mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-24 13:53:42 +09:00 
			
		
		
		
	| @@ -42,6 +42,7 @@ func (p *Permission) IsAdmin() bool { | ||||
|  | ||||
| // HasAnyUnitAccess returns true if the user might have at least one access mode to any unit of this repository. | ||||
| // It doesn't count the "public(anonymous/everyone) access mode". | ||||
| // TODO: most calls to this function should be replaced with `HasAnyUnitAccessOrPublicAccess` | ||||
| func (p *Permission) HasAnyUnitAccess() bool { | ||||
| 	for _, v := range p.unitsMode { | ||||
| 		if v >= perm_model.AccessModeRead { | ||||
|   | ||||
| @@ -228,7 +228,7 @@ func repoAssignment() func(ctx *context.APIContext) { | ||||
| 			} | ||||
| 		} | ||||
|  | ||||
| 		if !ctx.Repo.Permission.HasAnyUnitAccess() { | ||||
| 		if !ctx.Repo.Permission.HasAnyUnitAccessOrPublicAccess() { | ||||
| 			ctx.APIErrorNotFound() | ||||
| 			return | ||||
| 		} | ||||
| @@ -1248,7 +1248,7 @@ func Routes() *web.Router { | ||||
| 				}, reqToken()) | ||||
| 				m.Get("/raw/*", context.ReferencesGitRepo(), context.RepoRefForAPI, reqRepoReader(unit.TypeCode), repo.GetRawFile) | ||||
| 				m.Get("/media/*", context.ReferencesGitRepo(), context.RepoRefForAPI, reqRepoReader(unit.TypeCode), repo.GetRawFileOrLFS) | ||||
| 				m.Get("/archive/*", reqRepoReader(unit.TypeCode), repo.GetArchive) | ||||
| 				m.Methods("HEAD,GET", "/archive/*", reqRepoReader(unit.TypeCode), repo.GetArchive) | ||||
| 				m.Combo("/forks").Get(repo.ListForks). | ||||
| 					Post(reqToken(), reqRepoReader(unit.TypeCode), bind(api.CreateForkOption{}), repo.CreateFork) | ||||
| 				m.Post("/merge-upstream", reqToken(), mustNotBeArchived, reqRepoWriter(unit.TypeCode), bind(api.MergeUpstreamRequest{}), repo.MergeUpstream) | ||||
| @@ -1464,7 +1464,7 @@ func Routes() *web.Router { | ||||
| 					m.Delete("", repo.DeleteAvatar) | ||||
| 				}, reqAdmin(), reqToken()) | ||||
|  | ||||
| 				m.Get("/{ball_type:tarball|zipball|bundle}/*", reqRepoReader(unit.TypeCode), repo.DownloadArchive) | ||||
| 				m.Methods("HEAD,GET", "/{ball_type:tarball|zipball|bundle}/*", reqRepoReader(unit.TypeCode), repo.DownloadArchive) | ||||
| 			}, repoAssignment(), checkTokenPublicOnly()) | ||||
| 		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository)) | ||||
|  | ||||
|   | ||||
| @@ -12,7 +12,9 @@ import ( | ||||
| 	"testing" | ||||
|  | ||||
| 	auth_model "code.gitea.io/gitea/models/auth" | ||||
| 	"code.gitea.io/gitea/models/perm" | ||||
| 	repo_model "code.gitea.io/gitea/models/repo" | ||||
| 	"code.gitea.io/gitea/models/unit" | ||||
| 	"code.gitea.io/gitea/models/unittest" | ||||
| 	user_model "code.gitea.io/gitea/models/user" | ||||
| 	"code.gitea.io/gitea/tests" | ||||
| @@ -58,9 +60,12 @@ func TestAPIDownloadArchive(t *testing.T) { | ||||
|  | ||||
| 	link, _ = url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/archive/master", user2.Name, repo.Name)) | ||||
| 	MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusBadRequest) | ||||
|  | ||||
| 	t.Run("GitHubStyle", testAPIDownloadArchiveGitHubStyle) | ||||
| 	t.Run("PrivateRepo", testAPIDownloadArchivePrivateRepo) | ||||
| } | ||||
|  | ||||
| func TestAPIDownloadArchive2(t *testing.T) { | ||||
| func testAPIDownloadArchiveGitHubStyle(t *testing.T) { | ||||
| 	defer tests.PrepareTestEnv(t)() | ||||
|  | ||||
| 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1}) | ||||
| @@ -95,7 +100,13 @@ func TestAPIDownloadArchive2(t *testing.T) { | ||||
| 	bs, err = io.ReadAll(resp.Body) | ||||
| 	assert.NoError(t, err) | ||||
| 	assert.Len(t, bs, 382) | ||||
|  | ||||
| 	link, _ = url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/archive/master", user2.Name, repo.Name)) | ||||
| 	MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusBadRequest) | ||||
| } | ||||
|  | ||||
| func testAPIDownloadArchivePrivateRepo(t *testing.T) { | ||||
| 	_ = repo_model.UpdateRepositoryColsNoAutoTime(t.Context(), &repo_model.Repository{ID: 1, IsPrivate: true}, "is_private") | ||||
| 	MakeRequest(t, NewRequest(t, "HEAD", "/api/v1/repos/user2/repo1/archive/master.zip"), http.StatusNotFound) | ||||
| 	MakeRequest(t, NewRequest(t, "HEAD", "/api/v1/repos/user2/repo1/zipball/master"), http.StatusNotFound) | ||||
| 	_ = repo_model.UpdateRepoUnitPublicAccess(t.Context(), &repo_model.RepoUnit{RepoID: 1, Type: unit.TypeCode, AnonymousAccessMode: perm.AccessModeRead}) | ||||
| 	MakeRequest(t, NewRequest(t, "HEAD", "/api/v1/repos/user2/repo1/archive/master.zip"), http.StatusOK) | ||||
| 	MakeRequest(t, NewRequest(t, "HEAD", "/api/v1/repos/user2/repo1/zipball/master"), http.StatusOK) | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user