finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix org visibility bug when git cloning (#6743)

Browse source 
* fix org visibility bug

* fix permission check

* add integration tests

* fix tests

* change test user name for easier maintainance and fix test

* fix test git repo name
This commit is contained in:
Lunny Xiao 2019-04-26 02:59:10 +08:00 committed by Lauris BH
parent e8f4c7733a
commit 199faadea3
87 changed files with 2865 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

84
models/fixtures/repo_unit.yml
View file

@ -291,3 +291,87 @@
type: 3
config: "{\"IgnoreWhitespaceConflicts\":false,\"AllowMerge\":true,\"AllowRebase\":true,\"AllowRebaseMerge\":true,\"AllowSquash\":true}"
created_unix: 946684810
-
id: 43
repo_id: 38
type: 1
config: "{}"
created_unix: 946684810
-
id: 44
repo_id: 38
type: 2
config: "{\"EnableTimetracker\":true,\"AllowOnlyContributorsToTrackTime\":true}"
created_unix: 946684810
-
id: 45
repo_id: 38
type: 3
config: "{\"IgnoreWhitespaceConflicts\":false,\"AllowMerge\":true,\"AllowRebase\":true,\"AllowRebaseMerge\":true,\"AllowSquash\":true}"
created_unix: 946684810
-
id: 46
repo_id: 39
type: 1
config: "{}"
created_unix: 946684810
-
id: 47
repo_id: 39
type: 2
config: "{\"EnableTimetracker\":true,\"AllowOnlyContributorsToTrackTime\":true}"
created_unix: 946684810
-
id: 48
repo_id: 39
type: 3
config: "{\"IgnoreWhitespaceConflicts\":false,\"AllowMerge\":true,\"AllowRebase\":true,\"AllowRebaseMerge\":true,\"AllowSquash\":true}"
created_unix: 946684810
-
id: 49
repo_id: 40
type: 1
config: "{}"
created_unix: 946684810
-
id: 50
repo_id: 40
type: 2
config: "{\"EnableTimetracker\":true,\"AllowOnlyContributorsToTrackTime\":true}"
created_unix: 946684810
-
id: 51
repo_id: 40
type: 3
config: "{\"IgnoreWhitespaceConflicts\":false,\"AllowMerge\":true,\"AllowRebase\":true,\"AllowRebaseMerge\":true,\"AllowSquash\":true}"
created_unix: 946684810
-
id: 52
repo_id: 41
type: 1
config: "{}"
created_unix: 946684810
-
id: 53
repo_id: 41
type: 2
config: "{\"EnableTimetracker\":true,\"AllowOnlyContributorsToTrackTime\":true}"
created_unix: 946684810
-
id: 54
repo_id: 41
type: 3
config: "{\"IgnoreWhitespaceConflicts\":false,\"AllowMerge\":true,\"AllowRebase\":true,\"AllowRebaseMerge\":true,\"AllowSquash\":true}"
created_unix: 946684810

44
models/fixtures/repository.yml
View file

@ -452,3 +452,47 @@
num_forks: 0
num_issues: 0
is_mirror: false
-
id: 38
owner_id: 22
lower_name: public_repo_on_limited_org
name: public_repo_on_limited_org
is_private: false
num_stars: 0
num_forks: 0
num_issues: 0
is_mirror: false
-
id: 39
owner_id: 22
lower_name: private_repo_on_limited_org
name: private_repo_on_limited_org
is_private: true
num_stars: 0
num_forks: 0
num_issues: 0
is_mirror: false
-
id: 40
owner_id: 23
lower_name: public_repo_on_private_org
name: public_repo_on_private_org
is_private: false
num_stars: 0
num_forks: 0
num_issues: 0
is_mirror: false
-
id: 41
owner_id: 23
lower_name: private_repo_on_private_org
name: private_repo_on_private_org
is_private: true
num_stars: 0
num_forks: 0
num_issues: 0
is_mirror: false

36
models/fixtures/user.yml
View file

@ -330,3 +330,39 @@
avatar_email: user21@example.com
num_repos: 2
is_active: true
-
id: 22
lower_name: limited_org
name: limited_org
full_name: Limited Org
email: limited_org@example.com
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
type: 1 # organization
salt: ZogKvWdyEx
is_admin: false
avatar: avatar22
avatar_email: limited_org@example.com
num_repos: 2
is_active: true
num_members: 0
num_teams: 0
visibility: 1
-
id: 23
lower_name: privated_org
name: privated_org
full_name: Privated Org
email: privated_org@example.com
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
type: 1 # organization
salt: ZogKvWdyEx
is_admin: false
avatar: avatar23
avatar_email: privated_org@example.com
num_repos: 2
is_active: true
num_members: 0
num_teams: 0
visibility: 2

6
models/org.go
View file

@ -370,6 +370,10 @@ func getOwnedOrgsByUserID(sess *xorm.Session, userID int64) ([]*User, error) {
// HasOrgVisible tells if the given user can see the given org
func HasOrgVisible(org *User, user *User) bool {
return hasOrgVisible(x, org, user)
}
func hasOrgVisible(e Engine, org *User, user *User) bool {
// Not SignedUser
if user == nil {
if org.Visibility == structs.VisibleTypePublic {
@ -382,7 +386,7 @@ func HasOrgVisible(org *User, user *User) bool {
return true
}
if org.Visibility == structs.VisibleTypePrivate && !org.IsUserPartOfOrg(user.ID) {
if org.Visibility == structs.VisibleTypePrivate && !org.isUserPartOfOrg(e, user.ID) {
return false
}
return true

2
models/repo_list_test.go
View file

@ -150,7 +150,7 @@ func TestSearchRepositoryByName(t *testing.T) {
count: 21},
{name: "AllPublic/PublicAndPrivateRepositoriesOfUserIncludingCollaborative",
opts: &SearchRepoOptions{Page: 1, PageSize: 10, OwnerID: 15, Private: true, AllPublic: true},
count: 25},
count: 26},
{name: "AllPublic/PublicAndPrivateRepositoriesOfUserIncludingCollaborativeByName",
opts: &SearchRepoOptions{Keyword: "test", Page: 1, PageSize: 10, OwnerID: 15, Private: true, AllPublic: true},
count: 15},

9
models/repo_permission.go
View file

@ -164,6 +164,15 @@ func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permiss
return
}
if repo.Owner == nil {
repo.mustOwner(e)
}
if repo.Owner.IsOrganization() && !HasOrgVisible(repo.Owner, user) {
perm.AccessMode = AccessModeNone
return
}
if err = repo.getUnits(e); err != nil {
return
}

6
models/user.go
View file

@ -538,7 +538,11 @@ func (u *User) IsUserOrgOwner(orgID int64) bool {
// IsUserPartOfOrg returns true if user with userID is part of the u organisation.
func (u *User) IsUserPartOfOrg(userID int64) bool {
isMember, err := IsOrganizationMember(u.ID, userID)
return u.isUserPartOfOrg(x, userID)
}
func (u *User) isUserPartOfOrg(e Engine, userID int64) bool {
isMember, err := isOrganizationMember(e, u.ID, userID)
if err != nil {
log.Error("IsOrganizationMember: %v", err)
return false