Skip to content

Commit 14f6e4c

Browse files
ascandellaascandella
committed
start on API perms
1 parent a860b3e commit 14f6e4c

File tree

2 files changed

+38
-2
lines changed

2 files changed

+38
-2
lines changed

routers/api/v1/api.go

Lines changed: 26 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -432,6 +432,18 @@ func reqRepoWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) {
432432
}
433433
}
434434

435+
// reqRepoCommitStatusWriter user should have a permission to write to commit
436+
// statuses, or write to a repo, or be a site admin
437+
func reqRepoCommitStatusWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) {
438+
return func(ctx *context.APIContext) {
439+
// TODO
440+
if !ctx.IsUserRepoWriter(unitTypes) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() {
441+
ctx.Error(http.StatusForbidden, "reqRepoCommitStatusWriter", "user should have a permission to write to a repo")
442+
return
443+
}
444+
}
445+
}
446+
435447
// reqRepoBranchWriter user should have a permission to write to a branch, or be a site admin
436448
func reqRepoBranchWriter(ctx *context.APIContext) {
437449
options, ok := web.GetForm(ctx).(api.FileOptionInterface)
@@ -451,6 +463,18 @@ func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) {
451463
}
452464
}
453465

466+
// reqRepoReader user should have specific commit status read permission, or
467+
// repo read permission, or be a repo admin or a site admin
468+
func reqRepoCommitStatusReader(unitType unit.Type) func(ctx *context.APIContext) {
469+
return func(ctx *context.APIContext) {
470+
// TODO
471+
if !ctx.Repo.CanRead(unitType) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() {
472+
ctx.Error(http.StatusForbidden, "reqRepoCommitStatusReader", "user should have specific read permission or be a repo admin or a site admin")
473+
return
474+
}
475+
}
476+
}
477+
454478
// reqAnyRepoReader user should have any permission to read repository or permissions of site admin
455479
func reqAnyRepoReader() func(ctx *context.APIContext) {
456480
return func(ctx *context.APIContext) {
@@ -1323,8 +1347,8 @@ func Routes() *web.Router {
13231347
}, mustAllowPulls, reqRepoReader(unit.TypeCode), context.ReferencesGitRepo())
13241348
m.Group("/statuses", func() {
13251349
m.Combo("/{sha}").Get(repo.GetCommitStatuses).
1326-
Post(reqToken(), reqRepoWriter(unit.TypeCode), bind(api.CreateStatusOption{}), repo.NewCommitStatus)
1327-
}, reqRepoReader(unit.TypeCode))
1350+
Post(reqToken(), reqRepoCommitStatusWriter(unit.TypeCode), bind(api.CreateStatusOption{}), repo.NewCommitStatus)
1351+
}, reqRepoCommitStatusReader(unit.TypeCode))
13281352
m.Group("/commits", func() {
13291353
m.Get("", context.ReferencesGitRepo(), repo.GetAllCommits)
13301354
m.Group("/{ref}", func() {

services/context/api.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -388,3 +388,15 @@ func (ctx *APIContext) IsUserRepoWriter(unitTypes []unit.Type) bool {
388388

389389
return false
390390
}
391+
392+
// IsUserRepoWriter returns true if current user has write commit status privilege in current repo
393+
func (ctx *APIContext) IsUserCommitStatusWriter(unitTypes []unit.Type) bool {
394+
for _, unitType := range unitTypes {
395+
// TODO
396+
if ctx.Repo.CanWrite(unitType) {
397+
return true
398+
}
399+
}
400+
401+
return false
402+
}

0 commit comments

Comments
 (0)