Restricting access to fork functioanlity to users with Code access (#2542)

Signed-off-by: Jonas Franz <info@jonasfranz.software>
This commit is contained in:
Jonas Franz 2017-09-19 01:12:29 +02:00 committed by Kim "BKC" Carlbäcker
parent fc0c6f48c7
commit 91788e0200
3 changed files with 74 additions and 3 deletions

View File

@ -648,7 +648,7 @@ func (repo *Repository) UpdateSize() error {
// CanBeForked returns true if repository meets the requirements of being forked. // CanBeForked returns true if repository meets the requirements of being forked.
func (repo *Repository) CanBeForked() bool { func (repo *Repository) CanBeForked() bool {
return !repo.IsBare return !repo.IsBare && repo.UnitEnabled(UnitTypeCode)
} }
// CanEnablePulls returns true if repository meets the requirements of accepting pulls. // CanEnablePulls returns true if repository meets the requirements of accepting pulls.

View File

@ -162,6 +162,75 @@ func RedirectToRepo(ctx *Context, redirectRepoID int64) {
ctx.Redirect(redirectPath) ctx.Redirect(redirectPath)
} }
// RepoIDAssignment returns an macaron handler which assigns the repo to the context.
func RepoIDAssignment() macaron.Handler {
return func(ctx *Context) {
var (
err error
)
repoID := ctx.ParamsInt64(":repoid")
// Get repository.
repo, err := models.GetRepositoryByID(repoID)
if err != nil {
if models.IsErrRepoNotExist(err) {
ctx.Handle(404, "GetRepositoryByID", nil)
} else {
ctx.Handle(500, "GetRepositoryByID", err)
}
return
}
if err = repo.GetOwner(); err != nil {
ctx.Handle(500, "GetOwner", err)
return
}
// Admin has super access.
if ctx.IsSigned && ctx.User.IsAdmin {
ctx.Repo.AccessMode = models.AccessModeOwner
} else {
var userID int64
if ctx.User != nil {
userID = ctx.User.ID
}
mode, err := models.AccessLevel(userID, repo)
if err != nil {
ctx.Handle(500, "AccessLevel", err)
return
}
ctx.Repo.AccessMode = mode
}
// Check access.
if ctx.Repo.AccessMode == models.AccessModeNone {
if ctx.Query("go-get") == "1" {
earlyResponseForGoGetMeta(ctx)
return
}
ctx.Handle(404, "no access right", err)
return
}
ctx.Data["HasAccess"] = true
if repo.IsMirror {
ctx.Repo.Mirror, err = models.GetMirrorByRepoID(repo.ID)
if err != nil {
ctx.Handle(500, "GetMirror", err)
return
}
ctx.Data["MirrorEnablePrune"] = ctx.Repo.Mirror.EnablePrune
ctx.Data["MirrorInterval"] = ctx.Repo.Mirror.Interval
ctx.Data["Mirror"] = ctx.Repo.Mirror
}
ctx.Repo.Repository = repo
ctx.Data["RepoName"] = ctx.Repo.Repository.Name
ctx.Data["IsBareRepo"] = ctx.Repo.Repository.IsBare
}
}
// RepoAssignment returns a macaron to handle repository assignment // RepoAssignment returns a macaron to handle repository assignment
func RepoAssignment() macaron.Handler { func RepoAssignment() macaron.Handler {
return func(ctx *Context) { return func(ctx *Context) {

View File

@ -416,8 +416,10 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Post("/create", bindIgnErr(auth.CreateRepoForm{}), repo.CreatePost) m.Post("/create", bindIgnErr(auth.CreateRepoForm{}), repo.CreatePost)
m.Get("/migrate", repo.Migrate) m.Get("/migrate", repo.Migrate)
m.Post("/migrate", bindIgnErr(auth.MigrateRepoForm{}), repo.MigratePost) m.Post("/migrate", bindIgnErr(auth.MigrateRepoForm{}), repo.MigratePost)
m.Combo("/fork/:repoid").Get(repo.Fork). m.Group("/fork", func() {
Post(bindIgnErr(auth.CreateRepoForm{}), repo.ForkPost) m.Combo("/:repoid").Get(repo.Fork).
Post(bindIgnErr(auth.CreateRepoForm{}), repo.ForkPost)
}, context.RepoIDAssignment(), context.UnitTypes(), context.LoadRepoUnits(), context.CheckUnit(models.UnitTypeCode))
}, reqSignIn) }, reqSignIn)
m.Group("/:username/:reponame", func() { m.Group("/:username/:reponame", func() {