mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-24 18:56:11 +01:00
eabbddcd98
* fix units permission problems * fix some bugs and merge LoadUnits to repoAssignment * refactor permission struct and add some copyright heads * remove unused codes * fix routes units check * improve permission check * add unit tests for permission * fix typo * fix tests * fix some routes * fix api permission check * improve permission check * fix some permission check * fix tests * fix tests * improve some permission check * fix some permission check * refactor AccessLevel * fix bug * fix tests * fix tests * fix tests * fix AccessLevel * rename CanAccess * fix tests * fix comment * fix bug * add missing unit for test repos * fix bug * rename some functions * fix routes check
151 lines
3.7 KiB
Go
151 lines
3.7 KiB
Go
// Copyright 2017 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package models
|
|
|
|
import (
|
|
"fmt"
|
|
"path"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"code.gitea.io/gitea/modules/log"
|
|
api "code.gitea.io/sdk/gitea"
|
|
"github.com/go-xorm/xorm"
|
|
)
|
|
|
|
// LFSLock represents a git lfs lock of repository.
|
|
type LFSLock struct {
|
|
ID int64 `xorm:"pk autoincr"`
|
|
Repo *Repository `xorm:"-"`
|
|
RepoID int64 `xorm:"INDEX NOT NULL"`
|
|
Owner *User `xorm:"-"`
|
|
OwnerID int64 `xorm:"INDEX NOT NULL"`
|
|
Path string `xorm:"TEXT"`
|
|
Created time.Time `xorm:"created"`
|
|
}
|
|
|
|
// BeforeInsert is invoked from XORM before inserting an object of this type.
|
|
func (l *LFSLock) BeforeInsert() {
|
|
l.OwnerID = l.Owner.ID
|
|
l.RepoID = l.Repo.ID
|
|
l.Path = cleanPath(l.Path)
|
|
}
|
|
|
|
// AfterLoad is invoked from XORM after setting the values of all fields of this object.
|
|
func (l *LFSLock) AfterLoad(session *xorm.Session) {
|
|
var err error
|
|
l.Owner, err = getUserByID(session, l.OwnerID)
|
|
if err != nil {
|
|
log.Error(2, "LFS lock AfterLoad failed OwnerId[%d] not found: %v", l.OwnerID, err)
|
|
}
|
|
l.Repo, err = getRepositoryByID(session, l.RepoID)
|
|
if err != nil {
|
|
log.Error(2, "LFS lock AfterLoad failed RepoId[%d] not found: %v", l.RepoID, err)
|
|
}
|
|
}
|
|
|
|
func cleanPath(p string) string {
|
|
return path.Clean(p)
|
|
}
|
|
|
|
// APIFormat convert a Release to lfs.LFSLock
|
|
func (l *LFSLock) APIFormat() *api.LFSLock {
|
|
return &api.LFSLock{
|
|
ID: strconv.FormatInt(l.ID, 10),
|
|
Path: l.Path,
|
|
LockedAt: l.Created,
|
|
Owner: &api.LFSLockOwner{
|
|
Name: l.Owner.DisplayName(),
|
|
},
|
|
}
|
|
}
|
|
|
|
// CreateLFSLock creates a new lock.
|
|
func CreateLFSLock(lock *LFSLock) (*LFSLock, error) {
|
|
err := CheckLFSAccessForRepo(lock.Owner, lock.Repo, AccessModeWrite)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
l, err := GetLFSLock(lock.Repo, lock.Path)
|
|
if err == nil {
|
|
return l, ErrLFSLockAlreadyExist{lock.RepoID, lock.Path}
|
|
}
|
|
if !IsErrLFSLockNotExist(err) {
|
|
return nil, err
|
|
}
|
|
|
|
_, err = x.InsertOne(lock)
|
|
return lock, err
|
|
}
|
|
|
|
// GetLFSLock returns release by given path.
|
|
func GetLFSLock(repo *Repository, path string) (*LFSLock, error) {
|
|
path = cleanPath(path)
|
|
rel := &LFSLock{RepoID: repo.ID}
|
|
has, err := x.Where("lower(path) = ?", strings.ToLower(path)).Get(rel)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if !has {
|
|
return nil, ErrLFSLockNotExist{0, repo.ID, path}
|
|
}
|
|
return rel, nil
|
|
}
|
|
|
|
// GetLFSLockByID returns release by given id.
|
|
func GetLFSLockByID(id int64) (*LFSLock, error) {
|
|
lock := new(LFSLock)
|
|
has, err := x.ID(id).Get(lock)
|
|
if err != nil {
|
|
return nil, err
|
|
} else if !has {
|
|
return nil, ErrLFSLockNotExist{id, 0, ""}
|
|
}
|
|
return lock, nil
|
|
}
|
|
|
|
// GetLFSLockByRepoID returns a list of locks of repository.
|
|
func GetLFSLockByRepoID(repoID int64) (locks []*LFSLock, err error) {
|
|
err = x.Where("repo_id = ?", repoID).Find(&locks)
|
|
return
|
|
}
|
|
|
|
// DeleteLFSLockByID deletes a lock by given ID.
|
|
func DeleteLFSLockByID(id int64, u *User, force bool) (*LFSLock, error) {
|
|
lock, err := GetLFSLockByID(id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
err = CheckLFSAccessForRepo(u, lock.Repo, AccessModeWrite)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if !force && u.ID != lock.OwnerID {
|
|
return nil, fmt.Errorf("user doesn't own lock and force flag is not set")
|
|
}
|
|
|
|
_, err = x.ID(id).Delete(new(LFSLock))
|
|
return lock, err
|
|
}
|
|
|
|
//CheckLFSAccessForRepo check needed access mode base on action
|
|
func CheckLFSAccessForRepo(u *User, repo *Repository, mode AccessMode) error {
|
|
if u == nil {
|
|
return ErrLFSUnauthorizedAction{repo.ID, "undefined", mode}
|
|
}
|
|
perm, err := GetUserRepoPermission(repo, u)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if !perm.CanAccess(mode, UnitTypeCode) {
|
|
return ErrLFSUnauthorizedAction{repo.ID, u.DisplayName(), mode}
|
|
}
|
|
return nil
|
|
}
|