Skip to content

Commit 9aa6078

Browse files
GamerGirlandCoGamerGirlandCo
committed
fix up repos inside groups being inaccessible in spite of actor being a collaborator
1 parent 130bc9f commit 9aa6078

File tree

2 files changed

+37
-30
lines changed

2 files changed

+37
-30
lines changed

services/context/group.go

Lines changed: 26 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -66,22 +66,22 @@ func (g *RepoGroup) UnitPermission(ctx context.Context, doer *user_model.User, u
6666
return perm.AccessModeNone
6767
}
6868

69-
func GetGroupByParams(ctx *Context) {
69+
func GetGroupByParams(ctx *Context) (err error) {
7070
groupID := ctx.PathParamInt64("group_id")
7171

72-
var err error
7372
ctx.RepoGroup.Group, err = group_model.GetGroupByID(ctx, groupID)
7473
if err != nil {
7574
if group_model.IsErrGroupNotExist(err) {
7675
ctx.NotFound(err)
7776
} else {
7877
ctx.ServerError("GetUserByName", err)
7978
}
80-
return
79+
return err
8180
}
8281
if err = ctx.RepoGroup.Group.LoadAttributes(ctx); err != nil {
8382
ctx.ServerError("LoadAttributes", err)
8483
}
84+
return err
8585
}
8686

8787
type GroupAssignmentOptions struct {
@@ -90,24 +90,25 @@ type GroupAssignmentOptions struct {
9090
RequireGroupAdmin bool
9191
}
9292

93-
func groupAssignment(ctx *Context) {
93+
func groupAssignment(ctx *Context) (bool, error) {
94+
var err error
9495
if ctx.RepoGroup.Group == nil {
95-
GetGroupByParams(ctx)
96+
err = GetGroupByParams(ctx)
9697
}
9798
if ctx.Written() {
98-
return
99+
return false, err
99100
}
100101
group := ctx.RepoGroup.Group
101102
canAccess, err := group.CanAccess(ctx, ctx.Doer)
102103
if err != nil {
103104
ctx.ServerError("error checking group access", err)
104-
return
105+
return false, err
105106
}
106107
if group.Owner == nil {
107108
err = group.LoadOwner(ctx)
108109
if err != nil {
109110
ctx.ServerError("LoadOwner", err)
110-
return
111+
return false, err
111112
}
112113
}
113114
ownerAsOrg := (*organization.Organization)(group.Owner)
@@ -116,7 +117,7 @@ func groupAssignment(ctx *Context) {
116117
if ctx.IsSigned {
117118
if orgWideAdmin, err = ownerAsOrg.IsOrgAdmin(ctx, ctx.Doer.ID); err != nil {
118119
ctx.ServerError("IsOrgAdmin", err)
119-
return
120+
return false, err
120121
}
121122
if orgWideOwner, err = ownerAsOrg.IsOwnedBy(ctx, ctx.Doer.ID); err != nil {
122123
ctx.ServerError("IsOwnedBy", err)
@@ -138,7 +139,7 @@ func groupAssignment(ctx *Context) {
138139
isOwnedBy, err = group.IsOwnedBy(ctx, ctx.Doer.ID)
139140
if err != nil {
140141
ctx.ServerError("IsOwnedBy", err)
141-
return
142+
return false, err
142143
}
143144
ctx.RepoGroup.IsOwner = ctx.RepoGroup.IsOwner || isOwnedBy
144145

@@ -150,12 +151,12 @@ func groupAssignment(ctx *Context) {
150151
ctx.RepoGroup.IsMember, err = shared_group.IsGroupMember(ctx, group.ID, ctx.Doer)
151152
if err != nil {
152153
ctx.ServerError("IsOrgMember", err)
153-
return
154+
return false, err
154155
}
155156
ctx.RepoGroup.CanCreateRepoOrGroup, err = group.CanCreateIn(ctx, ctx.Doer.ID)
156157
if err != nil {
157158
ctx.ServerError("CanCreateIn", err)
158-
return
159+
return false, err
159160
}
160161
}
161162
} else {
@@ -172,7 +173,7 @@ func groupAssignment(ctx *Context) {
172173
teams, err := organization.GetUserGroupTeams(ctx, group.ID, ctx.Doer.ID)
173174
if err != nil {
174175
ctx.ServerError("GetUserTeams", err)
175-
return
176+
return false, err
176177
}
177178
for _, team := range teams {
178179
if team.IncludesAllRepositories && team.AccessMode >= perm.AccessModeAdmin {
@@ -185,13 +186,13 @@ func groupAssignment(ctx *Context) {
185186
ctx.RepoGroup.Teams, err = shared_group.GetGroupTeams(ctx, group.ID)
186187
if err != nil {
187188
ctx.ServerError("LoadTeams", err)
188-
return
189+
return false, err
189190
}
190191
} else {
191192
ctx.RepoGroup.Teams, err = organization.GetUserGroupTeams(ctx, group.ID, ctx.Doer.ID)
192193
if err != nil {
193194
ctx.ServerError("GetUserTeams", err)
194-
return
195+
return false, err
195196
}
196197
}
197198
ctx.Data["NumTeams"] = len(ctx.RepoGroup.Teams)
@@ -207,7 +208,7 @@ func groupAssignment(ctx *Context) {
207208
groupTeam, err = group_model.FindGroupTeamByTeamID(ctx, group.ID, team.ID)
208209
if err != nil {
209210
ctx.ServerError("FindGroupTeamByTeamID", err)
210-
return
211+
return false, err
211212
}
212213
ctx.RepoGroup.GroupTeam = groupTeam
213214
ctx.RepoGroup.Team = team
@@ -219,7 +220,7 @@ func groupAssignment(ctx *Context) {
219220

220221
if !teamExists {
221222
ctx.NotFound(err)
222-
return
223+
return false, err
223224
}
224225

225226
ctx.Data["IsTeamMember"] = ctx.RepoGroup.IsMember
@@ -237,22 +238,20 @@ func groupAssignment(ctx *Context) {
237238
isAdmin, err := group.IsAdminOf(ctx, ctx.Doer.ID)
238239
if err != nil {
239240
ctx.ServerError("IsAdminOf", err)
240-
return
241+
return false, err
241242
}
242243
ctx.RepoGroup.IsGroupAdmin = ctx.RepoGroup.IsGroupAdmin || isAdmin
243244
}
244-
if !canAccess && !(ctx.RepoGroup.IsGroupAdmin || ctx.RepoGroup.IsMember || ctx.RepoGroup.IsOwner) {
245-
ctx.NotFound(nil)
246-
return
247-
}
245+
return canAccess && (ctx.RepoGroup.IsGroupAdmin || ctx.RepoGroup.IsMember || ctx.RepoGroup.IsOwner), nil
248246
}
249247

250248
func GroupAssignment(args GroupAssignmentOptions) func(ctx *Context) {
251249
return func(ctx *Context) {
252250
var err error
253251

254-
groupAssignment(ctx)
255-
if ctx.Written() {
252+
ca, err := groupAssignment(ctx)
253+
254+
if ctx.Written() || err != nil {
256255
return
257256
}
258257

@@ -264,8 +263,9 @@ func GroupAssignment(args GroupAssignmentOptions) func(ctx *Context) {
264263

265264
if ctx.RepoGroup.Group.Visibility == structs.VisibleTypePrivate {
266265
args.RequireMember = true
267-
} else if ctx.IsSigned && ctx.Doer.IsRestricted {
268-
args.RequireMember = true
266+
} else if ctx.IsSigned && !ca {
267+
ctx.NotFound(err)
268+
return
269269
}
270270

271271
if (args.RequireMember && !ctx.RepoGroup.IsMember) ||

services/context/repo.go

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -379,7 +379,7 @@ func RedirectToRepo(ctx *Base, redirectRepoID int64) {
379379
ctx.Redirect(path.Join(setting.AppSubURL, redirectPath), http.StatusMovedPermanently)
380380
}
381381

382-
func repoAssignment(ctx *Context, repo *repo_model.Repository) {
382+
func repoAssignment(ctx *Context, repo *repo_model.Repository, canAccessInGroup bool) {
383383
var err error
384384
if err = repo.LoadOwner(ctx); err != nil {
385385
ctx.ServerError("LoadOwner", err)
@@ -396,7 +396,7 @@ func repoAssignment(ctx *Context, repo *repo_model.Repository) {
396396
}
397397
}
398398

399-
if !ctx.Repo.Permission.HasAnyUnitAccessOrPublicAccess() && !canWriteAsMaintainer(ctx) {
399+
if !ctx.Repo.Permission.HasAnyUnitAccessOrPublicAccess() && !canWriteAsMaintainer(ctx) && !canAccessInGroup {
400400
if ctx.FormString("go-get") == "1" {
401401
EarlyResponseForGoGetMeta(ctx)
402402
return
@@ -525,15 +525,22 @@ func RepoAssignment(ctx *Context) {
525525
if repo.GroupID != gid {
526526
ctx.NotFound(nil)
527527
}
528+
var canAccessInGroup bool
528529
if gid > 0 {
529-
groupAssignment(ctx)
530+
canAccessInGroup, err = groupAssignment(ctx)
531+
if err != nil {
532+
if !ctx.Written() {
533+
ctx.ServerError("groupAssignment", err)
534+
}
535+
return
536+
}
530537
}
531538
if ctx.Written() {
532539
return
533540
}
534541
repo.Owner = ctx.Repo.Owner
535542

536-
repoAssignment(ctx, repo)
543+
repoAssignment(ctx, repo, canAccessInGroup)
537544
if ctx.Written() {
538545
return
539546
}

0 commit comments

Comments
 (0)