fix admin lost permission caused by #947 (#1753)

bkcsoft · web-flow · commit 281a0389c10b · 2017-05-19T12:10:17.000+02:00
diff --git a/cmd/serv.go b/cmd/serv.go
@@ -250,7 +250,7 @@ func runServ(c *cli.Context) error {
 					user.Name, requestedMode, repoPath)
 			}
 
-			if !repo.CheckUnitUser(user.ID, unitType) {
+			if !repo.CheckUnitUser(user.ID, user.IsAdmin, unitType) {
 				fail("You do not have allowed for this action",
 					"User %s does not have allowed access to repository %s 's code",
 					user.Name, repoPath)
diff --git a/models/repo.go b/models/repo.go
@@ -330,8 +330,8 @@ func (repo *Repository) getUnits(e Engine) (err error) {
 }
 
 // CheckUnitUser check whether user could visit the unit of this repository
-func (repo *Repository) CheckUnitUser(userID int64, unitType UnitType) bool {
-	if err := repo.getUnitsByUserID(x, userID); err != nil {
+func (repo *Repository) CheckUnitUser(userID int64, isAdmin bool, unitType UnitType) bool {
+	if err := repo.getUnitsByUserID(x, userID, isAdmin); err != nil {
 		return false
 	}
 
@@ -344,11 +344,11 @@ func (repo *Repository) CheckUnitUser(userID int64, unitType UnitType) bool {
 }
 
 // LoadUnitsByUserID loads units according userID's permissions
-func (repo *Repository) LoadUnitsByUserID(userID int64) error {
-	return repo.getUnitsByUserID(x, userID)
+func (repo *Repository) LoadUnitsByUserID(userID int64, isAdmin bool) error {
+	return repo.getUnitsByUserID(x, userID, isAdmin)
 }
 
-func (repo *Repository) getUnitsByUserID(e Engine, userID int64) (err error) {
+func (repo *Repository) getUnitsByUserID(e Engine, userID int64, isAdmin bool) (err error) {
 	if repo.Units != nil {
 		return nil
 	}
@@ -358,7 +358,7 @@ func (repo *Repository) getUnitsByUserID(e Engine, userID int64) (err error) {
 		return err
 	}
 
-	if !repo.Owner.IsOrganization() || userID == 0 {
+	if !repo.Owner.IsOrganization() || userID == 0 || isAdmin {
 		return nil
 	}
 
diff --git a/modules/context/repo.go b/modules/context/repo.go
@@ -496,11 +496,16 @@ func RequireRepoWriter() macaron.Handler {
 // LoadRepoUnits loads repsitory's units, it should be called after repository and user loaded
 func LoadRepoUnits() macaron.Handler {
 	return func(ctx *Context) {
+		var isAdmin bool
+		if ctx.User != nil && ctx.User.IsAdmin {
+			isAdmin = true
+		}
+
 		var userID int64
 		if ctx.User != nil {
 			userID = ctx.User.ID
 		}
-		err := ctx.Repo.Repository.LoadUnitsByUserID(userID)
+		err := ctx.Repo.Repository.LoadUnitsByUserID(userID, isAdmin)
 		if err != nil {
 			ctx.Handle(500, "LoadUnitsByUserID", err)
 			return
diff --git a/routers/repo/http.go b/routers/repo/http.go
@@ -206,7 +206,7 @@ func HTTP(ctx *context.Context) {
 			}
 		}
 
-		if !repo.CheckUnitUser(authUser.ID, unitType) {
+		if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {
 			ctx.HandleText(http.StatusForbidden, fmt.Sprintf("User %s does not have allowed access to repository %s 's code",
 				authUser.Name, repo.RepoPath()))
 			return

Original file line number	Diff line number	Diff line change
`@@ -250,7 +250,7 @@ func runServ(c *cli.Context) error {`
`250`	`250`	`user.Name, requestedMode, repoPath)`
`251`	`251`	`}`
`252`	`252`
`253`		`- if !repo.CheckUnitUser(user.ID, unitType) {`
	`253`	`+ if !repo.CheckUnitUser(user.ID, user.IsAdmin, unitType) {`
`254`	`254`	`fail("You do not have allowed for this action",`
`255`	`255`	`"User %s does not have allowed access to repository %s 's code",`
`256`	`256`	`user.Name, repoPath)`
Original file line number	Diff line number	Diff line change
`@@ -330,8 +330,8 @@ func (repo *Repository) getUnits(e Engine) (err error) {`
`330`	`330`	`}`
`331`	`331`
`332`	`332`	`// CheckUnitUser check whether user could visit the unit of this repository`
`333`		`-func (repo *Repository) CheckUnitUser(userID int64, unitType UnitType) bool {`
`334`		`- if err := repo.getUnitsByUserID(x, userID); err != nil {`
	`333`	`+func (repo *Repository) CheckUnitUser(userID int64, isAdmin bool, unitType UnitType) bool {`
	`334`	`+ if err := repo.getUnitsByUserID(x, userID, isAdmin); err != nil {`
`335`	`335`	`return false`
`336`	`336`	`}`
`337`	`337`
`@@ -344,11 +344,11 @@ func (repo *Repository) CheckUnitUser(userID int64, unitType UnitType) bool {`
`344`	`344`	`}`
`345`	`345`
`346`	`346`	`// LoadUnitsByUserID loads units according userID's permissions`
`347`		`-func (repo *Repository) LoadUnitsByUserID(userID int64) error {`
`348`		`- return repo.getUnitsByUserID(x, userID)`
	`347`	`+func (repo *Repository) LoadUnitsByUserID(userID int64, isAdmin bool) error {`
	`348`	`+ return repo.getUnitsByUserID(x, userID, isAdmin)`
`349`	`349`	`}`
`350`	`350`
`351`		`-func (repo *Repository) getUnitsByUserID(e Engine, userID int64) (err error) {`
	`351`	`+func (repo *Repository) getUnitsByUserID(e Engine, userID int64, isAdmin bool) (err error) {`
`352`	`352`	`if repo.Units != nil {`
`353`	`353`	`return nil`
`354`	`354`	`}`
`@@ -358,7 +358,7 @@ func (repo *Repository) getUnitsByUserID(e Engine, userID int64) (err error) {`
`358`	`358`	`return err`
`359`	`359`	`}`
`360`	`360`
`361`		`- if !repo.Owner.IsOrganization() \|\| userID == 0 {`
	`361`	`+ if !repo.Owner.IsOrganization() \|\| userID == 0 \|\| isAdmin {`
`362`	`362`	`return nil`
`363`	`363`	`}`
`364`	`364`
Original file line number	Diff line number	Diff line change
`@@ -206,7 +206,7 @@ func HTTP(ctx *context.Context) {`
`206`	`206`	`}`
`207`	`207`	`}`
`208`	`208`
`209`		`- if !repo.CheckUnitUser(authUser.ID, unitType) {`
	`209`	`+ if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {`
`210`	`210`	`ctx.HandleText(http.StatusForbidden, fmt.Sprintf("User %s does not have allowed access to repository %s 's code",`
`211`	`211`	`authUser.Name, repo.RepoPath()))`
`212`	`212`	`return`