gitea/models
zeripath ef12b8de80
Ensure that restricted users can access repos for which they are members (#17460) (#17464)
Backport #17460

There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 11:33:18 +08:00
..
fixtures Ensure that restricted users can access repos for which they are members (#17460) (#17464) 2021-10-28 11:33:18 +08:00
migrations Add primary_key to issue_index (#16813) (#16820) 2021-08-25 18:10:15 -04:00
access.go Nicely handle missing user in collaborations (#17049) (#17166) 2021-09-28 07:41:12 +01:00
access_test.go Fix "access" fixtures and tests (#10247) 2020-02-15 12:29:06 +08:00
action.go Improve notifications for WIP draft PR's (#14663) 2021-06-23 00:14:22 -04:00
action_list.go refactor: reduce sql query in retrieveFeeds (#3547) 2018-02-21 18:55:34 +08:00
action_test.go Clarify the suffices and prefixes of setting.AppSubURL and setting.AppURL (#12999) 2021-02-19 22:36:43 +01:00
admin.go improve empty notice (#15890) 2021-05-16 19:58:26 +08:00
admin_test.go Fix tests code to prevent some runtime errors (#2381) 2017-08-28 12:17:45 +03:00
attachment.go Fix storage Iterate bug and Add storage doctor to delete garbage attachments (#16971) (#16977) 2021-09-07 19:39:05 +01:00
attachment_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
avatar.go Double the avatar size factor (#15941) 2021-05-21 21:18:43 -04:00
avatar_test.go Fix individual tests (addition to #15802) (#15818) 2021-05-12 00:13:42 -04:00
branches.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
branches_test.go Add deleted_branch table fixture (#2832) 2017-11-04 15:31:59 +02:00
commit_status.go Fix session bugs (#16552) (#16553) 2021-07-27 09:44:44 +08:00
commit_status_test.go Fix bug about ListOptions and stars/watchers pagnation (#14556) 2021-02-04 11:23:46 -06:00
consistency.go Update milestone counters on new issue. (#16183) 2021-06-21 14:34:58 -04:00
consistency_test.go Fix orphaned objects deletion bug (#15657) 2021-04-30 20:08:46 +02:00
context.go Correctly rollback in ForkRepository (#17034) (#17045) 2021-09-15 08:42:09 +03:00
convert.go just add some unit tests (#16291) 2021-06-29 22:00:02 +01:00
error.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
error_oauth2.go gofmt (#1662) 2017-05-04 13:54:56 +08:00
external_login_user.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
fixture_generation.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
fixture_test.go Move fixture generation to contrib and add test (#10277) 2020-02-15 10:59:43 +02:00
gpg_key.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
gpg_key_add.go Handle duplicate keys on GPG key ring (#17242) (#17284) 2021-10-11 05:13:10 +03:00
gpg_key_commit_verification.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
gpg_key_common.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
gpg_key_import.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
gpg_key_test.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
gpg_key_verify.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
helper.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
helper_directory.go Re-attempt to delete temporary upload if the file is locked by another process (#12447) 2020-08-11 21:05:34 +01:00
helper_environment.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
index.go Add unique constraint back into issue_index (#16938) 2021-09-03 17:35:18 +08:00
index_test.go Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (#15599) 2021-06-14 10:22:55 +08:00
issue.go Update issue_index to finish migration (#16685) (#16687) 2021-08-13 15:13:03 +01:00
issue_assignees.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_assignees_test.go Fix individual tests (addition to #15802) (#15818) 2021-05-12 00:13:42 -04:00
issue_comment.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
issue_comment_list.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_comment_test.go Pull request review/approval and comment on code (#3748) 2018-08-06 06:43:21 +02:00
issue_dependency.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
issue_dependency_test.go Refactor comment (#9330) 2019-12-15 16:57:34 -05:00
issue_label.go Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
issue_label_test.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
issue_list.go Performance improvement for list pull requests (#15447) 2021-04-15 19:34:43 +02:00
issue_list_test.go Add Organization Wide Labels (#10814) 2020-04-01 01:14:46 -03:00
issue_lock.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_milestone.go Update milestone counters on new issue. (#16183) 2021-06-21 14:34:58 -04:00
issue_milestone_test.go Update milestone counters on new issue. (#16183) 2021-06-21 14:34:58 -04:00
issue_reaction.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_reaction_test.go Migrate reactions when migrating repository from github (#9599) 2020-01-15 12:14:07 +01:00
issue_stopwatch.go Fix session bugs (#16552) (#16553) 2021-07-27 09:44:44 +08:00
issue_stopwatch_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
issue_test.go Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (#15599) 2021-06-14 10:22:55 +08:00
issue_tracked_time.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_tracked_time_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_user.go Mail assignee when issue/pull request is assigned (#8546) 2019-10-25 22:46:37 +08:00
issue_user_test.go Add "Update Branch" button to Pull Requests (#9784) 2020-01-17 08:03:40 +02:00
issue_watch.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_watch_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
issue_xref.go don't record error when loading ref comment but ref comment id is zero (#15820) 2021-05-11 21:43:35 +01:00
issue_xref_test.go Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (#15599) 2021-06-14 10:22:55 +08:00
lfs.go Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
lfs_lock.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
list_options.go Fix list_options GetStartEnd (#16303) 2021-06-29 22:42:23 +01:00
log.go Fix xorm log stack level (#15285) 2021-04-05 08:41:22 +01:00
login_source.go Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137) 2021-09-27 18:30:11 +01:00
main_test.go Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
migrate.go Fix delete nonexist oauth application 500 and prevent deadlock (#15384) 2021-04-10 16:49:10 -04:00
models.go Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848) 2021-08-28 13:16:19 +02:00
models_test.go Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848) 2021-08-28 13:16:19 +02:00
notification.go Improve notifications for WIP draft PR's (#14663) 2021-06-23 00:14:22 -04:00
notification_test.go add request review from specific reviewers feature in pull request (#10756) 2020-04-06 19:33:34 +03:00
oauth2.go Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16570) 2021-07-29 18:52:38 +01:00
oauth2_application.go Switch to maintained jwt lib (#16532) (#16533) 2021-07-24 11:13:50 -04:00
oauth2_application_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
org.go Fix incorrect repository count on organization tab of dashboard (#17266) 2021-10-08 17:33:16 +08:00
org_team.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
org_team_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
org_test.go Add Visible modes function from Organisation to Users too (#16069) 2021-06-26 20:53:14 +01:00
project.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
project_board.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
project_issue.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
project_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
protected_tag.go Add tag protection (#15629) 2021-06-25 16:28:55 +02:00
protected_tag_test.go Add tag protection (#15629) 2021-06-25 16:28:55 +02:00
pull.go Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227) 2021-10-05 20:16:22 +02:00
pull_list.go API add/generalize pagination (#9452) 2020-01-24 14:00:29 -05:00
pull_sign.go Add configurable Trust Models (#11712) 2020-09-20 00:44:55 +08:00
pull_test.go Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227) 2021-10-05 20:16:22 +02:00
release.go [API] ListReleases add filter for draft and pre-releases (#16175) 2021-06-17 10:58:10 +02:00
repo.go Ensure that git daemon export ok is created for mirrors (#17243) (#17306) 2021-10-14 18:07:53 +02:00
repo_activity.go Add top author stats to activity page (#9615) 2020-01-20 12:07:30 +02:00
repo_archiver.go Fix archive error when rename repo or user (#16399) 2021-07-13 14:16:31 +02:00
repo_avatar.go Avatars and Repo avatars support storing in minio (#12516) 2020-10-14 21:07:51 +08:00
repo_branch.go Move newbranch to standalone package (#9627) 2020-01-14 11:38:04 +08:00
repo_collaboration.go Nicely handle missing user in collaborations (#17049) (#17166) 2021-09-28 07:41:12 +01:00
repo_collaboration_test.go API add/generalize pagination (#9452) 2020-01-24 14:00:29 -05:00
repo_generate.go Refactor renders (#15175) 2021-04-19 18:25:08 -04:00
repo_generate_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
repo_indexer.go Index code and stats only for non-empty repositories (#10251) 2020-02-14 13:42:30 +01:00
repo_issue.go Add EnableTimetracking option to app settings (#3719) 2018-04-09 23:15:32 +08:00
repo_language_stats.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
repo_list.go not show private user's repo in explore view (#16550) (#16554) 2021-07-27 07:34:25 +01:00
repo_list_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
repo_mirror.go Add push to remote mirror repository (#15157) 2021-06-14 19:20:43 +02:00
repo_permission.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
repo_permission_test.go fix bug when update owner team then visit team's repo return 404 (#6119) 2019-02-22 11:14:45 -05:00
repo_pushmirror.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
repo_pushmirror_test.go Add push to remote mirror repository (#15157) 2021-06-14 19:20:43 +02:00
repo_redirect.go Redirect on changed user and org name (#11649) 2021-01-24 16:23:05 +01:00
repo_redirect_test.go Redirect on changed user and org name (#11649) 2021-01-24 16:23:05 +01:00
repo_sign.go Add configurable Trust Models (#11712) 2020-09-20 00:44:55 +08:00
repo_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
repo_transfer.go Nicely handle missing user in collaborations (#17049) (#17166) 2021-09-28 07:41:12 +01:00
repo_transfer_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
repo_unit.go Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137) 2021-09-27 18:30:11 +01:00
repo_watch.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
repo_watch_test.go API add/generalize pagination (#9452) 2020-01-24 14:00:29 -05:00
review.go Fix unwanted team review request deletion (#17257) (#17264) 2021-10-07 23:58:13 +02:00
review_test.go Ensure review dismissal only dismisses the correct review (#15477) 2021-04-15 11:03:11 +01:00
session.go Fix DB session cleanup (#15697) 2021-05-01 22:51:03 -04:00
sql_postgres_with_schema.go Ensure that schema search path is set with every connection on postgres (#14131) 2021-01-02 10:07:43 +08:00
ssh_key.go Retry rename on lock induced failures (#16435) 2021-07-15 11:46:07 -04:00
ssh_key_test.go Add support for ed25519_sk and ecdsa_sk SSH keys (#13462) 2021-01-20 20:36:55 +00:00
star.go Save TimeStamps for Star, Label, Follow, Watch and Collaboration to Database (#13124) 2020-10-12 20:01:57 -04:00
star_test.go API add/generalize pagination (#9452) 2020-01-24 14:00:29 -05:00
task.go Add Status Updates whilst Gitea migrations are occurring (#15076) 2021-06-16 18:02:24 -04:00
test_fixtures.go Create Proper Migration Tests (#15116) 2021-03-24 19:27:22 +01:00
token.go Only check access tokens if they are likely to be tokens (#16164) 2021-06-16 00:29:25 +02:00
token_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
topic.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
topic_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
twofactor.go Use single shared random string generation function (#15741) 2021-05-10 07:45:17 +01:00
u2f.go Don't panic if we fail to parse U2FRegistration data (#17304) (#17371) 2021-10-20 21:45:17 +02:00
u2f_test.go Don't panic if we fail to parse U2FRegistration data (#17304) (#17371) 2021-10-20 21:45:17 +02:00
unit.go Kanban board (#8346) 2020-08-16 23:07:38 -04:00
unit_tests.go Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
update.go Remove Unused Functions (#10516) 2020-03-02 00:05:44 +02:00
upload.go Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) 2020-11-27 21:42:08 -05:00
user.go Fix broken Activities link in team dashboard (#17255) (#17258) 2021-10-07 20:58:59 +02:00
user_avatar.go Send size to /avatars if requested (#15459) 2021-04-17 00:22:25 +02:00
user_follow.go Save TimeStamps for Star, Label, Follow, Watch and Collaboration to Database (#13124) 2020-10-12 20:01:57 -04:00
user_follow_test.go Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
user_heatmap.go Fix heatmap activity (#15252) 2021-06-25 12:59:25 -04:00
user_heatmap_test.go Allow mocking timeutil (#17354) (#17356) 2021-10-18 16:48:23 -05:00
user_mail.go Fix activation of primary email addresses (#16385) 2021-07-13 22:59:27 +02:00
user_mail_test.go Always store primary email address into email_address table and also the state (#15956) 2021-06-08 11:52:51 +08:00
user_openid.go Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
user_openid_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
user_redirect.go Redirect on changed user and org name (#11649) 2021-01-24 16:23:05 +01:00
user_redirect_test.go Redirect on changed user and org name (#11649) 2021-01-24 16:23:05 +01:00
user_test.go Make allowed Visiblity modes configurable for Users (#16271) 2021-06-27 19:47:35 +01:00
userlist.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
userlist_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
webhook.go Refactor Webhook + Add X-Hub-Signature (#16176) 2021-06-27 20:21:09 +01:00
webhook_test.go Refactor Webhook + Add X-Hub-Signature (#16176) 2021-06-27 20:21:09 +01:00
wiki.go Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) 2020-11-27 21:42:08 -05:00
wiki_test.go Move wiki related funtions from models to services/wiki (#9355) 2020-01-07 18:27:36 +00:00