check access mode when change collobrators

lunny · lunny · commit 213fddb04352 · 2024-11-06T18:15:51.000-08:00
diff --git a/models/perm/access_mode.go b/models/perm/access_mode.go
@@ -60,3 +60,6 @@ func ParseAccessMode(permission string, allowed ...AccessMode) AccessMode {
 	}
 	return util.Iif(slices.Contains(allowed, m), m, AccessModeNone)
 }
+
+// ErrInvalidAccessMode is returned when an invalid access mode is used
+var ErrInvalidAccessMode = util.NewInvalidArgumentErrorf("Invalid access mode")
diff --git a/services/repository/collaboration.go b/services/repository/collaboration.go
@@ -18,6 +18,11 @@ import (
 )
 
 func AddOrUpdateCollaborator(ctx context.Context, repo *repo_model.Repository, u *user_model.User, mode perm.AccessMode) error {
+	// only allow valid access modes, read, write and admin
+	if mode < perm.AccessModeRead || mode > perm.AccessModeAdmin {
+		return perm.ErrInvalidAccessMode
+	}
+
 	if err := repo.LoadOwner(ctx); err != nil {
 		return err
 	}

Original file line number	Diff line number	Diff line change
`@@ -60,3 +60,6 @@ func ParseAccessMode(permission string, allowed ...AccessMode) AccessMode {`
`60`	`60`	`}`
`61`	`61`	`return util.Iif(slices.Contains(allowed, m), m, AccessModeNone)`
`62`	`62`	`}`
	`63`	`+`
	`64`	`+// ErrInvalidAccessMode is returned when an invalid access mode is used`
	`65`	`+var ErrInvalidAccessMode = util.NewInvalidArgumentErrorf("Invalid access mode")`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,11 @@ import (`
`18`	`18`	`)`
`19`	`19`
`20`	`20`	`func AddOrUpdateCollaborator(ctx context.Context, repo repo_model.Repository, u user_model.User, mode perm.AccessMode) error {`
	`21`	`+ // only allow valid access modes, read, write and admin`
	`22`	`+ if mode < perm.AccessModeRead \|\| mode > perm.AccessModeAdmin {`
	`23`	`+ return perm.ErrInvalidAccessMode`
	`24`	`+ }`
	`25`	`+`
`21`	`26`	`if err := repo.LoadOwner(ctx); err != nil {`
`22`	`27`	`return err`
`23`	`28`	`}`