFound(errors.New("some issue's RepoID is incorrect"))
|
||||
@@ -254,13 +254,13 @@ func GetIssueInfo(ctx *context.Context) {
|
||||
|
||||
if issue.IsPull {
|
||||
// Need to check if Pulls are enabled and we can read Pulls
|
||||
if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.CanRead(unit.TypePullRequests) {
|
||||
if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.Permission.CanRead(unit.TypePullRequests) {
|
||||
ctx.HTTPError(http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
// Need to check if Issues are enabled and we can read Issues
|
||||
if !ctx.Repo.CanRead(unit.TypeIssues) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeIssues) {
|
||||
ctx.HTTPError(http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
@@ -279,7 +279,7 @@ func UpdateIssueTitle(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) {
|
||||
if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) {
|
||||
ctx.HTTPError(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
@@ -307,7 +307,7 @@ func UpdateIssueRef(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) || issue.IsPull {
|
||||
if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) || issue.IsPull {
|
||||
ctx.HTTPError(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
@@ -331,7 +331,7 @@ func UpdateIssueContent(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) {
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) {
|
||||
ctx.HTTPError(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
@@ -387,7 +387,7 @@ func UpdateIssueDeadline(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
ctx.HTTPError(http.StatusForbidden, "", "Not repo writer")
|
||||
return
|
||||
}
|
||||
@@ -486,7 +486,7 @@ func ChangeIssueReaction(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull)) {
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull)) {
|
||||
if log.IsTrace() {
|
||||
if ctx.IsSigned {
|
||||
issueType := "issues"
|
||||
|
||||
@@ -45,14 +45,14 @@ func NewComment(ctx *context.Context) {
|
||||
form := web.GetForm(ctx).(*forms.CreateCommentForm)
|
||||
issueType := util.Iif(issue.IsPull, "pulls", "issues")
|
||||
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull)) {
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull)) {
|
||||
log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+
|
||||
"User in Repo has Permissions: %-+v", ctx.Doer, issue.PosterID, issueType, ctx.Repo.Repository, ctx.Repo.Permission)
|
||||
ctx.HTTPError(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
|
||||
if issue.IsLocked && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
|
||||
ctx.JSONError(ctx.Tr("repo.issues.comment_on_locked"))
|
||||
return
|
||||
}
|
||||
@@ -85,7 +85,7 @@ func NewComment(ctx *context.Context) {
|
||||
// TODO: need further refactoring to the code below
|
||||
|
||||
// Check if doer can change the status of issue (close, reopen).
|
||||
if (ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) || (ctx.IsSigned && issue.IsPoster(ctx.Doer.ID))) &&
|
||||
if (ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) || (ctx.IsSigned && issue.IsPoster(ctx.Doer.ID))) &&
|
||||
(form.Status == "reopen" || form.Status == "close") &&
|
||||
!(issue.IsPull && issue.PullRequest.HasMerged) {
|
||||
// Duplication and conflict check should apply to reopen pull request.
|
||||
@@ -205,7 +205,7 @@ func UpdateCommentContent(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {
|
||||
ctx.HTTPError(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
@@ -289,7 +289,7 @@ func DeleteComment(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {
|
||||
ctx.HTTPError(http.StatusForbidden)
|
||||
return
|
||||
} else if !comment.Type.HasContentSupport() {
|
||||
@@ -324,7 +324,7 @@ func ChangeCommentReaction(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull)) {
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanReadIssuesOrPulls(comment.Issue.IsPull)) {
|
||||
if log.IsTrace() {
|
||||
if ctx.IsSigned {
|
||||
issueType := "issues"
|
||||
|
||||
@@ -88,7 +88,7 @@ func canSoftDeleteContentHistory(ctx *context.Context, issue *issues_model.Issue
|
||||
history *issues_model.ContentHistory,
|
||||
) (canSoftDelete bool) {
|
||||
// CanWrite means the doer can manage the issue/PR list
|
||||
if ctx.Repo.IsOwner() || ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
if ctx.Repo.Permission.IsOwner() || ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||
canSoftDelete = true
|
||||
} else if ctx.Doer != nil {
|
||||
// for read-only users, they could still post issues or comments,
|
||||
|
||||
@@ -641,7 +641,7 @@ func prepareIssueFilterAndList(ctx *context.Context, milestoneID, projectID int6
|
||||
ctx.ServerError("GetIssuesAllCommitStatus", err)
|
||||
return
|
||||
}
|
||||
if !ctx.Repo.CanRead(unit.TypeActions) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeActions) {
|
||||
for key := range commitStatuses {
|
||||
git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key])
|
||||
}
|
||||
@@ -700,7 +700,7 @@ func prepareIssueFilterAndList(ctx *context.Context, milestoneID, projectID int6
|
||||
showArchivedLabels := ctx.FormBool("archived_labels")
|
||||
ctx.Data["ShowArchivedLabels"] = showArchivedLabels
|
||||
ctx.Data["PinnedIssues"] = pinned
|
||||
ctx.Data["IsRepoAdmin"] = ctx.IsSigned && (ctx.Repo.IsAdmin() || ctx.Doer.IsAdmin)
|
||||
ctx.Data["IsRepoAdmin"] = ctx.IsSigned && (ctx.Repo.Permission.IsAdmin() || ctx.Doer.IsAdmin)
|
||||
ctx.Data["IssueStats"] = issueStats
|
||||
ctx.Data["OpenCount"] = issueStats.OpenCount
|
||||
ctx.Data["ClosedCount"] = issueStats.ClosedCount
|
||||
@@ -759,7 +759,7 @@ func Issues(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
ctx.Data["CanWriteIssuesOrPulls"] = ctx.Repo.CanWriteIssuesOrPulls(isPullList)
|
||||
ctx.Data["CanWriteIssuesOrPulls"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(isPullList)
|
||||
|
||||
ctx.HTML(http.StatusOK, tplIssues)
|
||||
}
|
||||
|
||||
@@ -110,7 +110,7 @@ func NewIssue(ctx *context.Context) {
|
||||
body := ctx.FormString("body")
|
||||
ctx.Data["BodyQuery"] = body
|
||||
|
||||
isProjectsEnabled := ctx.Repo.CanRead(unit.TypeProjects)
|
||||
isProjectsEnabled := ctx.Repo.Permission.CanRead(unit.TypeProjects)
|
||||
ctx.Data["IsProjectsEnabled"] = isProjectsEnabled
|
||||
ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
|
||||
upload.AddUploadContext(ctx, "comment")
|
||||
@@ -144,7 +144,7 @@ func NewIssue(ctx *context.Context) {
|
||||
ctx.Flash.Warning(renderErrorOfTemplates(ctx, ret.TemplateErrors), true)
|
||||
}
|
||||
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWrite(unit.TypeIssues)
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWrite(unit.TypeIssues)
|
||||
|
||||
if !issueConfig.BlankIssuesEnabled && hasTemplates && !templateLoaded {
|
||||
// The "issues/new" and "issues/new/choose" share the same query parameters "project" and "milestone", if blank issues are disabled, just redirect to the "issues/choose" page with these parameters.
|
||||
@@ -344,7 +344,7 @@ func NewIssuePost(ctx *context.Context) {
|
||||
labelIDs, assigneeIDs, milestoneID, projectID := validateRet.LabelIDs, validateRet.AssigneeIDs, validateRet.MilestoneID, validateRet.ProjectID
|
||||
|
||||
if projectID > 0 {
|
||||
if !ctx.Repo.CanRead(unit.TypeProjects) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeProjects) {
|
||||
// User must also be able to see the project.
|
||||
ctx.HTTPError(http.StatusBadRequest, "user hasn't permissions to read projects")
|
||||
return
|
||||
|
||||
@@ -110,7 +110,7 @@ func retrieveRepoIssueMetaData(ctx *context.Context, repo *repo_model.Repository
|
||||
// A reader(creator) could update some meta (eg: target branch), but can't change assignees anymore.
|
||||
// For non-creator users, only writers could update some meta (eg: assignees, milestone, project)
|
||||
// Need to clarify the logic and add some tests in the future
|
||||
data.CanModifyIssueOrPull = ctx.Repo.CanWriteIssuesOrPulls(isPull) && !ctx.Repo.Repository.IsArchived
|
||||
data.CanModifyIssueOrPull = ctx.Repo.Permission.CanWriteIssuesOrPulls(isPull) && !ctx.Repo.Repository.IsArchived
|
||||
if !data.CanModifyIssueOrPull {
|
||||
return data
|
||||
}
|
||||
|
||||
@@ -16,8 +16,8 @@ import (
|
||||
func IssueSuggestions(ctx *context.Context) {
|
||||
keyword := ctx.Req.FormValue("q")
|
||||
|
||||
canReadIssues := ctx.Repo.CanRead(unit.TypeIssues)
|
||||
canReadPulls := ctx.Repo.CanRead(unit.TypePullRequests)
|
||||
canReadIssues := ctx.Repo.Permission.CanRead(unit.TypeIssues)
|
||||
canReadPulls := ctx.Repo.Permission.CanRead(unit.TypePullRequests)
|
||||
|
||||
var isPull optional.Option[bool]
|
||||
if canReadPulls && !canReadIssues {
|
||||
|
||||
@@ -91,7 +91,7 @@ func UpdateIssueTimeEstimate(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) {
|
||||
if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) {
|
||||
ctx.HTTPError(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -336,7 +336,7 @@ func ViewIssue(ctx *context.Context) {
|
||||
ctx.Data["NewIssueChooseTemplate"] = issue_service.HasTemplatesOrContactLinks(ctx.Repo.Repository, ctx.Repo.GitRepo)
|
||||
}
|
||||
|
||||
ctx.Data["IsProjectsEnabled"] = ctx.Repo.CanRead(unit.TypeProjects)
|
||||
ctx.Data["IsProjectsEnabled"] = ctx.Repo.Permission.CanRead(unit.TypeProjects)
|
||||
ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
|
||||
upload.AddUploadContext(ctx, "comment")
|
||||
|
||||
@@ -400,9 +400,9 @@ func ViewIssue(ctx *context.Context) {
|
||||
ctx.Data["Reference"] = issue.Ref
|
||||
ctx.Data["SignInLink"] = middleware.RedirectLinkUserLogin(ctx.Req)
|
||||
ctx.Data["IsIssuePoster"] = ctx.IsSigned && issue.IsPoster(ctx.Doer.ID)
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)
|
||||
ctx.Data["HasProjectsWritePermission"] = ctx.Repo.CanWrite(unit.TypeProjects)
|
||||
ctx.Data["IsRepoAdmin"] = ctx.IsSigned && (ctx.Repo.IsAdmin() || ctx.Doer.IsAdmin)
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)
|
||||
ctx.Data["HasProjectsWritePermission"] = ctx.Repo.Permission.CanWrite(unit.TypeProjects)
|
||||
ctx.Data["IsRepoAdmin"] = ctx.IsSigned && (ctx.Repo.Permission.IsAdmin() || ctx.Doer.IsAdmin)
|
||||
ctx.Data["LockReasons"] = setting.Repository.Issue.LockReasons
|
||||
ctx.Data["RefEndName"] = git.RefName(issue.Ref).ShortName()
|
||||
|
||||
@@ -446,14 +446,14 @@ func ViewPullMergeBox(ctx *context.Context) {
|
||||
|
||||
// TODO: it should use a dedicated struct to render the pull merge box, to make sure all data is prepared correctly
|
||||
ctx.Data["IsIssuePoster"] = ctx.IsSigned && issue.IsPoster(ctx.Doer.ID)
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)
|
||||
ctx.HTML(http.StatusOK, tplPullMergeBox)
|
||||
}
|
||||
|
||||
func prepareIssueViewSidebarDependency(ctx *context.Context, issue *issues_model.Issue) {
|
||||
if issue.IsPull && !ctx.Repo.CanRead(unit.TypeIssues) {
|
||||
if issue.IsPull && !ctx.Repo.Permission.CanRead(unit.TypeIssues) {
|
||||
ctx.Data["IssueDependencySearchType"] = "pulls"
|
||||
} else if !issue.IsPull && !ctx.Repo.CanRead(unit.TypePullRequests) {
|
||||
} else if !issue.IsPull && !ctx.Repo.Permission.CanRead(unit.TypePullRequests) {
|
||||
ctx.Data["IssueDependencySearchType"] = "issues"
|
||||
} else {
|
||||
ctx.Data["IssueDependencySearchType"] = "all"
|
||||
@@ -763,7 +763,7 @@ func prepareIssueViewCommentsAndSidebarParticipants(ctx *context.Context, issue
|
||||
ctx.ServerError("LoadCommentPushCommits", err)
|
||||
return
|
||||
}
|
||||
if !ctx.Repo.CanRead(unit.TypeActions) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeActions) {
|
||||
for _, commit := range comment.Commits {
|
||||
if commit.Status == nil {
|
||||
continue
|
||||
@@ -1021,7 +1021,7 @@ func (prInfo *pullRequestViewInfo) prepareMergeBox(ctx *context.Context, issue *
|
||||
// Otherwise, there is nothing to do, because the PR view page already contains enough information.
|
||||
data.ShowMergeBox = !pull.HasMerged || data.isPullBranchDeletable
|
||||
|
||||
isRepoAdmin := ctx.IsSigned && (ctx.Repo.IsAdmin() || ctx.Doer.IsAdmin)
|
||||
isRepoAdmin := ctx.IsSigned && (ctx.Repo.Permission.IsAdmin() || ctx.Doer.IsAdmin)
|
||||
|
||||
// admin can merge without checks, writer can merge when checks succeed
|
||||
// admin and writer both can make an auto merge schedule (not affected by overridable blockers)
|
||||
|
||||
@@ -23,7 +23,7 @@ func IssueWatch(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull)) {
|
||||
if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull)) {
|
||||
if log.IsTrace() {
|
||||
if ctx.IsSigned {
|
||||
issueType := "issues"
|
||||
|
||||
@@ -265,8 +265,8 @@ func MilestoneIssuesAndPulls(ctx *context.Context) {
|
||||
ret := issue.ParseTemplatesFromDefaultBranch(ctx.Repo.Repository, ctx.Repo.GitRepo)
|
||||
ctx.Data["NewIssueChooseTemplate"] = len(ret.IssueTemplates) > 0
|
||||
|
||||
ctx.Data["CanWriteIssues"] = ctx.Repo.CanWriteIssuesOrPulls(false)
|
||||
ctx.Data["CanWritePulls"] = ctx.Repo.CanWriteIssuesOrPulls(true)
|
||||
ctx.Data["CanWriteIssues"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(false)
|
||||
ctx.Data["CanWritePulls"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(true)
|
||||
|
||||
ctx.HTML(http.StatusOK, tplMilestoneIssues)
|
||||
}
|
||||
|
||||
@@ -59,7 +59,7 @@ func Packages(ctx *context.Context) {
|
||||
ctx.Data["PackageType"] = packageType
|
||||
ctx.Data["AvailableTypes"] = packages.TypeList
|
||||
ctx.Data["HasPackages"] = hasPackages
|
||||
ctx.Data["CanWritePackages"] = ctx.Repo.CanWrite(unit.TypePackages) || ctx.IsUserSiteAdmin()
|
||||
ctx.Data["CanWritePackages"] = ctx.Repo.Permission.CanWrite(unit.TypePackages) || ctx.IsUserSiteAdmin()
|
||||
ctx.Data["PackageDescriptors"] = pds
|
||||
ctx.Data["Total"] = total
|
||||
ctx.Data["RepositoryAccessMap"] = map[int64]bool{ctx.Repo.Repository.ID: true} // There is only the current repository
|
||||
|
||||
@@ -45,7 +45,7 @@ func MustEnableRepoProjects(ctx *context.Context) {
|
||||
|
||||
if ctx.Repo.Repository != nil {
|
||||
projectsUnit := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeProjects)
|
||||
if !ctx.Repo.CanRead(unit.TypeProjects) || !projectsUnit.ProjectsConfig().IsProjectsAllowed(repo_model.ProjectsModeRepo) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeProjects) || !projectsUnit.ProjectsConfig().IsProjectsAllowed(repo_model.ProjectsModeRepo) {
|
||||
ctx.NotFound(nil)
|
||||
return
|
||||
}
|
||||
@@ -521,7 +521,7 @@ func DeleteProjectColumn(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
|
||||
if !ctx.Repo.Permission.IsOwner() && !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
|
||||
ctx.JSON(http.StatusForbidden, map[string]string{
|
||||
"message": "Only authorized users are allowed to perform this action.",
|
||||
})
|
||||
@@ -568,7 +568,7 @@ func DeleteProjectColumn(ctx *context.Context) {
|
||||
// AddColumnToProjectPost allows a new column to be added to a project.
|
||||
func AddColumnToProjectPost(ctx *context.Context) {
|
||||
form := web.GetForm(ctx).(*forms.EditProjectColumnForm)
|
||||
if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
|
||||
if !ctx.Repo.Permission.IsOwner() && !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
|
||||
ctx.JSON(http.StatusForbidden, map[string]string{
|
||||
"message": "Only authorized users are allowed to perform this action.",
|
||||
})
|
||||
@@ -606,7 +606,7 @@ func checkProjectColumnChangePermissions(ctx *context.Context) (*project_model.P
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
|
||||
if !ctx.Repo.Permission.IsOwner() && !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
|
||||
ctx.JSON(http.StatusForbidden, map[string]string{
|
||||
"message": "Only authorized users are allowed to perform this action.",
|
||||
})
|
||||
@@ -692,7 +692,7 @@ func MoveIssues(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
|
||||
if !ctx.Repo.Permission.IsOwner() && !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.CanAccess(perm.AccessModeWrite, unit.TypeProjects) {
|
||||
ctx.JSON(http.StatusForbidden, map[string]string{
|
||||
"message": "Only authorized users are allowed to perform this action.",
|
||||
})
|
||||
|
||||
@@ -383,7 +383,7 @@ func (prInfo *pullRequestViewInfo) prepareViewFillCommitStatusInfo(ctx *context.
|
||||
ctx.ServerError("GetLatestCommitStatus", err)
|
||||
return
|
||||
}
|
||||
if !ctx.Repo.CanRead(unit.TypeActions) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeActions) {
|
||||
git_model.CommitStatusesHideActionsURL(ctx, commitStatuses)
|
||||
}
|
||||
|
||||
@@ -419,7 +419,7 @@ func (prInfo *pullRequestViewInfo) prepareViewFillCommitStatusInfoForOpen(ctx *c
|
||||
}
|
||||
}
|
||||
if statusCheckData.RequireApprovalRunCount > 0 {
|
||||
statusCheckData.CanApprove = ctx.Repo.CanWrite(unit.TypeActions)
|
||||
statusCheckData.CanApprove = ctx.Repo.Permission.CanWrite(unit.TypeActions)
|
||||
}
|
||||
|
||||
pb := prInfo.ProtectedBranchRule
|
||||
@@ -626,7 +626,7 @@ func ViewPullCommits(ctx *context.Context) {
|
||||
ctx.Data["Commits"] = commits
|
||||
ctx.Data["CommitCount"] = len(commits)
|
||||
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)
|
||||
ctx.Data["IsIssuePoster"] = ctx.IsSigned && issue.IsPoster(ctx.Doer.ID)
|
||||
|
||||
// For PR commits page
|
||||
@@ -860,7 +860,7 @@ func viewPullFiles(ctx *context.Context, beforeCommitID, afterCommitID string) {
|
||||
ctx.Data["PendingCodeCommentNumber"] = numPendingCodeComments
|
||||
|
||||
ctx.Data["IsIssuePoster"] = ctx.Doer != nil && issue.IsPoster(ctx.Doer.ID)
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)
|
||||
|
||||
ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
|
||||
// For files changed page
|
||||
@@ -1280,7 +1280,7 @@ func CompareAndPullRequestPost(ctx *context.Context) {
|
||||
ctx.Data["PullRequestWorkInProgressPrefixes"] = setting.Repository.PullRequest.WorkInProgressPrefixes
|
||||
ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
|
||||
upload.AddUploadContext(ctx, "comment")
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWrite(unit.TypePullRequests)
|
||||
ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWrite(unit.TypePullRequests)
|
||||
|
||||
var (
|
||||
repo = ctx.Repo.Repository
|
||||
@@ -1475,7 +1475,7 @@ func UpdatePullRequestTarget(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) {
|
||||
if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) {
|
||||
ctx.HTTPError(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -99,7 +99,7 @@ func getReleaseInfos(ctx *context.Context, opts *repo_model.FindReleasesOptions)
|
||||
}
|
||||
var ok bool
|
||||
|
||||
canReadActions := ctx.Repo.CanRead(unit.TypeActions)
|
||||
canReadActions := ctx.Repo.Permission.CanRead(unit.TypeActions)
|
||||
|
||||
releaseInfos := make([]*ReleaseInfo, 0, len(releases))
|
||||
for _, r := range releases {
|
||||
@@ -161,7 +161,7 @@ func Releases(ctx *context.Context) {
|
||||
listOptions.PageSize = setting.API.MaxResponseItems
|
||||
}
|
||||
|
||||
writeAccess := ctx.Repo.CanWrite(unit.TypeReleases)
|
||||
writeAccess := ctx.Repo.Permission.CanWrite(unit.TypeReleases)
|
||||
ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsArchived
|
||||
|
||||
releases, err := getReleaseInfos(ctx, &repo_model.FindReleasesOptions{
|
||||
@@ -193,7 +193,7 @@ func Releases(ctx *context.Context) {
|
||||
func TagsList(ctx *context.Context) {
|
||||
ctx.Data["PageIsTagList"] = true
|
||||
ctx.Data["Title"] = ctx.Tr("repo.release.tags")
|
||||
ctx.Data["CanCreateRelease"] = ctx.Repo.CanWrite(unit.TypeReleases) && !ctx.Repo.Repository.IsArchived
|
||||
ctx.Data["CanCreateRelease"] = ctx.Repo.Permission.CanWrite(unit.TypeReleases) && !ctx.Repo.Repository.IsArchived
|
||||
|
||||
namePattern := ctx.FormTrim("q")
|
||||
|
||||
@@ -270,7 +270,7 @@ func releasesOrTagsFeed(ctx *context.Context, isReleasesOnly bool, formatType st
|
||||
func SingleRelease(ctx *context.Context) {
|
||||
ctx.Data["PageIsReleaseList"] = true
|
||||
|
||||
writeAccess := ctx.Repo.CanWrite(unit.TypeReleases)
|
||||
writeAccess := ctx.Repo.Permission.CanWrite(unit.TypeReleases)
|
||||
ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsArchived
|
||||
|
||||
releases, err := getReleaseInfos(ctx, &repo_model.FindReleasesOptions{
|
||||
|
||||
@@ -151,7 +151,7 @@ func TestCalReleaseNumCommitsBehind(t *testing.T) {
|
||||
t.Cleanup(func() { ctx.Repo.GitRepo.Close() })
|
||||
|
||||
releases, err := db.Find[repo_model.Release](ctx, repo_model.FindReleasesOptions{
|
||||
IncludeDrafts: ctx.Repo.CanWrite(unit.TypeReleases),
|
||||
IncludeDrafts: ctx.Repo.Permission.CanWrite(unit.TypeReleases),
|
||||
RepoID: ctx.Repo.Repository.ID,
|
||||
})
|
||||
assert.NoError(t, err)
|
||||
|
||||
@@ -322,7 +322,7 @@ func RedirectDownload(ctx *context.Context) {
|
||||
tagNames := []string{vTag}
|
||||
curRepo := ctx.Repo.Repository
|
||||
releases, err := db.Find[repo_model.Release](ctx, repo_model.FindReleasesOptions{
|
||||
IncludeDrafts: ctx.Repo.CanWrite(unit.TypeReleases),
|
||||
IncludeDrafts: ctx.Repo.Permission.CanWrite(unit.TypeReleases),
|
||||
RepoID: curRepo.ID,
|
||||
TagNames: tagNames,
|
||||
})
|
||||
@@ -532,7 +532,7 @@ func SearchRepo(ctx *context.Context) {
|
||||
ctx.JSON(http.StatusInternalServerError, nil)
|
||||
return
|
||||
}
|
||||
if !ctx.Repo.CanRead(unit.TypeActions) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeActions) {
|
||||
git_model.CommitStatusesHideActionsURL(ctx, latestCommitStatuses)
|
||||
}
|
||||
|
||||
|
||||
@@ -149,7 +149,7 @@ func DeleteCollaboration(ctx *context.Context) {
|
||||
|
||||
// AddTeamPost response for adding a team to a repository
|
||||
func AddTeamPost(ctx *context.Context) {
|
||||
if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.IsOwner() {
|
||||
if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.Permission.IsOwner() {
|
||||
ctx.Flash.Error(ctx.Tr("repo.settings.change_team_access_not_allowed"))
|
||||
ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
|
||||
return
|
||||
@@ -195,7 +195,7 @@ func AddTeamPost(ctx *context.Context) {
|
||||
|
||||
// DeleteTeam response for deleting a team from a repository
|
||||
func DeleteTeam(ctx *context.Context) {
|
||||
if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.IsOwner() {
|
||||
if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.Permission.IsOwner() {
|
||||
ctx.Flash.Error(ctx.Tr("repo.settings.change_team_access_not_allowed"))
|
||||
ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
|
||||
return
|
||||
|
||||
@@ -724,7 +724,7 @@ func handleSettingsPostAdminIndex(ctx *context.Context) {
|
||||
func handleSettingsPostConvert(ctx *context.Context) {
|
||||
form := web.GetForm(ctx).(*forms.RepoSettingForm)
|
||||
repo := ctx.Repo.Repository
|
||||
if !ctx.Repo.IsOwner() {
|
||||
if !ctx.Repo.Permission.IsOwner() {
|
||||
ctx.JSONErrorNotFound()
|
||||
return
|
||||
}
|
||||
@@ -754,7 +754,7 @@ func handleSettingsPostConvert(ctx *context.Context) {
|
||||
func handleSettingsPostConvertFork(ctx *context.Context) {
|
||||
form := web.GetForm(ctx).(*forms.RepoSettingForm)
|
||||
repo := ctx.Repo.Repository
|
||||
if !ctx.Repo.IsOwner() {
|
||||
if !ctx.Repo.Permission.IsOwner() {
|
||||
ctx.JSONErrorNotFound()
|
||||
return
|
||||
}
|
||||
@@ -794,7 +794,7 @@ func handleSettingsPostConvertFork(ctx *context.Context) {
|
||||
func handleSettingsPostTransfer(ctx *context.Context) {
|
||||
form := web.GetForm(ctx).(*forms.RepoSettingForm)
|
||||
repo := ctx.Repo.Repository
|
||||
if !ctx.Repo.IsOwner() {
|
||||
if !ctx.Repo.Permission.IsOwner() {
|
||||
ctx.JSONErrorNotFound()
|
||||
return
|
||||
}
|
||||
@@ -857,7 +857,7 @@ func handleSettingsPostTransfer(ctx *context.Context) {
|
||||
|
||||
func handleSettingsPostCancelTransfer(ctx *context.Context) {
|
||||
repo := ctx.Repo.Repository
|
||||
if !ctx.Repo.IsOwner() {
|
||||
if !ctx.Repo.Permission.IsOwner() {
|
||||
ctx.HTTPError(http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
@@ -886,7 +886,7 @@ func handleSettingsPostCancelTransfer(ctx *context.Context) {
|
||||
func handleSettingsPostDelete(ctx *context.Context) {
|
||||
form := web.GetForm(ctx).(*forms.RepoSettingForm)
|
||||
repo := ctx.Repo.Repository
|
||||
if !ctx.Repo.IsOwner() {
|
||||
if !ctx.Repo.Permission.IsOwner() {
|
||||
ctx.JSONErrorNotFound()
|
||||
return
|
||||
}
|
||||
@@ -913,7 +913,7 @@ func handleSettingsPostDelete(ctx *context.Context) {
|
||||
func handleSettingsPostDeleteWiki(ctx *context.Context) {
|
||||
form := web.GetForm(ctx).(*forms.RepoSettingForm)
|
||||
repo := ctx.Repo.Repository
|
||||
if !ctx.Repo.IsOwner() {
|
||||
if !ctx.Repo.Permission.IsOwner() {
|
||||
ctx.JSONErrorNotFound()
|
||||
return
|
||||
}
|
||||
@@ -934,7 +934,7 @@ func handleSettingsPostDeleteWiki(ctx *context.Context) {
|
||||
|
||||
func handleSettingsPostArchive(ctx *context.Context) {
|
||||
repo := ctx.Repo.Repository
|
||||
if !ctx.Repo.IsOwner() {
|
||||
if !ctx.Repo.Permission.IsOwner() {
|
||||
ctx.HTTPError(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
@@ -967,7 +967,7 @@ func handleSettingsPostArchive(ctx *context.Context) {
|
||||
|
||||
func handleSettingsPostUnarchive(ctx *context.Context) {
|
||||
repo := ctx.Repo.Repository
|
||||
if !ctx.Repo.IsOwner() {
|
||||
if !ctx.Repo.Permission.IsOwner() {
|
||||
ctx.HTTPError(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -139,7 +139,7 @@ func loadLatestCommitData(ctx *context.Context, latestCommit *git.Commit) bool {
|
||||
if err != nil {
|
||||
log.Error("GetLatestCommitStatus: %v", err)
|
||||
}
|
||||
if !ctx.Repo.CanRead(unit_model.TypeActions) {
|
||||
if !ctx.Repo.Permission.CanRead(unit_model.TypeActions) {
|
||||
git_model.CommitStatusesHideActionsURL(ctx, statuses)
|
||||
}
|
||||
|
||||
@@ -174,12 +174,11 @@ func markupRenderToHTML(ctx *context.Context, renderCtx *markup.RenderContext, r
|
||||
}
|
||||
|
||||
func checkHomeCodeViewable(ctx *context.Context) {
|
||||
if ctx.Repo.HasUnits() {
|
||||
if ctx.Repo.Permission.HasUnits() {
|
||||
if ctx.Repo.Repository.IsBeingCreated() {
|
||||
task, err := admin_model.GetMigratingTask(ctx, ctx.Repo.Repository.ID)
|
||||
if err != nil {
|
||||
if admin_model.IsErrTaskDoesNotExist(err) {
|
||||
ctx.Data["Repo"] = ctx.Repo
|
||||
ctx.Data["CloneAddr"] = ""
|
||||
ctx.Data["Failed"] = true
|
||||
ctx.HTML(http.StatusOK, tplMigrating)
|
||||
@@ -194,7 +193,6 @@ func checkHomeCodeViewable(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
ctx.Data["Repo"] = ctx.Repo
|
||||
ctx.Data["MigrateTask"] = task
|
||||
ctx.Data["CloneAddr"], _ = util.SanitizeURL(cfg.CloneAddr)
|
||||
ctx.Data["Failed"] = task.Status == structs.TaskStatusFailed
|
||||
|
||||
@@ -31,7 +31,7 @@ import (
|
||||
)
|
||||
|
||||
func checkOutdatedBranch(ctx *context.Context) {
|
||||
if !(ctx.Repo.IsAdmin() || ctx.Repo.IsOwner()) {
|
||||
if !(ctx.Repo.Permission.IsAdmin() || ctx.Repo.Permission.IsOwner()) {
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -47,8 +47,8 @@ const (
|
||||
|
||||
// MustEnableWiki check if wiki is enabled, if external then redirect
|
||||
func MustEnableWiki(ctx *context.Context) {
|
||||
if !ctx.Repo.CanRead(unit.TypeWiki) &&
|
||||
!ctx.Repo.CanRead(unit.TypeExternalWiki) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeWiki) &&
|
||||
!ctx.Repo.Permission.CanRead(unit.TypeExternalWiki) {
|
||||
if log.IsTrace() {
|
||||
log.Trace("Permission Denied: User %-v cannot read %-v or %-v of repo %-v\n"+
|
||||
"User in repo has Permissions: %-+v",
|
||||
@@ -423,14 +423,14 @@ func renderEditPage(ctx *context.Context) {
|
||||
func WikiPost(ctx *context.Context) {
|
||||
switch ctx.FormString("action") {
|
||||
case "_new":
|
||||
if !ctx.Repo.CanWrite(unit.TypeWiki) {
|
||||
if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) {
|
||||
ctx.NotFound(nil)
|
||||
return
|
||||
}
|
||||
NewWikiPost(ctx)
|
||||
return
|
||||
case "_delete":
|
||||
if !ctx.Repo.CanWrite(unit.TypeWiki) {
|
||||
if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) {
|
||||
ctx.NotFound(nil)
|
||||
return
|
||||
}
|
||||
@@ -438,7 +438,7 @@ func WikiPost(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !ctx.Repo.CanWrite(unit.TypeWiki) {
|
||||
if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) {
|
||||
ctx.NotFound(nil)
|
||||
return
|
||||
}
|
||||
@@ -447,7 +447,7 @@ func WikiPost(ctx *context.Context) {
|
||||
|
||||
// Wiki renders single wiki page
|
||||
func Wiki(ctx *context.Context) {
|
||||
ctx.Data["CanWriteWiki"] = ctx.Repo.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived
|
||||
ctx.Data["CanWriteWiki"] = ctx.Repo.Permission.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived
|
||||
|
||||
switch ctx.FormString("action") {
|
||||
case "_pages":
|
||||
@@ -457,14 +457,14 @@ func Wiki(ctx *context.Context) {
|
||||
WikiRevision(ctx)
|
||||
return
|
||||
case "_edit":
|
||||
if !ctx.Repo.CanWrite(unit.TypeWiki) {
|
||||
if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) {
|
||||
ctx.NotFound(nil)
|
||||
return
|
||||
}
|
||||
EditWiki(ctx)
|
||||
return
|
||||
case "_new":
|
||||
if !ctx.Repo.CanWrite(unit.TypeWiki) {
|
||||
if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) {
|
||||
ctx.NotFound(nil)
|
||||
return
|
||||
}
|
||||
@@ -506,7 +506,7 @@ func Wiki(ctx *context.Context) {
|
||||
|
||||
// WikiRevision renders file revision list of wiki page
|
||||
func WikiRevision(ctx *context.Context) {
|
||||
ctx.Data["CanWriteWiki"] = ctx.Repo.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived
|
||||
ctx.Data["CanWriteWiki"] = ctx.Repo.Permission.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived
|
||||
|
||||
if !repo_service.HasWiki(ctx, ctx.Repo.Repository) {
|
||||
ctx.Data["Title"] = ctx.Tr("repo.wiki")
|
||||
@@ -544,7 +544,7 @@ func WikiPages(ctx *context.Context) {
|
||||
}
|
||||
|
||||
ctx.Data["Title"] = ctx.Tr("repo.wiki.pages")
|
||||
ctx.Data["CanWriteWiki"] = ctx.Repo.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived
|
||||
ctx.Data["CanWriteWiki"] = ctx.Repo.Permission.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived
|
||||
|
||||
_, commit, err := findWikiRepoCommit(ctx)
|
||||
if err != nil {
|
||||
|
||||
@@ -558,7 +558,7 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) {
|
||||
ctx.ServerError("GetIssuesLastCommitStatus", err)
|
||||
return
|
||||
}
|
||||
if !ctx.Repo.CanRead(unit.TypeActions) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeActions) {
|
||||
for key := range commitStatuses {
|
||||
git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key])
|
||||
}
|
||||
|
||||
@@ -247,7 +247,7 @@ func NotificationSubscriptions(ctx *context.Context) {
|
||||
ctx.ServerError("GetIssuesAllCommitStatus", err)
|
||||
return
|
||||
}
|
||||
if !ctx.Repo.CanRead(unit.TypeActions) {
|
||||
if !ctx.Repo.Permission.CanRead(unit.TypeActions) {
|
||||
for key := range commitStatuses {
|
||||
git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key])
|
||||
}
|
||||
|
||||
@@ -340,10 +340,10 @@ func (ctx *APIContext) IsUserSiteAdmin() bool {
|
||||
|
||||
// IsUserRepoAdmin returns true if current user is admin in current repo
|
||||
func (ctx *APIContext) IsUserRepoAdmin() bool {
|
||||
return ctx.Repo.IsAdmin()
|
||||
return ctx.Repo.Permission.IsAdmin()
|
||||
}
|
||||
|
||||
// IsUserRepoWriter returns true if current user has "write" privilege in current repo
|
||||
func (ctx *APIContext) IsUserRepoWriter(unitTypes []unit.Type) bool {
|
||||
return slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite)
|
||||
return slices.ContainsFunc(unitTypes, ctx.Repo.Permission.CanWrite)
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ import (
|
||||
// RequireRepoAdmin returns a middleware for requiring repository admin permission
|
||||
func RequireRepoAdmin() func(ctx *Context) {
|
||||
return func(ctx *Context) {
|
||||
if !ctx.IsSigned || !ctx.Repo.IsAdmin() {
|
||||
if !ctx.IsSigned || !ctx.Repo.Permission.IsAdmin() {
|
||||
ctx.NotFound(nil)
|
||||
return
|
||||
}
|
||||
@@ -35,7 +35,7 @@ func CanWriteToBranch() func(ctx *Context) {
|
||||
// RequireUnitWriter returns a middleware for requiring repository write to one of the unit permission
|
||||
func RequireUnitWriter(unitTypes ...unit.Type) func(ctx *Context) {
|
||||
return func(ctx *Context) {
|
||||
if slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite) {
|
||||
if slices.ContainsFunc(unitTypes, ctx.Repo.Permission.CanWrite) {
|
||||
return
|
||||
}
|
||||
ctx.NotFound(nil)
|
||||
@@ -46,7 +46,7 @@ func RequireUnitWriter(unitTypes ...unit.Type) func(ctx *Context) {
|
||||
func RequireUnitReader(unitTypes ...unit.Type) func(ctx *Context) {
|
||||
return func(ctx *Context) {
|
||||
for _, unitType := range unitTypes {
|
||||
if ctx.Repo.CanRead(unitType) {
|
||||
if ctx.Repo.Permission.CanRead(unitType) {
|
||||
return
|
||||
}
|
||||
if unitType == unit.TypeCode && canWriteAsMaintainer(ctx) {
|
||||
|
||||
@@ -58,7 +58,7 @@ func (prc *PullRequestContext) CanCreateNewPull() bool {
|
||||
ctx := prc.ctx
|
||||
// People who have push access or have forked repository can propose a new pull request.
|
||||
can := prc.baseRepo.CanContentChange() &&
|
||||
(ctx.Repo.CanWrite(unit_model.TypeCode) || (ctx.IsSigned && repo_model.HasForkedRepo(ctx, ctx.Doer.ID, ctx.Repo.Repository.ID)))
|
||||
(ctx.Repo.Permission.CanWrite(unit_model.TypeCode) || (ctx.IsSigned && repo_model.HasForkedRepo(ctx, ctx.Doer.ID, ctx.Repo.Repository.ID)))
|
||||
prc.canCreateNewPull = &can
|
||||
return can
|
||||
}
|
||||
@@ -81,7 +81,7 @@ func (prc *PullRequestContext) DefaultTargetBranch() string {
|
||||
|
||||
// Repository contains information to operate a repository
|
||||
type Repository struct {
|
||||
access_model.Permission
|
||||
Permission access_model.Permission
|
||||
|
||||
Repository *repo_model.Repository
|
||||
Owner *user_model.User
|
||||
@@ -597,7 +597,7 @@ func repoAssignmentPrepareTemplateData(ctx *Context, data *repoAssignmentPrepare
|
||||
}
|
||||
ctx.Data["NumReleases"], err = db.Count[repo_model.Release](ctx, repo_model.FindReleasesOptions{
|
||||
// only show draft releases for users who can write, read-only users shouldn't see draft releases.
|
||||
IncludeDrafts: ctx.Repo.CanWrite(unit_model.TypeReleases),
|
||||
IncludeDrafts: ctx.Repo.Permission.CanWrite(unit_model.TypeReleases),
|
||||
RepoID: ctx.Repo.Repository.ID,
|
||||
})
|
||||
if err != nil {
|
||||
@@ -609,10 +609,10 @@ func repoAssignmentPrepareTemplateData(ctx *Context, data *repoAssignmentPrepare
|
||||
ctx.Data["PageTitleCommon"] = repo.Name + " - " + setting.AppName
|
||||
ctx.Data["Repository"] = repo
|
||||
ctx.Data["Owner"] = ctx.Repo.Repository.Owner
|
||||
ctx.Data["CanWriteCode"] = ctx.Repo.CanWrite(unit_model.TypeCode)
|
||||
ctx.Data["CanWriteIssues"] = ctx.Repo.CanWrite(unit_model.TypeIssues)
|
||||
ctx.Data["CanWritePulls"] = ctx.Repo.CanWrite(unit_model.TypePullRequests)
|
||||
ctx.Data["CanWriteActions"] = ctx.Repo.CanWrite(unit_model.TypeActions)
|
||||
ctx.Data["CanWriteCode"] = ctx.Repo.Permission.CanWrite(unit_model.TypeCode)
|
||||
ctx.Data["CanWriteIssues"] = ctx.Repo.Permission.CanWrite(unit_model.TypeIssues)
|
||||
ctx.Data["CanWritePulls"] = ctx.Repo.Permission.CanWrite(unit_model.TypePullRequests)
|
||||
ctx.Data["CanWriteActions"] = ctx.Repo.Permission.CanWrite(unit_model.TypeActions)
|
||||
|
||||
canSignedUserFork, err := repo_module.CanUserForkRepo(ctx, ctx.Doer, ctx.Repo.Repository)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user