Fix system admin cannot fork or get private fork with API (#33401)
Fix #33368
This commit is contained in:
Lunny Xiao
GitHub
Родитель
dcd3014567
Коммит
77d14fb6d3
|
|
@ -132,13 +132,15 @@ func CreateFork(ctx *context.APIContext) {
|
|||
}
|
||||
return
|
||||
}
|
||||
isMember, err := org.IsOrgMember(ctx, ctx.Doer.ID)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "IsOrgMember", err)
|
||||
return
|
||||
} else if !isMember {
|
||||
ctx.Error(http.StatusForbidden, "isMemberNot", fmt.Sprintf("User is no Member of Organisation '%s'", org.Name))
|
||||
return
|
||||
if !ctx.Doer.IsAdmin {
|
||||
isMember, err := org.IsOrgMember(ctx, ctx.Doer.ID)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "IsOrgMember", err)
|
||||
return
|
||||
} else if !isMember {
|
||||
ctx.Error(http.StatusForbidden, "isMemberNot", fmt.Sprintf("User is no Member of Organisation '%s'", org.Name))
|
||||
return
|
||||
}
|
||||
}
|
||||
forker = org.AsUser()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -256,9 +256,11 @@ type findForksOptions struct {
|
|||
}
|
||||
|
||||
func (opts findForksOptions) ToConds() builder.Cond {
|
||||
return builder.Eq{"fork_id": opts.RepoID}.And(
|
||||
repo_model.AccessibleRepositoryCondition(opts.Doer, unit.TypeInvalid),
|
||||
)
|
||||
cond := builder.Eq{"fork_id": opts.RepoID}
|
||||
if opts.Doer != nil && opts.Doer.IsAdmin {
|
||||
return cond
|
||||
}
|
||||
return cond.And(repo_model.AccessibleRepositoryCondition(opts.Doer, unit.TypeInvalid))
|
||||
}
|
||||
|
||||
// FindForks returns all the forks of the repository
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import (
|
|||
auth_model "code.gitea.io/gitea/models/auth"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
org_model "code.gitea.io/gitea/models/organization"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
api "code.gitea.io/gitea/modules/structs"
|
||||
|
|
@ -81,8 +82,8 @@ func TestAPIForkListLimitedAndPrivateRepos(t *testing.T) {
|
|||
var forks []*api.Repository
|
||||
DecodeJSON(t, resp, &forks)
|
||||
|
||||
assert.Len(t, forks, 1)
|
||||
assert.EqualValues(t, "1", resp.Header().Get("X-Total-Count"))
|
||||
assert.Len(t, forks, 2)
|
||||
assert.EqualValues(t, "2", resp.Header().Get("X-Total-Count"))
|
||||
|
||||
assert.NoError(t, org_service.AddTeamMember(db.DefaultContext, ownerTeam2, user1))
|
||||
|
||||
|
|
@ -96,3 +97,31 @@ func TestAPIForkListLimitedAndPrivateRepos(t *testing.T) {
|
|||
assert.EqualValues(t, "2", resp.Header().Get("X-Total-Count"))
|
||||
})
|
||||
}
|
||||
|
||||
func TestGetPrivateReposForks(t *testing.T) {
|
||||
defer tests.PrepareTestEnv(t)()
|
||||
|
||||
user1Sess := loginUser(t, "user1")
|
||||
repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2}) // private repository
|
||||
privateOrg := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 23})
|
||||
user1Token := getTokenForLoggedInUser(t, user1Sess, auth_model.AccessTokenScopeWriteRepository)
|
||||
|
||||
forkedRepoName := "forked-repo"
|
||||
// create fork from a private repository
|
||||
req := NewRequestWithJSON(t, "POST", "/api/v1/repos/"+repo2.FullName()+"/forks", &api.CreateForkOption{
|
||||
Organization: &privateOrg.Name,
|
||||
Name: &forkedRepoName,
|
||||
}).AddTokenAuth(user1Token)
|
||||
MakeRequest(t, req, http.StatusAccepted)
|
||||
|
||||
// test get a private fork without clear permissions
|
||||
req = NewRequest(t, "GET", "/api/v1/repos/"+repo2.FullName()+"/forks").AddTokenAuth(user1Token)
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
forks := []*api.Repository{}
|
||||
DecodeJSON(t, resp, &forks)
|
||||
assert.Len(t, forks, 1)
|
||||
assert.EqualValues(t, "1", resp.Header().Get("X-Total-Count"))
|
||||
assert.EqualValues(t, "forked-repo", forks[0].Name)
|
||||
assert.EqualValues(t, privateOrg.Name, forks[0].Owner.UserName)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -118,7 +118,8 @@ func TestForkListLimitedAndPrivateRepos(t *testing.T) {
|
|||
req := NewRequest(t, "GET", "/user2/repo1/forks")
|
||||
resp := user1Sess.MakeRequest(t, req, http.StatusOK)
|
||||
htmlDoc := NewHTMLParser(t, resp.Body)
|
||||
assert.EqualValues(t, 1, htmlDoc.Find(forkItemSelector).Length())
|
||||
// since user1 is an admin, he can get both of the forked repositories
|
||||
assert.EqualValues(t, 2, htmlDoc.Find(forkItemSelector).Length())
|
||||
|
||||
assert.NoError(t, org_service.AddTeamMember(db.DefaultContext, ownerTeam2, user1))
|
||||
resp = user1Sess.MakeRequest(t, req, http.StatusOK)
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче