public/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-31 21:28:11 +09:00
Code Issues Packages Projects Releases Wiki Activity

Fix ignored errors when checking if organization, team member (#3177)

Browse Source
This commit is contained in:
Ethan Koenig
2017-12-20 23:43:26 -08:00
committed by Lauris BH
parent 529482135c
commit 515cdaa85d
16 changed files with 281 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
models/org.go
View File

@@ -21,13 +21,13 @@ var (
) )
// IsOwnedBy returns true if given user is in the owner team. // IsOwnedBy returns true if given user is in the owner team.
func (org *User) IsOwnedBy(uid int64) bool { func (org *User) IsOwnedBy(uid int64) (bool, error) {
return IsOrganizationOwner(org.ID, uid) return IsOrganizationOwner(org.ID, uid)
} }
// IsOrgMember returns true if given user is member of organization. // IsOrgMember returns true if given user is member of organization.
func (org *User) IsOrgMember(uid int64) bool { func (org *User) IsOrgMember(uid int64) (bool, error) {
return org.IsOrganization() && IsOrganizationMember(org.ID, uid) return IsOrganizationMember(org.ID, uid)
} }
func (org *User) getTeam(e Engine, name string) (*Team, error) { func (org *User) getTeam(e Engine, name string) (*Team, error) {
@@ -285,32 +285,32 @@ type OrgUser struct {
} }
// IsOrganizationOwner returns true if given user is in the owner team. // IsOrganizationOwner returns true if given user is in the owner team.
func IsOrganizationOwner(orgID, uid int64) bool { func IsOrganizationOwner(orgID, uid int64) (bool, error) {
has, _ := x. return x.
Where("is_owner=?", true). Where("is_owner=?", true).
And("uid=?", uid). And("uid=?", uid).
And("org_id=?", orgID). And("org_id=?", orgID).
Get(new(OrgUser)) Table("org_user").
return has Exist()
} }
// IsOrganizationMember returns true if given user is member of organization. // IsOrganizationMember returns true if given user is member of organization.
func IsOrganizationMember(orgID, uid int64) bool { func IsOrganizationMember(orgID, uid int64) (bool, error) {
has, _ := x. return x.
Where("uid=?", uid). Where("uid=?", uid).
And("org_id=?", orgID). And("org_id=?", orgID).
Get(new(OrgUser)) Table("org_user").
return has Exist()
} }
// IsPublicMembership returns true if given user public his/her membership. // IsPublicMembership returns true if given user public his/her membership.
func IsPublicMembership(orgID, uid int64) bool { func IsPublicMembership(orgID, uid int64) (bool, error) {
has, _ := x. return x.
Where("uid=?", uid). Where("uid=?", uid).
And("org_id=?", orgID). And("org_id=?", orgID).
And("is_public=?", true). And("is_public=?", true).
Get(new(OrgUser)) Table("org_user").
return has Exist()
} }
func getOrgsByUserID(sess *xorm.Session, userID int64, showAll bool) ([]*User, error) { func getOrgsByUserID(sess *xorm.Session, userID int64, showAll bool) ([]*User, error) {
@@ -401,8 +401,9 @@ func ChangeOrgUserStatus(orgID, uid int64, public bool) error {
// AddOrgUser adds new user to given organization. // AddOrgUser adds new user to given organization.
func AddOrgUser(orgID, uid int64) error { func AddOrgUser(orgID, uid int64) error {
if IsOrganizationMember(orgID, uid) { isAlreadyMember, err := IsOrganizationMember(orgID, uid)
return nil if err != nil || isAlreadyMember {
return err
} }
sess := x.NewSession() sess := x.NewSession()
@@ -447,7 +448,9 @@ func RemoveOrgUser(orgID, userID int64) error {
} }
// Check if the user to delete is the last member in owner team. // Check if the user to delete is the last member in owner team.
if IsOrganizationOwner(orgID, userID) { if isOwner, err := IsOrganizationOwner(orgID, userID); err != nil {
return err
} else if isOwner {
t, err := org.GetOwnerTeam() t, err := org.GetOwnerTeam()
if err != nil { if err != nil {
return err return err

31
models/org_team.go
View File

@@ -8,6 +8,8 @@ import (
"errors" "errors"
"fmt" "fmt"
"strings" "strings"
"code.gitea.io/gitea/modules/log"
) )
const ownerTeamName = "Owners" const ownerTeamName = "Owners"
@@ -47,7 +49,12 @@ func (t *Team) IsOwnerTeam() bool {
// IsMember returns true if given user is a member of team. // IsMember returns true if given user is a member of team.
func (t *Team) IsMember(userID int64) bool { func (t *Team) IsMember(userID int64) bool {
return IsTeamMember(t.OrgID, t.ID, userID) isMember, err := IsTeamMember(t.OrgID, t.ID, userID)
if err != nil {
log.Error(4, "IsMember: %v", err)
return false
}
return isMember
} }
func (t *Team) getRepositories(e Engine) error { func (t *Team) getRepositories(e Engine) error {
@@ -413,17 +420,17 @@ type TeamUser struct {
UID int64 `xorm:"UNIQUE(s)"` UID int64 `xorm:"UNIQUE(s)"`
} }
func isTeamMember(e Engine, orgID, teamID, userID int64) bool { func isTeamMember(e Engine, orgID, teamID, userID int64) (bool, error) {
has, _ := e. return e.
Where("org_id=?", orgID). Where("org_id=?", orgID).
And("team_id=?", teamID). And("team_id=?", teamID).
And("uid=?", userID). And("uid=?", userID).
Get(new(TeamUser)) Table("team_user").
return has Exist()
} }
// IsTeamMember returns true if given user is a member of team. // IsTeamMember returns true if given user is a member of team.
func IsTeamMember(orgID, teamID, userID int64) bool { func IsTeamMember(orgID, teamID, userID int64) (bool, error) {
return isTeamMember(x, orgID, teamID, userID) return isTeamMember(x, orgID, teamID, userID)
} }
@@ -471,8 +478,9 @@ func GetUserTeams(orgID, userID int64) ([]*Team, error) {
// AddTeamMember adds new membership of given team to given organization, // AddTeamMember adds new membership of given team to given organization,
// the user will have membership to given organization automatically when needed. // the user will have membership to given organization automatically when needed.
func AddTeamMember(team *Team, userID int64) error { func AddTeamMember(team *Team, userID int64) error {
if IsTeamMember(team.OrgID, team.ID, userID) { isAlreadyMember, err := IsTeamMember(team.OrgID, team.ID, userID)
return nil if err != nil || isAlreadyMember {
return err
} }
if err := AddOrgUser(team.OrgID, userID); err != nil { if err := AddOrgUser(team.OrgID, userID); err != nil {
@@ -529,8 +537,9 @@ func AddTeamMember(team *Team, userID int64) error {
} }
func removeTeamMember(e Engine, team *Team, userID int64) error { func removeTeamMember(e Engine, team *Team, userID int64) error {
if !isTeamMember(e, team.OrgID, team.ID, userID) { isMember, err := isTeamMember(e, team.OrgID, team.ID, userID)
return nil if err != nil || !isMember {
return err
} }
// Check if the user to delete is the last member in owner team. // Check if the user to delete is the last member in owner team.
@@ -566,7 +575,7 @@ func removeTeamMember(e Engine, team *Team, userID int64) error {
// This must exist. // This must exist.
ou := new(OrgUser) ou := new(OrgUser)
_, err := e. _, err = e.
Where("uid = ?", userID). Where("uid = ?", userID).
And("org_id = ?", team.OrgID). And("org_id = ?", team.OrgID).
Get(ou) Get(ou)

19
models/org_team_test.go
View File

@@ -250,16 +250,21 @@ func TestDeleteTeam(t *testing.T) {
func TestIsTeamMember(t *testing.T) { func TestIsTeamMember(t *testing.T) {
assert.NoError(t, PrepareTestDatabase()) assert.NoError(t, PrepareTestDatabase())
test := func(orgID, teamID, userID int64, expected bool) {
isMember, err := IsTeamMember(orgID, teamID, userID)
assert.NoError(t, err)
assert.Equal(t, expected, isMember)
}
assert.True(t, IsTeamMember(3, 1, 2)) test(3, 1, 2, true)
assert.False(t, IsTeamMember(3, 1, 4)) test(3, 1, 4, false)
assert.False(t, IsTeamMember(3, 1, NonexistentID)) test(3, 1, NonexistentID, false)
assert.True(t, IsTeamMember(3, 2, 2)) test(3, 2, 2, true)
assert.True(t, IsTeamMember(3, 2, 4)) test(3, 2, 4, true)
assert.False(t, IsTeamMember(3, NonexistentID, NonexistentID)) test(3, NonexistentID, NonexistentID, false)
assert.False(t, IsTeamMember(NonexistentID, NonexistentID, NonexistentID)) test(NonexistentID, NonexistentID, NonexistentID, false)
} }
func TestGetTeamMembers(t *testing.T) { func TestGetTeamMembers(t *testing.T) {

101
models/org_test.go
View File

@@ -12,28 +12,44 @@ import (
func TestUser_IsOwnedBy(t *testing.T) { func TestUser_IsOwnedBy(t *testing.T) {
assert.NoError(t, PrepareTestDatabase()) assert.NoError(t, PrepareTestDatabase())
org := AssertExistsAndLoadBean(t, &User{ID: 3}).(*User) for _, testCase := range []struct {
assert.True(t, org.IsOwnedBy(2)) OrgID int64
assert.False(t, org.IsOwnedBy(1)) UserID int64
assert.False(t, org.IsOwnedBy(3)) ExpectedOwner bool
assert.False(t, org.IsOwnedBy(4)) }{
{3, 2, true},
nonOrg := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User) {3, 1, false},
assert.False(t, nonOrg.IsOwnedBy(2)) {3, 3, false},
assert.False(t, nonOrg.IsOwnedBy(3)) {3, 4, false},
{2, 2, false}, // user2 is not an organization
{2, 3, false},
} {
org := AssertExistsAndLoadBean(t, &User{ID: testCase.OrgID}).(*User)
isOwner, err := org.IsOwnedBy(testCase.UserID)
assert.NoError(t, err)
assert.Equal(t, testCase.ExpectedOwner, isOwner)
}
} }
func TestUser_IsOrgMember(t *testing.T) { func TestUser_IsOrgMember(t *testing.T) {
assert.NoError(t, PrepareTestDatabase()) assert.NoError(t, PrepareTestDatabase())
org := AssertExistsAndLoadBean(t, &User{ID: 3}).(*User) for _, testCase := range []struct {
assert.True(t, org.IsOrgMember(2)) OrgID int64
assert.True(t, org.IsOrgMember(4)) UserID int64
assert.False(t, org.IsOrgMember(1)) ExpectedMember bool
assert.False(t, org.IsOrgMember(3)) }{
{3, 2, true},
nonOrg := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User) {3, 4, true},
assert.False(t, nonOrg.IsOrgMember(2)) {3, 1, false},
assert.False(t, nonOrg.IsOrgMember(3)) {3, 3, false},
{2, 2, false}, // user2 is not an organization
{2, 3, false},
} {
org := AssertExistsAndLoadBean(t, &User{ID: testCase.OrgID}).(*User)
isMember, err := org.IsOrgMember(testCase.UserID)
assert.NoError(t, err)
assert.Equal(t, testCase.ExpectedMember, isMember)
}
} }
func TestUser_GetTeam(t *testing.T) { func TestUser_GetTeam(t *testing.T) {
@@ -257,31 +273,46 @@ func TestDeleteOrganization(t *testing.T) {
func TestIsOrganizationOwner(t *testing.T) { func TestIsOrganizationOwner(t *testing.T) {
assert.NoError(t, PrepareTestDatabase()) assert.NoError(t, PrepareTestDatabase())
assert.True(t, IsOrganizationOwner(3, 2)) test := func(orgID, userID int64, expected bool) {
assert.False(t, IsOrganizationOwner(3, 3)) isOwner, err := IsOrganizationOwner(orgID, userID)
assert.True(t, IsOrganizationOwner(6, 5)) assert.NoError(t, err)
assert.False(t, IsOrganizationOwner(6, 4)) assert.EqualValues(t, expected, isOwner)
assert.False(t, IsOrganizationOwner(NonexistentID, NonexistentID)) }
test(3, 2, true)
test(3, 3, false)
test(6, 5, true)
test(6, 4, false)
test(NonexistentID, NonexistentID, false)
} }
func TestIsOrganizationMember(t *testing.T) { func TestIsOrganizationMember(t *testing.T) {
assert.NoError(t, PrepareTestDatabase()) assert.NoError(t, PrepareTestDatabase())
assert.True(t, IsOrganizationMember(3, 2)) test := func(orgID, userID int64, expected bool) {
assert.False(t, IsOrganizationMember(3, 3)) isMember, err := IsOrganizationMember(orgID, userID)
assert.True(t, IsOrganizationMember(3, 4)) assert.NoError(t, err)
assert.True(t, IsOrganizationMember(6, 5)) assert.EqualValues(t, expected, isMember)
assert.False(t, IsOrganizationMember(6, 4)) }
assert.False(t, IsOrganizationMember(NonexistentID, NonexistentID)) test(3, 2, true)
test(3, 3, false)
test(3, 4, true)
test(6, 5, true)
test(6, 4, false)
test(NonexistentID, NonexistentID, false)
} }
func TestIsPublicMembership(t *testing.T) { func TestIsPublicMembership(t *testing.T) {
assert.NoError(t, PrepareTestDatabase()) assert.NoError(t, PrepareTestDatabase())
assert.True(t, IsPublicMembership(3, 2)) test := func(orgID, userID int64, expected bool) {
assert.False(t, IsPublicMembership(3, 3)) isMember, err := IsPublicMembership(orgID, userID)
assert.False(t, IsPublicMembership(3, 4)) assert.NoError(t, err)
assert.True(t, IsPublicMembership(6, 5)) assert.EqualValues(t, expected, isMember)
assert.False(t, IsPublicMembership(6, 4)) }
assert.False(t, IsPublicMembership(NonexistentID, NonexistentID)) test(3, 2, true)
test(3, 3, false)
test(3, 4, false)
test(6, 5, true)
test(6, 4, false)
test(NonexistentID, NonexistentID, false)
} }
func TestGetOrgsByUserID(t *testing.T) { func TestGetOrgsByUserID(t *testing.T) {

14
models/repo.go
View File

@@ -1493,12 +1493,18 @@ func TransferOwnership(doer *User, newOwnerName string, repo *Repository) error
// Dummy object. // Dummy object.
collaboration := &Collaboration{RepoID: repo.ID} collaboration := &Collaboration{RepoID: repo.ID}
for _, c := range collaborators { for _, c := range collaborators {
collaboration.UserID = c.ID if c.ID != newOwner.ID {
if c.ID == newOwner.ID || newOwner.IsOrgMember(c.ID) { isMember, err := newOwner.IsOrgMember(c.ID)
if _, err = sess.Delete(collaboration); err != nil { if err != nil {
return fmt.Errorf("remove collaborator '%d': %v", c.ID, err) return fmt.Errorf("IsOrgMember: %v", err)
} else if !isMember {
continue
} }
} }
collaboration.UserID = c.ID
if _, err = sess.Delete(collaboration); err != nil {
return fmt.Errorf("remove collaborator '%d': %v", c.ID, err)
}
} }
// Remove old team-repository relations. // Remove old team-repository relations.

14
models/user.go
View File

@@ -487,12 +487,22 @@ func (u *User) IsOrganization() bool {
// IsUserOrgOwner returns true if user is in the owner team of given organization. // IsUserOrgOwner returns true if user is in the owner team of given organization.
func (u *User) IsUserOrgOwner(orgID int64) bool { func (u *User) IsUserOrgOwner(orgID int64) bool {
return IsOrganizationOwner(orgID, u.ID) isOwner, err := IsOrganizationOwner(orgID, u.ID)
if err != nil {
log.Error(4, "IsOrganizationOwner: %v", err)
return false
}
return isOwner
} }
// IsPublicMember returns true if user public his/her membership in given organization. // IsPublicMember returns true if user public his/her membership in given organization.
func (u *User) IsPublicMember(orgID int64) bool { func (u *User) IsPublicMember(orgID int64) bool {
return IsPublicMembership(orgID, u.ID) isMember, err := IsPublicMembership(orgID, u.ID)
if err != nil {
log.Error(4, "IsPublicMembership: %v", err)
return false
}
return isMember
} }
func (u *User) getOrganizationCount(e Engine) (int64, error) { func (u *User) getOrganizationCount(e Engine) (int64, error) {

13
modules/context/org.go
View File

@@ -73,14 +73,21 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
ctx.Org.IsTeamMember = true ctx.Org.IsTeamMember = true
ctx.Org.IsTeamAdmin = true ctx.Org.IsTeamAdmin = true
} else if ctx.IsSigned { } else if ctx.IsSigned {
ctx.Org.IsOwner = org.IsOwnedBy(ctx.User.ID) ctx.Org.IsOwner, err = org.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Handle(500, "IsOwnedBy", err)
return
}
if ctx.Org.IsOwner { if ctx.Org.IsOwner {
ctx.Org.IsMember = true ctx.Org.IsMember = true
ctx.Org.IsTeamMember = true ctx.Org.IsTeamMember = true
ctx.Org.IsTeamAdmin = true ctx.Org.IsTeamAdmin = true
} else { } else {
if org.IsOrgMember(ctx.User.ID) { ctx.Org.IsMember, err = org.IsOrgMember(ctx.User.ID)
ctx.Org.IsMember = true if err != nil {
ctx.Handle(500, "IsOrgMember", err)
return
} }
} }
} else { } else {

10
routers/api/v1/api.go
View File

@@ -177,7 +177,10 @@ func reqOrgMembership() macaron.Handler {
return return
} }
if !models.IsOrganizationMember(orgID, ctx.User.ID) { if isMember, err := models.IsOrganizationMember(orgID, ctx.User.ID); err != nil {
ctx.Error(500, "IsOrganizationMember", err)
return
} else if !isMember {
if ctx.Org.Organization != nil { if ctx.Org.Organization != nil {
ctx.Error(403, "", "Must be an organization member") ctx.Error(403, "", "Must be an organization member")
} else { } else {
@@ -200,7 +203,10 @@ func reqOrgOwnership() macaron.Handler {
return return
} }
if !models.IsOrganizationOwner(orgID, ctx.User.ID) { isOwner, err := models.IsOrganizationOwner(orgID, ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOrganizationOwner", err)
} else if !isOwner {
if ctx.Org.Organization != nil { if ctx.Org.Organization != nil {
ctx.Error(403, "", "Must be an organization owner") ctx.Error(403, "", "Must be an organization owner")
} else { } else {

41
routers/api/v1/org/member.go
View File

@@ -67,7 +67,15 @@ func ListMembers(ctx *context.APIContext) {
// responses: // responses:
// "200": // "200":
// "$ref": "#/responses/UserList" // "$ref": "#/responses/UserList"
publicOnly := ctx.User == nil || !ctx.Org.Organization.IsOrgMember(ctx.User.ID) publicOnly := true
if ctx.User != nil {
isMember, err := ctx.Org.Organization.IsOrgMember(ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOrgMember", err)
return
}
publicOnly = !isMember
}
listMembers(ctx, publicOnly) listMembers(ctx, publicOnly)
} }
@@ -119,19 +127,30 @@ func IsMember(ctx *context.APIContext) {
if ctx.Written() { if ctx.Written() {
return return
} }
if ctx.User != nil && ctx.Org.Organization.IsOrgMember(ctx.User.ID) { if ctx.User != nil {
if ctx.Org.Organization.IsOrgMember(userToCheck.ID) { userIsMember, err := ctx.Org.Organization.IsOrgMember(ctx.User.ID)
ctx.Status(204) if err != nil {
} else { ctx.Error(500, "IsOrgMember", err)
return
} else if userIsMember {
userToCheckIsMember, err := ctx.Org.Organization.IsOrgMember(ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOrgMember", err)
} else if userToCheckIsMember {
ctx.Status(204)
} else {
ctx.Status(404)
}
return
} else if ctx.User.ID == userToCheck.ID {
ctx.Status(404) ctx.Status(404)
return
} }
} else if ctx.User != nil && ctx.User.ID == userToCheck.ID {
ctx.Status(404)
} else {
redirectURL := fmt.Sprintf("%sapi/v1/orgs/%s/public_members/%s",
setting.AppURL, ctx.Org.Organization.Name, userToCheck.Name)
ctx.Redirect(redirectURL, 302)
} }
redirectURL := fmt.Sprintf("%sapi/v1/orgs/%s/public_members/%s",
setting.AppURL, ctx.Org.Organization.Name, userToCheck.Name)
ctx.Redirect(redirectURL, 302)
} }
// IsPublicMember check if a user is a public member of an organization // IsPublicMember check if a user is a public member of an organization

6
routers/api/v1/org/team.go
View File

@@ -176,7 +176,11 @@ func GetTeamMembers(ctx *context.APIContext) {
// responses: // responses:
// "200": // "200":
// "$ref": "#/responses/UserList" // "$ref": "#/responses/UserList"
if !models.IsOrganizationMember(ctx.Org.Team.OrgID, ctx.User.ID) { isMember, err := models.IsOrganizationMember(ctx.Org.Team.OrgID, ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOrganizationMember", err)
return
} else if !isMember {
ctx.Status(404) ctx.Status(404)
return return
} }

6
routers/api/v1/repo/fork.go
View File

@@ -89,7 +89,11 @@ func CreateFork(ctx *context.APIContext, form api.CreateForkOption) {
} }
return return
} }
if !org.IsOrgMember(ctx.User.ID) { isMember, err := org.IsOrgMember(ctx.User.ID)
if err != nil {
ctx.Handle(500, "IsOrgMember", err)
return
} else if !isMember {
ctx.Status(403) ctx.Status(403)
return return
} }

39
routers/api/v1/repo/repo.go
View File

@@ -108,8 +108,19 @@ func Search(ctx *context.APIContext) {
} }
// Check visibility. // Check visibility.
if ctx.IsSigned && (ctx.User.ID == repoOwner.ID || (repoOwner.IsOrganization() && repoOwner.IsOwnedBy(ctx.User.ID))) { if ctx.IsSigned {
opts.Private = true if ctx.User.ID == repoOwner.ID {
opts.Private = true
} else if repoOwner.IsOrganization() {
opts.Private, err = repoOwner.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.JSON(500, api.SearchError{
OK: false,
Error: err.Error(),
})
return
}
}
} }
} }
@@ -245,7 +256,11 @@ func CreateOrgRepo(ctx *context.APIContext, opt api.CreateRepoOption) {
return return
} }
if !org.IsOwnedBy(ctx.User.ID) { isOwner, err := org.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Handle(500, "IsOwnedBy", err)
return
} else if !isOwner {
ctx.Error(403, "", "Given user is not owner of organization.") ctx.Error(403, "", "Given user is not owner of organization.")
return return
} }
@@ -292,7 +307,11 @@ func Migrate(ctx *context.APIContext, form auth.MigrateRepoForm) {
if ctxUser.IsOrganization() && !ctx.User.IsAdmin { if ctxUser.IsOrganization() && !ctx.User.IsAdmin {
// Check ownership of organization. // Check ownership of organization.
if !ctxUser.IsOwnedBy(ctx.User.ID) { isOwner, err := ctxUser.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOwnedBy", err)
return
} else if !isOwner {
ctx.Error(403, "", "Given user is not owner of organization.") ctx.Error(403, "", "Given user is not owner of organization.")
return return
} }
@@ -431,9 +450,15 @@ func Delete(ctx *context.APIContext) {
owner := ctx.Repo.Owner owner := ctx.Repo.Owner
repo := ctx.Repo.Repository repo := ctx.Repo.Repository
if owner.IsOrganization() && !owner.IsOwnedBy(ctx.User.ID) { if owner.IsOrganization() {
ctx.Error(403, "", "Given user is not owner of organization.") isOwner, err := owner.IsOwnedBy(ctx.User.ID)
return if err != nil {
ctx.Error(500, "IsOwnedBy", err)
return
} else if !isOwner {
ctx.Error(403, "", "Given user is not owner of organization.")
return
}
} }
if err := models.DeleteRepository(ctx.User, owner.ID, repo.ID); err != nil { if err := models.DeleteRepository(ctx.User, owner.ID, repo.ID); err != nil {

32
routers/repo/issue.go
View File

@@ -475,6 +475,26 @@ func NewIssuePost(ctx *context.Context, form auth.CreateIssueForm) {
ctx.Redirect(ctx.Repo.RepoLink + "/issues/" + com.ToStr(issue.Index)) ctx.Redirect(ctx.Repo.RepoLink + "/issues/" + com.ToStr(issue.Index))
} }
// commentTag returns the CommentTag for a comment in/with the given repo, poster and issue
func commentTag(repo *models.Repository, poster *models.User, issue *models.Issue) (models.CommentTag, error) {
if repo.IsOwnedBy(poster.ID) {
return models.CommentTagOwner, nil
} else if repo.Owner.IsOrganization() {
isOwner, err := repo.Owner.IsOwnedBy(poster.ID)
if err != nil {
return models.CommentTagNone, err
} else if isOwner {
return models.CommentTagOwner, nil
}
}
if poster.IsWriterOfRepo(repo) {
return models.CommentTagWriter, nil
} else if poster.ID == issue.PosterID {
return models.CommentTagPoster, nil
}
return models.CommentTagNone, nil
}
// ViewIssue render issue view page // ViewIssue render issue view page
func ViewIssue(ctx *context.Context) { func ViewIssue(ctx *context.Context) {
ctx.Data["RequireHighlightJS"] = true ctx.Data["RequireHighlightJS"] = true
@@ -644,15 +664,11 @@ func ViewIssue(ctx *context.Context) {
continue continue
} }
if repo.IsOwnedBy(comment.PosterID) || comment.ShowTag, err = commentTag(repo, comment.Poster, issue)
(repo.Owner.IsOrganization() && repo.Owner.IsOwnedBy(comment.PosterID)) { if err != nil {
comment.ShowTag = models.CommentTagOwner ctx.Handle(500, "commentTag", err)
} else if comment.Poster.IsWriterOfRepo(repo) { return
comment.ShowTag = models.CommentTagWriter
} else if comment.PosterID == issue.PosterID {
comment.ShowTag = models.CommentTagPoster
} }
marked[comment.PosterID] = comment.ShowTag marked[comment.PosterID] = comment.ShowTag
isAdded := false isAdded := false

6
routers/repo/pull.go
View File

@@ -173,7 +173,11 @@ func ForkPost(ctx *context.Context, form auth.CreateRepoForm) {
// Check ownership of organization. // Check ownership of organization.
if ctxUser.IsOrganization() { if ctxUser.IsOrganization() {
if !ctxUser.IsOwnedBy(ctx.User.ID) { isOwner, err := ctxUser.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Handle(500, "IsOwnedBy", err)
return
} else if !isOwner {
ctx.Error(403) ctx.Error(403)
return return
} }

12
routers/repo/repo.go
View File

@@ -74,10 +74,20 @@ func checkContextUser(ctx *context.Context, uid int64) *models.User {
} }
// Check ownership of organization. // Check ownership of organization.
if !org.IsOrganization() || !(ctx.User.IsAdmin || org.IsOwnedBy(ctx.User.ID)) { if !org.IsOrganization() {
ctx.Error(403) ctx.Error(403)
return nil return nil
} }
if !ctx.User.IsAdmin {
isOwner, err := org.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Handle(500, "IsOwnedBy", err)
return nil
} else if !isOwner {
ctx.Error(403)
return nil
}
}
return org return org
} }

42
routers/repo/setting.go
View File

@@ -234,13 +234,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
return return
} }
if ctx.Repo.Owner.IsOrganization() {
if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) {
ctx.Error(404)
return
}
}
if !repo.IsMirror { if !repo.IsMirror {
ctx.Error(404) ctx.Error(404)
return return
@@ -268,13 +261,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
return return
} }
if ctx.Repo.Owner.IsOrganization() {
if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) {
ctx.Error(404)
return
}
}
newOwner := ctx.Query("new_owner_name") newOwner := ctx.Query("new_owner_name")
isExist, err := models.IsUserExist(0, newOwner) isExist, err := models.IsUserExist(0, newOwner)
if err != nil { if err != nil {
@@ -307,13 +293,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
return return
} }
if ctx.Repo.Owner.IsOrganization() {
if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) {
ctx.Error(404)
return
}
}
if err := models.DeleteRepository(ctx.User, ctx.Repo.Owner.ID, repo.ID); err != nil { if err := models.DeleteRepository(ctx.User, ctx.Repo.Owner.ID, repo.ID); err != nil {
ctx.Handle(500, "DeleteRepository", err) ctx.Handle(500, "DeleteRepository", err)
return return
@@ -333,13 +312,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
return return
} }
if ctx.Repo.Owner.IsOrganization() {
if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) {
ctx.Error(404)
return
}
}
repo.DeleteWiki() repo.DeleteWiki()
log.Trace("Repository wiki deleted: %s/%s", ctx.Repo.Owner.Name, repo.Name) log.Trace("Repository wiki deleted: %s/%s", ctx.Repo.Owner.Name, repo.Name)
@@ -393,10 +365,16 @@ func CollaborationPost(ctx *context.Context) {
} }
// Check if user is organization member. // Check if user is organization member.
if ctx.Repo.Owner.IsOrganization() && ctx.Repo.Owner.IsOrgMember(u.ID) { if ctx.Repo.Owner.IsOrganization() {
ctx.Flash.Info(ctx.Tr("repo.settings.user_is_org_member")) isMember, err := ctx.Repo.Owner.IsOrgMember(u.ID)
ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration") if err != nil {
return ctx.Handle(500, "IsOrgMember", err)
return
} else if isMember {
ctx.Flash.Info(ctx.Tr("repo.settings.user_is_org_member"))
ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
return
}
} }
if err = ctx.Repo.Repository.AddCollaborator(u); err != nil { if err = ctx.Repo.Repository.AddCollaborator(u); err != nil {