Fix ignored errors when checking if organization, team member (#3177)

This commit is contained in:
Ethan Koenig 2017-12-20 23:43:26 -08:00 committed by Lauris BH
parent 529482135c
commit 515cdaa85d
16 changed files with 281 additions and 144 deletions

View File

@ -21,13 +21,13 @@ var (
) )
// IsOwnedBy returns true if given user is in the owner team. // IsOwnedBy returns true if given user is in the owner team.
func (org *User) IsOwnedBy(uid int64) bool { func (org *User) IsOwnedBy(uid int64) (bool, error) {
return IsOrganizationOwner(org.ID, uid) return IsOrganizationOwner(org.ID, uid)
} }
// IsOrgMember returns true if given user is member of organization. // IsOrgMember returns true if given user is member of organization.
func (org *User) IsOrgMember(uid int64) bool { func (org *User) IsOrgMember(uid int64) (bool, error) {
return org.IsOrganization() && IsOrganizationMember(org.ID, uid) return IsOrganizationMember(org.ID, uid)
} }
func (org *User) getTeam(e Engine, name string) (*Team, error) { func (org *User) getTeam(e Engine, name string) (*Team, error) {
@ -285,32 +285,32 @@ type OrgUser struct {
} }
// IsOrganizationOwner returns true if given user is in the owner team. // IsOrganizationOwner returns true if given user is in the owner team.
func IsOrganizationOwner(orgID, uid int64) bool { func IsOrganizationOwner(orgID, uid int64) (bool, error) {
has, _ := x. return x.
Where("is_owner=?", true). Where("is_owner=?", true).
And("uid=?", uid). And("uid=?", uid).
And("org_id=?", orgID). And("org_id=?", orgID).
Get(new(OrgUser)) Table("org_user").
return has Exist()
} }
// IsOrganizationMember returns true if given user is member of organization. // IsOrganizationMember returns true if given user is member of organization.
func IsOrganizationMember(orgID, uid int64) bool { func IsOrganizationMember(orgID, uid int64) (bool, error) {
has, _ := x. return x.
Where("uid=?", uid). Where("uid=?", uid).
And("org_id=?", orgID). And("org_id=?", orgID).
Get(new(OrgUser)) Table("org_user").
return has Exist()
} }
// IsPublicMembership returns true if given user public his/her membership. // IsPublicMembership returns true if given user public his/her membership.
func IsPublicMembership(orgID, uid int64) bool { func IsPublicMembership(orgID, uid int64) (bool, error) {
has, _ := x. return x.
Where("uid=?", uid). Where("uid=?", uid).
And("org_id=?", orgID). And("org_id=?", orgID).
And("is_public=?", true). And("is_public=?", true).
Get(new(OrgUser)) Table("org_user").
return has Exist()
} }
func getOrgsByUserID(sess *xorm.Session, userID int64, showAll bool) ([]*User, error) { func getOrgsByUserID(sess *xorm.Session, userID int64, showAll bool) ([]*User, error) {
@ -401,8 +401,9 @@ func ChangeOrgUserStatus(orgID, uid int64, public bool) error {
// AddOrgUser adds new user to given organization. // AddOrgUser adds new user to given organization.
func AddOrgUser(orgID, uid int64) error { func AddOrgUser(orgID, uid int64) error {
if IsOrganizationMember(orgID, uid) { isAlreadyMember, err := IsOrganizationMember(orgID, uid)
return nil if err != nil || isAlreadyMember {
return err
} }
sess := x.NewSession() sess := x.NewSession()
@ -447,7 +448,9 @@ func RemoveOrgUser(orgID, userID int64) error {
} }
// Check if the user to delete is the last member in owner team. // Check if the user to delete is the last member in owner team.
if IsOrganizationOwner(orgID, userID) { if isOwner, err := IsOrganizationOwner(orgID, userID); err != nil {
return err
} else if isOwner {
t, err := org.GetOwnerTeam() t, err := org.GetOwnerTeam()
if err != nil { if err != nil {
return err return err

View File

@ -8,6 +8,8 @@ import (
"errors" "errors"
"fmt" "fmt"
"strings" "strings"
"code.gitea.io/gitea/modules/log"
) )
const ownerTeamName = "Owners" const ownerTeamName = "Owners"
@ -47,7 +49,12 @@ func (t *Team) IsOwnerTeam() bool {
// IsMember returns true if given user is a member of team. // IsMember returns true if given user is a member of team.
func (t *Team) IsMember(userID int64) bool { func (t *Team) IsMember(userID int64) bool {
return IsTeamMember(t.OrgID, t.ID, userID) isMember, err := IsTeamMember(t.OrgID, t.ID, userID)
if err != nil {
log.Error(4, "IsMember: %v", err)
return false
}
return isMember
} }
func (t *Team) getRepositories(e Engine) error { func (t *Team) getRepositories(e Engine) error {
@ -413,17 +420,17 @@ type TeamUser struct {
UID int64 `xorm:"UNIQUE(s)"` UID int64 `xorm:"UNIQUE(s)"`
} }
func isTeamMember(e Engine, orgID, teamID, userID int64) bool { func isTeamMember(e Engine, orgID, teamID, userID int64) (bool, error) {
has, _ := e. return e.
Where("org_id=?", orgID). Where("org_id=?", orgID).
And("team_id=?", teamID). And("team_id=?", teamID).
And("uid=?", userID). And("uid=?", userID).
Get(new(TeamUser)) Table("team_user").
return has Exist()
} }
// IsTeamMember returns true if given user is a member of team. // IsTeamMember returns true if given user is a member of team.
func IsTeamMember(orgID, teamID, userID int64) bool { func IsTeamMember(orgID, teamID, userID int64) (bool, error) {
return isTeamMember(x, orgID, teamID, userID) return isTeamMember(x, orgID, teamID, userID)
} }
@ -471,8 +478,9 @@ func GetUserTeams(orgID, userID int64) ([]*Team, error) {
// AddTeamMember adds new membership of given team to given organization, // AddTeamMember adds new membership of given team to given organization,
// the user will have membership to given organization automatically when needed. // the user will have membership to given organization automatically when needed.
func AddTeamMember(team *Team, userID int64) error { func AddTeamMember(team *Team, userID int64) error {
if IsTeamMember(team.OrgID, team.ID, userID) { isAlreadyMember, err := IsTeamMember(team.OrgID, team.ID, userID)
return nil if err != nil || isAlreadyMember {
return err
} }
if err := AddOrgUser(team.OrgID, userID); err != nil { if err := AddOrgUser(team.OrgID, userID); err != nil {
@ -529,8 +537,9 @@ func AddTeamMember(team *Team, userID int64) error {
} }
func removeTeamMember(e Engine, team *Team, userID int64) error { func removeTeamMember(e Engine, team *Team, userID int64) error {
if !isTeamMember(e, team.OrgID, team.ID, userID) { isMember, err := isTeamMember(e, team.OrgID, team.ID, userID)
return nil if err != nil || !isMember {
return err
} }
// Check if the user to delete is the last member in owner team. // Check if the user to delete is the last member in owner team.
@ -566,7 +575,7 @@ func removeTeamMember(e Engine, team *Team, userID int64) error {
// This must exist. // This must exist.
ou := new(OrgUser) ou := new(OrgUser)
_, err := e. _, err = e.
Where("uid = ?", userID). Where("uid = ?", userID).
And("org_id = ?", team.OrgID). And("org_id = ?", team.OrgID).
Get(ou) Get(ou)

View File

@ -250,16 +250,21 @@ func TestDeleteTeam(t *testing.T) {
func TestIsTeamMember(t *testing.T) { func TestIsTeamMember(t *testing.T) {
assert.NoError(t, PrepareTestDatabase()) assert.NoError(t, PrepareTestDatabase())
test := func(orgID, teamID, userID int64, expected bool) {
isMember, err := IsTeamMember(orgID, teamID, userID)
assert.NoError(t, err)
assert.Equal(t, expected, isMember)
}
assert.True(t, IsTeamMember(3, 1, 2)) test(3, 1, 2, true)
assert.False(t, IsTeamMember(3, 1, 4)) test(3, 1, 4, false)
assert.False(t, IsTeamMember(3, 1, NonexistentID)) test(3, 1, NonexistentID, false)
assert.True(t, IsTeamMember(3, 2, 2)) test(3, 2, 2, true)
assert.True(t, IsTeamMember(3, 2, 4)) test(3, 2, 4, true)
assert.False(t, IsTeamMember(3, NonexistentID, NonexistentID)) test(3, NonexistentID, NonexistentID, false)
assert.False(t, IsTeamMember(NonexistentID, NonexistentID, NonexistentID)) test(NonexistentID, NonexistentID, NonexistentID, false)
} }
func TestGetTeamMembers(t *testing.T) { func TestGetTeamMembers(t *testing.T) {

View File

@ -12,28 +12,44 @@ import (
func TestUser_IsOwnedBy(t *testing.T) { func TestUser_IsOwnedBy(t *testing.T) {
assert.NoError(t, PrepareTestDatabase()) assert.NoError(t, PrepareTestDatabase())
org := AssertExistsAndLoadBean(t, &User{ID: 3}).(*User) for _, testCase := range []struct {
assert.True(t, org.IsOwnedBy(2)) OrgID int64
assert.False(t, org.IsOwnedBy(1)) UserID int64
assert.False(t, org.IsOwnedBy(3)) ExpectedOwner bool
assert.False(t, org.IsOwnedBy(4)) }{
{3, 2, true},
nonOrg := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User) {3, 1, false},
assert.False(t, nonOrg.IsOwnedBy(2)) {3, 3, false},
assert.False(t, nonOrg.IsOwnedBy(3)) {3, 4, false},
{2, 2, false}, // user2 is not an organization
{2, 3, false},
} {
org := AssertExistsAndLoadBean(t, &User{ID: testCase.OrgID}).(*User)
isOwner, err := org.IsOwnedBy(testCase.UserID)
assert.NoError(t, err)
assert.Equal(t, testCase.ExpectedOwner, isOwner)
}
} }
func TestUser_IsOrgMember(t *testing.T) { func TestUser_IsOrgMember(t *testing.T) {
assert.NoError(t, PrepareTestDatabase()) assert.NoError(t, PrepareTestDatabase())
org := AssertExistsAndLoadBean(t, &User{ID: 3}).(*User) for _, testCase := range []struct {
assert.True(t, org.IsOrgMember(2)) OrgID int64
assert.True(t, org.IsOrgMember(4)) UserID int64
assert.False(t, org.IsOrgMember(1)) ExpectedMember bool
assert.False(t, org.IsOrgMember(3)) }{
{3, 2, true},
nonOrg := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User) {3, 4, true},
assert.False(t, nonOrg.IsOrgMember(2)) {3, 1, false},
assert.False(t, nonOrg.IsOrgMember(3)) {3, 3, false},
{2, 2, false}, // user2 is not an organization
{2, 3, false},
} {
org := AssertExistsAndLoadBean(t, &User{ID: testCase.OrgID}).(*User)
isMember, err := org.IsOrgMember(testCase.UserID)
assert.NoError(t, err)
assert.Equal(t, testCase.ExpectedMember, isMember)
}
} }
func TestUser_GetTeam(t *testing.T) { func TestUser_GetTeam(t *testing.T) {
@ -257,31 +273,46 @@ func TestDeleteOrganization(t *testing.T) {
func TestIsOrganizationOwner(t *testing.T) { func TestIsOrganizationOwner(t *testing.T) {
assert.NoError(t, PrepareTestDatabase()) assert.NoError(t, PrepareTestDatabase())
assert.True(t, IsOrganizationOwner(3, 2)) test := func(orgID, userID int64, expected bool) {
assert.False(t, IsOrganizationOwner(3, 3)) isOwner, err := IsOrganizationOwner(orgID, userID)
assert.True(t, IsOrganizationOwner(6, 5)) assert.NoError(t, err)
assert.False(t, IsOrganizationOwner(6, 4)) assert.EqualValues(t, expected, isOwner)
assert.False(t, IsOrganizationOwner(NonexistentID, NonexistentID)) }
test(3, 2, true)
test(3, 3, false)
test(6, 5, true)
test(6, 4, false)
test(NonexistentID, NonexistentID, false)
} }
func TestIsOrganizationMember(t *testing.T) { func TestIsOrganizationMember(t *testing.T) {
assert.NoError(t, PrepareTestDatabase()) assert.NoError(t, PrepareTestDatabase())
assert.True(t, IsOrganizationMember(3, 2)) test := func(orgID, userID int64, expected bool) {
assert.False(t, IsOrganizationMember(3, 3)) isMember, err := IsOrganizationMember(orgID, userID)
assert.True(t, IsOrganizationMember(3, 4)) assert.NoError(t, err)
assert.True(t, IsOrganizationMember(6, 5)) assert.EqualValues(t, expected, isMember)
assert.False(t, IsOrganizationMember(6, 4)) }
assert.False(t, IsOrganizationMember(NonexistentID, NonexistentID)) test(3, 2, true)
test(3, 3, false)
test(3, 4, true)
test(6, 5, true)
test(6, 4, false)
test(NonexistentID, NonexistentID, false)
} }
func TestIsPublicMembership(t *testing.T) { func TestIsPublicMembership(t *testing.T) {
assert.NoError(t, PrepareTestDatabase()) assert.NoError(t, PrepareTestDatabase())
assert.True(t, IsPublicMembership(3, 2)) test := func(orgID, userID int64, expected bool) {
assert.False(t, IsPublicMembership(3, 3)) isMember, err := IsPublicMembership(orgID, userID)
assert.False(t, IsPublicMembership(3, 4)) assert.NoError(t, err)
assert.True(t, IsPublicMembership(6, 5)) assert.EqualValues(t, expected, isMember)
assert.False(t, IsPublicMembership(6, 4)) }
assert.False(t, IsPublicMembership(NonexistentID, NonexistentID)) test(3, 2, true)
test(3, 3, false)
test(3, 4, false)
test(6, 5, true)
test(6, 4, false)
test(NonexistentID, NonexistentID, false)
} }
func TestGetOrgsByUserID(t *testing.T) { func TestGetOrgsByUserID(t *testing.T) {

View File

@ -1493,13 +1493,19 @@ func TransferOwnership(doer *User, newOwnerName string, repo *Repository) error
// Dummy object. // Dummy object.
collaboration := &Collaboration{RepoID: repo.ID} collaboration := &Collaboration{RepoID: repo.ID}
for _, c := range collaborators { for _, c := range collaborators {
if c.ID != newOwner.ID {
isMember, err := newOwner.IsOrgMember(c.ID)
if err != nil {
return fmt.Errorf("IsOrgMember: %v", err)
} else if !isMember {
continue
}
}
collaboration.UserID = c.ID collaboration.UserID = c.ID
if c.ID == newOwner.ID || newOwner.IsOrgMember(c.ID) {
if _, err = sess.Delete(collaboration); err != nil { if _, err = sess.Delete(collaboration); err != nil {
return fmt.Errorf("remove collaborator '%d': %v", c.ID, err) return fmt.Errorf("remove collaborator '%d': %v", c.ID, err)
} }
} }
}
// Remove old team-repository relations. // Remove old team-repository relations.
if owner.IsOrganization() { if owner.IsOrganization() {

View File

@ -487,12 +487,22 @@ func (u *User) IsOrganization() bool {
// IsUserOrgOwner returns true if user is in the owner team of given organization. // IsUserOrgOwner returns true if user is in the owner team of given organization.
func (u *User) IsUserOrgOwner(orgID int64) bool { func (u *User) IsUserOrgOwner(orgID int64) bool {
return IsOrganizationOwner(orgID, u.ID) isOwner, err := IsOrganizationOwner(orgID, u.ID)
if err != nil {
log.Error(4, "IsOrganizationOwner: %v", err)
return false
}
return isOwner
} }
// IsPublicMember returns true if user public his/her membership in given organization. // IsPublicMember returns true if user public his/her membership in given organization.
func (u *User) IsPublicMember(orgID int64) bool { func (u *User) IsPublicMember(orgID int64) bool {
return IsPublicMembership(orgID, u.ID) isMember, err := IsPublicMembership(orgID, u.ID)
if err != nil {
log.Error(4, "IsPublicMembership: %v", err)
return false
}
return isMember
} }
func (u *User) getOrganizationCount(e Engine) (int64, error) { func (u *User) getOrganizationCount(e Engine) (int64, error) {

View File

@ -73,14 +73,21 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
ctx.Org.IsTeamMember = true ctx.Org.IsTeamMember = true
ctx.Org.IsTeamAdmin = true ctx.Org.IsTeamAdmin = true
} else if ctx.IsSigned { } else if ctx.IsSigned {
ctx.Org.IsOwner = org.IsOwnedBy(ctx.User.ID) ctx.Org.IsOwner, err = org.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Handle(500, "IsOwnedBy", err)
return
}
if ctx.Org.IsOwner { if ctx.Org.IsOwner {
ctx.Org.IsMember = true ctx.Org.IsMember = true
ctx.Org.IsTeamMember = true ctx.Org.IsTeamMember = true
ctx.Org.IsTeamAdmin = true ctx.Org.IsTeamAdmin = true
} else { } else {
if org.IsOrgMember(ctx.User.ID) { ctx.Org.IsMember, err = org.IsOrgMember(ctx.User.ID)
ctx.Org.IsMember = true if err != nil {
ctx.Handle(500, "IsOrgMember", err)
return
} }
} }
} else { } else {

View File

@ -177,7 +177,10 @@ func reqOrgMembership() macaron.Handler {
return return
} }
if !models.IsOrganizationMember(orgID, ctx.User.ID) { if isMember, err := models.IsOrganizationMember(orgID, ctx.User.ID); err != nil {
ctx.Error(500, "IsOrganizationMember", err)
return
} else if !isMember {
if ctx.Org.Organization != nil { if ctx.Org.Organization != nil {
ctx.Error(403, "", "Must be an organization member") ctx.Error(403, "", "Must be an organization member")
} else { } else {
@ -200,7 +203,10 @@ func reqOrgOwnership() macaron.Handler {
return return
} }
if !models.IsOrganizationOwner(orgID, ctx.User.ID) { isOwner, err := models.IsOrganizationOwner(orgID, ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOrganizationOwner", err)
} else if !isOwner {
if ctx.Org.Organization != nil { if ctx.Org.Organization != nil {
ctx.Error(403, "", "Must be an organization owner") ctx.Error(403, "", "Must be an organization owner")
} else { } else {

View File

@ -67,7 +67,15 @@ func ListMembers(ctx *context.APIContext) {
// responses: // responses:
// "200": // "200":
// "$ref": "#/responses/UserList" // "$ref": "#/responses/UserList"
publicOnly := ctx.User == nil || !ctx.Org.Organization.IsOrgMember(ctx.User.ID) publicOnly := true
if ctx.User != nil {
isMember, err := ctx.Org.Organization.IsOrgMember(ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOrgMember", err)
return
}
publicOnly = !isMember
}
listMembers(ctx, publicOnly) listMembers(ctx, publicOnly)
} }
@ -119,19 +127,30 @@ func IsMember(ctx *context.APIContext) {
if ctx.Written() { if ctx.Written() {
return return
} }
if ctx.User != nil && ctx.Org.Organization.IsOrgMember(ctx.User.ID) { if ctx.User != nil {
if ctx.Org.Organization.IsOrgMember(userToCheck.ID) { userIsMember, err := ctx.Org.Organization.IsOrgMember(ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOrgMember", err)
return
} else if userIsMember {
userToCheckIsMember, err := ctx.Org.Organization.IsOrgMember(ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOrgMember", err)
} else if userToCheckIsMember {
ctx.Status(204) ctx.Status(204)
} else { } else {
ctx.Status(404) ctx.Status(404)
} }
} else if ctx.User != nil && ctx.User.ID == userToCheck.ID { return
} else if ctx.User.ID == userToCheck.ID {
ctx.Status(404) ctx.Status(404)
} else { return
}
}
redirectURL := fmt.Sprintf("%sapi/v1/orgs/%s/public_members/%s", redirectURL := fmt.Sprintf("%sapi/v1/orgs/%s/public_members/%s",
setting.AppURL, ctx.Org.Organization.Name, userToCheck.Name) setting.AppURL, ctx.Org.Organization.Name, userToCheck.Name)
ctx.Redirect(redirectURL, 302) ctx.Redirect(redirectURL, 302)
}
} }
// IsPublicMember check if a user is a public member of an organization // IsPublicMember check if a user is a public member of an organization

View File

@ -176,7 +176,11 @@ func GetTeamMembers(ctx *context.APIContext) {
// responses: // responses:
// "200": // "200":
// "$ref": "#/responses/UserList" // "$ref": "#/responses/UserList"
if !models.IsOrganizationMember(ctx.Org.Team.OrgID, ctx.User.ID) { isMember, err := models.IsOrganizationMember(ctx.Org.Team.OrgID, ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOrganizationMember", err)
return
} else if !isMember {
ctx.Status(404) ctx.Status(404)
return return
} }

View File

@ -89,7 +89,11 @@ func CreateFork(ctx *context.APIContext, form api.CreateForkOption) {
} }
return return
} }
if !org.IsOrgMember(ctx.User.ID) { isMember, err := org.IsOrgMember(ctx.User.ID)
if err != nil {
ctx.Handle(500, "IsOrgMember", err)
return
} else if !isMember {
ctx.Status(403) ctx.Status(403)
return return
} }

View File

@ -108,8 +108,19 @@ func Search(ctx *context.APIContext) {
} }
// Check visibility. // Check visibility.
if ctx.IsSigned && (ctx.User.ID == repoOwner.ID || (repoOwner.IsOrganization() && repoOwner.IsOwnedBy(ctx.User.ID))) { if ctx.IsSigned {
if ctx.User.ID == repoOwner.ID {
opts.Private = true opts.Private = true
} else if repoOwner.IsOrganization() {
opts.Private, err = repoOwner.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.JSON(500, api.SearchError{
OK: false,
Error: err.Error(),
})
return
}
}
} }
} }
@ -245,7 +256,11 @@ func CreateOrgRepo(ctx *context.APIContext, opt api.CreateRepoOption) {
return return
} }
if !org.IsOwnedBy(ctx.User.ID) { isOwner, err := org.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Handle(500, "IsOwnedBy", err)
return
} else if !isOwner {
ctx.Error(403, "", "Given user is not owner of organization.") ctx.Error(403, "", "Given user is not owner of organization.")
return return
} }
@ -292,7 +307,11 @@ func Migrate(ctx *context.APIContext, form auth.MigrateRepoForm) {
if ctxUser.IsOrganization() && !ctx.User.IsAdmin { if ctxUser.IsOrganization() && !ctx.User.IsAdmin {
// Check ownership of organization. // Check ownership of organization.
if !ctxUser.IsOwnedBy(ctx.User.ID) { isOwner, err := ctxUser.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOwnedBy", err)
return
} else if !isOwner {
ctx.Error(403, "", "Given user is not owner of organization.") ctx.Error(403, "", "Given user is not owner of organization.")
return return
} }
@ -431,10 +450,16 @@ func Delete(ctx *context.APIContext) {
owner := ctx.Repo.Owner owner := ctx.Repo.Owner
repo := ctx.Repo.Repository repo := ctx.Repo.Repository
if owner.IsOrganization() && !owner.IsOwnedBy(ctx.User.ID) { if owner.IsOrganization() {
isOwner, err := owner.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Error(500, "IsOwnedBy", err)
return
} else if !isOwner {
ctx.Error(403, "", "Given user is not owner of organization.") ctx.Error(403, "", "Given user is not owner of organization.")
return return
} }
}
if err := models.DeleteRepository(ctx.User, owner.ID, repo.ID); err != nil { if err := models.DeleteRepository(ctx.User, owner.ID, repo.ID); err != nil {
ctx.Error(500, "DeleteRepository", err) ctx.Error(500, "DeleteRepository", err)

View File

@ -475,6 +475,26 @@ func NewIssuePost(ctx *context.Context, form auth.CreateIssueForm) {
ctx.Redirect(ctx.Repo.RepoLink + "/issues/" + com.ToStr(issue.Index)) ctx.Redirect(ctx.Repo.RepoLink + "/issues/" + com.ToStr(issue.Index))
} }
// commentTag returns the CommentTag for a comment in/with the given repo, poster and issue
func commentTag(repo *models.Repository, poster *models.User, issue *models.Issue) (models.CommentTag, error) {
if repo.IsOwnedBy(poster.ID) {
return models.CommentTagOwner, nil
} else if repo.Owner.IsOrganization() {
isOwner, err := repo.Owner.IsOwnedBy(poster.ID)
if err != nil {
return models.CommentTagNone, err
} else if isOwner {
return models.CommentTagOwner, nil
}
}
if poster.IsWriterOfRepo(repo) {
return models.CommentTagWriter, nil
} else if poster.ID == issue.PosterID {
return models.CommentTagPoster, nil
}
return models.CommentTagNone, nil
}
// ViewIssue render issue view page // ViewIssue render issue view page
func ViewIssue(ctx *context.Context) { func ViewIssue(ctx *context.Context) {
ctx.Data["RequireHighlightJS"] = true ctx.Data["RequireHighlightJS"] = true
@ -644,15 +664,11 @@ func ViewIssue(ctx *context.Context) {
continue continue
} }
if repo.IsOwnedBy(comment.PosterID) || comment.ShowTag, err = commentTag(repo, comment.Poster, issue)
(repo.Owner.IsOrganization() && repo.Owner.IsOwnedBy(comment.PosterID)) { if err != nil {
comment.ShowTag = models.CommentTagOwner ctx.Handle(500, "commentTag", err)
} else if comment.Poster.IsWriterOfRepo(repo) { return
comment.ShowTag = models.CommentTagWriter
} else if comment.PosterID == issue.PosterID {
comment.ShowTag = models.CommentTagPoster
} }
marked[comment.PosterID] = comment.ShowTag marked[comment.PosterID] = comment.ShowTag
isAdded := false isAdded := false

View File

@ -173,7 +173,11 @@ func ForkPost(ctx *context.Context, form auth.CreateRepoForm) {
// Check ownership of organization. // Check ownership of organization.
if ctxUser.IsOrganization() { if ctxUser.IsOrganization() {
if !ctxUser.IsOwnedBy(ctx.User.ID) { isOwner, err := ctxUser.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Handle(500, "IsOwnedBy", err)
return
} else if !isOwner {
ctx.Error(403) ctx.Error(403)
return return
} }

View File

@ -74,10 +74,20 @@ func checkContextUser(ctx *context.Context, uid int64) *models.User {
} }
// Check ownership of organization. // Check ownership of organization.
if !org.IsOrganization() || !(ctx.User.IsAdmin || org.IsOwnedBy(ctx.User.ID)) { if !org.IsOrganization() {
ctx.Error(403) ctx.Error(403)
return nil return nil
} }
if !ctx.User.IsAdmin {
isOwner, err := org.IsOwnedBy(ctx.User.ID)
if err != nil {
ctx.Handle(500, "IsOwnedBy", err)
return nil
} else if !isOwner {
ctx.Error(403)
return nil
}
}
return org return org
} }

View File

@ -234,13 +234,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
return return
} }
if ctx.Repo.Owner.IsOrganization() {
if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) {
ctx.Error(404)
return
}
}
if !repo.IsMirror { if !repo.IsMirror {
ctx.Error(404) ctx.Error(404)
return return
@ -268,13 +261,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
return return
} }
if ctx.Repo.Owner.IsOrganization() {
if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) {
ctx.Error(404)
return
}
}
newOwner := ctx.Query("new_owner_name") newOwner := ctx.Query("new_owner_name")
isExist, err := models.IsUserExist(0, newOwner) isExist, err := models.IsUserExist(0, newOwner)
if err != nil { if err != nil {
@ -307,13 +293,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
return return
} }
if ctx.Repo.Owner.IsOrganization() {
if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) {
ctx.Error(404)
return
}
}
if err := models.DeleteRepository(ctx.User, ctx.Repo.Owner.ID, repo.ID); err != nil { if err := models.DeleteRepository(ctx.User, ctx.Repo.Owner.ID, repo.ID); err != nil {
ctx.Handle(500, "DeleteRepository", err) ctx.Handle(500, "DeleteRepository", err)
return return
@ -333,13 +312,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
return return
} }
if ctx.Repo.Owner.IsOrganization() {
if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) {
ctx.Error(404)
return
}
}
repo.DeleteWiki() repo.DeleteWiki()
log.Trace("Repository wiki deleted: %s/%s", ctx.Repo.Owner.Name, repo.Name) log.Trace("Repository wiki deleted: %s/%s", ctx.Repo.Owner.Name, repo.Name)
@ -393,11 +365,17 @@ func CollaborationPost(ctx *context.Context) {
} }
// Check if user is organization member. // Check if user is organization member.
if ctx.Repo.Owner.IsOrganization() && ctx.Repo.Owner.IsOrgMember(u.ID) { if ctx.Repo.Owner.IsOrganization() {
isMember, err := ctx.Repo.Owner.IsOrgMember(u.ID)
if err != nil {
ctx.Handle(500, "IsOrgMember", err)
return
} else if isMember {
ctx.Flash.Info(ctx.Tr("repo.settings.user_is_org_member")) ctx.Flash.Info(ctx.Tr("repo.settings.user_is_org_member"))
ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration") ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
return return
} }
}
if err = ctx.Repo.Repository.AddCollaborator(u); err != nil { if err = ctx.Repo.Repository.AddCollaborator(u); err != nil {
ctx.Handle(500, "AddCollaborator", err) ctx.Handle(500, "AddCollaborator", err)