update context assignment functions for repositories and repo groups

GamerGirlandCo · GamerGirlandCo · commit ee9de20ca285 · 2025-12-02T18:54:03.000-05:00
assign group and show 404 if necessary when `group_id` parameter is present
diff --git a/services/context/group.go b/services/context/group.go
@@ -90,31 +90,38 @@ type GroupAssignmentOptions struct {
 	RequireGroupAdmin bool
 }
 
+func groupAssignment(ctx *Context) {
+	if ctx.RepoGroup.Group == nil {
+		GetGroupByParams(ctx)
+	}
+	if ctx.Written() {
+		return
+	}
+	canAccess, err := ctx.RepoGroup.Group.CanAccess(ctx, ctx.Doer)
+	if err != nil {
+		ctx.ServerError("error checking group access", err)
+		return
+	}
+	if !canAccess {
+		ctx.NotFound(nil)
+		return
+	}
+}
+
 func GroupAssignment(args GroupAssignmentOptions) func(ctx *Context) {
 	return func(ctx *Context) {
 		var err error
 
-		if ctx.RepoGroup.Group == nil {
-			GetGroupByParams(ctx)
-			if ctx.Written() {
-				return
-			}
+		groupAssignment(ctx)
+		if ctx.Written() {
+			return
 		}
 
 		group := ctx.RepoGroup.Group
 		if ctx.RepoGroup.Group.Visibility != structs.VisibleTypePublic && !ctx.IsSigned {
 			ctx.NotFound(err)
 			return
 		}
-		canAccess, err := ctx.RepoGroup.Group.CanAccess(ctx, ctx.Doer)
-		if err != nil {
-			ctx.ServerError("error checking group access", err)
-			return
-		}
-		if !canAccess {
-			ctx.NotFound(nil)
-			return
-		}
 
 		if ctx.RepoGroup.Group.Visibility == structs.VisibleTypePrivate {
 			args.RequireMember = true
diff --git a/services/context/permission.go b/services/context/permission.go
@@ -35,7 +35,9 @@ func CanWriteToBranch() func(ctx *Context) {
 // RequireUnitWriter returns a middleware for requiring repository write to one of the unit permission
 func RequireUnitWriter(unitTypes ...unit.Type) func(ctx *Context) {
 	return func(ctx *Context) {
-		if slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite) {
+		if slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite) || (ctx.RepoGroup != nil && slices.ContainsFunc(unitTypes, func(u unit.Type) bool {
+			return ctx.RepoGroup.CanWriteUnit(ctx, u)
+		})) {
 			return
 		}
 		ctx.NotFound(nil)
@@ -46,7 +48,7 @@ func RequireUnitWriter(unitTypes ...unit.Type) func(ctx *Context) {
 func RequireUnitReader(unitTypes ...unit.Type) func(ctx *Context) {
 	return func(ctx *Context) {
 		for _, unitType := range unitTypes {
-			if ctx.Repo.CanRead(unitType) {
+			if ctx.Repo.CanRead(unitType) || ctx.RepoGroup.CanReadUnit(ctx, unitType) {
 				return
 			}
 			if unitType == unit.TypeCode && canWriteAsMaintainer(ctx) {
diff --git a/services/context/repo.go b/services/context/repo.go
@@ -525,6 +525,12 @@ func RepoAssignment(ctx *Context) {
 	if repo.GroupID != gid {
 		ctx.NotFound(nil)
 	}
+	if gid > 0 {
+		groupAssignment(ctx)
+	}
+	if ctx.Written() {
+		return
+	}
 	repo.Owner = ctx.Repo.Owner
 
 	repoAssignment(ctx, repo)
