From d9e9f8878df59b0b35ae91c814630b57d315f83c Mon Sep 17 00:00:00 2001 From: Norbert Szulc Date: Sat, 30 Aug 2025 13:13:22 +0000 Subject: [PATCH] Revert "Add UnitCommitStatus" This reverts commit 7c5cc63dc61f96ab94eb188e9103f9d1b5d8a493. --- models/unit/unit.go | 16 ---------------- routers/api/v1/api.go | 38 ++++++++++++++++++++++++++++++++++++-- services/context/api.go | 12 ++++++++++++ 3 files changed, 48 insertions(+), 18 deletions(-) diff --git a/models/unit/unit.go b/models/unit/unit.go index 89740c791c..c0560678ca 100644 --- a/models/unit/unit.go +++ b/models/unit/unit.go @@ -33,7 +33,6 @@ const ( TypeProjects // 8 Projects TypePackages // 9 Packages TypeActions // 10 Actions - TypeCommitStatus // 11 Commit Status // FIXME: TEAM-UNIT-PERMISSION: the team unit "admin" permission's design is not right, when a new unit is added in the future, // admin team won't inherit the correct admin permission for the new unit, need to have a complete fix before adding any new unit. @@ -66,7 +65,6 @@ var ( TypeProjects, TypePackages, TypeActions, - TypeCommitStatus, } // DefaultRepoUnits contains the default unit types @@ -79,10 +77,8 @@ var ( TypeProjects, TypePackages, TypeActions, - TypeCommitStatus, } - // TODO(not7cd): Defaults that need TypeCommitStatus // ForkRepoUnits contains the default unit types for forks DefaultForkRepoUnits = []Type{ TypeCode, @@ -241,7 +237,6 @@ func (u Unit) MaxPerm() perm.AccessMode { } // Enumerate all the units -// TODO(not7cd): Add TypeCommitStatus var ( UnitCode = Unit{ TypeCode, @@ -333,16 +328,6 @@ var ( perm.AccessModeOwner, } - // TODO(not7cd): Just copied this - UnitCommitStatus = Unit{ - TypeCommitStatus, - "repo.commitstatus", - "/statuses", - "commitstatus.unit.desc", - 8, - perm.AccessModeOwner, - } - // Units contains all the units Units = map[Type]Unit{ TypeCode: UnitCode, @@ -355,7 +340,6 @@ var ( TypeProjects: UnitProjects, TypePackages: UnitPackages, TypeActions: UnitActions, - TypeCommitStatus: UnitCommitStatus, } ) diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 8255065d1c..d83da47981 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -455,6 +455,28 @@ func reqRepoWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) { } } +// reqRepoCommitStatusWriter user should have a permission to write to commit +// statuses, or write to a repo, or be a site admin +func reqRepoCommitStatusWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) { + return func(ctx *context.APIContext) { + // TODO(not7cd) + if !ctx.IsUserRepoWriter(unitTypes) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() { + ctx.APIError(http.StatusForbidden, "user should have a permission to write to a repo") + return + } + } +} + +// TODO(not7cd): do I need this? +// // reqRepoBranchWriter user should have a permission to write to a branch, or be a site admin +// func reqRepoBranchWriter(ctx *context.APIContext) { +// options, ok := web.GetForm(ctx).(api.FileOptionInterface) +// if !ok || (!ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, options.Branch()) && !ctx.IsUserSiteAdmin()) { +// ctx.APIError(http.StatusForbidden, "user should have a permission to write to this branch") +// return +// } +// } + // reqRepoReader user should have specific read permission or be a repo admin or a site admin func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) { return func(ctx *context.APIContext) { @@ -465,6 +487,18 @@ func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) { } } +// reqRepoReader user should have specific commit status read permission, or +// repo read permission, or be a repo admin or a site admin +func reqRepoCommitStatusReader(unitType unit.Type) func(ctx *context.APIContext) { + return func(ctx *context.APIContext) { + // TODO(not7cd) + if !ctx.Repo.CanRead(unitType) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() { + ctx.APIError(http.StatusForbidden, "user should have specific read permission or be a repo admin or a site admin") + return + } + } +} + // reqAnyRepoReader user should have any permission to read repository or permissions of site admin func reqAnyRepoReader() func(ctx *context.APIContext) { return func(ctx *context.APIContext) { @@ -1399,8 +1433,8 @@ func Routes() *web.Router { }, mustAllowPulls, reqRepoReader(unit.TypeCode), context.ReferencesGitRepo()) m.Group("/statuses", func() { m.Combo("/{sha}").Get(repo.GetCommitStatuses). - Post(reqToken(), reqRepoWriter(unit.TypeCommitStatus), bind(api.CreateStatusOption{}), repo.NewCommitStatus) - }, reqRepoWriter(unit.TypeCommitStatus)) + Post(reqToken(), reqRepoCommitStatusWriter(unit.TypeCode), bind(api.CreateStatusOption{}), repo.NewCommitStatus) + }, reqRepoCommitStatusReader(unit.TypeCode)) m.Group("/commits", func() { m.Get("", context.ReferencesGitRepo(), repo.GetAllCommits) m.Group("/{ref}", func() { diff --git a/services/context/api.go b/services/context/api.go index ab50a360f4..cc8e4f65ca 100644 --- a/services/context/api.go +++ b/services/context/api.go @@ -367,3 +367,15 @@ func (ctx *APIContext) IsUserRepoAdmin() bool { func (ctx *APIContext) IsUserRepoWriter(unitTypes []unit.Type) bool { return slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite) } + +// IsUserRepoWriter returns true if current user has write commit status privilege in current repo +func (ctx *APIContext) IsUserCommitStatusWriter(unitTypes []unit.Type) bool { + for _, unitType := range unitTypes { + // TODO + if ctx.Repo.CanWrite(unitType) { + return true + } + } + + return false +}