Correctly check http git access rights for reverse proxy authorized users (#3721)
parent
4c6e170ceb
commit
ab5cc6f3a9
|
@ -184,33 +184,33 @@ func HTTP(ctx *context.Context) {
|
|||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !isPublicPull {
|
||||
has, err := models.HasAccess(authUser.ID, repo, accessMode)
|
||||
if err != nil {
|
||||
ctx.ServerError("HasAccess", err)
|
||||
return
|
||||
} else if !has {
|
||||
if accessMode == models.AccessModeRead {
|
||||
has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite)
|
||||
if err != nil {
|
||||
ctx.ServerError("HasAccess2", err)
|
||||
return
|
||||
} else if !has {
|
||||
ctx.HandleText(http.StatusForbidden, "User permission denied")
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if !isPublicPull {
|
||||
has, err := models.HasAccess(authUser.ID, repo, accessMode)
|
||||
if err != nil {
|
||||
ctx.ServerError("HasAccess", err)
|
||||
return
|
||||
} else if !has {
|
||||
if accessMode == models.AccessModeRead {
|
||||
has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite)
|
||||
if err != nil {
|
||||
ctx.ServerError("HasAccess2", err)
|
||||
return
|
||||
} else if !has {
|
||||
ctx.HandleText(http.StatusForbidden, "User permission denied")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if !isPull && repo.IsMirror {
|
||||
ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
|
||||
} else {
|
||||
ctx.HandleText(http.StatusForbidden, "User permission denied")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if !isPull && repo.IsMirror {
|
||||
ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {
|
||||
|
|
Loading…
Reference in New Issue