lunny/gitea
Archived
1
1
Fork 1
Code Issues 1.7k Pull Requests 154 Projects Releases 128 Wiki Activity

Small refactoring of modules/private #15947

Merged
KN4CK3R merged 9 commits from refactoring-private into main 2021-06-23 19:38:19 +00:00
Conversation 0 Commits 9 Files Changed 13 +185 -231
KN4CK3R commented 2021-05-22 12:29:29 +00:00 (Migrated from github.com)
Copy Link

as title

as title
lunny reviewed 2021-05-22 12:44:21 +00:00
routers/api/v1/repo/branch.go
lunny commented 2021-05-22 12:44:20 +00:00

If ctx.User == nil should not be removed.

If ctx.User == nil should not be removed.
KN4CK3R (Migrated from github.com) reviewed 2021-05-22 13:41:01 +00:00
routers/api/v1/repo/branch.go
KN4CK3R (Migrated from github.com) commented 2021-05-22 13:41:01 +00:00

Why? It's never called with nil. And even if it would be called the check is not logical there. It does not make a branch protected if the user is nil.

DeleteBranchPost redirects to the login page on anonymous acces.
The api DeleteBranch results in "user should have a permission to write to a repo".

Here it's covered by line 1450 and 1459:
77fa7146c6/routers/repo/issue.go (L1450-L1461)
Here it's covered by line 1160:
77fa7146c6/routers/repo/pull.go (L1155-L1193)

Why? It's never called with nil. And even if it would be called the check is not logical there. It does not make a branch protected if the user is nil. `DeleteBranchPost` redirects to the login page on anonymous acces. The api `DeleteBranch` results in "user should have a permission to write to a repo". Here it's covered by line 1450 and 1459: https://github.com/go-gitea/gitea/blob/77fa7146c6c7f9b1efdc06c24ef7d1f278871e13/routers/repo/issue.go#L1450-L1461 Here it's covered by line 1160: https://github.com/go-gitea/gitea/blob/77fa7146c6c7f9b1efdc06c24ef7d1f278871e13/routers/repo/pull.go#L1155-L1193
zeripath approved these changes 2021-05-22 14:41:21 +00:00
routers/api/v1/repo/branch.go
zeripath commented 2021-05-22 14:36:39 +00:00
Contributor

It's also enforced by reqRepoWriter(models.UnitTypeCode) at:

77fa7146c6/routers/api/v1/api.go (L757)

It's also enforced by `reqRepoWriter(models.UnitTypeCode)` at: https://github.com/go-gitea/gitea/blob/77fa7146c6c7f9b1efdc06c24ef7d1f278871e13/routers/api/v1/api.go#L757
lunny reviewed 2021-06-10 13:16:55 +00:00
routers/private/serv.go
@ -295,10 +281,9 @@ func ServCommand(ctx *context.PrivateContext) {
if repoExist && (mode > models.AccessModeRead || repo.IsPrivate || setting.Service.RequireSignInView) {
if key.Type == models.KeyTypeDeploy {
if deployKey.Mode < mode {
lunny commented 2021-06-10 13:16:55 +00:00

Maybe return 400 or 405

Maybe return 400 or 405
lunny reviewed 2021-06-10 13:17:21 +00:00
routers/private/serv.go
lunny commented 2021-06-10 13:17:21 +00:00

Notfound?

Notfound?
lunny reviewed 2021-06-10 13:17:38 +00:00
routers/private/serv.go
lunny commented 2021-06-10 13:17:38 +00:00

As above.

As above.
lunny reviewed 2021-06-11 05:44:58 +00:00
services/repository/branch.go
@ -28,3 +28,3 @@
isProtected, err := repo.IsProtectedBranch(branchName, doer)
isProtected, err := repo.IsProtectedBranch(branchName)
if err != nil {
lunny commented 2021-06-11 05:44:57 +00:00

Why doer removed?

Why `doer` removed?
KN4CK3R (Migrated from github.com) reviewed 2021-06-11 06:30:03 +00:00
services/repository/branch.go
@ -28,3 +28,3 @@
isProtected, err := repo.IsProtectedBranch(branchName, doer)
isProtected, err := repo.IsProtectedBranch(branchName)
if err != nil {
KN4CK3R (Migrated from github.com) commented 2021-06-11 06:30:03 +00:00

see https://github.com/go-gitea/gitea/pull/15947#pullrequestreview-666179378

see https://github.com/go-gitea/gitea/pull/15947#pullrequestreview-666179378
KN4CK3R (Migrated from github.com) reviewed 2021-06-11 06:58:47 +00:00
routers/private/serv.go
@ -295,10 +281,9 @@ func ServCommand(ctx *context.PrivateContext) {
if repoExist && (mode > models.AccessModeRead || repo.IsPrivate || setting.Service.RequireSignInView) {
if key.Type == models.KeyTypeDeploy {
if deployKey.Mode < mode {
KN4CK3R (Migrated from github.com) commented 2021-06-11 06:58:46 +00:00

In the end all different error codes result in Unauthorized:
daa5a23548/cmd/serv.go (L214-L218)

In the end all different error codes result in `Unauthorized`: https://github.com/go-gitea/gitea/blob/daa5a2354879a6dff93f431bc7e47670438995ac/cmd/serv.go#L214-L218
techknowlogick approved these changes 2021-06-23 19:08:44 +00:00
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
zeripath
techknowlogick
Labels
Clear labels   
backport/done

   
backport/v1.0

   
backport/v1.1

   
backport/v1.10

   
backport/v1.11

   
backport/v1.12

   
backport/v1.13

   
backport/v1.14

   
backport/v1.15

   
backport/v1.2

   
backport/v1.3

   
backport/v1.4

   
backport/v1.5

   
backport/v1.6

   
backport/v1.7

   
backport/v1.8

   
backport/v1.9

   
bounty

   
changelog

   
dependencies

Pull requests that update a dependency file

  
frontport/done

   
frontport/main

   
good first issue

Likely to be an easy fix

  
Hacktoberfest

   
hacktoberfest-accepted

   
in progress

   
kind/api

   
kind/breaking

   
kind/bug

   
kind/build

   
kind/deployment

   
kind/deprecated

   
kind/docs

   
kind/enhancement

   
kind/feature

   
kind/lint

   
kind/misc

   
kind/moderation

features for moderateing spam, abuse, ...

  
kind/package

   
kind/proposal

   
kind/question

   
kind/refactor

   
kind/regression

   
kind/security

   
kind/summary

   
kind/testing

   
kind/translation

   
kind/ui

   
kind/upstream-related

An issue that is caused by an upstream dependency

  
kind/usability

   
kind/ux

   
lgtm/done

   
lgtm/need 1

   
lgtm/need 2

   
performance/bigrepo

Performance Issues affecting Big Repositories

  
performance/cpu

   
performance/memory

Performance issues affecting memory use

  
performance/speed

performance issues with slow downs

  
priority/critical

   
priority/low

   
priority/maybe

   
priority/medium

   
proposal/rejected

   
reviewed/confirmed

Issue has been reviewed and confirmed to be present or accepted to be implemented

  
reviewed/duplicate

   
reviewed/fixed

A fix for this issue is already in the attached milestone

  
reviewed/invalid

   
reviewed/not-a-bug

The reported issue is the intended behavior

  
reviewed/wontfix

   
skip-changelog

   
stale

   
status/blocked

   
status/needs-feedback

   
status/wip

   
theme/2fa

   
theme/authentication

   
theme/avatar

   
theme/backup-restore

   
theme/docker

Docker themed issued

  
theme/federation

   
theme/issues

   
theme/kanban

   
theme/markdown

   
theme/migration

Migration issues

  
theme/mobile

   
theme/pr

   
theme/signing

   
theme/sqlite

   
theme/timetracker

   
theme/webhook

   
theme/wiki
No Label
backport/done
backport/v1.0
backport/v1.1
backport/v1.10
backport/v1.11
backport/v1.12
backport/v1.13
backport/v1.14
backport/v1.15
backport/v1.2
backport/v1.3
backport/v1.4
backport/v1.5
backport/v1.6
backport/v1.7
backport/v1.8
backport/v1.9
bounty
changelog
dependencies
frontport/done
frontport/main
good first issue
Hacktoberfest
hacktoberfest-accepted
in progress
kind/api
kind/breaking
kind/bug
kind/build
kind/deployment
kind/deprecated
kind/docs
kind/enhancement
kind/feature
kind/lint
kind/misc
kind/moderation
kind/package
kind/proposal
kind/question
kind/refactor
kind/regression
kind/security
kind/summary
kind/testing
kind/translation
kind/ui
kind/upstream-related
kind/usability
kind/ux
lgtm/done
lgtm/need 1
lgtm/need 2
performance/bigrepo
performance/cpu
performance/memory
performance/speed
priority/critical
priority/low
priority/maybe
priority/medium
proposal/rejected
reviewed/confirmed
reviewed/duplicate
reviewed/fixed
reviewed/invalid
reviewed/not-a-bug
reviewed/wontfix
skip-changelog
stale
status/blocked
status/needs-feedback
status/wip
theme/2fa
theme/authentication
theme/avatar
theme/backup-restore
theme/docker
theme/federation
theme/issues
theme/kanban
theme/markdown
theme/migration
theme/mobile
theme/pr
theme/signing
theme/sqlite
theme/timetracker
theme/webhook
theme/wiki
Milestone
Clear milestone
No items
No Milestone
1.15.0
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
3 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: lunny/gitea#15947
No description provided.
Delete Branch "refactoring-private"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?