From 635b5f5b336c385845b7c243ab0614dcad6b7d14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=98=99=E2=97=A6=20The=20Tablet=20=E2=9D=80=20GamerGirla?= =?UTF-8?q?ndCo=20=E2=97=A6=E2=9D=A7?= Date: Sun, 30 Nov 2025 15:38:12 -0500 Subject: [PATCH] update context assignment functions for repositories and repo groups assign group and show 404 if necessary when `group_id` parameter is present --- services/context/group.go | 35 ++++++++++++++++++++-------------- services/context/permission.go | 6 ++++-- services/context/repo.go | 6 ++++++ 3 files changed, 31 insertions(+), 16 deletions(-) diff --git a/services/context/group.go b/services/context/group.go index 83ed7debf2..dfbedb3ddf 100644 --- a/services/context/group.go +++ b/services/context/group.go @@ -90,15 +90,31 @@ type GroupAssignmentOptions struct { RequireGroupAdmin bool } +func groupAssignment(ctx *Context) { + if ctx.RepoGroup.Group == nil { + GetGroupByParams(ctx) + } + if ctx.Written() { + return + } + canAccess, err := ctx.RepoGroup.Group.CanAccess(ctx, ctx.Doer) + if err != nil { + ctx.ServerError("error checking group access", err) + return + } + if !canAccess { + ctx.NotFound(nil) + return + } +} + func GroupAssignment(args GroupAssignmentOptions) func(ctx *Context) { return func(ctx *Context) { var err error - if ctx.RepoGroup.Group == nil { - GetGroupByParams(ctx) - if ctx.Written() { - return - } + groupAssignment(ctx) + if ctx.Written() { + return } group := ctx.RepoGroup.Group @@ -106,15 +122,6 @@ func GroupAssignment(args GroupAssignmentOptions) func(ctx *Context) { ctx.NotFound(err) return } - canAccess, err := ctx.RepoGroup.Group.CanAccess(ctx, ctx.Doer) - if err != nil { - ctx.ServerError("error checking group access", err) - return - } - if !canAccess { - ctx.NotFound(nil) - return - } if ctx.RepoGroup.Group.Visibility == structs.VisibleTypePrivate { args.RequireMember = true diff --git a/services/context/permission.go b/services/context/permission.go index c0a5a98724..582e82c443 100644 --- a/services/context/permission.go +++ b/services/context/permission.go @@ -35,7 +35,9 @@ func CanWriteToBranch() func(ctx *Context) { // RequireUnitWriter returns a middleware for requiring repository write to one of the unit permission func RequireUnitWriter(unitTypes ...unit.Type) func(ctx *Context) { return func(ctx *Context) { - if slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite) { + if slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite) || (ctx.RepoGroup != nil && slices.ContainsFunc(unitTypes, func(u unit.Type) bool { + return ctx.RepoGroup.CanWriteUnit(ctx, u) + })) { return } ctx.NotFound(nil) @@ -46,7 +48,7 @@ func RequireUnitWriter(unitTypes ...unit.Type) func(ctx *Context) { func RequireUnitReader(unitTypes ...unit.Type) func(ctx *Context) { return func(ctx *Context) { for _, unitType := range unitTypes { - if ctx.Repo.CanRead(unitType) { + if ctx.Repo.CanRead(unitType) || ctx.RepoGroup.CanReadUnit(ctx, unitType) { return } if unitType == unit.TypeCode && canWriteAsMaintainer(ctx) { diff --git a/services/context/repo.go b/services/context/repo.go index 38f2734291..c4fe9c9c19 100644 --- a/services/context/repo.go +++ b/services/context/repo.go @@ -571,6 +571,12 @@ func RepoAssignment(ctx *Context) { if repo.GroupID != gid { ctx.NotFound(nil) } + if gid > 0 { + groupAssignment(ctx) + } + if ctx.Written() { + return + } repo.Owner = ctx.Repo.Owner repoAssignment(ctx, repo)