Skip to content

Commit

Permalink
Refactor and fix incorrect comment (#1247)
Browse files Browse the repository at this point in the history
  • Loading branch information
ethantkoenig authored and lunny committed Mar 15, 2017
1 parent 7d8f9d1 commit ec0ae5d
Show file tree
Hide file tree
Showing 20 changed files with 74 additions and 84 deletions.
2 changes: 1 addition & 1 deletion cmd/serv.go
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ func runServ(c *cli.Context) error {
fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
}

mode, err := models.AccessLevel(user, repo)
mode, err := models.AccessLevel(user.ID, repo)
if err != nil {
fail("Internal error", "Failed to check access: %v", err)
} else if mode < requestedMode {
Expand Down
24 changes: 12 additions & 12 deletions models/access.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,41 +59,41 @@ type Access struct {
Mode AccessMode
}

func accessLevel(e Engine, user *User, repo *Repository) (AccessMode, error) {
func accessLevel(e Engine, userID int64, repo *Repository) (AccessMode, error) {
mode := AccessModeNone
if !repo.IsPrivate {
mode = AccessModeRead
}

if user == nil {
if userID == 0 {
return mode, nil
}

if user.ID == repo.OwnerID {
if userID == repo.OwnerID {
return AccessModeOwner, nil
}

a := &Access{UserID: user.ID, RepoID: repo.ID}
a := &Access{UserID: userID, RepoID: repo.ID}
if has, err := e.Get(a); !has || err != nil {
return mode, err
}
return a.Mode, nil
}

// AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
// user does not have access. User can be nil!
func AccessLevel(user *User, repo *Repository) (AccessMode, error) {
return accessLevel(x, user, repo)
// user does not have access.
func AccessLevel(userID int64, repo *Repository) (AccessMode, error) {
return accessLevel(x, userID, repo)
}

func hasAccess(e Engine, user *User, repo *Repository, testMode AccessMode) (bool, error) {
mode, err := accessLevel(e, user, repo)
func hasAccess(e Engine, userID int64, repo *Repository, testMode AccessMode) (bool, error) {
mode, err := accessLevel(e, userID, repo)
return testMode <= mode, err
}

// HasAccess returns true if someone has the request access level. User can be nil!
func HasAccess(user *User, repo *Repository, testMode AccessMode) (bool, error) {
return hasAccess(x, user, repo, testMode)
// HasAccess returns true if user has access to repo
func HasAccess(userID int64, repo *Repository, testMode AccessMode) (bool, error) {
return hasAccess(x, userID, repo, testMode)
}

type repoAccess struct {
Expand Down
16 changes: 8 additions & 8 deletions models/access_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,19 +25,19 @@ func TestAccessLevel(t *testing.T) {
repo1 := AssertExistsAndLoadBean(t, &Repository{OwnerID: 2, IsPrivate: false}).(*Repository)
repo2 := AssertExistsAndLoadBean(t, &Repository{OwnerID: 3, IsPrivate: true}).(*Repository)

level, err := AccessLevel(user1, repo1)
level, err := AccessLevel(user1.ID, repo1)
assert.NoError(t, err)
assert.Equal(t, AccessModeOwner, level)

level, err = AccessLevel(user1, repo2)
level, err = AccessLevel(user1.ID, repo2)
assert.NoError(t, err)
assert.Equal(t, AccessModeWrite, level)

level, err = AccessLevel(user2, repo1)
level, err = AccessLevel(user2.ID, repo1)
assert.NoError(t, err)
assert.Equal(t, AccessModeRead, level)

level, err = AccessLevel(user2, repo2)
level, err = AccessLevel(user2.ID, repo2)
assert.NoError(t, err)
assert.Equal(t, AccessModeNone, level)
}
Expand All @@ -51,19 +51,19 @@ func TestHasAccess(t *testing.T) {
repo2 := AssertExistsAndLoadBean(t, &Repository{OwnerID: 3, IsPrivate: true}).(*Repository)

for _, accessMode := range accessModes {
has, err := HasAccess(user1, repo1, accessMode)
has, err := HasAccess(user1.ID, repo1, accessMode)
assert.NoError(t, err)
assert.True(t, has)

has, err = HasAccess(user1, repo2, accessMode)
has, err = HasAccess(user1.ID, repo2, accessMode)
assert.NoError(t, err)
assert.Equal(t, accessMode <= AccessModeWrite, has)

has, err = HasAccess(user2, repo1, accessMode)
has, err = HasAccess(user2.ID, repo1, accessMode)
assert.NoError(t, err)
assert.Equal(t, accessMode <= AccessModeRead, has)

has, err = HasAccess(user2, repo2, accessMode)
has, err = HasAccess(user2.ID, repo2, accessMode)
assert.NoError(t, err)
assert.Equal(t, accessMode <= AccessModeNone, has)
}
Expand Down
27 changes: 9 additions & 18 deletions models/issue.go
Original file line number Diff line number Diff line change
Expand Up @@ -374,7 +374,7 @@ func (issue *Issue) RemoveLabel(doer *User, label *Label) error {
return err
}

if has, err := HasAccess(doer, issue.Repo, AccessModeWrite); err != nil {
if has, err := HasAccess(doer.ID, issue.Repo, AccessModeWrite); err != nil {
return err
} else if !has {
return ErrLabelNotExist{}
Expand Down Expand Up @@ -415,7 +415,7 @@ func (issue *Issue) ClearLabels(doer *User) (err error) {
return err
}

if has, err := hasAccess(sess, doer, issue.Repo, AccessModeWrite); err != nil {
if has, err := hasAccess(sess, doer.ID, issue.Repo, AccessModeWrite); err != nil {
return err
} else if !has {
return ErrLabelNotExist{}
Expand Down Expand Up @@ -809,23 +809,14 @@ func newIssue(e *xorm.Session, doer *User, opts NewIssueOptions) (err error) {
}
}

if opts.Issue.AssigneeID > 0 {
assignee, err := getUserByID(e, opts.Issue.AssigneeID)
if err != nil && !IsErrUserNotExist(err) {
return fmt.Errorf("getUserByID: %v", err)
if assigneeID := opts.Issue.AssigneeID; assigneeID > 0 {
valid, err := hasAccess(e, assigneeID, opts.Repo, AccessModeWrite)
if err != nil {
return fmt.Errorf("hasAccess [user_id: %d, repo_id: %d]: %v", assigneeID, opts.Repo.ID, err)
}

// Assume assignee is invalid and drop silently.
opts.Issue.AssigneeID = 0
if assignee != nil {
valid, err := hasAccess(e, assignee, opts.Repo, AccessModeWrite)
if err != nil {
return fmt.Errorf("hasAccess [user_id: %d, repo_id: %d]: %v", assignee.ID, opts.Repo.ID, err)
}
if valid {
opts.Issue.AssigneeID = assignee.ID
opts.Issue.Assignee = assignee
}
if !valid {
opts.Issue.AssigneeID = 0
opts.Issue.Assignee = nil
}
}

Expand Down
34 changes: 20 additions & 14 deletions models/org_team.go
Original file line number Diff line number Diff line change
Expand Up @@ -139,18 +139,19 @@ func (t *Team) removeRepository(e Engine, repo *Repository, recalculate bool) (e
}
}

if err = t.getMembers(e); err != nil {
return fmt.Errorf("get team members: %v", err)
teamUsers, err := getTeamUsersByTeamID(e, t.ID)
if err != nil {
return fmt.Errorf("getTeamUsersByTeamID: %v", err)
}
for _, u := range t.Members {
has, err := hasAccess(e, u, repo, AccessModeRead)
for _, teamUser:= range teamUsers {
has, err := hasAccess(e, teamUser.UID, repo, AccessModeRead)
if err != nil {
return err
} else if has {
continue
}

if err = watchRepo(e, u.ID, repo.ID, false); err != nil {
if err = watchRepo(e, teamUser.UID, repo.ID, false); err != nil {
return err
}
}
Expand Down Expand Up @@ -399,20 +400,25 @@ func IsTeamMember(orgID, teamID, userID int64) bool {
return isTeamMember(x, orgID, teamID, userID)
}

func getTeamMembers(e Engine, teamID int64) (_ []*User, err error) {
func getTeamUsersByTeamID(e Engine, teamID int64) ([]*TeamUser, error) {
teamUsers := make([]*TeamUser, 0, 10)
if err = e.
return teamUsers, e.
Where("team_id=?", teamID).
Find(&teamUsers); err != nil {
Find(&teamUsers)
}

func getTeamMembers(e Engine, teamID int64) (_ []*User, err error) {
teamUsers, err := getTeamUsersByTeamID(e, teamID)
if err != nil {
return nil, fmt.Errorf("get team-users: %v", err)
}
members := make([]*User, 0, len(teamUsers))
for i := range teamUsers {
member := new(User)
if _, err = e.Id(teamUsers[i].UID).Get(member); err != nil {
return nil, fmt.Errorf("get user '%d': %v", teamUsers[i].UID, err)
members := make([]*User, len(teamUsers))
for i, teamUser := range teamUsers {
member, err := getUserByID(e, teamUser.UID)
if err != nil {
return nil, fmt.Errorf("get user '%d': %v", teamUser.UID, err)
}
members = append(members, member)
members[i] = member
}
return members, nil
}
Expand Down
2 changes: 1 addition & 1 deletion models/org_team_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,7 @@ func TestDeleteTeam(t *testing.T) {
// check that team members don't have "leftover" access to repos
user := AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)
repo := AssertExistsAndLoadBean(t, &Repository{ID: 3}).(*Repository)
accessMode, err := AccessLevel(user, repo)
accessMode, err := AccessLevel(user.ID, repo)
assert.NoError(t, err)
assert.True(t, accessMode < AccessModeWrite)
}
Expand Down
2 changes: 1 addition & 1 deletion models/release.go
Original file line number Diff line number Diff line change
Expand Up @@ -365,7 +365,7 @@ func DeleteReleaseByID(id int64, u *User, delTag bool) error {
return fmt.Errorf("GetRepositoryByID: %v", err)
}

has, err := HasAccess(u, repo, AccessModeWrite)
has, err := HasAccess(u.ID, repo, AccessModeWrite)
if err != nil {
return fmt.Errorf("HasAccess: %v", err)
} else if !has {
Expand Down
2 changes: 1 addition & 1 deletion models/repo.go
Original file line number Diff line number Diff line change
Expand Up @@ -531,7 +531,7 @@ func (repo *Repository) ComposeCompareURL(oldCommitID, newCommitID string) strin

// HasAccess returns true when user has access to this repository
func (repo *Repository) HasAccess(u *User) bool {
has, _ := HasAccess(u, repo, AccessModeRead)
has, _ := HasAccess(u.ID, repo, AccessModeRead)
return has
}

Expand Down
2 changes: 1 addition & 1 deletion models/ssh_key.go
Original file line number Diff line number Diff line change
Expand Up @@ -794,7 +794,7 @@ func DeleteDeployKey(doer *User, id int64) error {
if err != nil {
return fmt.Errorf("GetRepositoryByID: %v", err)
}
yes, err := HasAccess(doer, repo, AccessModeAdmin)
yes, err := HasAccess(doer.ID, repo, AccessModeAdmin)
if err != nil {
return fmt.Errorf("HasAccess: %v", err)
} else if !yes {
Expand Down
6 changes: 3 additions & 3 deletions models/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -478,7 +478,7 @@ func (u *User) DeleteAvatar() error {

// IsAdminOfRepo returns true if user has admin or higher access of repository.
func (u *User) IsAdminOfRepo(repo *Repository) bool {
has, err := HasAccess(u, repo, AccessModeAdmin)
has, err := HasAccess(u.ID, repo, AccessModeAdmin)
if err != nil {
log.Error(3, "HasAccess: %v", err)
}
Expand All @@ -487,7 +487,7 @@ func (u *User) IsAdminOfRepo(repo *Repository) bool {

// IsWriterOfRepo returns true if user has write access to given repository.
func (u *User) IsWriterOfRepo(repo *Repository) bool {
has, err := HasAccess(u, repo, AccessModeWrite)
has, err := HasAccess(u.ID, repo, AccessModeWrite)
if err != nil {
log.Error(3, "HasAccess: %v", err)
}
Expand Down Expand Up @@ -1103,7 +1103,7 @@ func GetUserByID(id int64) (*User, error) {

// GetAssigneeByID returns the user with write access of repository by given ID.
func GetAssigneeByID(repo *Repository, userID int64) (*User, error) {
has, err := HasAccess(&User{ID: userID}, repo, AccessModeWrite)
has, err := HasAccess(userID, repo, AccessModeWrite)
if err != nil {
return nil, err
} else if !has {
Expand Down
2 changes: 1 addition & 1 deletion modules/context/repo.go
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,7 @@ func RepoAssignment(args ...bool) macaron.Handler {
if ctx.IsSigned && ctx.User.IsAdmin {
ctx.Repo.AccessMode = models.AccessModeOwner
} else {
mode, err := models.AccessLevel(ctx.User, repo)
mode, err := models.AccessLevel(ctx.User.ID, repo)
if err != nil {
ctx.Handle(500, "AccessLevel", err)
return
Expand Down
4 changes: 2 additions & 2 deletions modules/lfs/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -463,7 +463,7 @@ func authenticate(ctx *context.Context, repository *models.Repository, authoriza
}

if ctx.IsSigned {
accessCheck, _ := models.HasAccess(ctx.User, repository, accessMode)
accessCheck, _ := models.HasAccess(ctx.User.ID, repository, accessMode)
return accessCheck
}

Expand Down Expand Up @@ -499,7 +499,7 @@ func authenticate(ctx *context.Context, repository *models.Repository, authoriza
return false
}

accessCheck, _ := models.HasAccess(userModel, repository, accessMode)
accessCheck, _ := models.HasAccess(userModel.ID, repository, accessMode)
return accessCheck
}

Expand Down
2 changes: 1 addition & 1 deletion routers/api/v1/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ func repoAssignment() macaron.Handler {
if ctx.IsSigned && ctx.User.IsAdmin {
ctx.Repo.AccessMode = models.AccessModeOwner
} else {
mode, err := models.AccessLevel(ctx.User, repo)
mode, err := models.AccessLevel(ctx.User.ID, repo)
if err != nil {
ctx.Error(500, "AccessLevel", err)
return
Expand Down
6 changes: 3 additions & 3 deletions routers/api/v1/org/team.go
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ func GetTeamRepos(ctx *context.APIContext) {
}
repos := make([]*api.Repository, len(team.Repos))
for i, repo := range team.Repos {
access, err := models.AccessLevel(ctx.User, repo)
access, err := models.AccessLevel(ctx.User.ID, repo)
if err != nil {
ctx.Error(500, "GetTeamRepos", err)
return
Expand Down Expand Up @@ -161,7 +161,7 @@ func AddTeamRepository(ctx *context.APIContext) {
if ctx.Written() {
return
}
if access, err := models.AccessLevel(ctx.User, repo); err != nil {
if access, err := models.AccessLevel(ctx.User.ID, repo); err != nil {
ctx.Error(500, "AccessLevel", err)
return
} else if access < models.AccessModeAdmin {
Expand All @@ -181,7 +181,7 @@ func RemoveTeamRepository(ctx *context.APIContext) {
if ctx.Written() {
return
}
if access, err := models.AccessLevel(ctx.User, repo); err != nil {
if access, err := models.AccessLevel(ctx.User.ID, repo); err != nil {
ctx.Error(500, "AccessLevel", err)
return
} else if access < models.AccessModeAdmin {
Expand Down
2 changes: 1 addition & 1 deletion routers/api/v1/repo/fork.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ func ListForks(ctx *context.APIContext) {
}
apiForks := make([]*api.Repository, len(forks))
for i, fork := range forks {
access, err := models.AccessLevel(ctx.User, fork)
access, err := models.AccessLevel(ctx.User.ID, fork)
if err != nil {
ctx.Error(500, "AccessLevel", err)
return
Expand Down
2 changes: 1 addition & 1 deletion routers/api/v1/repo/release.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ func ListReleases(ctx *context.APIContext) {
return
}
rels := make([]*api.Release, len(releases))
access, err := models.AccessLevel(ctx.User, ctx.Repo.Repository)
access, err := models.AccessLevel(ctx.User.ID, ctx.Repo.Repository)
if err != nil {
ctx.Error(500, "AccessLevel", err)
return
Expand Down
6 changes: 3 additions & 3 deletions routers/api/v1/repo/repo.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ func Search(ctx *context.APIContext) {
})
return
}
accessMode, err := models.AccessLevel(ctx.User, repo)
accessMode, err := models.AccessLevel(ctx.User.ID, repo)
if err != nil {
ctx.JSON(500, map[string]interface{}{
"ok": false,
Expand Down Expand Up @@ -218,7 +218,7 @@ func Migrate(ctx *context.APIContext, form auth.MigrateRepoForm) {
// see https://github.com/gogits/go-gogs-client/wiki/Repositories#get
func Get(ctx *context.APIContext) {
repo := ctx.Repo.Repository
access, err := models.AccessLevel(ctx.User, repo)
access, err := models.AccessLevel(ctx.User.ID, repo)
if err != nil {
ctx.Error(500, "GetRepository", err)
return
Expand All @@ -238,7 +238,7 @@ func GetByID(ctx *context.APIContext) {
return
}

access, err := models.AccessLevel(ctx.User, repo)
access, err := models.AccessLevel(ctx.User.ID, repo)
if err != nil {
ctx.Error(500, "GetRepositoryByID", err)
return
Expand Down
Loading

0 comments on commit ec0ae5d

Please sign in to comment.