Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-12-11 15:15:05 +01:00
Code Issues Activity

start on API perms

Browse Source
This commit is contained in:
Aiden Scandella 2024-11-29 11:28:10 -08:00
parent a860b3e101
commit 14f6e4cad0
No known key found for this signature in database
GPG Key ID: 17C559C421D83A19
2 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
routers/api/v1/api.go
View File

@ -432,6 +432,18 @@ func reqRepoWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) {
} }
} }
// reqRepoCommitStatusWriter user should have a permission to write to commit
// statuses, or write to a repo, or be a site admin
func reqRepoCommitStatusWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) {
return func(ctx *context.APIContext) {
// TODO
if !ctx.IsUserRepoWriter(unitTypes) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() {
ctx.Error(http.StatusForbidden, "reqRepoCommitStatusWriter", "user should have a permission to write to a repo")
return
}
}
}
// reqRepoBranchWriter user should have a permission to write to a branch, or be a site admin // reqRepoBranchWriter user should have a permission to write to a branch, or be a site admin
func reqRepoBranchWriter(ctx *context.APIContext) { func reqRepoBranchWriter(ctx *context.APIContext) {
options, ok := web.GetForm(ctx).(api.FileOptionInterface) options, ok := web.GetForm(ctx).(api.FileOptionInterface)
@ -451,6 +463,18 @@ func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) {
} }
} }
// reqRepoReader user should have specific commit status read permission, or
// repo read permission, or be a repo admin or a site admin
func reqRepoCommitStatusReader(unitType unit.Type) func(ctx *context.APIContext) {
return func(ctx *context.APIContext) {
// TODO
if !ctx.Repo.CanRead(unitType) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() {
ctx.Error(http.StatusForbidden, "reqRepoCommitStatusReader", "user should have specific read permission or be a repo admin or a site admin")
return
}
}
}
// reqAnyRepoReader user should have any permission to read repository or permissions of site admin // reqAnyRepoReader user should have any permission to read repository or permissions of site admin
func reqAnyRepoReader() func(ctx *context.APIContext) { func reqAnyRepoReader() func(ctx *context.APIContext) {
return func(ctx *context.APIContext) { return func(ctx *context.APIContext) {
@ -1323,8 +1347,8 @@ func Routes() *web.Router {
}, mustAllowPulls, reqRepoReader(unit.TypeCode), context.ReferencesGitRepo()) }, mustAllowPulls, reqRepoReader(unit.TypeCode), context.ReferencesGitRepo())
m.Group("/statuses", func() { m.Group("/statuses", func() {
m.Combo("/{sha}").Get(repo.GetCommitStatuses). m.Combo("/{sha}").Get(repo.GetCommitStatuses).
Post(reqToken(), reqRepoWriter(unit.TypeCode), bind(api.CreateStatusOption{}), repo.NewCommitStatus) Post(reqToken(), reqRepoCommitStatusWriter(unit.TypeCode), bind(api.CreateStatusOption{}), repo.NewCommitStatus)
}, reqRepoReader(unit.TypeCode)) }, reqRepoCommitStatusReader(unit.TypeCode))
m.Group("/commits", func() { m.Group("/commits", func() {
m.Get("", context.ReferencesGitRepo(), repo.GetAllCommits) m.Get("", context.ReferencesGitRepo(), repo.GetAllCommits)
m.Group("/{ref}", func() { m.Group("/{ref}", func() {

12
services/context/api.go
View File

@ -388,3 +388,15 @@ func (ctx *APIContext) IsUserRepoWriter(unitTypes []unit.Type) bool {
return false return false
} }
// IsUserRepoWriter returns true if current user has write commit status privilege in current repo
func (ctx *APIContext) IsUserCommitStatusWriter(unitTypes []unit.Type) bool {
for _, unitType := range unitTypes {
// TODO
if ctx.Repo.CanWrite(unitType) {
return true
}
}
return false
}