Backport: Repo Transfer permission checks (#14792) (#14794)

* Backport: Repo Transfer permission checks (#14792)

* update tests
This commit is contained in:
6543 2021-02-25 08:49:27 +01:00 committed by GitHub
parent cdff144f76
commit edef62e69e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 39 additions and 3 deletions

View File

@ -445,7 +445,7 @@ func TestAPIRepoTransfer(t *testing.T) {
expectedStatus int expectedStatus int
}{ }{
{ctxUserID: 1, newOwner: "user2", teams: nil, expectedStatus: http.StatusAccepted}, {ctxUserID: 1, newOwner: "user2", teams: nil, expectedStatus: http.StatusAccepted},
{ctxUserID: 2, newOwner: "user1", teams: nil, expectedStatus: http.StatusAccepted}, {ctxUserID: 2, newOwner: "user1", teams: nil, expectedStatus: http.StatusForbidden},
{ctxUserID: 2, newOwner: "user6", teams: nil, expectedStatus: http.StatusForbidden}, {ctxUserID: 2, newOwner: "user6", teams: nil, expectedStatus: http.StatusForbidden},
{ctxUserID: 1, newOwner: "user2", teams: &[]int64{2}, expectedStatus: http.StatusUnprocessableEntity}, {ctxUserID: 1, newOwner: "user2", teams: &[]int64{2}, expectedStatus: http.StatusUnprocessableEntity},
{ctxUserID: 1, newOwner: "user3", teams: &[]int64{5}, expectedStatus: http.StatusForbidden}, {ctxUserID: 1, newOwner: "user3", teams: &[]int64{5}, expectedStatus: http.StatusForbidden},

View File

@ -93,7 +93,12 @@ func Transfer(ctx *context.APIContext, opts api.TransferRepoOption) {
} }
} }
if err = repo_service.TransferOwnership(ctx.User, newOwner, ctx.Repo.Repository, teams); err != nil { if err = repo_service.StartRepositoryTransfer(ctx.User, newOwner, ctx.Repo.Repository, teams); err != nil {
if models.IsErrCancelled(err) {
ctx.Error(http.StatusForbidden, "transfer", "user has no right to create repo for new owner")
return
}
ctx.InternalServerError(err) ctx.InternalServerError(err)
return return
} }

View File

@ -475,9 +475,12 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
ctx.Repo.GitRepo.Close() ctx.Repo.GitRepo.Close()
ctx.Repo.GitRepo = nil ctx.Repo.GitRepo = nil
} }
if err = repo_service.TransferOwnership(ctx.User, newOwner, repo, nil); err != nil { if err = repo_service.StartRepositoryTransfer(ctx.User, newOwner, repo, nil); err != nil {
if models.IsErrRepoAlreadyExist(err) { if models.IsErrRepoAlreadyExist(err) {
ctx.RenderWithErr(ctx.Tr("repo.settings.new_owner_has_same_repo"), tplSettingsOptions, nil) ctx.RenderWithErr(ctx.Tr("repo.settings.new_owner_has_same_repo"), tplSettingsOptions, nil)
} else if models.IsErrCancelled(err) {
// this err msg is not translated, since it was introduced in a backport
ctx.RenderWithErr("user has no right to create repo for new owner", tplSettingsOptions, nil)
} else { } else {
ctx.ServerError("TransferOwnership", err) ctx.ServerError("TransferOwnership", err)
} }

View File

@ -72,3 +72,31 @@ func ChangeRepositoryName(doer *models.User, repo *models.Repository, newRepoNam
return nil return nil
} }
// StartRepositoryTransfer transfer a repo from one owner to a new one.
// it make repository into pending transfer state, if doer can not create repo for new owner.
func StartRepositoryTransfer(doer, newOwner *models.User, repo *models.Repository, teams []*models.Team) error {
if repo.Status != models.RepositoryReady {
return fmt.Errorf("repository is not ready for transfer")
}
// Admin is always allowed to transfer
if doer.IsAdmin {
return TransferOwnership(doer, newOwner, repo, teams)
}
// If new owner is an org and user can create repos he can transfer directly too
if newOwner.IsOrganization() {
allowed, err := models.CanCreateOrgRepo(newOwner.ID, doer.ID)
if err != nil {
return err
}
if allowed {
return TransferOwnership(doer, newOwner, repo, teams)
}
}
// Block Transfer, new feature will come in v1.14.0
// https://github.com/go-gitea/gitea/pull/14792
return models.ErrCancelled{}
}