Allow users with explicit read access to give approvals (#8382)

tokarchuk/v1.17
guillep2k 5 years ago committed by techknowlogick
parent 736ad8f091
commit 4843723d00
  1. 23
      models/branches.go
  2. 13
      models/repo.go
  3. 4
      routers/repo/setting_protected_branch.go

@ -195,7 +195,7 @@ func UpdateProtectBranch(repo *Repository, protectBranch *ProtectedBranch, opts
} }
protectBranch.MergeWhitelistUserIDs = whitelist protectBranch.MergeWhitelistUserIDs = whitelist
whitelist, err = updateUserWhitelist(repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs) whitelist, err = updateApprovalWhitelist(repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
if err != nil { if err != nil {
return err return err
} }
@ -301,6 +301,27 @@ func (repo *Repository) IsProtectedBranchForMerging(pr *PullRequest, branchName
return false, nil return false, nil
} }
// updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with
// the users from newWhitelist which have explicit read or write access to the repo.
func updateApprovalWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
if !hasUsersChanged {
return currentWhitelist, nil
}
whitelist = make([]int64, 0, len(newWhitelist))
for _, userID := range newWhitelist {
if reader, err := repo.IsReader(userID); err != nil {
return nil, err
} else if !reader {
continue
}
whitelist = append(whitelist, userID)
}
return
}
// updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with // updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with
// the users from newWhitelist which have write access to the repo. // the users from newWhitelist which have write access to the repo.
func updateUserWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) { func updateUserWhitelist(repo *Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {

@ -735,11 +735,24 @@ func (repo *Repository) CanEnableEditor() bool {
return !repo.IsMirror return !repo.IsMirror
} }
// GetReaders returns all users that have explicit read access or higher to the repository.
func (repo *Repository) GetReaders() (_ []*User, err error) {
return repo.getUsersWithAccessMode(x, AccessModeRead)
}
// GetWriters returns all users that have write access to the repository. // GetWriters returns all users that have write access to the repository.
func (repo *Repository) GetWriters() (_ []*User, err error) { func (repo *Repository) GetWriters() (_ []*User, err error) {
return repo.getUsersWithAccessMode(x, AccessModeWrite) return repo.getUsersWithAccessMode(x, AccessModeWrite)
} }
// IsReader returns true if user has explicit read access or higher to the repository.
func (repo *Repository) IsReader(userID int64) (bool, error) {
if repo.OwnerID == userID {
return true, nil
}
return x.Where("repo_id = ? AND user_id = ? AND mode >= ?", repo.ID, userID, AccessModeRead).Get(&Access{})
}
// getUsersWithAccessMode returns users that have at least given access mode to the repository. // getUsersWithAccessMode returns users that have at least given access mode to the repository.
func (repo *Repository) getUsersWithAccessMode(e Engine, mode AccessMode) (_ []*User, err error) { func (repo *Repository) getUsersWithAccessMode(e Engine, mode AccessMode) (_ []*User, err error) {
if err = repo.getOwner(e); err != nil { if err = repo.getOwner(e); err != nil {

@ -117,9 +117,9 @@ func SettingsProtectedBranch(c *context.Context) {
} }
} }
users, err := c.Repo.Repository.GetWriters() users, err := c.Repo.Repository.GetReaders()
if err != nil { if err != nil {
c.ServerError("Repo.Repository.GetWriters", err) c.ServerError("Repo.Repository.GetReaders", err)
return return
} }
c.Data["Users"] = users c.Data["Users"] = users

Loading…
Cancel
Save