Skip to content

Commit ab5a863

Browse files
GamerGirlandCoGamerGirlandCo
committed
update common group assignment, add nil check when getting repo group unit permissions
1 parent 9567d2b commit ab5a863

File tree

2 files changed

+145
-118
lines changed

2 files changed

+145
-118
lines changed

services/context/group.go

Lines changed: 144 additions & 117 deletions
Original file line numberDiff line numberDiff line change
@@ -97,12 +97,153 @@ func groupAssignment(ctx *Context) {
9797
if ctx.Written() {
9898
return
9999
}
100-
canAccess, err := ctx.RepoGroup.Group.CanAccess(ctx, ctx.Doer)
100+
group := ctx.RepoGroup.Group
101+
canAccess, err := group.CanAccess(ctx, ctx.Doer)
101102
if err != nil {
102103
ctx.ServerError("error checking group access", err)
103104
return
104105
}
105-
if !canAccess {
106+
if group.Owner == nil {
107+
err = group.LoadOwner(ctx)
108+
if err != nil {
109+
ctx.ServerError("LoadOwner", err)
110+
return
111+
}
112+
}
113+
ownerAsOrg := (*organization.Organization)(group.Owner)
114+
var (
115+
orgWideAdmin, orgWideOwner, isOwnedBy bool
116+
)
117+
118+
if ctx.IsSigned {
119+
if orgWideAdmin, err = ownerAsOrg.IsOrgAdmin(ctx, ctx.Doer.ID); err != nil {
120+
ctx.ServerError("IsOrgAdmin", err)
121+
return
122+
}
123+
if orgWideOwner, err = ownerAsOrg.IsOwnedBy(ctx, ctx.Doer.ID); err != nil {
124+
ctx.ServerError("IsOwnedBy", err)
125+
}
126+
}
127+
if orgWideOwner {
128+
ctx.RepoGroup.IsOwner = true
129+
}
130+
if orgWideAdmin {
131+
ctx.RepoGroup.IsGroupAdmin = true
132+
}
133+
134+
if ctx.IsSigned && ctx.Doer.IsAdmin {
135+
ctx.RepoGroup.IsOwner = true
136+
ctx.RepoGroup.IsMember = true
137+
ctx.RepoGroup.IsGroupAdmin = true
138+
ctx.RepoGroup.CanCreateRepoOrGroup = true
139+
} else if ctx.IsSigned {
140+
isOwnedBy, err = group.IsOwnedBy(ctx, ctx.Doer.ID)
141+
if err != nil {
142+
ctx.ServerError("IsOwnedBy", err)
143+
return
144+
}
145+
ctx.RepoGroup.IsOwner = ctx.RepoGroup.IsOwner || isOwnedBy
146+
147+
if ctx.RepoGroup.IsOwner {
148+
ctx.RepoGroup.IsMember = true
149+
ctx.RepoGroup.IsGroupAdmin = true
150+
ctx.RepoGroup.CanCreateRepoOrGroup = true
151+
} else {
152+
ctx.RepoGroup.IsMember, err = shared_group.IsGroupMember(ctx, group.ID, ctx.Doer)
153+
if err != nil {
154+
ctx.ServerError("IsOrgMember", err)
155+
return
156+
}
157+
ctx.RepoGroup.CanCreateRepoOrGroup, err = group.CanCreateIn(ctx, ctx.Doer.ID)
158+
if err != nil {
159+
ctx.ServerError("CanCreateIn", err)
160+
return
161+
}
162+
}
163+
} else {
164+
ctx.Data["SignedUser"] = &user_model.User{}
165+
}
166+
ctx.RepoGroup.GroupLink = group.GroupLink()
167+
ctx.RepoGroup.OrgGroupLink = group.OrgGroupLink()
168+
169+
if ctx.RepoGroup.IsMember {
170+
shouldSeeAllTeams := false
171+
if ctx.RepoGroup.IsOwner {
172+
shouldSeeAllTeams = true
173+
} else {
174+
teams, err := organization.GetUserGroupTeams(ctx, group.ID, ctx.Doer.ID)
175+
if err != nil {
176+
ctx.ServerError("GetUserTeams", err)
177+
return
178+
}
179+
for _, team := range teams {
180+
if team.IncludesAllRepositories && team.AccessMode >= perm.AccessModeAdmin {
181+
shouldSeeAllTeams = true
182+
break
183+
}
184+
}
185+
}
186+
if shouldSeeAllTeams {
187+
ctx.RepoGroup.Teams, err = shared_group.GetGroupTeams(ctx, group.ID)
188+
if err != nil {
189+
ctx.ServerError("LoadTeams", err)
190+
return
191+
}
192+
} else {
193+
ctx.RepoGroup.Teams, err = organization.GetUserGroupTeams(ctx, group.ID, ctx.Doer.ID)
194+
if err != nil {
195+
ctx.ServerError("GetUserTeams", err)
196+
return
197+
}
198+
}
199+
ctx.Data["NumTeams"] = len(ctx.RepoGroup.Teams)
200+
}
201+
202+
teamName := ctx.PathParam("team")
203+
if len(teamName) > 0 {
204+
teamExists := false
205+
for _, team := range ctx.RepoGroup.Teams {
206+
if strings.EqualFold(team.LowerName, strings.ToLower(teamName)) {
207+
teamExists = true
208+
var groupTeam *group_model.RepoGroupTeam
209+
groupTeam, err = group_model.FindGroupTeamByTeamID(ctx, group.ID, team.ID)
210+
if err != nil {
211+
ctx.ServerError("FindGroupTeamByTeamID", err)
212+
return
213+
}
214+
ctx.RepoGroup.GroupTeam = groupTeam
215+
ctx.RepoGroup.Team = team
216+
ctx.RepoGroup.IsMember = true
217+
ctx.Data["Team"] = ctx.RepoGroup.Team
218+
break
219+
}
220+
}
221+
222+
if !teamExists {
223+
ctx.NotFound(err)
224+
return
225+
}
226+
227+
ctx.Data["IsTeamMember"] = ctx.RepoGroup.IsMember
228+
229+
ctx.RepoGroup.IsGroupAdmin = ctx.RepoGroup.Team.IsOwnerTeam() || ctx.RepoGroup.Team.AccessMode >= perm.AccessModeAdmin
230+
} else {
231+
for _, team := range ctx.RepoGroup.Teams {
232+
if team.AccessMode >= perm.AccessModeAdmin {
233+
ctx.RepoGroup.IsGroupAdmin = true
234+
break
235+
}
236+
}
237+
}
238+
if ctx.IsSigned {
239+
isAdmin, err := group.IsAdminOf(ctx, ctx.Doer.ID)
240+
if err != nil {
241+
ctx.ServerError("IsAdminOf", err)
242+
return
243+
}
244+
ctx.RepoGroup.IsGroupAdmin = ctx.RepoGroup.IsGroupAdmin || isAdmin
245+
}
246+
if !canAccess && !(ctx.RepoGroup.IsGroupAdmin || ctx.RepoGroup.IsMember || ctx.RepoGroup.IsOwner) {
106247
ctx.NotFound(nil)
107248
return
108249
}
@@ -128,42 +269,13 @@ func GroupAssignment(args GroupAssignmentOptions) func(ctx *Context) {
128269
} else if ctx.IsSigned && ctx.Doer.IsRestricted {
129270
args.RequireMember = true
130271
}
131-
if ctx.IsSigned && ctx.Doer.IsAdmin {
132-
ctx.RepoGroup.IsOwner = true
133-
ctx.RepoGroup.IsMember = true
134-
ctx.RepoGroup.IsGroupAdmin = true
135-
ctx.RepoGroup.CanCreateRepoOrGroup = true
136-
} else if ctx.IsSigned {
137-
ctx.RepoGroup.IsOwner, err = group.IsOwnedBy(ctx, ctx.Doer.ID)
138-
if err != nil {
139-
ctx.ServerError("IsOwnedBy", err)
140-
return
141-
}
142272

143-
if ctx.RepoGroup.IsOwner {
144-
ctx.RepoGroup.IsMember = true
145-
ctx.RepoGroup.IsGroupAdmin = true
146-
ctx.RepoGroup.CanCreateRepoOrGroup = true
147-
} else {
148-
ctx.RepoGroup.IsMember, err = shared_group.IsGroupMember(ctx, group.ID, ctx.Doer)
149-
if err != nil {
150-
ctx.ServerError("IsOrgMember", err)
151-
return
152-
}
153-
ctx.RepoGroup.CanCreateRepoOrGroup, err = group.CanCreateIn(ctx, ctx.Doer.ID)
154-
if err != nil {
155-
ctx.ServerError("CanCreateIn", err)
156-
return
157-
}
158-
}
159-
} else {
160-
ctx.Data["SignedUser"] = &user_model.User{}
161-
}
162273
if (args.RequireMember && !ctx.RepoGroup.IsMember) ||
163274
(args.RequireOwner && !ctx.RepoGroup.IsOwner) {
164275
ctx.NotFound(err)
165276
return
166277
}
278+
167279
ctx.Data["EnableFeed"] = setting.Other.EnableFeed
168280
ctx.Data["FeedURL"] = ctx.RepoGroup.Group.GroupLink()
169281
ctx.Data["IsGroupOwner"] = ctx.RepoGroup.IsOwner
@@ -177,91 +289,6 @@ func GroupAssignment(args GroupAssignmentOptions) func(ctx *Context) {
177289
ctx.Data["CanReadProjects"] = ctx.RepoGroup.CanReadUnit(ctx, unit.TypeProjects)
178290
ctx.Data["CanCreateOrgRepo"] = ctx.RepoGroup.CanCreateRepoOrGroup
179291

180-
ctx.RepoGroup.GroupLink = group.GroupLink()
181-
ctx.RepoGroup.OrgGroupLink = group.OrgGroupLink()
182-
183-
if ctx.RepoGroup.IsMember {
184-
shouldSeeAllTeams := false
185-
if ctx.RepoGroup.IsOwner {
186-
shouldSeeAllTeams = true
187-
} else {
188-
teams, err := organization.GetUserGroupTeams(ctx, group.ID, ctx.Doer.ID)
189-
if err != nil {
190-
ctx.ServerError("GetUserTeams", err)
191-
return
192-
}
193-
for _, team := range teams {
194-
if team.IncludesAllRepositories && team.AccessMode >= perm.AccessModeAdmin {
195-
shouldSeeAllTeams = true
196-
break
197-
}
198-
}
199-
}
200-
if shouldSeeAllTeams {
201-
ctx.RepoGroup.Teams, err = shared_group.GetGroupTeams(ctx, group.ID)
202-
if err != nil {
203-
ctx.ServerError("LoadTeams", err)
204-
return
205-
}
206-
} else {
207-
ctx.RepoGroup.Teams, err = organization.GetUserGroupTeams(ctx, group.ID, ctx.Doer.ID)
208-
if err != nil {
209-
ctx.ServerError("GetUserTeams", err)
210-
return
211-
}
212-
}
213-
ctx.Data["NumTeams"] = len(ctx.RepoGroup.Teams)
214-
}
215-
216-
teamName := ctx.PathParam("team")
217-
if len(teamName) > 0 {
218-
teamExists := false
219-
for _, team := range ctx.RepoGroup.Teams {
220-
if strings.EqualFold(team.LowerName, strings.ToLower(teamName)) {
221-
teamExists = true
222-
var groupTeam *group_model.RepoGroupTeam
223-
groupTeam, err = group_model.FindGroupTeamByTeamID(ctx, group.ID, team.ID)
224-
if err != nil {
225-
ctx.ServerError("FindGroupTeamByTeamID", err)
226-
return
227-
}
228-
ctx.RepoGroup.GroupTeam = groupTeam
229-
ctx.RepoGroup.Team = team
230-
ctx.RepoGroup.IsMember = true
231-
ctx.Data["Team"] = ctx.RepoGroup.Team
232-
break
233-
}
234-
}
235-
236-
if !teamExists {
237-
ctx.NotFound(err)
238-
return
239-
}
240-
241-
ctx.Data["IsTeamMember"] = ctx.RepoGroup.IsMember
242-
if args.RequireMember && !ctx.RepoGroup.IsMember {
243-
ctx.NotFound(err)
244-
return
245-
}
246-
247-
ctx.RepoGroup.IsGroupAdmin = ctx.RepoGroup.Team.IsOwnerTeam() || ctx.RepoGroup.Team.AccessMode >= perm.AccessModeAdmin
248-
} else {
249-
for _, team := range ctx.RepoGroup.Teams {
250-
if team.AccessMode >= perm.AccessModeAdmin {
251-
ctx.RepoGroup.IsGroupAdmin = true
252-
break
253-
}
254-
}
255-
}
256-
if ctx.IsSigned {
257-
isAdmin, err := group.IsAdminOf(ctx, ctx.Doer.ID)
258-
if err != nil {
259-
ctx.ServerError("IsAdminOf", err)
260-
return
261-
}
262-
ctx.RepoGroup.IsGroupAdmin = ctx.RepoGroup.IsGroupAdmin || isAdmin
263-
}
264-
265292
ctx.Data["IsGroupAdmin"] = ctx.RepoGroup.IsGroupAdmin
266293
if args.RequireGroupAdmin && !ctx.RepoGroup.IsGroupAdmin {
267294
ctx.NotFound(err)

services/context/permission.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ func RequireUnitWriter(unitTypes ...unit.Type) func(ctx *Context) {
4848
func RequireUnitReader(unitTypes ...unit.Type) func(ctx *Context) {
4949
return func(ctx *Context) {
5050
for _, unitType := range unitTypes {
51-
if ctx.Repo.CanRead(unitType) || ctx.RepoGroup.CanReadUnit(ctx, unitType) {
51+
if ctx.Repo.CanRead(unitType) || (ctx.RepoGroup.Group != nil && ctx.RepoGroup.CanReadUnit(ctx, unitType)) {
5252
return
5353
}
5454
if unitType == unit.TypeCode && canWriteAsMaintainer(ctx) {

0 commit comments

Comments
 (0)