Fix issue label deletion with Actions tokens (#37013)
Use shared repo permission resolution for Actions task users in issue label remove and clear paths, and add a regression test for deleting issue labels with a Gitea Actions token. This fixes issue label deletion when the request is authenticated with a Gitea Actions token. Fixes #37011 The bug was that the delete path re-resolved repository permissions using the normal user permission helper, which does not handle Actions task users. As a result, `DELETE /api/v1/repos/{owner}/{repo}/issues/{index}/labels/{id}` could return `500` for Actions tokens even though label listing and label addition worked. --------- Co-authored-by: Codex <codex@openai.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>
This commit is contained in:
@@ -47,7 +47,7 @@ func (n *actionsNotifier) NewIssue(ctx context.Context, issue *issues_model.Issu
|
||||
log.Error("issue.LoadPoster: %v", err)
|
||||
return
|
||||
}
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
|
||||
newNotifyInputFromIssue(issue, webhook_module.HookEventIssues).WithPayload(&api.IssuePayload{
|
||||
Action: api.HookIssueOpened,
|
||||
@@ -76,7 +76,7 @@ func (n *actionsNotifier) notifyIssueChangeWithTitleOrContent(ctx context.Contex
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
if issue.IsPull {
|
||||
if err = issue.LoadPullRequest(ctx); err != nil {
|
||||
log.Error("loadPullRequest: %v", err)
|
||||
@@ -110,7 +110,7 @@ func (n *actionsNotifier) notifyIssueChangeWithTitleOrContent(ctx context.Contex
|
||||
// IssueChangeStatus notifies close or reopen issue to notifiers
|
||||
func (n *actionsNotifier) IssueChangeStatus(ctx context.Context, doer *user_model.User, commitID string, issue *issues_model.Issue, _ *issues_model.Comment, isClosed bool) {
|
||||
ctx = withMethod(ctx, "IssueChangeStatus")
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
if issue.IsPull {
|
||||
if err := issue.LoadPullRequest(ctx); err != nil {
|
||||
log.Error("LoadPullRequest: %v", err)
|
||||
@@ -259,7 +259,7 @@ func notifyIssueChange(ctx context.Context, doer *user_model.User, issue *issues
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
payload := &api.IssuePayload{
|
||||
Action: action,
|
||||
Index: issue.Index,
|
||||
@@ -322,7 +322,7 @@ func notifyIssueCommentChange(ctx context.Context, doer *user_model.User, commen
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, comment.Issue.Repo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, comment.Issue.Repo, doer)
|
||||
|
||||
payload := &api.IssueCommentPayload{
|
||||
Action: action,
|
||||
@@ -376,7 +376,7 @@ func (n *actionsNotifier) NewPullRequest(ctx context.Context, pull *issues_model
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, pull.Issue.Repo, pull.Issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, pull.Issue.Repo, pull.Issue.Poster)
|
||||
|
||||
newNotifyInputFromIssue(pull.Issue, webhook_module.HookEventPullRequest).
|
||||
WithPayload(&api.PullRequestPayload{
|
||||
@@ -404,8 +404,8 @@ func (n *actionsNotifier) CreateRepository(ctx context.Context, doer, u *user_mo
|
||||
func (n *actionsNotifier) ForkRepository(ctx context.Context, doer *user_model.User, oldRepo, repo *repo_model.Repository) {
|
||||
ctx = withMethod(ctx, "ForkRepository")
|
||||
|
||||
oldPermission, _ := access_model.GetUserRepoPermission(ctx, oldRepo, doer)
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, repo, doer)
|
||||
oldPermission, _ := access_model.GetDoerRepoPermission(ctx, oldRepo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, repo, doer)
|
||||
|
||||
// forked webhook
|
||||
newNotifyInput(oldRepo, doer, webhook_module.HookEventFork).WithPayload(&api.ForkPayload{
|
||||
@@ -452,9 +452,9 @@ func (n *actionsNotifier) PullRequestReview(ctx context.Context, pr *issues_mode
|
||||
return
|
||||
}
|
||||
|
||||
permission, err := access_model.GetUserRepoPermission(ctx, review.Issue.Repo, review.Issue.Poster)
|
||||
permission, err := access_model.GetIndividualUserRepoPermission(ctx, review.Issue.Repo, review.Issue.Poster)
|
||||
if err != nil {
|
||||
log.Error("models.GetUserRepoPermission: %v", err)
|
||||
log.Error("models.GetIndividualUserRepoPermission: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -481,7 +481,7 @@ func (n *actionsNotifier) PullRequestReviewRequest(ctx context.Context, doer *us
|
||||
|
||||
ctx = withMethod(ctx, "PullRequestReviewRequest")
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, issue.Repo, doer)
|
||||
if err := issue.LoadPullRequest(ctx); err != nil {
|
||||
log.Error("LoadPullRequest failed: %v", err)
|
||||
return
|
||||
@@ -525,9 +525,9 @@ func (*actionsNotifier) MergePullRequest(ctx context.Context, doer *user_model.U
|
||||
return
|
||||
}
|
||||
|
||||
permission, err := access_model.GetUserRepoPermission(ctx, pr.Issue.Repo, doer)
|
||||
permission, err := access_model.GetDoerRepoPermission(ctx, pr.Issue.Repo, doer)
|
||||
if err != nil {
|
||||
log.Error("models.GetUserRepoPermission: %v", err)
|
||||
log.Error("models.GetDoerRepoPermission: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -723,7 +723,7 @@ func (n *actionsNotifier) PullRequestChangeTargetBranch(ctx context.Context, doe
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, pr.Issue.Repo, pr.Issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, pr.Issue.Repo, pr.Issue.Poster)
|
||||
newNotifyInput(pr.Issue.Repo, doer, webhook_module.HookEventPullRequest).
|
||||
WithPayload(&api.PullRequestPayload{
|
||||
Action: api.HookIssueEdited,
|
||||
|
||||
@@ -362,7 +362,7 @@ func notifyRelease(ctx context.Context, doer *user_model.User, rel *repo_model.R
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, rel.Repo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, rel.Repo, doer)
|
||||
|
||||
newNotifyInput(rel.Repo, doer, webhook_module.HookEventRelease).
|
||||
WithRef(git.RefNameFromTag(rel.TagName).String()).
|
||||
@@ -413,8 +413,8 @@ func ifNeedApproval(ctx context.Context, run *actions_model.ActionRun, repo *rep
|
||||
}
|
||||
|
||||
// don't need approval if the user can write
|
||||
if perm, err := access_model.GetUserRepoPermission(ctx, repo, user); err != nil {
|
||||
return false, fmt.Errorf("GetUserRepoPermission: %w", err)
|
||||
if perm, err := access_model.GetDoerRepoPermission(ctx, repo, user); err != nil {
|
||||
return false, fmt.Errorf("GetDoerRepoPermission: %w", err)
|
||||
} else if perm.CanWrite(unit_model.TypeActions) {
|
||||
log.Trace("do not need approval because user %d can write", user.ID)
|
||||
return false, nil
|
||||
|
||||
@@ -245,9 +245,9 @@ func handlePullRequestAutoMerge(pullID int64, sha string) {
|
||||
return
|
||||
}
|
||||
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, pr.BaseRepo, doer)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, pr.BaseRepo, doer)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission %-v: %v", pr.BaseRepo, err)
|
||||
log.Error("GetDoerRepoPermission %-v: %v", pr.BaseRepo, err)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -344,9 +344,9 @@ func RetrieveTemplateRepo(ctx *Context, repo *repo_model.Repository) {
|
||||
return
|
||||
}
|
||||
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, templateRepo, ctx.Doer)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, templateRepo, ctx.Doer)
|
||||
if err != nil {
|
||||
ctx.ServerError("GetUserRepoPermission", err)
|
||||
ctx.ServerError("GetDoerRepoPermission", err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -421,9 +421,9 @@ func repoAssignment(ctx *Context, repo *repo_model.Repository) {
|
||||
if ctx.DoerNeedTwoFactorAuth() {
|
||||
ctx.Repo.Permission = access_model.PermissionNoAccess()
|
||||
} else {
|
||||
ctx.Repo.Permission, err = access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
|
||||
ctx.Repo.Permission, err = access_model.GetDoerRepoPermission(ctx, repo, ctx.Doer)
|
||||
if err != nil {
|
||||
ctx.ServerError("GetUserRepoPermission", err)
|
||||
ctx.ServerError("GetDoerRepoPermission", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
@@ -125,7 +125,7 @@ func LoadRepo(t *testing.T, ctx gocontext.Context, repoID int64) {
|
||||
repo.Owner, err = user_model.GetUserByID(ctx, repo.Repository.OwnerID)
|
||||
assert.NoError(t, err)
|
||||
repo.RepoLink = repo.Repository.Link()
|
||||
repo.Permission, err = access_model.GetUserRepoPermission(ctx, repo.Repository, doer)
|
||||
repo.Permission, err = access_model.GetDoerRepoPermission(ctx, repo.Repository, doer)
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
|
||||
@@ -15,9 +15,9 @@ import (
|
||||
)
|
||||
|
||||
func ToActivity(ctx context.Context, ac *activities_model.Action, doer *user_model.User) *api.Activity {
|
||||
p, err := access_model.GetUserRepoPermission(ctx, ac.Repo, doer)
|
||||
p, err := access_model.GetDoerRepoPermission(ctx, ac.Repo, doer)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission[%d]: %v", ac.RepoID, err)
|
||||
log.Error("GetDoerRepoPermission[%d]: %v", ac.RepoID, err)
|
||||
p.AccessMode = perm_model.AccessModeNone
|
||||
}
|
||||
|
||||
|
||||
@@ -72,7 +72,7 @@ func ToBranch(ctx context.Context, repo *repo_model.Repository, branchName strin
|
||||
return nil, err
|
||||
}
|
||||
|
||||
perms, err := access_model.GetUserRepoPermission(ctx, repo, user)
|
||||
perms, err := access_model.GetIndividualUserRepoPermission(ctx, repo, user)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -105,7 +105,7 @@ func ToBranch(ctx context.Context, repo *repo_model.Repository, branchName strin
|
||||
}
|
||||
|
||||
if user != nil {
|
||||
permission, err := access_model.GetUserRepoPermission(ctx, repo, user)
|
||||
permission, err := access_model.GetIndividualUserRepoPermission(ctx, repo, user)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -200,7 +200,7 @@ func ToStopWatches(ctx context.Context, doer *user_model.User, sws []*issues_mod
|
||||
// ADD: Check user permissions
|
||||
perm, ok := permCache[repo.ID]
|
||||
if !ok {
|
||||
perm, err = access_model.GetUserRepoPermission(ctx, repo, doer)
|
||||
perm, err = access_model.GetDoerRepoPermission(ctx, repo, doer)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
@@ -234,7 +234,7 @@ func ToTrackedTimeList(ctx context.Context, doer *user_model.User, tl issues_mod
|
||||
continue
|
||||
}
|
||||
perm, err := cache.GetWithEphemeralCache(ctx, permCache, "repo-perm", t.Issue.RepoID, func(ctx context.Context, repoID int64) (access_model.Permission, error) {
|
||||
return access_model.GetUserRepoPermission(ctx, t.Issue.Repo, doer)
|
||||
return access_model.GetDoerRepoPermission(ctx, t.Issue.Repo, doer)
|
||||
})
|
||||
if err != nil {
|
||||
continue
|
||||
|
||||
@@ -25,9 +25,9 @@ func ToNotificationThread(ctx context.Context, n *activities_model.Notification)
|
||||
|
||||
// since user only get notifications when he has access to use minimal access mode
|
||||
if n.Repository != nil {
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, n.Repository, n.User)
|
||||
perm, err := access_model.GetIndividualUserRepoPermission(ctx, n.Repository, n.User)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission failed: %v", err)
|
||||
log.Error("GetIndividualUserRepoPermission failed: %v", err)
|
||||
return result
|
||||
}
|
||||
if perm.HasAnyUnitAccessOrPublicAccess() { // if user has been revoked access to repo, do not show repo info
|
||||
|
||||
@@ -16,7 +16,7 @@ import (
|
||||
func ToPackage(ctx context.Context, pd *packages.PackageDescriptor, doer *user_model.User) (*api.Package, error) {
|
||||
var repo *api.Repository
|
||||
if pd.Repository != nil {
|
||||
permission, err := access_model.GetUserRepoPermission(ctx, pd.Repository, doer)
|
||||
permission, err := access_model.GetDoerRepoPermission(ctx, pd.Repository, doer)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -63,11 +63,11 @@ func ToAPIPullRequest(ctx context.Context, pr *issues_model.PullRequest, doer *u
|
||||
|
||||
repoUserPerm, err := cache.GetWithContextCache(ctx, cachegroup.RepoUserPermission, fmt.Sprintf("%d-%d", pr.BaseRepoID, doerID),
|
||||
func(ctx context.Context, _ string) (access_model.Permission, error) {
|
||||
return access_model.GetUserRepoPermission(ctx, pr.BaseRepo, doer)
|
||||
return access_model.GetDoerRepoPermission(ctx, pr.BaseRepo, doer)
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission[%d]: %v", pr.BaseRepoID, err)
|
||||
log.Error("GetDoerRepoPermission[%d]: %v", pr.BaseRepoID, err)
|
||||
repoUserPerm.AccessMode = perm.AccessModeNone
|
||||
}
|
||||
|
||||
@@ -181,9 +181,9 @@ func ToAPIPullRequest(ctx context.Context, pr *issues_model.PullRequest, doer *u
|
||||
}
|
||||
|
||||
if pr.HeadRepo != nil && pr.Flow == issues_model.PullRequestFlowGithub {
|
||||
p, err := access_model.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
|
||||
p, err := access_model.GetDoerRepoPermission(ctx, pr.HeadRepo, doer)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission[%d]: %v", pr.HeadRepoID, err)
|
||||
log.Error("GetDoerRepoPermission[%d]: %v", pr.HeadRepoID, err)
|
||||
p.AccessMode = perm.AccessModeNone
|
||||
}
|
||||
|
||||
@@ -334,9 +334,9 @@ func ToAPIPullRequests(ctx context.Context, baseRepo *repo_model.Repository, prs
|
||||
}
|
||||
defer gitRepo.Close()
|
||||
|
||||
baseRepoPerm, err := access_model.GetUserRepoPermission(ctx, baseRepo, doer)
|
||||
baseRepoPerm, err := access_model.GetDoerRepoPermission(ctx, baseRepo, doer)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission[%d]: %v", baseRepo.ID, err)
|
||||
log.Error("GetDoerRepoPermission[%d]: %v", baseRepo.ID, err)
|
||||
baseRepoPerm.AccessMode = perm.AccessModeNone
|
||||
}
|
||||
|
||||
@@ -435,9 +435,9 @@ func ToAPIPullRequests(ctx context.Context, baseRepo *repo_model.Repository, prs
|
||||
apiPullRequest.Head.Ref = pr.HeadBranch
|
||||
}
|
||||
if pr.HeadRepoID != pr.BaseRepoID {
|
||||
p, err := access_model.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
|
||||
p, err := access_model.GetDoerRepoPermission(ctx, pr.HeadRepo, doer)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission[%d]: %v", pr.HeadRepoID, err)
|
||||
log.Error("GetDoerRepoPermission[%d]: %v", pr.HeadRepoID, err)
|
||||
p.AccessMode = perm.AccessModeNone
|
||||
}
|
||||
apiPullRequest.Head.Repository = ToRepo(ctx, pr.HeadRepo, p)
|
||||
|
||||
@@ -132,7 +132,7 @@ func NotifyWatchers(ctx context.Context, acts ...*activities_model.Action) error
|
||||
permPR[i] = false
|
||||
continue
|
||||
}
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, repo, user)
|
||||
perm, err := access_model.GetIndividualUserRepoPermission(ctx, repo, user)
|
||||
if err != nil {
|
||||
permCode[i] = false
|
||||
permIssue[i] = false
|
||||
|
||||
@@ -103,14 +103,14 @@ func isValidReviewRequest(ctx context.Context, reviewer, doer *user_model.User,
|
||||
}
|
||||
}
|
||||
|
||||
permReviewer, err := access_model.GetUserRepoPermission(ctx, issue.Repo, reviewer)
|
||||
permReviewer, err := access_model.GetIndividualUserRepoPermission(ctx, issue.Repo, reviewer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if permDoer == nil {
|
||||
permDoer = new(access_model.Permission)
|
||||
*permDoer, err = access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
|
||||
*permDoer, err = access_model.GetDoerRepoPermission(ctx, issue.Repo, doer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -157,7 +157,7 @@ func UpdateIssuesCommit(ctx context.Context, doer *user_model.User, repo *repo_m
|
||||
continue
|
||||
}
|
||||
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, refRepo, doer)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, refRepo, doer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -51,7 +51,7 @@ func RemoveLabel(ctx context.Context, issue *issues_model.Issue, doer *user_mode
|
||||
return err
|
||||
}
|
||||
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, issue.Repo, doer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -550,9 +550,9 @@ func authenticate(ctx *context.Context, repository *repo_model.Repository, autho
|
||||
}
|
||||
|
||||
// it works for both anonymous request and signed-in user, then perm.CanAccess will do the permission check
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, repository, ctx.Doer)
|
||||
if err != nil {
|
||||
log.Error("Unable to GetUserRepoPermission for user %-v in repo %-v Error: %v", ctx.Doer, repository, err)
|
||||
log.Error("Unable to GetDoerRepoPermission for user %-v in repo %-v Error: %v", ctx.Doer, repository, err)
|
||||
return false
|
||||
}
|
||||
|
||||
|
||||
@@ -67,7 +67,7 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u
|
||||
return err
|
||||
}
|
||||
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, issue.Repo, doer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -171,7 +171,7 @@ func (h *UnsubscribeHandler) Handle(ctx context.Context, _ *MailContent, doer *u
|
||||
return err
|
||||
}
|
||||
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, issue.Repo, doer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -42,7 +42,7 @@ func renderRepoFileCodePreview(ctx context.Context, opts markup.RenderCodePrevie
|
||||
}
|
||||
doer := webCtx.Doer
|
||||
|
||||
perms, err := access.GetUserRepoPermission(ctx, dbRepo, doer)
|
||||
perms, err := access.GetDoerRepoPermission(ctx, dbRepo, doer)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
@@ -43,7 +43,7 @@ func renderRepoIssueIconTitle(ctx context.Context, opts markup.RenderIssueIconTi
|
||||
}
|
||||
|
||||
if webCtx.Repo.Repository == nil || dbRepo.ID != webCtx.Repo.Repository.ID {
|
||||
perms, err := access.GetUserRepoPermission(ctx, dbRepo, webCtx.Doer)
|
||||
perms, err := access.GetDoerRepoPermission(ctx, dbRepo, webCtx.Doer)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
@@ -24,7 +24,7 @@ func LinkToRepository(ctx context.Context, pkg *packages_model.Package, repo *re
|
||||
return util.ErrInvalidArgument
|
||||
}
|
||||
|
||||
perms, err := access_model.GetUserRepoPermission(ctx, repo, doer)
|
||||
perms, err := access_model.GetDoerRepoPermission(ctx, repo, doer)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error getting permissions for user %d on repository %d: %w", doer.ID, repo.ID, err)
|
||||
}
|
||||
@@ -48,7 +48,7 @@ func UnlinkFromRepository(ctx context.Context, pkg *packages_model.Package, doer
|
||||
return fmt.Errorf("error getting repository %d: %w", pkg.RepoID, err)
|
||||
}
|
||||
if err == nil {
|
||||
perms, err := access_model.GetUserRepoPermission(ctx, repo, doer)
|
||||
perms, err := access_model.GetDoerRepoPermission(ctx, repo, doer)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error getting permissions for user %d on repository %d: %w", doer.ID, repo.ID, err)
|
||||
}
|
||||
|
||||
@@ -26,7 +26,7 @@ func SetAllowEdits(ctx context.Context, doer *user_model.User, pr *issues_model.
|
||||
return err
|
||||
}
|
||||
|
||||
permission, err := access_model.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
|
||||
permission, err := access_model.GetDoerRepoPermission(ctx, pr.HeadRepo, doer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -79,7 +79,7 @@ func NewPullRequest(ctx context.Context, opts *NewPullRequestOptions) error {
|
||||
if err := pr.LoadHeadRepo(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, pr.HeadRepo, issue.Poster)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, pr.HeadRepo, issue.Poster)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -159,7 +159,7 @@ func NewPullRequest(ctx context.Context, opts *NewPullRequestOptions) error {
|
||||
|
||||
// Request reviews, these should be requested before other notifications because they will add request reviews record
|
||||
// on database
|
||||
permDoer, err := access_model.GetUserRepoPermission(ctx, repo, issue.Poster)
|
||||
permDoer, err := access_model.GetDoerRepoPermission(ctx, repo, issue.Poster)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -108,7 +108,7 @@ func isUserAllowedToPushOrForcePushInRepoBranch(ctx context.Context, user *user_
|
||||
}
|
||||
|
||||
// 1. check user push permission on the given repository
|
||||
repoPerm, err := access_model.GetUserRepoPermission(ctx, repo, user)
|
||||
repoPerm, err := access_model.GetDoerRepoPermission(ctx, repo, user)
|
||||
if err != nil {
|
||||
if repo_model.IsErrUnitTypeNotExist(err) {
|
||||
return false, false, nil
|
||||
@@ -166,7 +166,7 @@ func IsUserAllowedToUpdate(ctx context.Context, pull *issues_model.PullRequest,
|
||||
// 4. if the pull creator allows maintainer to edit, we need to check whether
|
||||
// user is a maintainer (has permission to merge into base branch) and inherit pull request poster's permission
|
||||
if pull.AllowMaintainerEdit && (!pushAllowed || !rebaseAllowed) {
|
||||
baseRepoPerm, err := access_model.GetUserRepoPermission(ctx, pull.BaseRepo, user)
|
||||
baseRepoPerm, err := access_model.GetDoerRepoPermission(ctx, pull.BaseRepo, user)
|
||||
if err != nil {
|
||||
return false, false, err
|
||||
}
|
||||
|
||||
@@ -419,7 +419,7 @@ func RenameBranch(ctx context.Context, repo *repo_model.Repository, doer *user_m
|
||||
return "", err
|
||||
}
|
||||
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, repo, doer)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, repo, doer)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
@@ -555,7 +555,7 @@ func CanDeleteBranch(ctx context.Context, repo *repo_model.Repository, branchNam
|
||||
return ErrBranchIsDefault
|
||||
}
|
||||
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, repo, doer)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, repo, doer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -539,9 +539,9 @@ func canUserCancelTransfer(ctx context.Context, r *repo_model.RepoTransfer, u *u
|
||||
return r.Repo.OwnerID == u.ID
|
||||
}
|
||||
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, r.Repo, u)
|
||||
perm, err := access_model.GetIndividualUserRepoPermission(ctx, r.Repo, u)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission: %v", err)
|
||||
log.Error("GetIndividualUserRepoPermission: %v", err)
|
||||
return false
|
||||
}
|
||||
return perm.IsOwner()
|
||||
|
||||
@@ -53,7 +53,7 @@ func (m *webhookNotifier) IssueClearLabels(ctx context.Context, doer *user_model
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
var err error
|
||||
if issue.IsPull {
|
||||
if err = issue.LoadPullRequest(ctx); err != nil {
|
||||
@@ -83,8 +83,8 @@ func (m *webhookNotifier) IssueClearLabels(ctx context.Context, doer *user_model
|
||||
}
|
||||
|
||||
func (m *webhookNotifier) ForkRepository(ctx context.Context, doer *user_model.User, oldRepo, repo *repo_model.Repository) {
|
||||
oldPermission, _ := access_model.GetUserRepoPermission(ctx, oldRepo, doer)
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, repo, doer)
|
||||
oldPermission, _ := access_model.GetDoerRepoPermission(ctx, oldRepo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, repo, doer)
|
||||
|
||||
// forked webhook
|
||||
if err := PrepareWebhooks(ctx, EventSource{Repository: oldRepo}, webhook_module.HookEventFork, &api.ForkPayload{
|
||||
@@ -147,7 +147,7 @@ func (m *webhookNotifier) MigrateRepository(ctx context.Context, doer, u *user_m
|
||||
|
||||
func (m *webhookNotifier) IssueChangeAssignee(ctx context.Context, doer *user_model.User, issue *issues_model.Issue, assignee *user_model.User, removed bool, comment *issues_model.Comment) {
|
||||
if issue.IsPull {
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, issue.Repo, doer)
|
||||
|
||||
if err := issue.LoadPullRequest(ctx); err != nil {
|
||||
log.Error("LoadPullRequest failed: %v", err)
|
||||
@@ -170,7 +170,7 @@ func (m *webhookNotifier) IssueChangeAssignee(ctx context.Context, doer *user_mo
|
||||
return
|
||||
}
|
||||
} else {
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, issue.Repo, doer)
|
||||
apiIssue := &api.IssuePayload{
|
||||
Index: issue.Index,
|
||||
Issue: convert.ToAPIIssue(ctx, doer, issue),
|
||||
@@ -191,7 +191,7 @@ func (m *webhookNotifier) IssueChangeAssignee(ctx context.Context, doer *user_mo
|
||||
}
|
||||
|
||||
func (m *webhookNotifier) IssueChangeTitle(ctx context.Context, doer *user_model.User, issue *issues_model.Issue, oldTitle string) {
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
var err error
|
||||
if issue.IsPull {
|
||||
if err = issue.LoadPullRequest(ctx); err != nil {
|
||||
@@ -231,7 +231,7 @@ func (m *webhookNotifier) IssueChangeTitle(ctx context.Context, doer *user_model
|
||||
}
|
||||
|
||||
func (m *webhookNotifier) IssueChangeStatus(ctx context.Context, doer *user_model.User, commitID string, issue *issues_model.Issue, actionComment *issues_model.Comment, isClosed bool) {
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
var err error
|
||||
if issue.IsPull {
|
||||
if err = issue.LoadPullRequest(ctx); err != nil {
|
||||
@@ -282,7 +282,7 @@ func (m *webhookNotifier) NewIssue(ctx context.Context, issue *issues_model.Issu
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
if err := PrepareWebhooks(ctx, EventSource{Repository: issue.Repo}, webhook_module.HookEventIssues, &api.IssuePayload{
|
||||
Action: api.HookIssueOpened,
|
||||
Index: issue.Index,
|
||||
@@ -295,7 +295,7 @@ func (m *webhookNotifier) NewIssue(ctx context.Context, issue *issues_model.Issu
|
||||
}
|
||||
|
||||
func (m *webhookNotifier) DeleteIssue(ctx context.Context, doer *user_model.User, issue *issues_model.Issue) {
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, issue.Repo, doer)
|
||||
if issue.IsPull {
|
||||
if err := issue.LoadPullRequest(ctx); err != nil {
|
||||
log.Error("LoadPullRequest: %v", err)
|
||||
@@ -345,7 +345,7 @@ func (m *webhookNotifier) NewPullRequest(ctx context.Context, pull *issues_model
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, pull.Issue.Repo, pull.Issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, pull.Issue.Repo, pull.Issue.Poster)
|
||||
if err := PrepareWebhooks(ctx, EventSource{Repository: pull.Issue.Repo}, webhook_module.HookEventPullRequest, &api.PullRequestPayload{
|
||||
Action: api.HookIssueOpened,
|
||||
Index: pull.Issue.Index,
|
||||
@@ -363,7 +363,7 @@ func (m *webhookNotifier) IssueChangeContent(ctx context.Context, doer *user_mod
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
var err error
|
||||
if issue.IsPull {
|
||||
if err := issue.LoadPullRequest(ctx); err != nil {
|
||||
@@ -425,7 +425,7 @@ func (m *webhookNotifier) UpdateComment(ctx context.Context, doer *user_model.Us
|
||||
eventType = webhook_module.HookEventIssueComment
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, c.Issue.Repo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, c.Issue.Repo, doer)
|
||||
if err := PrepareWebhooks(ctx, EventSource{Repository: c.Issue.Repo}, eventType, &api.IssueCommentPayload{
|
||||
Action: api.HookIssueCommentEdited,
|
||||
Issue: convert.ToAPIIssue(ctx, doer, c.Issue),
|
||||
@@ -460,7 +460,7 @@ func (m *webhookNotifier) CreateIssueComment(ctx context.Context, doer *user_mod
|
||||
eventType = webhook_module.HookEventIssueComment
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, repo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, repo, doer)
|
||||
if err := PrepareWebhooks(ctx, EventSource{Repository: issue.Repo}, eventType, &api.IssueCommentPayload{
|
||||
Action: api.HookIssueCommentCreated,
|
||||
Issue: convert.ToAPIIssue(ctx, doer, issue),
|
||||
@@ -501,7 +501,7 @@ func (m *webhookNotifier) DeleteComment(ctx context.Context, doer *user_model.Us
|
||||
eventType = webhook_module.HookEventIssueComment
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, comment.Issue.Repo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, comment.Issue.Repo, doer)
|
||||
if err := PrepareWebhooks(ctx, EventSource{Repository: comment.Issue.Repo}, eventType, &api.IssueCommentPayload{
|
||||
Action: api.HookIssueCommentDeleted,
|
||||
Issue: convert.ToAPIIssue(ctx, doer, comment.Issue),
|
||||
@@ -568,7 +568,7 @@ func (m *webhookNotifier) IssueChangeLabels(ctx context.Context, doer *user_mode
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
permission, _ := access_model.GetIndividualUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
if issue.IsPull {
|
||||
if err = issue.LoadPullRequest(ctx); err != nil {
|
||||
log.Error("loadPullRequest: %v", err)
|
||||
@@ -613,7 +613,7 @@ func (m *webhookNotifier) IssueChangeMilestone(ctx context.Context, doer *user_m
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, issue.Repo, doer)
|
||||
if issue.IsPull {
|
||||
err = issue.PullRequest.LoadIssue(ctx)
|
||||
if err != nil {
|
||||
@@ -687,9 +687,9 @@ func (*webhookNotifier) MergePullRequest(ctx context.Context, doer *user_model.U
|
||||
return
|
||||
}
|
||||
|
||||
permission, err := access_model.GetUserRepoPermission(ctx, pr.Issue.Repo, doer)
|
||||
permission, err := access_model.GetDoerRepoPermission(ctx, pr.Issue.Repo, doer)
|
||||
if err != nil {
|
||||
log.Error("models.GetUserRepoPermission: %v", err)
|
||||
log.Error("models.GetDoerRepoPermission: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -715,7 +715,7 @@ func (m *webhookNotifier) PullRequestChangeTargetBranch(ctx context.Context, doe
|
||||
|
||||
issue := pr.Issue
|
||||
|
||||
mode, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
mode, _ := access_model.GetIndividualUserRepoPermission(ctx, issue.Repo, issue.Poster)
|
||||
if err := PrepareWebhooks(ctx, EventSource{Repository: issue.Repo}, webhook_module.HookEventPullRequest, &api.PullRequestPayload{
|
||||
Action: api.HookIssueEdited,
|
||||
Index: issue.Index,
|
||||
@@ -753,9 +753,9 @@ func (m *webhookNotifier) PullRequestReview(ctx context.Context, pr *issues_mode
|
||||
return
|
||||
}
|
||||
|
||||
permission, err := access_model.GetUserRepoPermission(ctx, review.Issue.Repo, review.Issue.Poster)
|
||||
permission, err := access_model.GetIndividualUserRepoPermission(ctx, review.Issue.Repo, review.Issue.Poster)
|
||||
if err != nil {
|
||||
log.Error("models.GetUserRepoPermission: %v", err)
|
||||
log.Error("models.GetIndividualUserRepoPermission: %v", err)
|
||||
return
|
||||
}
|
||||
if err := PrepareWebhooks(ctx, EventSource{Repository: review.Issue.Repo}, reviewHookType, &api.PullRequestPayload{
|
||||
@@ -779,7 +779,7 @@ func (m *webhookNotifier) PullRequestReviewRequest(ctx context.Context, doer *us
|
||||
log.Warn("PullRequestReviewRequest: issue is not a pull request: %v", issue.ID)
|
||||
return
|
||||
}
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, issue.Repo, doer)
|
||||
if err := issue.LoadPullRequest(ctx); err != nil {
|
||||
log.Error("LoadPullRequest failed: %v", err)
|
||||
return
|
||||
@@ -857,7 +857,7 @@ func sendReleaseHook(ctx context.Context, doer *user_model.User, rel *repo_model
|
||||
return
|
||||
}
|
||||
|
||||
permission, _ := access_model.GetUserRepoPermission(ctx, rel.Repo, doer)
|
||||
permission, _ := access_model.GetDoerRepoPermission(ctx, rel.Repo, doer)
|
||||
if err := PrepareWebhooks(ctx, EventSource{Repository: rel.Repo}, webhook_module.HookEventRelease, &api.ReleasePayload{
|
||||
Action: action,
|
||||
Release: convert.ToAPIRelease(ctx, rel.Repo, rel),
|
||||
|
||||
Reference in New Issue
Block a user