| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151 |
- // Copyright 2014 The Gogs Authors. All rights reserved.
- // Use of this source code is governed by a MIT-style
- // license that can be found in the LICENSE file.
- package models
- type AccessMode int
- const (
- ACCESS_MODE_NONE AccessMode = iota
- ACCESS_MODE_READ
- ACCESS_MODE_WRITE
- ACCESS_MODE_ADMIN
- ACCESS_MODE_OWNER
- )
- func maxAccessMode(modes ...AccessMode) AccessMode {
- max := ACCESS_MODE_NONE
- for _, mode := range modes {
- if mode > max {
- max = mode
- }
- }
- return max
- }
- // Access represents the highest access level of a user to the repository. The only access type
- // that is not in this table is the real owner of a repository. In case of an organization
- // repository, the members of the owners team are in this table.
- type Access struct {
- ID int64 `xorm:"pk autoincr"`
- UserID int64 `xorm:"UNIQUE(s)"`
- RepoID int64 `xorm:"UNIQUE(s)"`
- Mode AccessMode
- }
- // HasAccess returns true if someone has the request access level. User can be nil!
- func HasAccess(u *User, r *Repository, testMode AccessMode) (bool, error) {
- mode, err := AccessLevel(u, r)
- return testMode <= mode, err
- }
- // Return the Access a user has to a repository. Will return NoneAccess if the
- // user does not have access. User can be nil!
- func AccessLevel(u *User, r *Repository) (AccessMode, error) {
- mode := ACCESS_MODE_NONE
- if !r.IsPrivate {
- mode = ACCESS_MODE_READ
- }
- if u != nil {
- if u.Id == r.OwnerId {
- return ACCESS_MODE_OWNER, nil
- }
- a := &Access{UserID: u.Id, RepoID: r.Id}
- if has, err := x.Get(a); !has || err != nil {
- return mode, err
- }
- return a.Mode, nil
- }
- return mode, nil
- }
- // GetAccessibleRepositories finds all repositories where a user has access to,
- // besides his own.
- func (u *User) GetAccessibleRepositories() (map[*Repository]AccessMode, error) {
- accesses := make([]*Access, 0, 10)
- if err := x.Find(&accesses, &Access{UserID: u.Id}); err != nil {
- return nil, err
- }
- repos := make(map[*Repository]AccessMode, len(accesses))
- for _, access := range accesses {
- repo, err := GetRepositoryById(access.RepoID)
- if err != nil {
- return nil, err
- }
- if err = repo.GetOwner(); err != nil {
- return nil, err
- } else if repo.OwnerId == u.Id {
- continue
- }
- repos[repo] = access.Mode
- }
- return repos, nil
- }
- // Recalculate all accesses for repository
- func (r *Repository) RecalcAccessSess() error {
- accessMap := make(map[int64]AccessMode, 20)
- // Give all collaborators write access
- collaborators, err := r.GetCollaborators()
- if err != nil {
- return err
- }
- for _, c := range collaborators {
- accessMap[c.Id] = ACCESS_MODE_WRITE
- }
- if err := r.GetOwner(); err != nil {
- return err
- }
- if r.Owner.IsOrganization() {
- if err = r.Owner.GetTeams(); err != nil {
- return err
- }
- for _, team := range r.Owner.Teams {
- if !(team.IsOwnerTeam() || team.HasRepository(r)) {
- continue
- }
- if err = team.GetMembers(); err != nil {
- return err
- }
- for _, u := range team.Members {
- accessMap[u.Id] = maxAccessMode(accessMap[u.Id], team.Authorize)
- }
- }
- }
- minMode := ACCESS_MODE_READ
- if !r.IsPrivate {
- minMode = ACCESS_MODE_WRITE
- }
- newAccesses := make([]Access, 0, len(accessMap))
- for userID, mode := range accessMap {
- if userID == r.OwnerId || mode <= minMode {
- continue
- }
- newAccesses = append(newAccesses, Access{UserID: userID, RepoID: r.Id, Mode: mode})
- }
- // Delete old accesses for repository
- if _, err = x.Delete(&Access{RepoID: r.Id}); err != nil {
- return err
- }
- // And insert the new ones
- if _, err = x.Insert(newAccesses); err != nil {
- return err
- }
- return nil
- }
|
