strip duplicated auth in lfs model

ChristopherHX · ChristopherHX · commit 01e683169280 · 2025-10-22T01:25:09.000+02:00
diff --git a/models/git/lfs_lock.go b/models/git/lfs_lock.go
@@ -11,10 +11,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/perm"
-	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
-	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@@ -69,12 +66,8 @@ func (l *LFSLock) LoadOwner(ctx context.Context) error {
 }
 
 // CreateLFSLock creates a new lock.
-func CreateLFSLock(ctx context.Context, repo *repo_model.Repository, lock *LFSLock, taskID int64) (*LFSLock, error) {
+func CreateLFSLock(ctx context.Context, repo *repo_model.Repository, lock *LFSLock) (*LFSLock, error) {
 	return db.WithTx2(ctx, func(ctx context.Context) (*LFSLock, error) {
-		if err := CheckLFSAccessForRepo(ctx, lock.OwnerID, repo, perm.AccessModeWrite, taskID); err != nil {
-			return nil, err
-		}
-
 		lock.Path = util.PathJoinRel(lock.Path)
 		lock.RepoID = repo.ID
 
@@ -158,17 +151,13 @@ func CountLFSLockByRepoID(ctx context.Context, repoID int64) (int64, error) {
 }
 
 // DeleteLFSLockByID deletes a lock by given ID.
-func DeleteLFSLockByID(ctx context.Context, id int64, repo *repo_model.Repository, u *user_model.User, force bool, taskID int64) (*LFSLock, error) {
+func DeleteLFSLockByID(ctx context.Context, id int64, repo *repo_model.Repository, u *user_model.User, force bool) (*LFSLock, error) {
 	return db.WithTx2(ctx, func(ctx context.Context) (*LFSLock, error) {
 		lock, err := GetLFSLockByID(ctx, id)
 		if err != nil {
 			return nil, err
 		}
 
-		if err := CheckLFSAccessForRepo(ctx, u.ID, repo, perm.AccessModeWrite, taskID); err != nil {
-			return nil, err
-		}
-
 		if !force && u.ID != lock.OwnerID {
 			return nil, errors.New("user doesn't own lock and force flag is not set")
 		}
@@ -180,35 +169,3 @@ func DeleteLFSLockByID(ctx context.Context, id int64, repo *repo_model.Repositor
 		return lock, nil
 	})
 }
-
-// CheckLFSAccessForRepo check needed access mode base on action
-func CheckLFSAccessForRepo(ctx context.Context, ownerID int64, repo *repo_model.Repository, mode perm.AccessMode, taskID int64) error {
-	if ownerID == 0 {
-		return ErrLFSUnauthorizedAction{repo.ID, "undefined", mode}
-	}
-	if ownerID == user_model.ActionsUserID {
-		if taskID == 0 {
-			return ErrLFSUnauthorizedAction{repo.ID, user_model.ActionsUserName, mode}
-		}
-		perm, err := access_model.GetActionsUserRepoPermission(ctx, repo, user_model.NewActionsUser(), taskID)
-		if err != nil {
-			return err
-		}
-		if !perm.CanAccess(mode, unit.TypeCode) {
-			return ErrLFSUnauthorizedAction{repo.ID, user_model.ActionsUserName, mode}
-		}
-		return nil
-	}
-	u, err := user_model.GetUserByID(ctx, ownerID)
-	if err != nil {
-		return err
-	}
-	perm, err := access_model.GetUserRepoPermission(ctx, repo, u)
-	if err != nil {
-		return err
-	}
-	if !perm.CanAccess(mode, unit.TypeCode) {
-		return ErrLFSUnauthorizedAction{repo.ID, u.DisplayName(), mode}
-	}
-	return nil
-}
diff --git a/routers/web/repo/setting/lfs.go b/routers/web/repo/setting/lfs.go
@@ -198,7 +198,7 @@ func LFSLockFile(ctx *context.Context) {
 	_, err := git_model.CreateLFSLock(ctx, ctx.Repo.Repository, &git_model.LFSLock{
 		Path:    lockPath,
 		OwnerID: ctx.Doer.ID,
-	}, 0)
+	})
 	if err != nil {
 		if git_model.IsErrLFSLockAlreadyExist(err) {
 			ctx.Flash.Error(ctx.Tr("repo.settings.lfs_lock_already_exists", originalPath))
@@ -217,7 +217,7 @@ func LFSUnlock(ctx *context.Context) {
 		ctx.NotFound(nil)
 		return
 	}
-	_, err := git_model.DeleteLFSLockByID(ctx, ctx.PathParamInt64("lid"), ctx.Repo.Repository, ctx.Doer, true, 0)
+	_, err := git_model.DeleteLFSLockByID(ctx, ctx.PathParamInt64("lid"), ctx.Repo.Repository, ctx.Doer, true)
 	if err != nil {
 		ctx.ServerError("LFSUnlock", err)
 		return
diff --git a/services/lfs/locks.go b/services/lfs/locks.go
@@ -175,16 +175,10 @@ func PostLockHandler(ctx *context.Context) {
 		return
 	}
 
-	var taskID int64
-	// Passing a non zero Actions Task ID as parameter if creating lock using Actions Job Token
-	if ctx.Data["IsActionsToken"] == true {
-		taskID = ctx.Data["ActionsTaskID"].(int64)
-	}
-
 	lock, err := git_model.CreateLFSLock(ctx, repository, &git_model.LFSLock{
 		Path:    req.Path,
 		OwnerID: ctx.Doer.ID,
-	}, taskID)
+	})
 	if err != nil {
 		if git_model.IsErrLFSLockAlreadyExist(err) {
 			ctx.JSON(http.StatusConflict, api.LFSLockError{
@@ -321,13 +315,7 @@ func UnLockHandler(ctx *context.Context) {
 		return
 	}
 
-	var taskID int64
-	// Passing a non zero Actions Task ID as parameter if deleting lock using Actions Job Token
-	if ctx.Data["IsActionsToken"] == true {
-		taskID = ctx.Data["ActionsTaskID"].(int64)
-	}
-
-	lock, err := git_model.DeleteLFSLockByID(ctx, ctx.PathParamInt64("lid"), repository, ctx.Doer, req.Force, taskID)
+	lock, err := git_model.DeleteLFSLockByID(ctx, ctx.PathParamInt64("lid"), repository, ctx.Doer, req.Force)
 	if err != nil {
 		if git_model.IsErrLFSUnauthorizedAction(err) {
 			ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="gitea-lfs"`)
