本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

102 lines
2.8KB

  1. // Copyright 2018 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package context
  5. import (
  6. "code.gitea.io/gitea/models"
  7. "code.gitea.io/gitea/modules/log"
  8. "gitea.com/macaron/macaron"
  9. )
  10. // RequireRepoAdmin returns a macaron middleware for requiring repository admin permission
  11. func RequireRepoAdmin() macaron.Handler {
  12. return func(ctx *Context) {
  13. if !ctx.IsSigned || !ctx.Repo.IsAdmin() {
  14. ctx.NotFound(ctx.Req.RequestURI, nil)
  15. return
  16. }
  17. }
  18. }
  19. // RequireRepoWriter returns a macaron middleware for requiring repository write to the specify unitType
  20. func RequireRepoWriter(unitType models.UnitType) macaron.Handler {
  21. return func(ctx *Context) {
  22. if !ctx.Repo.CanWrite(unitType) {
  23. ctx.NotFound(ctx.Req.RequestURI, nil)
  24. return
  25. }
  26. }
  27. }
  28. // RequireRepoWriterOr returns a macaron middleware for requiring repository write to one of the unit permission
  29. func RequireRepoWriterOr(unitTypes ...models.UnitType) macaron.Handler {
  30. return func(ctx *Context) {
  31. for _, unitType := range unitTypes {
  32. if ctx.Repo.CanWrite(unitType) {
  33. return
  34. }
  35. }
  36. ctx.NotFound(ctx.Req.RequestURI, nil)
  37. }
  38. }
  39. // RequireRepoReader returns a macaron middleware for requiring repository read to the specify unitType
  40. func RequireRepoReader(unitType models.UnitType) macaron.Handler {
  41. return func(ctx *Context) {
  42. if !ctx.Repo.CanRead(unitType) {
  43. if log.IsTrace() {
  44. if ctx.IsSigned {
  45. log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+
  46. "User in Repo has Permissions: %-+v",
  47. ctx.User,
  48. unitType,
  49. ctx.Repo.Repository,
  50. ctx.Repo.Permission)
  51. } else {
  52. log.Trace("Permission Denied: Anonymous user cannot read %-v in Repo %-v\n"+
  53. "Anonymous user in Repo has Permissions: %-+v",
  54. unitType,
  55. ctx.Repo.Repository,
  56. ctx.Repo.Permission)
  57. }
  58. }
  59. ctx.NotFound(ctx.Req.RequestURI, nil)
  60. return
  61. }
  62. }
  63. }
  64. // RequireRepoReaderOr returns a macaron middleware for requiring repository write to one of the unit permission
  65. func RequireRepoReaderOr(unitTypes ...models.UnitType) macaron.Handler {
  66. return func(ctx *Context) {
  67. for _, unitType := range unitTypes {
  68. if ctx.Repo.CanRead(unitType) {
  69. return
  70. }
  71. }
  72. if log.IsTrace() {
  73. var format string
  74. var args []interface{}
  75. if ctx.IsSigned {
  76. format = "Permission Denied: User %-v cannot read ["
  77. args = append(args, ctx.User)
  78. } else {
  79. format = "Permission Denied: Anonymous user cannot read ["
  80. }
  81. for _, unit := range unitTypes {
  82. format += "%-v, "
  83. args = append(args, unit)
  84. }
  85. format = format[:len(format)-2] + "] in Repo %-v\n" +
  86. "User in Repo has Permissions: %-+v"
  87. args = append(args, ctx.Repo.Repository, ctx.Repo.Permission)
  88. log.Trace(format, args...)
  89. }
  90. ctx.NotFound(ctx.Req.RequestURI, nil)
  91. }
  92. }
上海开阖软件有限公司 沪ICP备12045867号-1