Also support new/upload/patch/delete operations, refactor permissions

Author: brechtvl

models/repo/repo.go

@@ -644,7 +644,7 @@ func (repo *Repository) AllowsPulls(ctx context.Context) bool {
 
 // CanEnableEditor returns true if repository meets the requirements of web editor.
 func (repo *Repository) CanEnableEditor() bool {
-	return !repo.IsMirror
+	return !repo.IsMirror && !repo.IsArchived
 }
 
 // DescriptionHTML does special handles to description and return HTML string.

routers/web/repo/editor.go

@@ -24,7 +24,12 @@ const (
 
 // NewDiffPatch render create patch page
 func NewDiffPatch(ctx *context.Context) {
-	canCommit := renderCommitRights(ctx, ctx.Repo.Repository)
+	editRepo := GetEditRepositoryOrFork(ctx, "_diffpatch")
+	if editRepo == nil {
+		return
+	}
+
+	canCommit := renderCommitRights(ctx, editRepo)
 
 	ctx.Data["PageIsPatch"] = true
 
@@ -35,7 +40,7 @@ func NewDiffPatch(ctx *context.Context) {
 	} else {
 		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
 	}
-	ctx.Data["new_branch_name"] = GetUniquePatchBranchName(ctx, ctx.Repo.Repository)
+	ctx.Data["new_branch_name"] = GetUniquePatchBranchName(ctx, editRepo)
 	ctx.Data["last_commit"] = ctx.Repo.CommitID
 	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.RefTypeNameSubURL()
@@ -47,7 +52,6 @@ func NewDiffPatch(ctx *context.Context) {
 func NewDiffPatchPost(ctx *context.Context) {
 	form := web.GetForm(ctx).(*forms.EditRepoFileForm)
 
-	canCommit := renderCommitRights(ctx, ctx.Repo.Repository)
 	branchName := ctx.Repo.BranchName
 	if form.CommitChoice == frmCommitChoiceNewBranch {
 		branchName = form.NewBranchName
@@ -67,11 +71,15 @@ func NewDiffPatchPost(ctx *context.Context) {
 		return
 	}
 
+	editRepo := GetEditRepositoryOrError(ctx, tplPatchFile, &form)
+	if editRepo == nil {
+		return
+	}
+
+	canCommit := renderCommitRights(ctx, editRepo)
+
 	// Cannot commit to an existing branch if user doesn't have rights
-	if branchName == ctx.Repo.BranchName && !canCommit {
-		ctx.Data["Err_NewBranchName"] = true
-		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
-		ctx.RenderWithErr(ctx.Tr("repo.editor.cannot_commit_to_protected_branch", branchName), tplEditFile, &form)
+	if !CheckCanPushEditBranch(ctx, editRepo, branchName, canCommit, tplPatchFile, &form) {
 		return
 	}
 
@@ -94,9 +102,14 @@ func NewDiffPatchPost(ctx *context.Context) {
 		return
 	}
 
-	fileResponse, err := files.ApplyDiffPatch(ctx, ctx.Repo.Repository, ctx.Doer, &files.ApplyDiffPatchOptions{
+	editBranchName, err := PushEditBranchOrError(ctx, editRepo, branchName, tplPatchFile, &form)
+	if err != nil {
+		return
+	}
+
+	fileResponse, err := files.ApplyDiffPatch(ctx, editRepo, ctx.Doer, &files.ApplyDiffPatchOptions{
 		LastCommitID: form.LastCommit,
-		OldBranch:    ctx.Repo.BranchName,
+		OldBranch:    editBranchName,
 		NewBranch:    branchName,
 		Message:      message,
 		Content:      strings.ReplaceAll(form.Content, "\r", ""),
@@ -119,7 +132,8 @@ func NewDiffPatchPost(ctx *context.Context) {
 	}
 
 	if form.CommitChoice == frmCommitChoiceNewBranch && ctx.Repo.Repository.UnitEnabled(ctx, unit.TypePullRequests) {
-		ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + util.PathEscapeSegments(ctx.Repo.BranchName) + "..." + util.PathEscapeSegments(form.NewBranchName))
+		editBranch := editRepo.Owner.Name + "/" + editRepo.Name + ":" + branchName
+		ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + util.PathEscapeSegments(ctx.Repo.BranchName) + "..." + util.PathEscapeSegments(editBranch))
 	} else {
 		ctx.Redirect(ctx.Repo.RepoLink + "/commit/" + fileResponse.Commit.SHA)
 	}

routers/web/repo/patch.go

@@ -49,21 +49,6 @@ func MustBeNotEmpty(ctx *context.Context) {
 	}
 }
 
-// MustBeEditable check that repo can be edited
-func MustBeEditable(ctx *context.Context) {
-	if !ctx.Repo.Repository.CanEnableEditor() {
-		ctx.NotFound(nil)
-		return
-	}
-}
-
-// MustBeAbleToUpload check that repo can be uploaded to
-func MustBeAbleToUpload(ctx *context.Context) {
-	if !setting.Repository.Upload.Enabled {
-		ctx.NotFound(nil)
-	}
-}
-
 func CommitInfoCache(ctx *context.Context) {
 	var err error
 	ctx.Repo.Commit, err = ctx.Repo.GitRepo.GetBranchCommit(ctx.Repo.Repository.DefaultBranch)

routers/web/repo/repo.go

@@ -244,7 +244,7 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
 			ctx.Data["LineEscapeStatus"] = statuses
 		}
 		if !fInfo.isLFSFile {
-			if ctx.Repo.CanEnableEditor(ctx, ctx.Doer) {
+			if ctx.Repo.CanEnableEditor() {
 				if lfsLock != nil && lfsLock.OwnerID != ctx.Doer.ID {
 					ctx.Data["CanEditFile"] = false
 					ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.this_file_locked")
@@ -254,9 +254,6 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
 				}
 			} else if !ctx.Repo.RefFullName.IsBranch() {
 				ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.must_be_on_a_branch")
-			} else if !ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.BranchName) {
-				ctx.Data["CanEditFile"] = true
-				ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.edit_this_file")
 			}
 		}
 
@@ -308,7 +305,7 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
 		}
 	}
 
-	if ctx.Repo.CanEnableEditor(ctx, ctx.Doer) {
+	if ctx.Repo.CanEnableEditor() {
 		if lfsLock != nil && lfsLock.OwnerID != ctx.Doer.ID {
 			ctx.Data["CanDeleteFile"] = false
 			ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.this_file_locked")
@@ -318,7 +315,5 @@ func prepareToRenderFile(ctx *context.Context, entry *git.TreeEntry) {
 		}
 	} else if !ctx.Repo.RefFullName.IsBranch() {
 		ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.must_be_on_a_branch")
-	} else if !ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.BranchName) {
-		ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.must_have_write_access")
 	}
 }

routers/web/repo/view_file.go

@@ -213,7 +213,7 @@ func prepareToRenderReadmeFile(ctx *context.Context, subfolder string, readmeFil
 	}
 
 	if !fInfo.isLFSFile {
-		if ctx.Repo.CanEnableEditor(ctx, ctx.Doer) || !ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.BranchName) {
+		if ctx.Repo.CanEnableEditor() {
 			ctx.Data["CanEditReadmeFile"] = true
 		}
 	}

routers/web/repo/view_readme.go

@@ -1313,29 +1313,29 @@ func registerWebRoutes(m *web.Router) {
 
 	m.Group("/{username}/{reponame}", func() { // repo code
 		m.Group("", func() {
-			m.Group("", func() {
-				m.Combo("/_edit/*").Get(repo.EditFile).
-					Post(web.Bind(forms.EditRepoFileForm{}), repo.EditFilePost)
-				m.Combo("/_fork_to_edit/*").
-					Post(web.Bind(forms.ForkToEditRepoFileForm{}), repo.ForkToEditFilePost)
-			}, context.RepoRefByType(git.RefTypeBranch), repo.WebGitOperationCommonData)
 			m.Group("", func() {
 				m.Combo("/_new/*").Get(repo.NewFile).
 					Post(web.Bind(forms.EditRepoFileForm{}), repo.NewFilePost)
+				m.Combo("/_edit/*").Get(repo.EditFile).
+					Post(web.Bind(forms.EditRepoFileForm{}), repo.EditFilePost)
 				m.Combo("/_delete/*").Get(repo.DeleteFile).
 					Post(web.Bind(forms.DeleteRepoFileForm{}), repo.DeleteFilePost)
-				m.Combo("/_upload/*", repo.MustBeAbleToUpload).Get(repo.UploadFile).
-					Post(web.Bind(forms.UploadRepoFileForm{}), repo.UploadFilePost)
 				m.Combo("/_diffpatch/*").Get(repo.NewDiffPatch).
 					Post(web.Bind(forms.EditRepoFileForm{}), repo.NewDiffPatchPost)
+				m.Combo("/_upload/*", context.MustBeAbleToUpload()).Get(repo.UploadFile).
+					Post(web.Bind(forms.UploadRepoFileForm{}), repo.UploadFilePost)
+				m.Combo("/_fork_to_edit/*").
+					Post(web.Bind(forms.ForkToEditRepoFileForm{}), repo.ForkToEditFilePost)
+			}, context.MustEnableEditor())
+			m.Group("", func() {
 				m.Combo("/_cherrypick/{sha:([a-f0-9]{7,64})}/*").Get(repo.CherryPick).
 					Post(web.Bind(forms.CherryPickForm{}), repo.CherryPickPost)
-			}, context.RepoRefByType(git.RefTypeBranch), context.CanWriteToBranch(), repo.WebGitOperationCommonData)
-			m.Group("", func() {
-				m.Post("/upload-file", repo.UploadFileToServer)
-				m.Post("/upload-remove", web.Bind(forms.RemoveUploadFileForm{}), repo.RemoveUploadFileFromServer)
-			}, repo.MustBeAbleToUpload, reqRepoCodeWriter)
-		}, repo.MustBeEditable, context.RepoMustNotBeArchived())
+			}, context.MustBeAbleToCherryPick())
+		}, context.RepoRefByType(git.RefTypeBranch), repo.WebGitOperationCommonData)
+		m.Group("", func() {
+			m.Post("/upload-file", repo.UploadFileToServer)
+			m.Post("/upload-remove", web.Bind(forms.RemoveUploadFileForm{}), repo.RemoveUploadFileFromServer)
+		}, context.MustBeAbleToUpload())
 
 		m.Group("/branches", func() {
 			m.Group("/_new", func() {

routers/web/web.go

@@ -21,10 +21,10 @@ func RequireRepoAdmin() func(ctx *Context) {
 	}
 }
 
-// CanWriteToBranch checks if the user is allowed to write to the branch of the repo
-func CanWriteToBranch() func(ctx *Context) {
+// MustBeAbleToCherryPick checks if the user is allowed to cherry-pick to a branch of the repo
+func MustBeAbleToCherryPick() func(ctx *Context) {
 	return func(ctx *Context) {
-		if !ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.BranchName) {
+		if !ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, ctx.Repo.BranchName) || !ctx.Repo.Repository.CanEnableEditor() {
 			ctx.NotFound(nil)
 			return
 		}

services/context/permission.go

@@ -71,9 +71,10 @@ func (r *Repository) CanWriteToBranch(ctx context.Context, user *user_model.User
 	return issues_model.CanMaintainerWriteToBranch(ctx, r.Permission, branch, user)
 }
 
-// CanEnableEditor returns true if repository is editable and user has proper access level.
-func (r *Repository) CanEnableEditor(ctx context.Context, user *user_model.User) bool {
-	return r.RefFullName.IsBranch() && r.CanWriteToBranch(ctx, user, r.BranchName) && r.Repository.CanEnableEditor() && !r.Repository.IsArchived
+// CanEnableEditor returns true if the web editor can be enabled for this repository,
+// either by directly writing to the repository or to a user fork.
+func (r *Repository) CanEnableEditor() bool {
+	return r.RefFullName.IsBranch() && r.Repository.CanEnableEditor()
 }
 
 // CanCreateBranch returns true if repository is editable and user has proper access level.
@@ -94,10 +95,27 @@ func RepoMustNotBeArchived() func(ctx *Context) {
 	}
 }
 
+// MustEnableEditor checks if the web editor can be enabled for this repository
+func MustEnableEditor() func(ctx *Context) {
+	return func(ctx *Context) {
+		if !ctx.Repo.CanEnableEditor() {
+			ctx.NotFound(nil)
+		}
+	}
+}
+
+// MustBeAbleToUpload check that upload is enabled on this site and useful for editing
+func MustBeAbleToUpload() func(ctx *Context) {
+	return func(ctx *Context) {
+		if !setting.Repository.Upload.Enabled || !ctx.Repo.Repository.CanEnableEditor() {
+			ctx.NotFound(nil)
+		}
+	}
+}
+
 // CanCommitToBranchResults represents the results of CanCommitToBranch
 type CanCommitToBranchResults struct {
 	CanCommitToBranch bool
-	EditorEnabled     bool
 	UserCanPush       bool
 	RequireSigned     bool
 	WillSign          bool
@@ -123,7 +141,7 @@ func (r *Repository) CanCommitToBranch(ctx context.Context, doer *user_model.Use
 
 	sign, keyID, _, err := asymkey_service.SignCRUDAction(ctx, r.Repository.RepoPath(), doer, r.Repository.RepoPath(), git.BranchPrefix+r.BranchName)
 
-	canCommit := r.CanEnableEditor(ctx, doer) && userCanPush
+	canCommit := r.CanEnableEditor() && r.CanWriteToBranch(ctx, doer, r.BranchName) && userCanPush
 	if requireSigned {
 		canCommit = canCommit && sign
 	}
@@ -139,7 +157,6 @@ func (r *Repository) CanCommitToBranch(ctx context.Context, doer *user_model.Use
 
 	return CanCommitToBranchResults{
 		CanCommitToBranch: canCommit,
-		EditorEnabled:     r.CanEnableEditor(ctx, doer),
 		UserCanPush:       userCanPush,
 		RequireSigned:     requireSigned,
 		WillSign:          sign,

services/context/repo.go

@@ -735,7 +735,8 @@ func (f *EditPreviewDiffForm) Validate(req *http.Request, errs binding.Errors) b
 
 // ForkToEditRepoFileForm form for forking the repo to edit a file
 type ForkToEditRepoFileForm struct {
-	TreePath string `binding:"Required;MaxSize(500)"`
+	TreePath      string `binding:"Required;MaxSize(500)"`
+	EditOperation string `binding:"Required;MaxSize(20)"`
 }
 
 // Validate validates the fields