models/access: hasAccess only need userID not user object

2025-12-20 15:20:01 +01:00 · 2017-02-23 16:15:25 -05:00
parent 3c0d162961
commit b78e03934d
14 changed files with 41 additions and 33 deletions
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -199,7 +199,7 @@ func runServ(c *cli.Context) error {
 				fail("Internal error", "Fail to get user by key ID '%d': %v", key.ID, err)
 			}
-			mode, err := models.AccessLevel(user, repo)
+			mode, err := models.AccessLevel(user.ID, repo)
 			if err != nil {
 				fail("Internal error", "Fail to check access: %v", err)
 			}
--- a/gogs.go
+++ b/gogs.go
@@ -16,7 +16,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
-const APP_VER = "0.9.166.0223 / 0.10 RC"
+const APP_VER = "0.9.167.0223 / 0.10 RC"
 func init() {
 	setting.AppVer = APP_VER
--- a/models/access.go
+++ b/models/access.go
@@ -57,41 +57,45 @@ type Access struct {
 	Mode   AccessMode
 }
-func accessLevel(e Engine, u *User, repo *Repository) (AccessMode, error) {
+func accessLevel(e Engine, userID int64, repo *Repository) (AccessMode, error) {
 	mode := ACCESS_MODE_NONE
 	// Everyone has read access to public repository
 	if !repo.IsPrivate {
 		mode = ACCESS_MODE_READ
 	}
-	if u == nil {
+	if userID <= 0 {
 		return mode, nil
 	}
-	if u.ID == repo.OwnerID {
+	if userID == repo.OwnerID {
 		return ACCESS_MODE_OWNER, nil
 	}
-	a := &Access{UserID: u.ID, RepoID: repo.ID}
+	access := &Access{
-	if has, err := e.Get(a); !has || err != nil {
+		UserID: userID,
 		RepoID: repo.ID,
 	}
 	if has, err := e.Get(access); !has || err != nil {
 		return mode, err
 	}
-	return a.Mode, nil
+	return access.Mode, nil
 }
 // AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
-// user does not have access. User can be nil!
+// user does not have access.
-func AccessLevel(u *User, repo *Repository) (AccessMode, error) {
+func AccessLevel(userID int64, repo *Repository) (AccessMode, error) {
-	return accessLevel(x, u, repo)
+	return accessLevel(x, userID, repo)
 }
-func hasAccess(e Engine, u *User, repo *Repository, testMode AccessMode) (bool, error) {
+func hasAccess(e Engine, userID int64, repo *Repository, testMode AccessMode) (bool, error) {
-	mode, err := accessLevel(e, u, repo)
+	mode, err := accessLevel(e, userID, repo)
 	return mode >= testMode, err
 }
 // HasAccess returns true if someone has the request access level. User can be nil!
-func HasAccess(u *User, repo *Repository, testMode AccessMode) (bool, error) {
+func HasAccess(userID int64, repo *Repository, testMode AccessMode) (bool, error) {
-	return hasAccess(x, u, repo, testMode)
+	return hasAccess(x, userID, repo, testMode)
 }
 // GetRepositoryAccesses finds all repositories with their access mode where a user has access but does not own.
--- a/models/issue.go
+++ b/models/issue.go
@@ -618,7 +618,7 @@ func newIssue(e *xorm.Session, opts NewIssueOptions) (err error) {
 		// Assume assignee is invalid and drop silently.
 		opts.Issue.AssigneeID = 0
 		if assignee != nil {
-			valid, err := hasAccess(e, assignee, opts.Repo, ACCESS_MODE_READ)
+			valid, err := hasAccess(e, assignee.ID, opts.Repo, ACCESS_MODE_READ)
 			if err != nil {
 				return fmt.Errorf("hasAccess [user_id: %d, repo_id: %d]: %v", assignee.ID, opts.Repo.ID, err)
 			}
--- a/models/org_team.go
+++ b/models/org_team.go
@@ -166,15 +166,15 @@ func (t *Team) removeRepository(e Engine, repo *Repository, recalculate bool) (e
 	if err = t.getMembers(e); err != nil {
 		return fmt.Errorf("get team members: %v", err)
 	}
-	for _, u := range t.Members {
+	for _, member := range t.Members {
-		has, err := hasAccess(e, u, repo, ACCESS_MODE_READ)
+		has, err := hasAccess(e, member.ID, repo, ACCESS_MODE_READ)
 		if err != nil {
 			return err
 		} else if has {
 			continue
 		}
-		if err = watchRepo(e, u.ID, repo.ID, false); err != nil {
+		if err = watchRepo(e, member.ID, repo.ID, false); err != nil {
 			return err
 		}
 	}
--- a/models/repo.go
+++ b/models/repo.go
@@ -419,8 +419,8 @@ func (repo *Repository) ComposeCompareURL(oldCommitID, newCommitID string) strin
 	return fmt.Sprintf("%s/%s/compare/%s...%s", repo.MustOwner().Name, repo.Name, oldCommitID, newCommitID)
 }
-func (repo *Repository) HasAccess(u *User) bool {
+func (repo *Repository) HasAccess(userID int64) bool {
-	has, _ := HasAccess(u, repo, ACCESS_MODE_READ)
+	has, _ := HasAccess(userID, repo, ACCESS_MODE_READ)
 	return has
 }
--- a/models/ssh_key.go
+++ b/models/ssh_key.go
@@ -736,7 +736,7 @@ func DeleteDeployKey(doer *User, id int64) error {
 		if err != nil {
 			return fmt.Errorf("GetRepositoryByID: %v", err)
 		}
-		yes, err := HasAccess(doer, repo, ACCESS_MODE_ADMIN)
+		yes, err := HasAccess(doer.ID, repo, ACCESS_MODE_ADMIN)
 		if err != nil {
 			return fmt.Errorf("HasAccess: %v", err)
 		} else if !yes {
--- a/models/user.go
+++ b/models/user.go
@@ -385,18 +385,18 @@ func (u *User) DeleteAvatar() error {
 // IsAdminOfRepo returns true if user has admin or higher access of repository.
 func (u *User) IsAdminOfRepo(repo *Repository) bool {
-	has, err := HasAccess(u, repo, ACCESS_MODE_ADMIN)
+	has, err := HasAccess(u.ID, repo, ACCESS_MODE_ADMIN)
 	if err != nil {
-		log.Error(3, "HasAccess: %v", err)
+		log.Error(2, "HasAccess: %v", err)
 	}
 	return has
 }
 // IsWriterOfRepo returns true if user has write access to given repository.
 func (u *User) IsWriterOfRepo(repo *Repository) bool {
-	has, err := HasAccess(u, repo, ACCESS_MODE_WRITE)
+	has, err := HasAccess(u.ID, repo, ACCESS_MODE_WRITE)
 	if err != nil {
-		log.Error(3, "HasAccess: %v", err)
+		log.Error(2, "HasAccess: %v", err)
 	}
 	return has
 }
@@ -911,7 +911,7 @@ func GetUserByID(id int64) (*User, error) {
 // GetAssigneeByID returns the user with write access of repository by given ID.
 func GetAssigneeByID(repo *Repository, userID int64) (*User, error) {
-	has, err := HasAccess(&User{ID: userID}, repo, ACCESS_MODE_READ)
+	has, err := HasAccess(userID, repo, ACCESS_MODE_READ)
 	if err != nil {
 		return nil, err
 	} else if !has {
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@@ -206,7 +206,11 @@ func RepoAssignment(args ...bool) macaron.Handler {
 		if ctx.IsSigned && ctx.User.IsAdmin {
 			ctx.Repo.AccessMode = models.ACCESS_MODE_OWNER
 		} else {
-			mode, err := models.AccessLevel(ctx.User, repo)
+			var userID int64
 			if ctx.IsSigned {
 				userID = ctx.User.ID
 			}
 			mode, err := models.AccessLevel(userID, repo)
 			if err != nil {
 				ctx.Handle(500, "AccessLevel", err)
 				return
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -65,7 +65,7 @@ func repoAssignment() macaron.Handler {
 		if ctx.IsSigned && ctx.User.IsAdmin {
 			ctx.Repo.AccessMode = models.ACCESS_MODE_OWNER
 		} else {
-			mode, err := models.AccessLevel(ctx.User, repo)
+			mode, err := models.AccessLevel(ctx.User.ID, repo)
 			if err != nil {
 				ctx.Error(500, "AccessLevel", err)
 				return
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -127,7 +127,7 @@ func HTTPContexter() macaron.Handler {
 		if isPull {
 			mode = models.ACCESS_MODE_READ
 		}
-		has, err := models.HasAccess(authUser, repo, mode)
+		has, err := models.HasAccess(authUser.ID, repo, mode)
 		if err != nil {
 			ctx.Handle(http.StatusInternalServerError, "HasAccess", err)
 			return
--- a/routers/repo/pull.go
+++ b/routers/repo/pull.go
@@ -49,7 +49,7 @@ func getForkRepository(ctx *context.Context) *models.Repository {
 		return nil
 	}
-	if !forkRepo.CanBeForked() || !forkRepo.HasAccess(ctx.User) {
+	if !forkRepo.CanBeForked() || !forkRepo.HasAccess(ctx.User.ID) {
 		ctx.Handle(404, "getForkRepository", nil)
 		return nil
 	}
--- a/routers/user/home.go
+++ b/routers/user/home.go
@@ -293,7 +293,7 @@ func Issues(ctx *context.Context) {
 		}
 		// Check if user has access to given repository.
-		if !repo.IsOwnedBy(ctxUser.ID) && !repo.HasAccess(ctxUser) {
+		if !repo.IsOwnedBy(ctxUser.ID) && !repo.HasAccess(ctxUser.ID) {
 			ctx.Handle(404, "Issues", fmt.Errorf("#%d", repoID))
 			return
 		}
--- a/templates/.VERSION
+++ b/templates/.VERSION
@@ -1 +1 @@
-0.9.166.0223 / 0.10 RC
+0.9.167.0223 / 0.10 RC
		`@@ -1 +1 @@`
			`0.9.166.0223 / 0.10 RC`				`0.9.167.0223 / 0.10 RC`