gitea/models
zeripath ef12b8de80
Ensure that restricted users can access repos for which they are members (#17460) (#17464)
Backport #17460

There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 11:33:18 +08:00
..
fixtures Ensure that restricted users can access repos for which they are members (#17460) (#17464) 2021-10-28 11:33:18 +08:00
migrations Add primary_key to issue_index (#16813) (#16820) 2021-08-25 18:10:15 -04:00
access_test.go Fix "access" fixtures and tests (#10247) 2020-02-15 12:29:06 +08:00
access.go Nicely handle missing user in collaborations (#17049) (#17166) 2021-09-28 07:41:12 +01:00
action_list.go refactor: reduce sql query in retrieveFeeds (#3547) 2018-02-21 18:55:34 +08:00
action_test.go Clarify the suffices and prefixes of setting.AppSubURL and setting.AppURL (#12999) 2021-02-19 22:36:43 +01:00
action.go Improve notifications for WIP draft PR's (#14663) 2021-06-23 00:14:22 -04:00
admin_test.go Fix tests code to prevent some runtime errors (#2381) 2017-08-28 12:17:45 +03:00
admin.go improve empty notice (#15890) 2021-05-16 19:58:26 +08:00
attachment_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
attachment.go Fix storage Iterate bug and Add storage doctor to delete garbage attachments (#16971) (#16977) 2021-09-07 19:39:05 +01:00
avatar_test.go Fix individual tests (addition to #15802) (#15818) 2021-05-12 00:13:42 -04:00
avatar.go Double the avatar size factor (#15941) 2021-05-21 21:18:43 -04:00
branches_test.go Add deleted_branch table fixture (#2832) 2017-11-04 15:31:59 +02:00
branches.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
commit_status_test.go Fix bug about ListOptions and stars/watchers pagnation (#14556) 2021-02-04 11:23:46 -06:00
commit_status.go Fix session bugs (#16552) (#16553) 2021-07-27 09:44:44 +08:00
consistency_test.go Fix orphaned objects deletion bug (#15657) 2021-04-30 20:08:46 +02:00
consistency.go Update milestone counters on new issue. (#16183) 2021-06-21 14:34:58 -04:00
context.go Correctly rollback in ForkRepository (#17034) (#17045) 2021-09-15 08:42:09 +03:00
convert.go just add some unit tests (#16291) 2021-06-29 22:00:02 +01:00
error_oauth2.go gofmt (#1662) 2017-05-04 13:54:56 +08:00
error.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
external_login_user.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
fixture_generation.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
fixture_test.go Move fixture generation to contrib and add test (#10277) 2020-02-15 10:59:43 +02:00
gpg_key_add.go Handle duplicate keys on GPG key ring (#17242) (#17284) 2021-10-11 05:13:10 +03:00
gpg_key_commit_verification.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
gpg_key_common.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
gpg_key_import.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
gpg_key_test.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
gpg_key_verify.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
gpg_key.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
helper_directory.go Re-attempt to delete temporary upload if the file is locked by another process (#12447) 2020-08-11 21:05:34 +01:00
helper_environment.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
helper.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
index_test.go Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (#15599) 2021-06-14 10:22:55 +08:00
index.go Add unique constraint back into issue_index (#16938) 2021-09-03 17:35:18 +08:00
issue_assignees_test.go Fix individual tests (addition to #15802) (#15818) 2021-05-12 00:13:42 -04:00
issue_assignees.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_comment_list.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_comment_test.go Pull request review/approval and comment on code (#3748) 2018-08-06 06:43:21 +02:00
issue_comment.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
issue_dependency_test.go Refactor comment (#9330) 2019-12-15 16:57:34 -05:00
issue_dependency.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
issue_label_test.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
issue_label.go Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
issue_list_test.go Add Organization Wide Labels (#10814) 2020-04-01 01:14:46 -03:00
issue_list.go Performance improvement for list pull requests (#15447) 2021-04-15 19:34:43 +02:00
issue_lock.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_milestone_test.go Update milestone counters on new issue. (#16183) 2021-06-21 14:34:58 -04:00
issue_milestone.go Update milestone counters on new issue. (#16183) 2021-06-21 14:34:58 -04:00
issue_reaction_test.go Migrate reactions when migrating repository from github (#9599) 2020-01-15 12:14:07 +01:00
issue_reaction.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_stopwatch_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
issue_stopwatch.go Fix session bugs (#16552) (#16553) 2021-07-27 09:44:44 +08:00
issue_test.go Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (#15599) 2021-06-14 10:22:55 +08:00
issue_tracked_time_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_tracked_time.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_user_test.go Add "Update Branch" button to Pull Requests (#9784) 2020-01-17 08:03:40 +02:00
issue_user.go Mail assignee when issue/pull request is assigned (#8546) 2019-10-25 22:46:37 +08:00
issue_watch_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
issue_watch.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
issue_xref_test.go Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (#15599) 2021-06-14 10:22:55 +08:00
issue_xref.go don't record error when loading ref comment but ref comment id is zero (#15820) 2021-05-11 21:43:35 +01:00
issue.go Update issue_index to finish migration (#16685) (#16687) 2021-08-13 15:13:03 +01:00
lfs_lock.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
lfs.go Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
list_options.go Fix list_options GetStartEnd (#16303) 2021-06-29 22:42:23 +01:00
log.go Fix xorm log stack level (#15285) 2021-04-05 08:41:22 +01:00
login_source.go Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137) 2021-09-27 18:30:11 +01:00
main_test.go Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
migrate.go Fix delete nonexist oauth application 500 and prevent deadlock (#15384) 2021-04-10 16:49:10 -04:00
models_test.go Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848) 2021-08-28 13:16:19 +02:00
models.go Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848) 2021-08-28 13:16:19 +02:00
notification_test.go add request review from specific reviewers feature in pull request (#10756) 2020-04-06 19:33:34 +03:00
notification.go Improve notifications for WIP draft PR's (#14663) 2021-06-23 00:14:22 -04:00
oauth2_application_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
oauth2_application.go Switch to maintained jwt lib (#16532) (#16533) 2021-07-24 11:13:50 -04:00
oauth2.go Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16570) 2021-07-29 18:52:38 +01:00
org_team_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
org_team.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
org_test.go Add Visible modes function from Organisation to Users too (#16069) 2021-06-26 20:53:14 +01:00
org.go Fix incorrect repository count on organization tab of dashboard (#17266) 2021-10-08 17:33:16 +08:00
project_board.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
project_issue.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
project_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
project.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
protected_tag_test.go Add tag protection (#15629) 2021-06-25 16:28:55 +02:00
protected_tag.go Add tag protection (#15629) 2021-06-25 16:28:55 +02:00
pull_list.go API add/generalize pagination (#9452) 2020-01-24 14:00:29 -05:00
pull_sign.go Add configurable Trust Models (#11712) 2020-09-20 00:44:55 +08:00
pull_test.go Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227) 2021-10-05 20:16:22 +02:00
pull.go Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227) 2021-10-05 20:16:22 +02:00
release.go [API] ListReleases add filter for draft and pre-releases (#16175) 2021-06-17 10:58:10 +02:00
repo_activity.go Add top author stats to activity page (#9615) 2020-01-20 12:07:30 +02:00
repo_archiver.go Fix archive error when rename repo or user (#16399) 2021-07-13 14:16:31 +02:00
repo_avatar.go Avatars and Repo avatars support storing in minio (#12516) 2020-10-14 21:07:51 +08:00
repo_branch.go Move newbranch to standalone package (#9627) 2020-01-14 11:38:04 +08:00
repo_collaboration_test.go API add/generalize pagination (#9452) 2020-01-24 14:00:29 -05:00
repo_collaboration.go Nicely handle missing user in collaborations (#17049) (#17166) 2021-09-28 07:41:12 +01:00
repo_generate_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
repo_generate.go Refactor renders (#15175) 2021-04-19 18:25:08 -04:00
repo_indexer.go Index code and stats only for non-empty repositories (#10251) 2020-02-14 13:42:30 +01:00
repo_issue.go Add EnableTimetracking option to app settings (#3719) 2018-04-09 23:15:32 +08:00
repo_language_stats.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
repo_list_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
repo_list.go not show private user's repo in explore view (#16550) (#16554) 2021-07-27 07:34:25 +01:00
repo_mirror.go Add push to remote mirror repository (#15157) 2021-06-14 19:20:43 +02:00
repo_permission_test.go fix bug when update owner team then visit team's repo return 404 (#6119) 2019-02-22 11:14:45 -05:00
repo_permission.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
repo_pushmirror_test.go Add push to remote mirror repository (#15157) 2021-06-14 19:20:43 +02:00
repo_pushmirror.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
repo_redirect_test.go Redirect on changed user and org name (#11649) 2021-01-24 16:23:05 +01:00
repo_redirect.go Redirect on changed user and org name (#11649) 2021-01-24 16:23:05 +01:00
repo_sign.go Add configurable Trust Models (#11712) 2020-09-20 00:44:55 +08:00
repo_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
repo_transfer_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
repo_transfer.go Nicely handle missing user in collaborations (#17049) (#17166) 2021-09-28 07:41:12 +01:00
repo_unit.go Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137) 2021-09-27 18:30:11 +01:00
repo_watch_test.go API add/generalize pagination (#9452) 2020-01-24 14:00:29 -05:00
repo_watch.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
repo.go Ensure that git daemon export ok is created for mirrors (#17243) (#17306) 2021-10-14 18:07:53 +02:00
review_test.go Ensure review dismissal only dismisses the correct review (#15477) 2021-04-15 11:03:11 +01:00
review.go Fix unwanted team review request deletion (#17257) (#17264) 2021-10-07 23:58:13 +02:00
session.go Fix DB session cleanup (#15697) 2021-05-01 22:51:03 -04:00
sql_postgres_with_schema.go Ensure that schema search path is set with every connection on postgres (#14131) 2021-01-02 10:07:43 +08:00
ssh_key_test.go Add support for ed25519_sk and ecdsa_sk SSH keys (#13462) 2021-01-20 20:36:55 +00:00
ssh_key.go Retry rename on lock induced failures (#16435) 2021-07-15 11:46:07 -04:00
star_test.go API add/generalize pagination (#9452) 2020-01-24 14:00:29 -05:00
star.go Save TimeStamps for Star, Label, Follow, Watch and Collaboration to Database (#13124) 2020-10-12 20:01:57 -04:00
task.go Add Status Updates whilst Gitea migrations are occurring (#15076) 2021-06-16 18:02:24 -04:00
test_fixtures.go Create Proper Migration Tests (#15116) 2021-03-24 19:27:22 +01:00
token_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
token.go Only check access tokens if they are likely to be tokens (#16164) 2021-06-16 00:29:25 +02:00
topic_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
topic.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
twofactor.go Use single shared random string generation function (#15741) 2021-05-10 07:45:17 +01:00
u2f_test.go Don't panic if we fail to parse U2FRegistration data (#17304) (#17371) 2021-10-20 21:45:17 +02:00
u2f.go Don't panic if we fail to parse U2FRegistration data (#17304) (#17371) 2021-10-20 21:45:17 +02:00
unit_tests.go Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
unit.go Kanban board (#8346) 2020-08-16 23:07:38 -04:00
update.go Remove Unused Functions (#10516) 2020-03-02 00:05:44 +02:00
upload.go Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) 2020-11-27 21:42:08 -05:00
user_avatar.go Send size to /avatars if requested (#15459) 2021-04-17 00:22:25 +02:00
user_follow_test.go Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
user_follow.go Save TimeStamps for Star, Label, Follow, Watch and Collaboration to Database (#13124) 2020-10-12 20:01:57 -04:00
user_heatmap_test.go Allow mocking timeutil (#17354) (#17356) 2021-10-18 16:48:23 -05:00
user_heatmap.go Fix heatmap activity (#15252) 2021-06-25 12:59:25 -04:00
user_mail_test.go Always store primary email address into email_address table and also the state (#15956) 2021-06-08 11:52:51 +08:00
user_mail.go Fix activation of primary email addresses (#16385) 2021-07-13 22:59:27 +02:00
user_openid_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
user_openid.go Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
user_redirect_test.go Redirect on changed user and org name (#11649) 2021-01-24 16:23:05 +01:00
user_redirect.go Redirect on changed user and org name (#11649) 2021-01-24 16:23:05 +01:00
user_test.go Make allowed Visiblity modes configurable for Users (#16271) 2021-06-27 19:47:35 +01:00
user.go Fix broken Activities link in team dashboard (#17255) (#17258) 2021-10-07 20:58:59 +02:00
userlist_test.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
userlist.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
webhook_test.go Refactor Webhook + Add X-Hub-Signature (#16176) 2021-06-27 20:21:09 +01:00
webhook.go Refactor Webhook + Add X-Hub-Signature (#16176) 2021-06-27 20:21:09 +01:00
wiki_test.go Move wiki related funtions from models to services/wiki (#9355) 2020-01-07 18:27:36 +00:00
wiki.go Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186) 2020-11-27 21:42:08 -05:00