Correctly check http git access rights for reverse proxy authorized users (#3721)

tokarchuk/v1.17
Lauris BH 7 years ago committed by Lunny Xiao
parent 4c6e170ceb
commit ab5cc6f3a9
  1. 40
      routers/repo/http.go

@ -184,33 +184,33 @@ func HTTP(ctx *context.Context) {
return
}
}
}
if !isPublicPull {
has, err := models.HasAccess(authUser.ID, repo, accessMode)
if err != nil {
ctx.ServerError("HasAccess", err)
return
} else if !has {
if accessMode == models.AccessModeRead {
has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite)
if err != nil {
ctx.ServerError("HasAccess2", err)
return
} else if !has {
ctx.HandleText(http.StatusForbidden, "User permission denied")
return
}
} else {
if !isPublicPull {
has, err := models.HasAccess(authUser.ID, repo, accessMode)
if err != nil {
ctx.ServerError("HasAccess", err)
return
} else if !has {
if accessMode == models.AccessModeRead {
has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite)
if err != nil {
ctx.ServerError("HasAccess2", err)
return
} else if !has {
ctx.HandleText(http.StatusForbidden, "User permission denied")
return
}
}
if !isPull && repo.IsMirror {
ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
} else {
ctx.HandleText(http.StatusForbidden, "User permission denied")
return
}
}
if !isPull && repo.IsMirror {
ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
return
}
}
if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {

Loading…
Cancel
Save