diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index e13bbedd295..97fcae245a5 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -394,7 +394,7 @@ func reqSiteAdmin() func(ctx *context.APIContext) { // reqOwner user should be the owner of the repo or site admin. func reqOwner() func(ctx *context.APIContext) { return func(ctx *context.APIContext) { - if !ctx.Repo.IsOwner() && !ctx.IsUserSiteAdmin() { + if !ctx.Repo.Permission.IsOwner() && !ctx.IsUserSiteAdmin() { ctx.APIError(http.StatusForbidden, "user should be the owner of the repo") return } @@ -434,7 +434,7 @@ func reqRepoWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) { // reqRepoReader user should have specific read permission or be a repo admin or a site admin func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) { return func(ctx *context.APIContext) { - if !ctx.Repo.CanRead(unitType) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() { + if !ctx.Repo.Permission.CanRead(unitType) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() { ctx.APIError(http.StatusForbidden, "user should have specific read permission or be a repo admin or a site admin") return } @@ -633,7 +633,7 @@ func orgAssignment(args ...bool) func(ctx *context.APIContext) { } func mustEnableIssues(ctx *context.APIContext) { - if !ctx.Repo.CanRead(unit.TypeIssues) { + if !ctx.Repo.Permission.CanRead(unit.TypeIssues) { if log.IsTrace() { if ctx.IsSigned { log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+ @@ -656,7 +656,7 @@ func mustEnableIssues(ctx *context.APIContext) { } func mustAllowPulls(ctx *context.APIContext) { - if !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanRead(unit.TypePullRequests)) { + if !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.Permission.CanRead(unit.TypePullRequests)) { if ctx.Repo.Repository.CanEnablePulls() && log.IsTrace() { if ctx.IsSigned { log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+ @@ -679,8 +679,8 @@ func mustAllowPulls(ctx *context.APIContext) { } func mustEnableIssuesOrPulls(ctx *context.APIContext) { - if !ctx.Repo.CanRead(unit.TypeIssues) && - !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanRead(unit.TypePullRequests)) { + if !ctx.Repo.Permission.CanRead(unit.TypeIssues) && + !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.Permission.CanRead(unit.TypePullRequests)) { if ctx.Repo.Repository.CanEnablePulls() && log.IsTrace() { if ctx.IsSigned { log.Trace("Permission Denied: User %-v cannot read %-v and %-v in Repo %-v\n"+ @@ -705,7 +705,7 @@ func mustEnableIssuesOrPulls(ctx *context.APIContext) { } func mustEnableWiki(ctx *context.APIContext) { - if !(ctx.Repo.CanRead(unit.TypeWiki)) { + if !(ctx.Repo.Permission.CanRead(unit.TypeWiki)) { ctx.APIErrorNotFound() return } diff --git a/routers/api/v1/repo/branch.go b/routers/api/v1/repo/branch.go index 295e4c2b5ed..a9b88317d4c 100644 --- a/routers/api/v1/repo/branch.go +++ b/routers/api/v1/repo/branch.go @@ -80,7 +80,7 @@ func GetBranch(ctx *context.APIContext) { return } - br, err := convert.ToBranch(ctx, ctx.Repo.Repository, branchName, c, branchProtection, ctx.Doer, ctx.Repo.IsAdmin()) + br, err := convert.ToBranch(ctx, ctx.Repo.Repository, branchName, c, branchProtection, ctx.Doer, ctx.Repo.Permission.IsAdmin()) if err != nil { ctx.APIErrorInternal(err) return @@ -271,7 +271,7 @@ func CreateBranch(ctx *context.APIContext) { return } - br, err := convert.ToBranch(ctx, ctx.Repo.Repository, opt.BranchName, commit, branchProtection, ctx.Doer, ctx.Repo.IsAdmin()) + br, err := convert.ToBranch(ctx, ctx.Repo.Repository, opt.BranchName, commit, branchProtection, ctx.Doer, ctx.Repo.Permission.IsAdmin()) if err != nil { ctx.APIErrorInternal(err) return @@ -366,7 +366,7 @@ func ListBranches(ctx *context.APIContext) { } branchProtection := rules.GetFirstMatched(branches[i].Name) - apiBranch, err := convert.ToBranch(ctx, ctx.Repo.Repository, branches[i].Name, c, branchProtection, ctx.Doer, ctx.Repo.IsAdmin()) + apiBranch, err := convert.ToBranch(ctx, ctx.Repo.Repository, branches[i].Name, c, branchProtection, ctx.Doer, ctx.Repo.Permission.IsAdmin()) if err != nil { ctx.APIErrorInternal(err) return diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go index 20ccd099a47..f8c1c67f067 100644 --- a/routers/api/v1/repo/issue.go +++ b/routers/api/v1/repo/issue.go @@ -442,14 +442,14 @@ func ListIssues(ctx *context.APIContext) { isPull = optional.Some(false) } - if isPull.Has() && !ctx.Repo.CanReadIssuesOrPulls(isPull.Value()) { + if isPull.Has() && !ctx.Repo.Permission.CanReadIssuesOrPulls(isPull.Value()) { ctx.APIErrorNotFound() return } if !isPull.Has() { - canReadIssues := ctx.Repo.CanRead(unit.TypeIssues) - canReadPulls := ctx.Repo.CanRead(unit.TypePullRequests) + canReadIssues := ctx.Repo.Permission.CanRead(unit.TypeIssues) + canReadPulls := ctx.Repo.Permission.CanRead(unit.TypePullRequests) if !canReadIssues && !canReadPulls { ctx.APIErrorNotFound() return @@ -591,7 +591,7 @@ func GetIssue(ctx *context.APIContext) { } return } - if !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull) { + if !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull) { ctx.APIErrorNotFound() return } @@ -638,7 +638,7 @@ func CreateIssue(ctx *context.APIContext) { form := web.GetForm(ctx).(*api.CreateIssueOption) var deadlineUnix timeutil.TimeStamp - if form.Deadline != nil && ctx.Repo.CanWrite(unit.TypeIssues) { + if form.Deadline != nil && ctx.Repo.Permission.CanWrite(unit.TypeIssues) { deadlineUnix = timeutil.TimeStamp(form.Deadline.Unix()) } @@ -655,7 +655,7 @@ func CreateIssue(ctx *context.APIContext) { assigneeIDs := make([]int64, 0) var err error - if ctx.Repo.CanWrite(unit.TypeIssues) { + if ctx.Repo.Permission.CanWrite(unit.TypeIssues) { issue.MilestoneID = form.Milestone assigneeIDs, err = issues_model.MakeIDsFromAPIAssigneesToAdd(ctx, form.Assignee, form.Assignees) if err != nil { @@ -775,7 +775,7 @@ func EditIssue(ctx *context.APIContext) { return } issue.Repo = ctx.Repo.Repository - canWrite := ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) + canWrite := ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) err = issue.LoadAttributes(ctx) if err != nil { @@ -1020,7 +1020,7 @@ func UpdateIssueDeadline(ctx *context.APIContext) { return } - if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { + if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) { ctx.APIError(http.StatusForbidden, "Not repo writer") return } diff --git a/routers/api/v1/repo/issue_attachment.go b/routers/api/v1/repo/issue_attachment.go index b64f7134015..b6db388a221 100644 --- a/routers/api/v1/repo/issue_attachment.go +++ b/routers/api/v1/repo/issue_attachment.go @@ -371,7 +371,7 @@ func getIssueAttachmentSafeRead(ctx *context.APIContext, issue *issues_model.Iss } func canUserWriteIssueAttachment(ctx *context.APIContext, issue *issues_model.Issue) bool { - canEditIssue := ctx.IsSigned && (ctx.Doer.ID == issue.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin() || ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) + canEditIssue := ctx.IsSigned && (ctx.Doer.ID == issue.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin() || ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) if !canEditIssue { ctx.APIError(http.StatusForbidden, "user should have permission to write issue") return false diff --git a/routers/api/v1/repo/issue_comment.go b/routers/api/v1/repo/issue_comment.go index 091fe6998c5..5d79b2ec5ad 100644 --- a/routers/api/v1/repo/issue_comment.go +++ b/routers/api/v1/repo/issue_comment.go @@ -73,7 +73,7 @@ func ListIssueComments(ctx *context.APIContext) { ctx.APIErrorInternal(err) return } - if !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull) { + if !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull) { ctx.APIErrorNotFound() return } @@ -279,8 +279,8 @@ func ListRepoIssueComments(ctx *context.APIContext) { } var isPull optional.Option[bool] - canReadIssue := ctx.Repo.CanRead(unit.TypeIssues) - canReadPull := ctx.Repo.CanRead(unit.TypePullRequests) + canReadIssue := ctx.Repo.Permission.CanRead(unit.TypeIssues) + canReadPull := ctx.Repo.Permission.CanRead(unit.TypePullRequests) if canReadIssue && canReadPull { isPull = optional.None[bool]() } else if canReadIssue { @@ -386,12 +386,12 @@ func CreateIssueComment(ctx *context.APIContext) { return } - if !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull) { + if !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull) { ctx.APIErrorNotFound() return } - if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin { + if issue.IsLocked && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin { ctx.APIError(http.StatusForbidden, errors.New(ctx.Locale.TrString("repo.issues.comment_on_locked"))) return } @@ -455,7 +455,7 @@ func GetIssueComment(ctx *context.APIContext) { return } - if !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull) { + if !ctx.Repo.Permission.CanReadIssuesOrPulls(comment.Issue.IsPull) { ctx.APIErrorNotFound() return } @@ -580,7 +580,7 @@ func editIssueComment(ctx *context.APIContext, form api.EditIssueCommentOption) return } - if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)) { + if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull)) { ctx.Status(http.StatusForbidden) return } @@ -689,7 +689,7 @@ func deleteIssueComment(ctx *context.APIContext) { return } - if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)) { + if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull)) { ctx.Status(http.StatusForbidden) return } else if !comment.Type.HasContentSupport() { diff --git a/routers/api/v1/repo/issue_comment_attachment.go b/routers/api/v1/repo/issue_comment_attachment.go index 30b79a1d548..9a1ce00f16b 100644 --- a/routers/api/v1/repo/issue_comment_attachment.go +++ b/routers/api/v1/repo/issue_comment_attachment.go @@ -358,7 +358,7 @@ func getIssueCommentSafe(ctx *context.APIContext) *issues_model.Comment { return nil } - if !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull) { + if !ctx.Repo.Permission.CanReadIssuesOrPulls(comment.Issue.IsPull) { return nil } @@ -379,7 +379,7 @@ func getIssueCommentAttachmentSafeWrite(ctx *context.APIContext) *repo_model.Att } func canUserWriteIssueCommentAttachment(ctx *context.APIContext, comment *issues_model.Comment) bool { - canEditComment := ctx.IsSigned && (ctx.Doer.ID == comment.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin()) && ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull) + canEditComment := ctx.IsSigned && (ctx.Doer.ID == comment.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin()) && ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull) if !canEditComment { ctx.APIError(http.StatusForbidden, "user should have permission to edit comment") return false diff --git a/routers/api/v1/repo/issue_label.go b/routers/api/v1/repo/issue_label.go index d5eee2d469b..1ac545f41b6 100644 --- a/routers/api/v1/repo/issue_label.go +++ b/routers/api/v1/repo/issue_label.go @@ -173,7 +173,7 @@ func DeleteIssueLabel(ctx *context.APIContext) { return } - if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { + if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) { ctx.Status(http.StatusForbidden) return } @@ -295,7 +295,7 @@ func ClearIssueLabels(ctx *context.APIContext) { return } - if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { + if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) { ctx.Status(http.StatusForbidden) return } @@ -319,7 +319,7 @@ func prepareForReplaceOrAdd(ctx *context.APIContext, form api.IssueLabelsOption) return nil, nil, err } - if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { + if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) { ctx.APIError(http.StatusForbidden, "write permission is required") return nil, nil, errors.New("permission denied") } diff --git a/routers/api/v1/repo/issue_lock.go b/routers/api/v1/repo/issue_lock.go index b9e5bcf6eba..2f797a162ff 100644 --- a/routers/api/v1/repo/issue_lock.go +++ b/routers/api/v1/repo/issue_lock.go @@ -62,7 +62,7 @@ func LockIssue(ctx *context.APIContext) { return } - if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { + if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) { ctx.APIError(http.StatusForbidden, errors.New("no permission to lock this issue")) return } @@ -129,7 +129,7 @@ func UnlockIssue(ctx *context.APIContext) { return } - if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { + if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) { ctx.APIError(http.StatusForbidden, errors.New("no permission to unlock this issue")) return } diff --git a/routers/api/v1/repo/issue_reaction.go b/routers/api/v1/repo/issue_reaction.go index 1f313acde8c..2c9efd91112 100644 --- a/routers/api/v1/repo/issue_reaction.go +++ b/routers/api/v1/repo/issue_reaction.go @@ -71,7 +71,7 @@ func GetIssueCommentReactions(ctx *context.APIContext) { return } - if !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull) { + if !ctx.Repo.Permission.CanReadIssuesOrPulls(comment.Issue.IsPull) { ctx.APIError(http.StatusForbidden, errors.New("no permission to get reactions")) return } @@ -208,12 +208,12 @@ func changeIssueCommentReaction(ctx *context.APIContext, form api.EditReactionOp return } - if !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull) { + if !ctx.Repo.Permission.CanReadIssuesOrPulls(comment.Issue.IsPull) { ctx.APIErrorNotFound() return } - if comment.Issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull) { + if comment.Issue.IsLocked && !ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull) { ctx.APIError(http.StatusForbidden, errors.New("no permission to change reaction")) return } @@ -304,7 +304,7 @@ func GetIssueReactions(ctx *context.APIContext) { return } - if !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull) { + if !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull) { ctx.APIError(http.StatusForbidden, errors.New("no permission to get reactions")) return } @@ -428,7 +428,7 @@ func changeIssueReaction(ctx *context.APIContext, form api.EditReactionOption, i return } - if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { + if issue.IsLocked && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) { ctx.APIError(http.StatusForbidden, errors.New("no permission to change reaction")) return } diff --git a/routers/api/v1/repo/issue_stopwatch.go b/routers/api/v1/repo/issue_stopwatch.go index f9fbff091d9..8818ab29727 100644 --- a/routers/api/v1/repo/issue_stopwatch.go +++ b/routers/api/v1/repo/issue_stopwatch.go @@ -178,7 +178,7 @@ func prepareIssueForStopwatch(ctx *context.APIContext) *issues_model.Issue { return nil } - if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { + if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) { ctx.Status(http.StatusForbidden) return nil } diff --git a/routers/api/v1/repo/mirror.go b/routers/api/v1/repo/mirror.go index 4370eeb5fac..ac2d8bba06a 100644 --- a/routers/api/v1/repo/mirror.go +++ b/routers/api/v1/repo/mirror.go @@ -51,7 +51,7 @@ func MirrorSync(ctx *context.APIContext) { repo := ctx.Repo.Repository - if !ctx.Repo.CanWrite(unit.TypeCode) { + if !ctx.Repo.Permission.CanWrite(unit.TypeCode) { ctx.APIError(http.StatusForbidden, "Must have write access") } diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go index 8b1fc8f5cbe..aeecc13f4ef 100644 --- a/routers/api/v1/repo/pull.go +++ b/routers/api/v1/repo/pull.go @@ -653,7 +653,7 @@ func EditPullRequest(ctx *context.APIContext) { return } - if !issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.CanWrite(unit.TypePullRequests) { + if !issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWrite(unit.TypePullRequests) { ctx.Status(http.StatusForbidden) return } @@ -715,7 +715,7 @@ func EditPullRequest(ctx *context.APIContext) { // Pass one or more user logins to replace the set of assignees on this Issue. // Send an empty array ([]) to clear all assignees from the Issue. - if ctx.Repo.CanWrite(unit.TypePullRequests) && (form.Assignees != nil || len(form.Assignee) > 0) { + if ctx.Repo.Permission.CanWrite(unit.TypePullRequests) && (form.Assignees != nil || len(form.Assignee) > 0) { err = issue_service.UpdateAssignees(ctx, issue, form.Assignee, form.Assignees, ctx.Doer) if err != nil { if user_model.IsErrUserNotExist(err) { @@ -729,7 +729,7 @@ func EditPullRequest(ctx *context.APIContext) { } } - if ctx.Repo.CanWrite(unit.TypePullRequests) && form.Milestone != 0 && + if ctx.Repo.Permission.CanWrite(unit.TypePullRequests) && form.Milestone != 0 && issue.MilestoneID != form.Milestone { oldMilestoneID := issue.MilestoneID issue.MilestoneID = form.Milestone @@ -744,7 +744,7 @@ func EditPullRequest(ctx *context.APIContext) { } } - if ctx.Repo.CanWrite(unit.TypePullRequests) && form.Labels != nil { + if ctx.Repo.Permission.CanWrite(unit.TypePullRequests) && form.Labels != nil { labels, err := issues_model.GetLabelsInRepoByIDs(ctx, ctx.Repo.Repository.ID, form.Labels) if err != nil { ctx.APIErrorInternal(err) diff --git a/routers/api/v1/repo/pull_review.go b/routers/api/v1/repo/pull_review.go index 82b78296b12..6070445b7c4 100644 --- a/routers/api/v1/repo/pull_review.go +++ b/routers/api/v1/repo/pull_review.go @@ -1003,7 +1003,7 @@ func UnDismissPullReview(ctx *context.APIContext) { } func dismissReview(ctx *context.APIContext, msg string, isDismiss, dismissPriors bool) { - if !ctx.Repo.IsAdmin() { + if !ctx.Repo.Permission.IsAdmin() { ctx.APIError(http.StatusForbidden, "Must be repo admin") return } diff --git a/routers/api/v1/repo/release.go b/routers/api/v1/repo/release.go index c87d22614e8..2eade9eab58 100644 --- a/routers/api/v1/repo/release.go +++ b/routers/api/v1/repo/release.go @@ -22,7 +22,7 @@ import ( ) func canAccessReleaseDraft(ctx *context.APIContext) bool { - if !ctx.IsSigned || !ctx.Repo.CanWrite(unit.TypeReleases) { + if !ctx.IsSigned || !ctx.Repo.Permission.CanWrite(unit.TypeReleases) { return false } if ctx.Data["IsApiToken"] != true { diff --git a/routers/api/v1/repo/release_tags.go b/routers/api/v1/repo/release_tags.go index 8991e201d8b..bca5871aa74 100644 --- a/routers/api/v1/repo/release_tags.go +++ b/routers/api/v1/repo/release_tags.go @@ -60,7 +60,7 @@ func GetReleaseByTag(ctx *context.APIContext) { } if release.IsDraft { // only the users with write access can see draft releases - if !ctx.IsSigned || !ctx.Repo.CanWrite(unit_model.TypeReleases) { + if !ctx.IsSigned || !ctx.Repo.Permission.CanWrite(unit_model.TypeReleases) { ctx.APIErrorNotFound() return } diff --git a/routers/api/v1/repo/teams.go b/routers/api/v1/repo/teams.go index 739a9e3892b..cb0f026933e 100644 --- a/routers/api/v1/repo/teams.go +++ b/routers/api/v1/repo/teams.go @@ -187,7 +187,7 @@ func changeRepoTeam(ctx *context.APIContext, add bool) { if !ctx.Repo.Owner.IsOrganization() { ctx.APIError(http.StatusMethodNotAllowed, "repo is not owned by an organization") } - if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.IsOwner() { + if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.Permission.IsOwner() { ctx.APIError(http.StatusForbidden, "user is nor repo admin nor owner") return } diff --git a/routers/web/repo/actions/actions.go b/routers/web/repo/actions/actions.go index a6a6e539b98..1e9f596fc40 100644 --- a/routers/web/repo/actions/actions.go +++ b/routers/web/repo/actions/actions.go @@ -57,7 +57,7 @@ func MustEnableActions(ctx *context.Context) { } if ctx.Repo.Repository != nil { - if !ctx.Repo.CanRead(unit.TypeActions) { + if !ctx.Repo.Permission.CanRead(unit.TypeActions) { ctx.NotFound(nil) return } @@ -181,7 +181,7 @@ func prepareWorkflowTemplate(ctx *context.Context, commit *git.Commit) (workflow ctx.Data["workflows"] = workflows ctx.Data["RepoLink"] = ctx.Repo.Repository.Link() - ctx.Data["AllowDisableOrEnableWorkflow"] = ctx.Repo.IsAdmin() + ctx.Data["AllowDisableOrEnableWorkflow"] = ctx.Repo.Permission.IsAdmin() actionsConfig := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions).ActionsConfig() ctx.Data["ActionsConfig"] = actionsConfig ctx.Data["CurWorkflow"] = curWorkflowID @@ -192,7 +192,7 @@ func prepareWorkflowTemplate(ctx *context.Context, commit *git.Commit) (workflow func prepareWorkflowDispatchTemplate(ctx *context.Context, workflowInfos []WorkflowInfo, curWorkflowID string) { actionsConfig := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions).ActionsConfig() - if curWorkflowID == "" || !ctx.Repo.CanWrite(unit.TypeActions) || actionsConfig.IsWorkflowDisabled(curWorkflowID) { + if curWorkflowID == "" || !ctx.Repo.Permission.CanWrite(unit.TypeActions) || actionsConfig.IsWorkflowDisabled(curWorkflowID) { return } @@ -355,7 +355,7 @@ func prepareWorkflowList(ctx *context.Context, workflows []WorkflowInfo) { ctx.Data["Page"] = pager ctx.Data["HasWorkflowsOrRuns"] = len(workflows) > 0 || len(runs) > 0 - ctx.Data["CanWriteRepoUnitActions"] = ctx.Repo.CanWrite(unit.TypeActions) + ctx.Data["CanWriteRepoUnitActions"] = ctx.Repo.Permission.CanWrite(unit.TypeActions) } // loadIsRefDeleted loads the IsRefDeleted field for each run in the list. diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go index b5b72b4f125..e17d6b42d7a 100644 --- a/routers/web/repo/actions/view.go +++ b/routers/web/repo/actions/view.go @@ -417,10 +417,10 @@ func fillViewRunResponseSummary(ctx *context_module.Context, resp *ViewResponse, resp.State.Run.Duration = run.Duration().String() resp.State.Run.TriggeredAt = run.Created.AsTime().Unix() } - resp.State.Run.CanCancel = isLatestAttempt && !resp.State.Run.Done && ctx.Repo.CanWrite(unit.TypeActions) - resp.State.Run.CanApprove = isLatestAttempt && run.NeedApproval && ctx.Repo.CanWrite(unit.TypeActions) - resp.State.Run.CanRerun = isLatestAttempt && resp.State.Run.Done && ctx.Repo.CanWrite(unit.TypeActions) - resp.State.Run.CanDeleteArtifact = resp.State.Run.Done && ctx.Repo.CanWrite(unit.TypeActions) + resp.State.Run.CanCancel = isLatestAttempt && !resp.State.Run.Done && ctx.Repo.Permission.CanWrite(unit.TypeActions) + resp.State.Run.CanApprove = isLatestAttempt && run.NeedApproval && ctx.Repo.Permission.CanWrite(unit.TypeActions) + resp.State.Run.CanRerun = isLatestAttempt && resp.State.Run.Done && ctx.Repo.Permission.CanWrite(unit.TypeActions) + resp.State.Run.CanDeleteArtifact = resp.State.Run.Done && ctx.Repo.Permission.CanWrite(unit.TypeActions) if resp.State.Run.CanRerun { for _, job := range jobs { if job.Status == actions_model.StatusFailure || job.Status == actions_model.StatusCancelled { diff --git a/routers/web/repo/activity.go b/routers/web/repo/activity.go index 4cfe879032a..420fa6d557f 100644 --- a/routers/web/repo/activity.go +++ b/routers/web/repo/activity.go @@ -48,7 +48,7 @@ func Activity(ctx *context.Context) { ctx.Data["Period"] = period ctx.Data["PeriodText"] = ctx.Tr("repo.activity.period." + period) - canReadCode := ctx.Repo.CanRead(unit.TypeCode) + canReadCode := ctx.Repo.Permission.CanRead(unit.TypeCode) if canReadCode { // GetActivityStats needs to read the default branch to get some information branchExist, _ := git_model.IsBranchExist(ctx, ctx.Repo.Repository.ID, ctx.Repo.Repository.DefaultBranch) @@ -62,9 +62,9 @@ func Activity(ctx *context.Context) { var err error // TODO: refactor these arguments to a struct ctx.Data["Activity"], err = activities_model.GetActivityStats(ctx, ctx.Repo.Repository, timeFrom, - ctx.Repo.CanRead(unit.TypeReleases), - ctx.Repo.CanRead(unit.TypeIssues), - ctx.Repo.CanRead(unit.TypePullRequests), + ctx.Repo.Permission.CanRead(unit.TypeReleases), + ctx.Repo.Permission.CanRead(unit.TypeIssues), + ctx.Repo.Permission.CanRead(unit.TypePullRequests), canReadCode, ) if err != nil { diff --git a/routers/web/repo/branch.go b/routers/web/repo/branch.go index c566e465e9d..ce0e0b03abf 100644 --- a/routers/web/repo/branch.go +++ b/routers/web/repo/branch.go @@ -39,10 +39,10 @@ const ( func Branches(ctx *context.Context) { ctx.Data["Title"] = "Branches" ctx.Data["AllowsPulls"] = ctx.Repo.Repository.AllowsPulls(ctx) - ctx.Data["IsWriter"] = ctx.Repo.CanWrite(unit.TypeCode) + ctx.Data["IsWriter"] = ctx.Repo.Permission.CanWrite(unit.TypeCode) ctx.Data["IsMirror"] = ctx.Repo.Repository.IsMirror // TODO: Can be replaced by ctx.Repo.PullRequestCtx.CanCreateNewPull() - ctx.Data["CanPull"] = ctx.Repo.CanWrite(unit.TypeCode) || + ctx.Data["CanPull"] = ctx.Repo.Permission.CanWrite(unit.TypeCode) || (ctx.IsSigned && repo_model.HasForkedRepo(ctx, ctx.Doer.ID, ctx.Repo.Repository.ID)) ctx.Data["PageIsViewCode"] = true ctx.Data["PageIsBranches"] = true @@ -68,7 +68,7 @@ func Branches(ctx *context.Context) { ctx.ServerError("LoadBranches", err) return } - if !ctx.Repo.CanRead(unit.TypeActions) { + if !ctx.Repo.Permission.CanRead(unit.TypeActions) { for key := range commitStatuses { git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key]) } diff --git a/routers/web/repo/commit.go b/routers/web/repo/commit.go index 34e588b1416..736a2dff003 100644 --- a/routers/web/repo/commit.go +++ b/routers/web/repo/commit.go @@ -384,7 +384,7 @@ func Diff(ctx *context.Context) { if err != nil { log.Error("GetLatestCommitStatus: %v", err) } - if !ctx.Repo.CanRead(unit_model.TypeActions) { + if !ctx.Repo.Permission.CanRead(unit_model.TypeActions) { git_model.CommitStatusesHideActionsURL(ctx, statuses) } @@ -466,7 +466,7 @@ func processGitCommits(ctx *context.Context, gitCommits []*git.Commit) ([]*git_m if err != nil { return nil, err } - if !ctx.Repo.CanRead(unit_model.TypeActions) { + if !ctx.Repo.Permission.CanRead(unit_model.TypeActions) { for _, commit := range commits { if commit.Status == nil { continue diff --git a/routers/web/repo/compare.go b/routers/web/repo/compare.go index c0833452ea1..7598ce561c3 100644 --- a/routers/web/repo/compare.go +++ b/routers/web/repo/compare.go @@ -707,11 +707,11 @@ func CompareDiff(ctx *context.Context) { } } - ctx.Data["IsProjectsEnabled"] = ctx.Repo.CanWrite(unit.TypeProjects) + ctx.Data["IsProjectsEnabled"] = ctx.Repo.Permission.CanWrite(unit.TypeProjects) ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled upload.AddUploadContext(ctx, "comment") - ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWrite(unit.TypePullRequests) + ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWrite(unit.TypePullRequests) if unit, err := ctx.Repo.Repository.GetUnit(ctx, unit.TypePullRequests); err == nil { config := unit.PullRequestsConfig() @@ -802,7 +802,7 @@ func ExcerptBlob(ctx *context.Context) { diffBlobExcerptData.PullIssueIndex = ctx.FormInt64("pull_issue_index") if diffBlobExcerptData.PullIssueIndex > 0 { - if !ctx.Repo.CanRead(unit.TypePullRequests) { + if !ctx.Repo.Permission.CanRead(unit.TypePullRequests) { ctx.NotFound(nil) return } diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go index 0fe703e150c..1e0abd6ed2b 100644 --- a/routers/web/repo/issue.go +++ b/routers/web/repo/issue.go @@ -81,7 +81,7 @@ func MustAllowUserComment(ctx *context.Context) { return } - if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin { + if issue.IsLocked && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin { ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked")) ctx.Redirect(issue.Link()) return @@ -90,8 +90,8 @@ func MustAllowUserComment(ctx *context.Context) { // MustEnableIssues check if repository enable internal issues func MustEnableIssues(ctx *context.Context) { - if !ctx.Repo.CanRead(unit.TypeIssues) && - !ctx.Repo.CanRead(unit.TypeExternalTracker) { + if !ctx.Repo.Permission.CanRead(unit.TypeIssues) && + !ctx.Repo.Permission.CanRead(unit.TypeExternalTracker) { ctx.NotFound(nil) return } @@ -105,7 +105,7 @@ func MustEnableIssues(ctx *context.Context) { // MustAllowPulls check if repository enable pull requests and user have right to do that func MustAllowPulls(ctx *context.Context) { - if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.CanRead(unit.TypePullRequests) { + if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.Permission.CanRead(unit.TypePullRequests) { ctx.NotFound(nil) return } @@ -195,8 +195,8 @@ func GetActionIssue(ctx *context.Context) *issues_model.Issue { } func checkIssueRights(ctx *context.Context, issue *issues_model.Issue) { - if issue.IsPull && !ctx.Repo.CanRead(unit.TypePullRequests) || - !issue.IsPull && !ctx.Repo.CanRead(unit.TypeIssues) { + if issue.IsPull && !ctx.Repo.Permission.CanRead(unit.TypePullRequests) || + !issue.IsPull && !ctx.Repo.Permission.CanRead(unit.TypeIssues) { ctx.NotFound(nil) } } @@ -221,8 +221,8 @@ func getActionIssues(ctx *context.Context) issues_model.IssueList { return nil } // Check access rights for all issues - issueUnitEnabled := ctx.Repo.CanRead(unit.TypeIssues) - prUnitEnabled := ctx.Repo.CanRead(unit.TypePullRequests) + issueUnitEnabled := ctx.Repo.Permission.CanRead(unit.TypeIssues) + prUnitEnabled := ctx.Repo.Permission.CanRead(unit.TypePullRequests) for _, issue := range issues { if issue.RepoID != ctx.Repo.Repository.ID { ctx.NotFound(errors.New("some issue's RepoID is incorrect")) @@ -254,13 +254,13 @@ func GetIssueInfo(ctx *context.Context) { if issue.IsPull { // Need to check if Pulls are enabled and we can read Pulls - if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.CanRead(unit.TypePullRequests) { + if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.Permission.CanRead(unit.TypePullRequests) { ctx.HTTPError(http.StatusNotFound) return } } else { // Need to check if Issues are enabled and we can read Issues - if !ctx.Repo.CanRead(unit.TypeIssues) { + if !ctx.Repo.Permission.CanRead(unit.TypeIssues) { ctx.HTTPError(http.StatusNotFound) return } @@ -279,7 +279,7 @@ func UpdateIssueTitle(ctx *context.Context) { return } - if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) { + if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) { ctx.HTTPError(http.StatusForbidden) return } @@ -307,7 +307,7 @@ func UpdateIssueRef(ctx *context.Context) { return } - if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) || issue.IsPull { + if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) || issue.IsPull { ctx.HTTPError(http.StatusForbidden) return } @@ -331,7 +331,7 @@ func UpdateIssueContent(ctx *context.Context) { return } - if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) { + if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) { ctx.HTTPError(http.StatusForbidden) return } @@ -387,7 +387,7 @@ func UpdateIssueDeadline(ctx *context.Context) { return } - if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { + if !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) { ctx.HTTPError(http.StatusForbidden, "", "Not repo writer") return } @@ -486,7 +486,7 @@ func ChangeIssueReaction(ctx *context.Context) { return } - if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull)) { + if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull)) { if log.IsTrace() { if ctx.IsSigned { issueType := "issues" diff --git a/routers/web/repo/issue_comment.go b/routers/web/repo/issue_comment.go index 860dcd74423..ccf9a3749cd 100644 --- a/routers/web/repo/issue_comment.go +++ b/routers/web/repo/issue_comment.go @@ -45,14 +45,14 @@ func NewComment(ctx *context.Context) { form := web.GetForm(ctx).(*forms.CreateCommentForm) issueType := util.Iif(issue.IsPull, "pulls", "issues") - if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull)) { + if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull)) { log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+ "User in Repo has Permissions: %-+v", ctx.Doer, issue.PosterID, issueType, ctx.Repo.Repository, ctx.Repo.Permission) ctx.HTTPError(http.StatusForbidden) return } - if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin { + if issue.IsLocked && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin { ctx.JSONError(ctx.Tr("repo.issues.comment_on_locked")) return } @@ -85,7 +85,7 @@ func NewComment(ctx *context.Context) { // TODO: need further refactoring to the code below // Check if doer can change the status of issue (close, reopen). - if (ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) || (ctx.IsSigned && issue.IsPoster(ctx.Doer.ID))) && + if (ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) || (ctx.IsSigned && issue.IsPoster(ctx.Doer.ID))) && (form.Status == "reopen" || form.Status == "close") && !(issue.IsPull && issue.PullRequest.HasMerged) { // Duplication and conflict check should apply to reopen pull request. @@ -205,7 +205,7 @@ func UpdateCommentContent(ctx *context.Context) { return } - if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)) { + if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull)) { ctx.HTTPError(http.StatusForbidden) return } @@ -289,7 +289,7 @@ func DeleteComment(ctx *context.Context) { return } - if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)) { + if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanWriteIssuesOrPulls(comment.Issue.IsPull)) { ctx.HTTPError(http.StatusForbidden) return } else if !comment.Type.HasContentSupport() { @@ -324,7 +324,7 @@ func ChangeCommentReaction(ctx *context.Context) { return } - if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull)) { + if !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.Permission.CanReadIssuesOrPulls(comment.Issue.IsPull)) { if log.IsTrace() { if ctx.IsSigned { issueType := "issues" diff --git a/routers/web/repo/issue_content_history.go b/routers/web/repo/issue_content_history.go index 23cedfcb80a..01fb139c1af 100644 --- a/routers/web/repo/issue_content_history.go +++ b/routers/web/repo/issue_content_history.go @@ -88,7 +88,7 @@ func canSoftDeleteContentHistory(ctx *context.Context, issue *issues_model.Issue history *issues_model.ContentHistory, ) (canSoftDelete bool) { // CanWrite means the doer can manage the issue/PR list - if ctx.Repo.IsOwner() || ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { + if ctx.Repo.Permission.IsOwner() || ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) { canSoftDelete = true } else if ctx.Doer != nil { // for read-only users, they could still post issues or comments, diff --git a/routers/web/repo/issue_list.go b/routers/web/repo/issue_list.go index 83ef515bde5..60d7a4f24dd 100644 --- a/routers/web/repo/issue_list.go +++ b/routers/web/repo/issue_list.go @@ -641,7 +641,7 @@ func prepareIssueFilterAndList(ctx *context.Context, milestoneID, projectID int6 ctx.ServerError("GetIssuesAllCommitStatus", err) return } - if !ctx.Repo.CanRead(unit.TypeActions) { + if !ctx.Repo.Permission.CanRead(unit.TypeActions) { for key := range commitStatuses { git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key]) } @@ -700,7 +700,7 @@ func prepareIssueFilterAndList(ctx *context.Context, milestoneID, projectID int6 showArchivedLabels := ctx.FormBool("archived_labels") ctx.Data["ShowArchivedLabels"] = showArchivedLabels ctx.Data["PinnedIssues"] = pinned - ctx.Data["IsRepoAdmin"] = ctx.IsSigned && (ctx.Repo.IsAdmin() || ctx.Doer.IsAdmin) + ctx.Data["IsRepoAdmin"] = ctx.IsSigned && (ctx.Repo.Permission.IsAdmin() || ctx.Doer.IsAdmin) ctx.Data["IssueStats"] = issueStats ctx.Data["OpenCount"] = issueStats.OpenCount ctx.Data["ClosedCount"] = issueStats.ClosedCount @@ -759,7 +759,7 @@ func Issues(ctx *context.Context) { return } - ctx.Data["CanWriteIssuesOrPulls"] = ctx.Repo.CanWriteIssuesOrPulls(isPullList) + ctx.Data["CanWriteIssuesOrPulls"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(isPullList) ctx.HTML(http.StatusOK, tplIssues) } diff --git a/routers/web/repo/issue_new.go b/routers/web/repo/issue_new.go index 592d902ba8e..861709d2ffb 100644 --- a/routers/web/repo/issue_new.go +++ b/routers/web/repo/issue_new.go @@ -110,7 +110,7 @@ func NewIssue(ctx *context.Context) { body := ctx.FormString("body") ctx.Data["BodyQuery"] = body - isProjectsEnabled := ctx.Repo.CanRead(unit.TypeProjects) + isProjectsEnabled := ctx.Repo.Permission.CanRead(unit.TypeProjects) ctx.Data["IsProjectsEnabled"] = isProjectsEnabled ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled upload.AddUploadContext(ctx, "comment") @@ -144,7 +144,7 @@ func NewIssue(ctx *context.Context) { ctx.Flash.Warning(renderErrorOfTemplates(ctx, ret.TemplateErrors), true) } - ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWrite(unit.TypeIssues) + ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWrite(unit.TypeIssues) if !issueConfig.BlankIssuesEnabled && hasTemplates && !templateLoaded { // The "issues/new" and "issues/new/choose" share the same query parameters "project" and "milestone", if blank issues are disabled, just redirect to the "issues/choose" page with these parameters. @@ -344,7 +344,7 @@ func NewIssuePost(ctx *context.Context) { labelIDs, assigneeIDs, milestoneID, projectID := validateRet.LabelIDs, validateRet.AssigneeIDs, validateRet.MilestoneID, validateRet.ProjectID if projectID > 0 { - if !ctx.Repo.CanRead(unit.TypeProjects) { + if !ctx.Repo.Permission.CanRead(unit.TypeProjects) { // User must also be able to see the project. ctx.HTTPError(http.StatusBadRequest, "user hasn't permissions to read projects") return diff --git a/routers/web/repo/issue_page_meta.go b/routers/web/repo/issue_page_meta.go index be609d8cdfb..9c7ac65a1f9 100644 --- a/routers/web/repo/issue_page_meta.go +++ b/routers/web/repo/issue_page_meta.go @@ -110,7 +110,7 @@ func retrieveRepoIssueMetaData(ctx *context.Context, repo *repo_model.Repository // A reader(creator) could update some meta (eg: target branch), but can't change assignees anymore. // For non-creator users, only writers could update some meta (eg: assignees, milestone, project) // Need to clarify the logic and add some tests in the future - data.CanModifyIssueOrPull = ctx.Repo.CanWriteIssuesOrPulls(isPull) && !ctx.Repo.Repository.IsArchived + data.CanModifyIssueOrPull = ctx.Repo.Permission.CanWriteIssuesOrPulls(isPull) && !ctx.Repo.Repository.IsArchived if !data.CanModifyIssueOrPull { return data } diff --git a/routers/web/repo/issue_suggestions.go b/routers/web/repo/issue_suggestions.go index 9ef39425041..592cc7b1d53 100644 --- a/routers/web/repo/issue_suggestions.go +++ b/routers/web/repo/issue_suggestions.go @@ -16,8 +16,8 @@ import ( func IssueSuggestions(ctx *context.Context) { keyword := ctx.Req.FormValue("q") - canReadIssues := ctx.Repo.CanRead(unit.TypeIssues) - canReadPulls := ctx.Repo.CanRead(unit.TypePullRequests) + canReadIssues := ctx.Repo.Permission.CanRead(unit.TypeIssues) + canReadPulls := ctx.Repo.Permission.CanRead(unit.TypePullRequests) var isPull optional.Option[bool] if canReadPulls && !canReadIssues { diff --git a/routers/web/repo/issue_timetrack.go b/routers/web/repo/issue_timetrack.go index b9ed059fde9..e93a3107a3d 100644 --- a/routers/web/repo/issue_timetrack.go +++ b/routers/web/repo/issue_timetrack.go @@ -91,7 +91,7 @@ func UpdateIssueTimeEstimate(ctx *context.Context) { return } - if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) { + if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) { ctx.HTTPError(http.StatusForbidden) return } diff --git a/routers/web/repo/issue_view.go b/routers/web/repo/issue_view.go index e01bec4fc46..af13a1156ed 100644 --- a/routers/web/repo/issue_view.go +++ b/routers/web/repo/issue_view.go @@ -336,7 +336,7 @@ func ViewIssue(ctx *context.Context) { ctx.Data["NewIssueChooseTemplate"] = issue_service.HasTemplatesOrContactLinks(ctx.Repo.Repository, ctx.Repo.GitRepo) } - ctx.Data["IsProjectsEnabled"] = ctx.Repo.CanRead(unit.TypeProjects) + ctx.Data["IsProjectsEnabled"] = ctx.Repo.Permission.CanRead(unit.TypeProjects) ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled upload.AddUploadContext(ctx, "comment") @@ -400,9 +400,9 @@ func ViewIssue(ctx *context.Context) { ctx.Data["Reference"] = issue.Ref ctx.Data["SignInLink"] = middleware.RedirectLinkUserLogin(ctx.Req) ctx.Data["IsIssuePoster"] = ctx.IsSigned && issue.IsPoster(ctx.Doer.ID) - ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) - ctx.Data["HasProjectsWritePermission"] = ctx.Repo.CanWrite(unit.TypeProjects) - ctx.Data["IsRepoAdmin"] = ctx.IsSigned && (ctx.Repo.IsAdmin() || ctx.Doer.IsAdmin) + ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) + ctx.Data["HasProjectsWritePermission"] = ctx.Repo.Permission.CanWrite(unit.TypeProjects) + ctx.Data["IsRepoAdmin"] = ctx.IsSigned && (ctx.Repo.Permission.IsAdmin() || ctx.Doer.IsAdmin) ctx.Data["LockReasons"] = setting.Repository.Issue.LockReasons ctx.Data["RefEndName"] = git.RefName(issue.Ref).ShortName() @@ -446,14 +446,14 @@ func ViewPullMergeBox(ctx *context.Context) { // TODO: it should use a dedicated struct to render the pull merge box, to make sure all data is prepared correctly ctx.Data["IsIssuePoster"] = ctx.IsSigned && issue.IsPoster(ctx.Doer.ID) - ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) + ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) ctx.HTML(http.StatusOK, tplPullMergeBox) } func prepareIssueViewSidebarDependency(ctx *context.Context, issue *issues_model.Issue) { - if issue.IsPull && !ctx.Repo.CanRead(unit.TypeIssues) { + if issue.IsPull && !ctx.Repo.Permission.CanRead(unit.TypeIssues) { ctx.Data["IssueDependencySearchType"] = "pulls" - } else if !issue.IsPull && !ctx.Repo.CanRead(unit.TypePullRequests) { + } else if !issue.IsPull && !ctx.Repo.Permission.CanRead(unit.TypePullRequests) { ctx.Data["IssueDependencySearchType"] = "issues" } else { ctx.Data["IssueDependencySearchType"] = "all" @@ -763,7 +763,7 @@ func prepareIssueViewCommentsAndSidebarParticipants(ctx *context.Context, issue ctx.ServerError("LoadCommentPushCommits", err) return } - if !ctx.Repo.CanRead(unit.TypeActions) { + if !ctx.Repo.Permission.CanRead(unit.TypeActions) { for _, commit := range comment.Commits { if commit.Status == nil { continue @@ -1021,7 +1021,7 @@ func (prInfo *pullRequestViewInfo) prepareMergeBox(ctx *context.Context, issue * // Otherwise, there is nothing to do, because the PR view page already contains enough information. data.ShowMergeBox = !pull.HasMerged || data.isPullBranchDeletable - isRepoAdmin := ctx.IsSigned && (ctx.Repo.IsAdmin() || ctx.Doer.IsAdmin) + isRepoAdmin := ctx.IsSigned && (ctx.Repo.Permission.IsAdmin() || ctx.Doer.IsAdmin) // admin can merge without checks, writer can merge when checks succeed // admin and writer both can make an auto merge schedule (not affected by overridable blockers) diff --git a/routers/web/repo/issue_watch.go b/routers/web/repo/issue_watch.go index 19d723c0eae..abb2a81d9e1 100644 --- a/routers/web/repo/issue_watch.go +++ b/routers/web/repo/issue_watch.go @@ -23,7 +23,7 @@ func IssueWatch(ctx *context.Context) { return } - if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull)) { + if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.Permission.CanReadIssuesOrPulls(issue.IsPull)) { if log.IsTrace() { if ctx.IsSigned { issueType := "issues" diff --git a/routers/web/repo/milestone.go b/routers/web/repo/milestone.go index b928be28673..5e23c1c413c 100644 --- a/routers/web/repo/milestone.go +++ b/routers/web/repo/milestone.go @@ -265,8 +265,8 @@ func MilestoneIssuesAndPulls(ctx *context.Context) { ret := issue.ParseTemplatesFromDefaultBranch(ctx.Repo.Repository, ctx.Repo.GitRepo) ctx.Data["NewIssueChooseTemplate"] = len(ret.IssueTemplates) > 0 - ctx.Data["CanWriteIssues"] = ctx.Repo.CanWriteIssuesOrPulls(false) - ctx.Data["CanWritePulls"] = ctx.Repo.CanWriteIssuesOrPulls(true) + ctx.Data["CanWriteIssues"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(false) + ctx.Data["CanWritePulls"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(true) ctx.HTML(http.StatusOK, tplMilestoneIssues) } diff --git a/routers/web/repo/packages.go b/routers/web/repo/packages.go index cfb788a5b27..6dd54e42e2c 100644 --- a/routers/web/repo/packages.go +++ b/routers/web/repo/packages.go @@ -59,7 +59,7 @@ func Packages(ctx *context.Context) { ctx.Data["PackageType"] = packageType ctx.Data["AvailableTypes"] = packages.TypeList ctx.Data["HasPackages"] = hasPackages - ctx.Data["CanWritePackages"] = ctx.Repo.CanWrite(unit.TypePackages) || ctx.IsUserSiteAdmin() + ctx.Data["CanWritePackages"] = ctx.Repo.Permission.CanWrite(unit.TypePackages) || ctx.IsUserSiteAdmin() ctx.Data["PackageDescriptors"] = pds ctx.Data["Total"] = total ctx.Data["RepositoryAccessMap"] = map[int64]bool{ctx.Repo.Repository.ID: true} // There is only the current repository diff --git a/routers/web/repo/projects.go b/routers/web/repo/projects.go index be12674223e..a94051f2980 100644 --- a/routers/web/repo/projects.go +++ b/routers/web/repo/projects.go @@ -45,7 +45,7 @@ func MustEnableRepoProjects(ctx *context.Context) { if ctx.Repo.Repository != nil { projectsUnit := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeProjects) - if !ctx.Repo.CanRead(unit.TypeProjects) || !projectsUnit.ProjectsConfig().IsProjectsAllowed(repo_model.ProjectsModeRepo) { + if !ctx.Repo.Permission.CanRead(unit.TypeProjects) || !projectsUnit.ProjectsConfig().IsProjectsAllowed(repo_model.ProjectsModeRepo) { ctx.NotFound(nil) return } @@ -521,7 +521,7 @@ func DeleteProjectColumn(ctx *context.Context) { return } - if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) { + if !ctx.Repo.Permission.IsOwner() && !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.CanAccess(perm.AccessModeWrite, unit.TypeProjects) { ctx.JSON(http.StatusForbidden, map[string]string{ "message": "Only authorized users are allowed to perform this action.", }) @@ -568,7 +568,7 @@ func DeleteProjectColumn(ctx *context.Context) { // AddColumnToProjectPost allows a new column to be added to a project. func AddColumnToProjectPost(ctx *context.Context) { form := web.GetForm(ctx).(*forms.EditProjectColumnForm) - if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) { + if !ctx.Repo.Permission.IsOwner() && !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.CanAccess(perm.AccessModeWrite, unit.TypeProjects) { ctx.JSON(http.StatusForbidden, map[string]string{ "message": "Only authorized users are allowed to perform this action.", }) @@ -606,7 +606,7 @@ func checkProjectColumnChangePermissions(ctx *context.Context) (*project_model.P return nil, nil } - if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) { + if !ctx.Repo.Permission.IsOwner() && !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.CanAccess(perm.AccessModeWrite, unit.TypeProjects) { ctx.JSON(http.StatusForbidden, map[string]string{ "message": "Only authorized users are allowed to perform this action.", }) @@ -692,7 +692,7 @@ func MoveIssues(ctx *context.Context) { return } - if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(perm.AccessModeWrite, unit.TypeProjects) { + if !ctx.Repo.Permission.IsOwner() && !ctx.Repo.Permission.IsAdmin() && !ctx.Repo.Permission.CanAccess(perm.AccessModeWrite, unit.TypeProjects) { ctx.JSON(http.StatusForbidden, map[string]string{ "message": "Only authorized users are allowed to perform this action.", }) diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go index 4ab497a1126..c532cbba22d 100644 --- a/routers/web/repo/pull.go +++ b/routers/web/repo/pull.go @@ -383,7 +383,7 @@ func (prInfo *pullRequestViewInfo) prepareViewFillCommitStatusInfo(ctx *context. ctx.ServerError("GetLatestCommitStatus", err) return } - if !ctx.Repo.CanRead(unit.TypeActions) { + if !ctx.Repo.Permission.CanRead(unit.TypeActions) { git_model.CommitStatusesHideActionsURL(ctx, commitStatuses) } @@ -419,7 +419,7 @@ func (prInfo *pullRequestViewInfo) prepareViewFillCommitStatusInfoForOpen(ctx *c } } if statusCheckData.RequireApprovalRunCount > 0 { - statusCheckData.CanApprove = ctx.Repo.CanWrite(unit.TypeActions) + statusCheckData.CanApprove = ctx.Repo.Permission.CanWrite(unit.TypeActions) } pb := prInfo.ProtectedBranchRule @@ -626,7 +626,7 @@ func ViewPullCommits(ctx *context.Context) { ctx.Data["Commits"] = commits ctx.Data["CommitCount"] = len(commits) - ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) + ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) ctx.Data["IsIssuePoster"] = ctx.IsSigned && issue.IsPoster(ctx.Doer.ID) // For PR commits page @@ -860,7 +860,7 @@ func viewPullFiles(ctx *context.Context, beforeCommitID, afterCommitID string) { ctx.Data["PendingCodeCommentNumber"] = numPendingCodeComments ctx.Data["IsIssuePoster"] = ctx.Doer != nil && issue.IsPoster(ctx.Doer.ID) - ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) + ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull) ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled // For files changed page @@ -1280,7 +1280,7 @@ func CompareAndPullRequestPost(ctx *context.Context) { ctx.Data["PullRequestWorkInProgressPrefixes"] = setting.Repository.PullRequest.WorkInProgressPrefixes ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled upload.AddUploadContext(ctx, "comment") - ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWrite(unit.TypePullRequests) + ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.Permission.CanWrite(unit.TypePullRequests) var ( repo = ctx.Repo.Repository @@ -1475,7 +1475,7 @@ func UpdatePullRequestTarget(ctx *context.Context) { return } - if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) { + if !ctx.IsSigned || (!issue.IsPoster(ctx.Doer.ID) && !ctx.Repo.Permission.CanWriteIssuesOrPulls(issue.IsPull)) { ctx.HTTPError(http.StatusForbidden) return } diff --git a/routers/web/repo/release.go b/routers/web/repo/release.go index 063bfbe26ac..288e107e53b 100644 --- a/routers/web/repo/release.go +++ b/routers/web/repo/release.go @@ -99,7 +99,7 @@ func getReleaseInfos(ctx *context.Context, opts *repo_model.FindReleasesOptions) } var ok bool - canReadActions := ctx.Repo.CanRead(unit.TypeActions) + canReadActions := ctx.Repo.Permission.CanRead(unit.TypeActions) releaseInfos := make([]*ReleaseInfo, 0, len(releases)) for _, r := range releases { @@ -161,7 +161,7 @@ func Releases(ctx *context.Context) { listOptions.PageSize = setting.API.MaxResponseItems } - writeAccess := ctx.Repo.CanWrite(unit.TypeReleases) + writeAccess := ctx.Repo.Permission.CanWrite(unit.TypeReleases) ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsArchived releases, err := getReleaseInfos(ctx, &repo_model.FindReleasesOptions{ @@ -193,7 +193,7 @@ func Releases(ctx *context.Context) { func TagsList(ctx *context.Context) { ctx.Data["PageIsTagList"] = true ctx.Data["Title"] = ctx.Tr("repo.release.tags") - ctx.Data["CanCreateRelease"] = ctx.Repo.CanWrite(unit.TypeReleases) && !ctx.Repo.Repository.IsArchived + ctx.Data["CanCreateRelease"] = ctx.Repo.Permission.CanWrite(unit.TypeReleases) && !ctx.Repo.Repository.IsArchived namePattern := ctx.FormTrim("q") @@ -270,7 +270,7 @@ func releasesOrTagsFeed(ctx *context.Context, isReleasesOnly bool, formatType st func SingleRelease(ctx *context.Context) { ctx.Data["PageIsReleaseList"] = true - writeAccess := ctx.Repo.CanWrite(unit.TypeReleases) + writeAccess := ctx.Repo.Permission.CanWrite(unit.TypeReleases) ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsArchived releases, err := getReleaseInfos(ctx, &repo_model.FindReleasesOptions{ diff --git a/routers/web/repo/release_test.go b/routers/web/repo/release_test.go index 7ba91afb297..d57886c2738 100644 --- a/routers/web/repo/release_test.go +++ b/routers/web/repo/release_test.go @@ -151,7 +151,7 @@ func TestCalReleaseNumCommitsBehind(t *testing.T) { t.Cleanup(func() { ctx.Repo.GitRepo.Close() }) releases, err := db.Find[repo_model.Release](ctx, repo_model.FindReleasesOptions{ - IncludeDrafts: ctx.Repo.CanWrite(unit.TypeReleases), + IncludeDrafts: ctx.Repo.Permission.CanWrite(unit.TypeReleases), RepoID: ctx.Repo.Repository.ID, }) assert.NoError(t, err) diff --git a/routers/web/repo/repo.go b/routers/web/repo/repo.go index dd5ec7dd471..c7813feae23 100644 --- a/routers/web/repo/repo.go +++ b/routers/web/repo/repo.go @@ -322,7 +322,7 @@ func RedirectDownload(ctx *context.Context) { tagNames := []string{vTag} curRepo := ctx.Repo.Repository releases, err := db.Find[repo_model.Release](ctx, repo_model.FindReleasesOptions{ - IncludeDrafts: ctx.Repo.CanWrite(unit.TypeReleases), + IncludeDrafts: ctx.Repo.Permission.CanWrite(unit.TypeReleases), RepoID: curRepo.ID, TagNames: tagNames, }) @@ -532,7 +532,7 @@ func SearchRepo(ctx *context.Context) { ctx.JSON(http.StatusInternalServerError, nil) return } - if !ctx.Repo.CanRead(unit.TypeActions) { + if !ctx.Repo.Permission.CanRead(unit.TypeActions) { git_model.CommitStatusesHideActionsURL(ctx, latestCommitStatuses) } diff --git a/routers/web/repo/setting/collaboration.go b/routers/web/repo/setting/collaboration.go index dbfd6e08b61..177d10d165c 100644 --- a/routers/web/repo/setting/collaboration.go +++ b/routers/web/repo/setting/collaboration.go @@ -149,7 +149,7 @@ func DeleteCollaboration(ctx *context.Context) { // AddTeamPost response for adding a team to a repository func AddTeamPost(ctx *context.Context) { - if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.IsOwner() { + if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.Permission.IsOwner() { ctx.Flash.Error(ctx.Tr("repo.settings.change_team_access_not_allowed")) ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration") return @@ -195,7 +195,7 @@ func AddTeamPost(ctx *context.Context) { // DeleteTeam response for deleting a team from a repository func DeleteTeam(ctx *context.Context) { - if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.IsOwner() { + if !ctx.Repo.Owner.RepoAdminChangeTeamAccess && !ctx.Repo.Permission.IsOwner() { ctx.Flash.Error(ctx.Tr("repo.settings.change_team_access_not_allowed")) ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration") return diff --git a/routers/web/repo/setting/setting.go b/routers/web/repo/setting/setting.go index 2c3ce2bc02e..703d0022504 100644 --- a/routers/web/repo/setting/setting.go +++ b/routers/web/repo/setting/setting.go @@ -724,7 +724,7 @@ func handleSettingsPostAdminIndex(ctx *context.Context) { func handleSettingsPostConvert(ctx *context.Context) { form := web.GetForm(ctx).(*forms.RepoSettingForm) repo := ctx.Repo.Repository - if !ctx.Repo.IsOwner() { + if !ctx.Repo.Permission.IsOwner() { ctx.JSONErrorNotFound() return } @@ -754,7 +754,7 @@ func handleSettingsPostConvert(ctx *context.Context) { func handleSettingsPostConvertFork(ctx *context.Context) { form := web.GetForm(ctx).(*forms.RepoSettingForm) repo := ctx.Repo.Repository - if !ctx.Repo.IsOwner() { + if !ctx.Repo.Permission.IsOwner() { ctx.JSONErrorNotFound() return } @@ -794,7 +794,7 @@ func handleSettingsPostConvertFork(ctx *context.Context) { func handleSettingsPostTransfer(ctx *context.Context) { form := web.GetForm(ctx).(*forms.RepoSettingForm) repo := ctx.Repo.Repository - if !ctx.Repo.IsOwner() { + if !ctx.Repo.Permission.IsOwner() { ctx.JSONErrorNotFound() return } @@ -857,7 +857,7 @@ func handleSettingsPostTransfer(ctx *context.Context) { func handleSettingsPostCancelTransfer(ctx *context.Context) { repo := ctx.Repo.Repository - if !ctx.Repo.IsOwner() { + if !ctx.Repo.Permission.IsOwner() { ctx.HTTPError(http.StatusNotFound) return } @@ -886,7 +886,7 @@ func handleSettingsPostCancelTransfer(ctx *context.Context) { func handleSettingsPostDelete(ctx *context.Context) { form := web.GetForm(ctx).(*forms.RepoSettingForm) repo := ctx.Repo.Repository - if !ctx.Repo.IsOwner() { + if !ctx.Repo.Permission.IsOwner() { ctx.JSONErrorNotFound() return } @@ -913,7 +913,7 @@ func handleSettingsPostDelete(ctx *context.Context) { func handleSettingsPostDeleteWiki(ctx *context.Context) { form := web.GetForm(ctx).(*forms.RepoSettingForm) repo := ctx.Repo.Repository - if !ctx.Repo.IsOwner() { + if !ctx.Repo.Permission.IsOwner() { ctx.JSONErrorNotFound() return } @@ -934,7 +934,7 @@ func handleSettingsPostDeleteWiki(ctx *context.Context) { func handleSettingsPostArchive(ctx *context.Context) { repo := ctx.Repo.Repository - if !ctx.Repo.IsOwner() { + if !ctx.Repo.Permission.IsOwner() { ctx.HTTPError(http.StatusForbidden) return } @@ -967,7 +967,7 @@ func handleSettingsPostArchive(ctx *context.Context) { func handleSettingsPostUnarchive(ctx *context.Context) { repo := ctx.Repo.Repository - if !ctx.Repo.IsOwner() { + if !ctx.Repo.Permission.IsOwner() { ctx.HTTPError(http.StatusForbidden) return } diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go index b455f918456..2d95d5233e3 100644 --- a/routers/web/repo/view.go +++ b/routers/web/repo/view.go @@ -139,7 +139,7 @@ func loadLatestCommitData(ctx *context.Context, latestCommit *git.Commit) bool { if err != nil { log.Error("GetLatestCommitStatus: %v", err) } - if !ctx.Repo.CanRead(unit_model.TypeActions) { + if !ctx.Repo.Permission.CanRead(unit_model.TypeActions) { git_model.CommitStatusesHideActionsURL(ctx, statuses) } @@ -174,12 +174,11 @@ func markupRenderToHTML(ctx *context.Context, renderCtx *markup.RenderContext, r } func checkHomeCodeViewable(ctx *context.Context) { - if ctx.Repo.HasUnits() { + if ctx.Repo.Permission.HasUnits() { if ctx.Repo.Repository.IsBeingCreated() { task, err := admin_model.GetMigratingTask(ctx, ctx.Repo.Repository.ID) if err != nil { if admin_model.IsErrTaskDoesNotExist(err) { - ctx.Data["Repo"] = ctx.Repo ctx.Data["CloneAddr"] = "" ctx.Data["Failed"] = true ctx.HTML(http.StatusOK, tplMigrating) @@ -194,7 +193,6 @@ func checkHomeCodeViewable(ctx *context.Context) { return } - ctx.Data["Repo"] = ctx.Repo ctx.Data["MigrateTask"] = task ctx.Data["CloneAddr"], _ = util.SanitizeURL(cfg.CloneAddr) ctx.Data["Failed"] = task.Status == structs.TaskStatusFailed diff --git a/routers/web/repo/view_home.go b/routers/web/repo/view_home.go index d1a969cf2d7..cbdc65b6c0b 100644 --- a/routers/web/repo/view_home.go +++ b/routers/web/repo/view_home.go @@ -31,7 +31,7 @@ import ( ) func checkOutdatedBranch(ctx *context.Context) { - if !(ctx.Repo.IsAdmin() || ctx.Repo.IsOwner()) { + if !(ctx.Repo.Permission.IsAdmin() || ctx.Repo.Permission.IsOwner()) { return } diff --git a/routers/web/repo/wiki.go b/routers/web/repo/wiki.go index 1826ca54e1e..39075dbdf6f 100644 --- a/routers/web/repo/wiki.go +++ b/routers/web/repo/wiki.go @@ -47,8 +47,8 @@ const ( // MustEnableWiki check if wiki is enabled, if external then redirect func MustEnableWiki(ctx *context.Context) { - if !ctx.Repo.CanRead(unit.TypeWiki) && - !ctx.Repo.CanRead(unit.TypeExternalWiki) { + if !ctx.Repo.Permission.CanRead(unit.TypeWiki) && + !ctx.Repo.Permission.CanRead(unit.TypeExternalWiki) { if log.IsTrace() { log.Trace("Permission Denied: User %-v cannot read %-v or %-v of repo %-v\n"+ "User in repo has Permissions: %-+v", @@ -423,14 +423,14 @@ func renderEditPage(ctx *context.Context) { func WikiPost(ctx *context.Context) { switch ctx.FormString("action") { case "_new": - if !ctx.Repo.CanWrite(unit.TypeWiki) { + if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) { ctx.NotFound(nil) return } NewWikiPost(ctx) return case "_delete": - if !ctx.Repo.CanWrite(unit.TypeWiki) { + if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) { ctx.NotFound(nil) return } @@ -438,7 +438,7 @@ func WikiPost(ctx *context.Context) { return } - if !ctx.Repo.CanWrite(unit.TypeWiki) { + if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) { ctx.NotFound(nil) return } @@ -447,7 +447,7 @@ func WikiPost(ctx *context.Context) { // Wiki renders single wiki page func Wiki(ctx *context.Context) { - ctx.Data["CanWriteWiki"] = ctx.Repo.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived + ctx.Data["CanWriteWiki"] = ctx.Repo.Permission.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived switch ctx.FormString("action") { case "_pages": @@ -457,14 +457,14 @@ func Wiki(ctx *context.Context) { WikiRevision(ctx) return case "_edit": - if !ctx.Repo.CanWrite(unit.TypeWiki) { + if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) { ctx.NotFound(nil) return } EditWiki(ctx) return case "_new": - if !ctx.Repo.CanWrite(unit.TypeWiki) { + if !ctx.Repo.Permission.CanWrite(unit.TypeWiki) { ctx.NotFound(nil) return } @@ -506,7 +506,7 @@ func Wiki(ctx *context.Context) { // WikiRevision renders file revision list of wiki page func WikiRevision(ctx *context.Context) { - ctx.Data["CanWriteWiki"] = ctx.Repo.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived + ctx.Data["CanWriteWiki"] = ctx.Repo.Permission.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived if !repo_service.HasWiki(ctx, ctx.Repo.Repository) { ctx.Data["Title"] = ctx.Tr("repo.wiki") @@ -544,7 +544,7 @@ func WikiPages(ctx *context.Context) { } ctx.Data["Title"] = ctx.Tr("repo.wiki.pages") - ctx.Data["CanWriteWiki"] = ctx.Repo.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived + ctx.Data["CanWriteWiki"] = ctx.Repo.Permission.CanWrite(unit.TypeWiki) && !ctx.Repo.Repository.IsArchived _, commit, err := findWikiRepoCommit(ctx) if err != nil { diff --git a/routers/web/user/home.go b/routers/web/user/home.go index 9c99a6c8ef3..12fb1ee71b0 100644 --- a/routers/web/user/home.go +++ b/routers/web/user/home.go @@ -558,7 +558,7 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) { ctx.ServerError("GetIssuesLastCommitStatus", err) return } - if !ctx.Repo.CanRead(unit.TypeActions) { + if !ctx.Repo.Permission.CanRead(unit.TypeActions) { for key := range commitStatuses { git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key]) } diff --git a/routers/web/user/notification.go b/routers/web/user/notification.go index 3b7ecd062b3..8133388c5de 100644 --- a/routers/web/user/notification.go +++ b/routers/web/user/notification.go @@ -247,7 +247,7 @@ func NotificationSubscriptions(ctx *context.Context) { ctx.ServerError("GetIssuesAllCommitStatus", err) return } - if !ctx.Repo.CanRead(unit.TypeActions) { + if !ctx.Repo.Permission.CanRead(unit.TypeActions) { for key := range commitStatuses { git_model.CommitStatusesHideActionsURL(ctx, commitStatuses[key]) } diff --git a/services/context/api.go b/services/context/api.go index 7f1429a89a3..3f9f3e1cdd2 100644 --- a/services/context/api.go +++ b/services/context/api.go @@ -340,10 +340,10 @@ func (ctx *APIContext) IsUserSiteAdmin() bool { // IsUserRepoAdmin returns true if current user is admin in current repo func (ctx *APIContext) IsUserRepoAdmin() bool { - return ctx.Repo.IsAdmin() + return ctx.Repo.Permission.IsAdmin() } // IsUserRepoWriter returns true if current user has "write" privilege in current repo func (ctx *APIContext) IsUserRepoWriter(unitTypes []unit.Type) bool { - return slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite) + return slices.ContainsFunc(unitTypes, ctx.Repo.Permission.CanWrite) } diff --git a/services/context/permission.go b/services/context/permission.go index c0a5a987247..1f40e261535 100644 --- a/services/context/permission.go +++ b/services/context/permission.go @@ -15,7 +15,7 @@ import ( // RequireRepoAdmin returns a middleware for requiring repository admin permission func RequireRepoAdmin() func(ctx *Context) { return func(ctx *Context) { - if !ctx.IsSigned || !ctx.Repo.IsAdmin() { + if !ctx.IsSigned || !ctx.Repo.Permission.IsAdmin() { ctx.NotFound(nil) return } @@ -35,7 +35,7 @@ func CanWriteToBranch() func(ctx *Context) { // RequireUnitWriter returns a middleware for requiring repository write to one of the unit permission func RequireUnitWriter(unitTypes ...unit.Type) func(ctx *Context) { return func(ctx *Context) { - if slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite) { + if slices.ContainsFunc(unitTypes, ctx.Repo.Permission.CanWrite) { return } ctx.NotFound(nil) @@ -46,7 +46,7 @@ func RequireUnitWriter(unitTypes ...unit.Type) func(ctx *Context) { func RequireUnitReader(unitTypes ...unit.Type) func(ctx *Context) { return func(ctx *Context) { for _, unitType := range unitTypes { - if ctx.Repo.CanRead(unitType) { + if ctx.Repo.Permission.CanRead(unitType) { return } if unitType == unit.TypeCode && canWriteAsMaintainer(ctx) { diff --git a/services/context/repo.go b/services/context/repo.go index 3ad629f83ae..4c31b07b347 100644 --- a/services/context/repo.go +++ b/services/context/repo.go @@ -58,7 +58,7 @@ func (prc *PullRequestContext) CanCreateNewPull() bool { ctx := prc.ctx // People who have push access or have forked repository can propose a new pull request. can := prc.baseRepo.CanContentChange() && - (ctx.Repo.CanWrite(unit_model.TypeCode) || (ctx.IsSigned && repo_model.HasForkedRepo(ctx, ctx.Doer.ID, ctx.Repo.Repository.ID))) + (ctx.Repo.Permission.CanWrite(unit_model.TypeCode) || (ctx.IsSigned && repo_model.HasForkedRepo(ctx, ctx.Doer.ID, ctx.Repo.Repository.ID))) prc.canCreateNewPull = &can return can } @@ -81,7 +81,7 @@ func (prc *PullRequestContext) DefaultTargetBranch() string { // Repository contains information to operate a repository type Repository struct { - access_model.Permission + Permission access_model.Permission Repository *repo_model.Repository Owner *user_model.User @@ -597,7 +597,7 @@ func repoAssignmentPrepareTemplateData(ctx *Context, data *repoAssignmentPrepare } ctx.Data["NumReleases"], err = db.Count[repo_model.Release](ctx, repo_model.FindReleasesOptions{ // only show draft releases for users who can write, read-only users shouldn't see draft releases. - IncludeDrafts: ctx.Repo.CanWrite(unit_model.TypeReleases), + IncludeDrafts: ctx.Repo.Permission.CanWrite(unit_model.TypeReleases), RepoID: ctx.Repo.Repository.ID, }) if err != nil { @@ -609,10 +609,10 @@ func repoAssignmentPrepareTemplateData(ctx *Context, data *repoAssignmentPrepare ctx.Data["PageTitleCommon"] = repo.Name + " - " + setting.AppName ctx.Data["Repository"] = repo ctx.Data["Owner"] = ctx.Repo.Repository.Owner - ctx.Data["CanWriteCode"] = ctx.Repo.CanWrite(unit_model.TypeCode) - ctx.Data["CanWriteIssues"] = ctx.Repo.CanWrite(unit_model.TypeIssues) - ctx.Data["CanWritePulls"] = ctx.Repo.CanWrite(unit_model.TypePullRequests) - ctx.Data["CanWriteActions"] = ctx.Repo.CanWrite(unit_model.TypeActions) + ctx.Data["CanWriteCode"] = ctx.Repo.Permission.CanWrite(unit_model.TypeCode) + ctx.Data["CanWriteIssues"] = ctx.Repo.Permission.CanWrite(unit_model.TypeIssues) + ctx.Data["CanWritePulls"] = ctx.Repo.Permission.CanWrite(unit_model.TypePullRequests) + ctx.Data["CanWriteActions"] = ctx.Repo.Permission.CanWrite(unit_model.TypeActions) canSignedUserFork, err := repo_module.CanUserForkRepo(ctx, ctx.Doer, ctx.Repo.Repository) if err != nil {