Commit Graph

16 Commits

Author SHA1 Message Date
6543
4c924bf43c
Limit org member view of restricted users (#32211)
currently restricted users can only see the repos of teams in orgs they
are part at.
they also should only see the users that are also part at the same team.


---
*Sponsored by Kithara Software GmbH*
2024-11-12 03:44:24 +00:00
yp05327
daf2a4c047
Fix wrong display of recently pushed notification (#25812)
There's a bug in #25715: 
If user pushed a commit into another repo with same branch name, the
no-related repo will display the recently pushed notification
incorrectly.
It is simple to fix this, we should match the repo id in the sql query.


![image](https://github.com/go-gitea/gitea/assets/18380374/9411a926-16f1-419e-a1b5-e953af38bab1)
The latest commit is 2 weeks ago.

![image](https://github.com/go-gitea/gitea/assets/18380374/52f9ab22-4999-43ac-a86f-6d36fb1e0411)

The notification comes from another repo with same branch name:

![image](https://github.com/go-gitea/gitea/assets/18380374/a26bc335-8e5b-4b9c-a965-c3dc3fa6f252)


After:
In forked repo:

![image](https://github.com/go-gitea/gitea/assets/18380374/ce6ffc35-deb7-4be7-8b09-184207392f32)
New PR Link will redirect to the original repo:

![image](https://github.com/go-gitea/gitea/assets/18380374/7b98e76f-0c75-494c-9462-80cf9f98e786)
In the original repo:

![image](https://github.com/go-gitea/gitea/assets/18380374/5f6a821b-e51a-4bbd-9980-d9eb94a3c847)
New PR Link:

![image](https://github.com/go-gitea/gitea/assets/18380374/1ce8c879-9f11-4312-8c32-695d7d9af0df)

In the same repo:

![image](https://github.com/go-gitea/gitea/assets/18380374/64b56073-4d0e-40c4-b8a0-80be7a775f69)
New PR Link:

![image](https://github.com/go-gitea/gitea/assets/18380374/96e1b6a3-fb98-40ee-b2ee-648039fb0dcf)

08/15 Update:
Follow #26257, added permission check and logic fix mentioned in
https://github.com/go-gitea/gitea/pull/26257#discussion_r1294085203


2024/04/25 Update:
Fix #30611

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-21 17:00:35 +00:00
Zettat123
c42083a339
Allow non-admin users to delete review requests (#29057)
Fix #14459

The following users can add/remove review requests of a PR
- the poster of the PR
- the owner or collaborators of the repository
- members with read permission on the pull requests unit
2024-02-24 12:38:43 +00:00
KN4CK3R
321383db22
Revert package access change from #23879 (#25707)
Fixes (?) #25538
Fixes https://codeberg.org/forgejo/forgejo/issues/972

Regression #23879

#23879 introduced a change which prevents read access to packages if a
user is not a member of an organization.

That PR also contained a change which disallows package access if the
team unit is configured with "no access" for packages. I don't think
this change makes sense (at the moment). It may be relevant for private
orgs. But for public or limited orgs that's useless because an
unauthorized user would have more access rights than the team member.
This PR restores the old behaviour "If a user has read access for an
owner, they can read packages".

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-09 13:00:07 +00:00
yp05327
bbf83f5d4b
Improve permission check of packages (#23879)
At first, we have one unified team unit permission which is called
`Team.Authorize` in DB.
But since https://github.com/go-gitea/gitea/pull/17811, we allowed
different units to have different permission.

The old code is only designed for the old version. So after #17811, if
org users have write permission of other units, but have no permission
of packages, they can also get write permission of packages.

Co-authored-by: delvh <dev.lh@web.de>
2023-04-06 22:18:29 +08:00
KN4CK3R
1b630ff7cd
Fix user visible check (#21210)
Fixes #21206

If user and viewer are equal the method should return true.
Also the common organization check was wrong as `count` can never be
less then 0.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-09-20 15:59:20 +08:00
Gusted
0b4c166e8a
Fix SQL Query for SearchTeam (#20844)
- Currently the function takes in the `UserID` option, but isn't being
used within the SQL query. This patch fixes that by checking that only
teams are being returned that the user belongs to.

Fix #20829

Co-authored-by: delvh <dev.lh@web.de>
2022-08-21 17:24:05 +01:00
Manush Dodunekov
1751d5fcf2 Restricted users (#6274)
* Restricted users (#4334): initial implementation

* Add User.IsRestricted & UI to edit it

* Pass user object instead of user id to places where IsRestricted flag matters

* Restricted users: maintain access rows for all referenced repos (incl public)

* Take logged in user & IsRestricted flag into account in org/repo listings, searches and accesses

* Add basic repo access tests for restricted users

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Mention restricted users in the faq

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Revert unnecessary change `.isUserPartOfOrg` -> `.IsUserPartOfOrg`

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Remove unnecessary `org.IsOrganization()` call

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Revert to an `int64` keyed `accessMap`

* Add type `userAccess`
* Add convenience func updateUserAccess()
* Turn accessMap into a `map[int64]userAccess`

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* or even better: `map[int64]*userAccess`

* updateUserAccess(): use tighter syntax as suggested by lafriks

* even tighter

* Avoid extra loop

* Don't disclose limited orgs to unauthenticated users

* Don't assume block only applies to orgs

* Use an array of `VisibleType` for filtering

* fix yet another thinko

* Ok - no need for u

* Revert "Ok - no need for u"

This reverts commit 5c3e886aab.

Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-01-13 18:33:46 +01:00
David Svantesson
69a255defb Team permission to create repository in organization (#8312)
* Add team permission setting to allow creating repo in organization.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add test case for creating repo when have team creation access.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* build error: should omit comparison to bool constant

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add comment on exported functions

* Fix fixture consistency, fix existing unit tests

* Fix boolean comparison in xorm query.

* addCollaborator and changeCollaborationAccessMode separate steps

More clear to use different if-cases.

* Create and commit xorm session

* fix

* Add information of create repo permission in team sidebar

* Add migration step

* Clarify that repository creator will be administrator.

* Fix some things after merge

* Fix language text that use html

* migrations file

* Create repository permission -> Create repositories

* fix merge

* fix review comments
2019-11-20 19:27:49 +08:00
Antoine GIRARD
76408d50fb org/members: display 2FA members states + optimize sql requests (#7621)
* org/members: display 2FA state

* fix comment typo

* lay down UserList bases

* add basic test for previous methods

* add comment for UserList type

* add valid two-fa account

* test new UserList methods

* optimize MembersIsPublic by side loading info on GetMembers + fix integrations tests

* respect fmt rules

* use map for data

* Optimize GetTwoFaStatus

* rewrite by using existing sub func

* Optimize IsUserOrgOwner

* remove un-used code

* tests: cover empty org + fix import order

* tests: add ErrTeamNotExist path

* tests: fix wrong expected result
2019-08-02 12:06:27 -04:00
Ethan Koenig
f48680888c Remove IsOwner, NumTeams from OrgUser (#3269) 2018-01-08 09:48:37 +02:00
Morlinest
ddb7f59ef4 Add search mode option to /api/repo/search (#2756)
* Add repo type option to /api/repo/search

* Add tests and fix result of collaborative filter in specific condition

* Fix/optimize search & tests

* Improve integration tests

* Fix lint errors

* Fix unit tests

* Change and improve internal implementation of repo search

* Use NonexistentID

* Make search api more general

* Change mirror and fork search behaviour

* Fix tests & typo in comment
2017-10-27 00:16:13 +03:00
Morlinest
ccd3577970 Fix repository search function (#2689)
* Fix and remove FIXME

* Respect membership visibility

* Fix/rewrite searchRepositoryByName function

* Add unit tests

* Add integration tests

* Remove Searcher completely

* Remove trailing space
2017-10-17 23:20:22 +08:00
Morlinest
ca68a75b5b Expand fixtures (#2571)
* Add more repo search tests

* Add and fix /api/repo/search integration tests

* Add owner to access table for organization repositories

* Remove tests
2017-09-22 13:51:16 +03:00
Ethan Koenig
a2412492da Unit tests and bug fix for models/org 2017-01-27 12:24:06 -05:00
Ethan Koenig
6072b03291 Unit tests for models/access.go (#606) 2017-01-08 11:10:53 +08:00