Revert "Add UnitCommitStatus"

This reverts commit 7c5cc63dc61f96ab94eb188e9103f9d1b5d8a493.
2025-12-08 20:01:46 +01:00 · 2025-08-30 13:13:22 +00:00 · 2025-08-30 13:13:22 +00:00 · d9e9f8878d
commit d9e9f8878d
parent 7c5cc63dc6
3 changed files with 48 additions and 18 deletions
--- a/models/unit/unit.go
+++ b/models/unit/unit.go
@ -33,7 +33,6 @@ const (
 	TypeProjects        // 8 Projects
 	TypePackages        // 9 Packages
 	TypeActions         // 10 Actions
-	TypeCommitStatus    // 11 Commit Status

 	// FIXME: TEAM-UNIT-PERMISSION: the team unit "admin" permission's design is not right, when a new unit is added in the future,
 	// admin team won't inherit the correct admin permission for the new unit, need to have a complete fix before adding any new unit.
@ -66,7 +65,6 @@ var (
 		TypeProjects,
 		TypePackages,
 		TypeActions,
-		TypeCommitStatus,
 	}

 	// DefaultRepoUnits contains the default unit types
@ -79,10 +77,8 @@ var (
 		TypeProjects,
 		TypePackages,
 		TypeActions,
-		TypeCommitStatus,
 	}

-	// TODO(not7cd): Defaults that need TypeCommitStatus
 	// ForkRepoUnits contains the default unit types for forks
 	DefaultForkRepoUnits = []Type{
 		TypeCode,
@ -241,7 +237,6 @@ func (u Unit) MaxPerm() perm.AccessMode {
 }

 // Enumerate all the units
-// TODO(not7cd): Add TypeCommitStatus
 var (
 	UnitCode = Unit{
 		TypeCode,
@ -333,16 +328,6 @@ var (
 		perm.AccessModeOwner,
 	}

-	// TODO(not7cd): Just copied this
-	UnitCommitStatus = Unit{
-		TypeCommitStatus,
-		"repo.commitstatus",
-		"/statuses",
-		"commitstatus.unit.desc",
-		8,
-		perm.AccessModeOwner,
-	}
-
 	// Units contains all the units
 	Units = map[Type]Unit{
 		TypeCode:            UnitCode,
@ -355,7 +340,6 @@ var (
 		TypeProjects:        UnitProjects,
 		TypePackages:        UnitPackages,
 		TypeActions:         UnitActions,
-		TypeCommitStatus:    UnitCommitStatus,
 	}
 )

--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@ -455,6 +455,28 @@ func reqRepoWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) {
 	}
 }

+// reqRepoCommitStatusWriter user should have a permission to write to commit
+// statuses, or write to a repo, or be a site admin
+func reqRepoCommitStatusWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) {
+	return func(ctx *context.APIContext) {
+		// TODO(not7cd)
+		if !ctx.IsUserRepoWriter(unitTypes) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() {
+			ctx.APIError(http.StatusForbidden, "user should have a permission to write to a repo")
+			return
+		}
+	}
+}
+
+// TODO(not7cd): do I need this?
+// // reqRepoBranchWriter user should have a permission to write to a branch, or be a site admin
+// func reqRepoBranchWriter(ctx *context.APIContext) {
+// 	options, ok := web.GetForm(ctx).(api.FileOptionInterface)
+// 	if !ok || (!ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, options.Branch()) && !ctx.IsUserSiteAdmin()) {
+// 		ctx.APIError(http.StatusForbidden, "user should have a permission to write to this branch")
+// 		return
+// 	}
+// }
+
 // reqRepoReader user should have specific read permission or be a repo admin or a site admin
 func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) {
 	return func(ctx *context.APIContext) {
@ -465,6 +487,18 @@ func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) {
 	}
 }

+// reqRepoReader user should have specific commit status read permission, or
+// repo read permission, or be a repo admin or a site admin
+func reqRepoCommitStatusReader(unitType unit.Type) func(ctx *context.APIContext) {
+	return func(ctx *context.APIContext) {
+		// TODO(not7cd)
+		if !ctx.Repo.CanRead(unitType) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() {
+			ctx.APIError(http.StatusForbidden, "user should have specific read permission or be a repo admin or a site admin")
+			return
+		}
+	}
+}
+
 // reqAnyRepoReader user should have any permission to read repository or permissions of site admin
 func reqAnyRepoReader() func(ctx *context.APIContext) {
 	return func(ctx *context.APIContext) {
@ -1399,8 +1433,8 @@ func Routes() *web.Router {
 				}, mustAllowPulls, reqRepoReader(unit.TypeCode), context.ReferencesGitRepo())
 				m.Group("/statuses", func() {
 					m.Combo("/{sha}").Get(repo.GetCommitStatuses).
-						Post(reqToken(), reqRepoWriter(unit.TypeCommitStatus), bind(api.CreateStatusOption{}), repo.NewCommitStatus)
-				}, reqRepoWriter(unit.TypeCommitStatus))
+						Post(reqToken(), reqRepoCommitStatusWriter(unit.TypeCode), bind(api.CreateStatusOption{}), repo.NewCommitStatus)
+				}, reqRepoCommitStatusReader(unit.TypeCode))
 				m.Group("/commits", func() {
 					m.Get("", context.ReferencesGitRepo(), repo.GetAllCommits)
 					m.Group("/{ref}", func() {
--- a/services/context/api.go
+++ b/services/context/api.go
@ -367,3 +367,15 @@ func (ctx *APIContext) IsUserRepoAdmin() bool {
 func (ctx *APIContext) IsUserRepoWriter(unitTypes []unit.Type) bool {
 	return slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite)
 }
+
+// IsUserRepoWriter returns true if current user has write commit status privilege in current repo
+func (ctx *APIContext) IsUserCommitStatusWriter(unitTypes []unit.Type) bool {
+	for _, unitType := range unitTypes {
+		// TODO
+		if ctx.Repo.CanWrite(unitType) {
+			return true
+		}
+	}
+
+	return false
+}