@ -192,81 +192,87 @@ func reqBasicAuth() macaron.Handler {
// reqSiteAdmin user should be the site admin
func reqSiteAdmin ( ) macaron . Handler {
return func ( ctx * context . Context ) {
if ! ctx . IsSigned || ! ctx . User . IsAdmin {
if ! ctx . IsUserSiteAdmin ( ) {
ctx . Error ( 403 )
return
}
}
}
// reqOwner user should be the owner of the repo.
// reqOwner user should be the owner of the repo or site admin .
func reqOwner ( ) macaron . Handler {
return func ( ctx * context . Context ) {
if ! ctx . Repo . IsOwner ( ) {
if ! ctx . IsUserRepoOwner ( ) && ! ctx . IsUserSiteAdmin ( ) {
ctx . Error ( 403 )
return
}
}
}
// reqAdmin user should be an owner or a collaborator with admin write of a repository
// reqAdmin user should be an owner or a collaborator with admin write of a repository, or site admin
func reqAdmin ( ) macaron . Handler {
return func ( ctx * context . Context ) {
if ! ctx . Repo . IsAdmin ( ) {
if ! ctx . IsUserRepoAdmin ( ) && ! ctx . IsUserSite Admin ( ) {
ctx . Error ( 403 )
return
}
}
}
func reqRepoReader ( unitType models . UnitType ) macaron . Handler {
// reqRepoWriter user should have a permission to write to a repo, or be a site admin
func reqRepoWriter ( unitTypes ... models . UnitType ) macaron . Handler {
return func ( ctx * context . Context ) {
if ! ctx . Repo . CanRead ( unitType ) {
if ! ctx . IsUserRepoWriter ( unitTypes ) && ! ctx . IsUserRepoAdmin ( ) && ! ctx . IsUserSiteAdmin ( ) {
ctx . Error ( 403 )
return
}
}
}
func reqAnyRepoReader ( ) macaron . Handler {
// reqRepoReader user should have specific read permission or be a repo admin or a site admin
func reqRepoReader ( unitType models . UnitType ) macaron . Handler {
return func ( ctx * context . Context ) {
if ! ctx . Repo . HasAccess ( ) {
if ! ctx . IsUserRepoReaderSpecific ( unitType ) && ! ctx . IsUserRepoAdmin ( ) && ! ctx . IsUserSiteAdmin ( ) {
ctx . Error ( 403 )
return
}
}
}
func reqRepoWriter ( unitTypes ... models . UnitType ) macaron . Handler {
// reqAnyRepoReader user should have any permission to read repository or permissions of site admin
func reqAnyRepoReader ( ) macaron . Handler {
return func ( ctx * context . Context ) {
for _ , unitType := range unitTypes {
if ctx . Repo . CanWrite ( unitType ) {
return
}
if ! ctx . IsUserRepoReaderAny ( ) && ! ctx . IsUserSiteAdmin ( ) {
ctx . Error ( 403 )
return
}
ctx . Error ( 403 )
}
}
func reqOrgMembership ( ) macaron . Handler {
// reqOrgOwnership user should be an organization owner, or a site admin
func reqOrgOwnership ( ) macaron . Handler {
return func ( ctx * context . APIContext ) {
if ctx . Context . IsUserSiteAdmin ( ) {
return
}
var orgID int64
if ctx . Org . Organization != nil {
orgID = ctx . Org . Organization . ID
} else if ctx . Org . Team != nil {
orgID = ctx . Org . Team . OrgID
} else {
ctx . Error ( 500 , "" , "reqOrgMemb ership: unprepared context" )
ctx . Error ( 500 , "" , "reqOrgOwn ership: unprepared context" )
return
}
if isMember , err := models . IsOrganizationMember ( orgID , ctx . User . ID ) ; err != nil {
ctx . Error ( 500 , "IsOrganizationMember" , err )
isOwner , err := models . IsOrganizationOwner ( orgID , ctx . User . ID )
if err != nil {
ctx . Error ( 500 , "IsOrganizationOwner" , err )
return
} else if ! isMemb er {
} else if ! isOwn er {
if ctx . Org . Organization != nil {
ctx . Error ( 403 , "" , "Must be an organization memb er" )
ctx . Error ( 403 , "" , "Must be an organization own er" )
} else {
ctx . NotFound ( )
}
@ -275,24 +281,29 @@ func reqOrgMembership() macaron.Handler {
}
}
func reqOrgOwnership ( ) macaron . Handler {
// reqOrgMembership user should be an organization member, or a site admin
func reqOrgMembership ( ) macaron . Handler {
return func ( ctx * context . APIContext ) {
if ctx . Context . IsUserSiteAdmin ( ) {
return
}
var orgID int64
if ctx . Org . Organization != nil {
orgID = ctx . Org . Organization . ID
} else if ctx . Org . Team != nil {
orgID = ctx . Org . Team . OrgID
} else {
ctx . Error ( 500 , "" , "reqOrgOwn ership: unprepared context" )
ctx . Error ( 500 , "" , "reqOrgMemb ership: unprepared context" )
return
}
isOwn er, err := models . IsOrganizationOwn er ( orgID , ctx . User . ID )
if err != nil {
ctx . Error ( 500 , "IsOrganizationOwner" , err )
} else if ! isOwn er {
if isMemb er, err := models . IsOrganizationMemb er ( orgID , ctx . User . ID ) ; err != nil {
ctx . Error ( 500 , "IsOrganizationMember" , err )
return
} else if ! isMemb er {
if ctx . Org . Organization != nil {
ctx . Error ( 403 , "" , "Must be an organization own er" )
ctx . Error ( 403 , "" , "Must be an organization memb er" )
} else {
ctx . NotFound ( )
}