Correctly check http git access rights for reverse proxy authorized users (#3721)

This commit is contained in:
Lauris BH 2018-03-29 04:39:51 +03:00 committed by Lunny Xiao
parent 4c6e170ceb
commit ab5cc6f3a9

View file

@ -184,33 +184,33 @@ func HTTP(ctx *context.Context) {
return
}
}
}
if !isPublicPull {
has, err := models.HasAccess(authUser.ID, repo, accessMode)
if err != nil {
ctx.ServerError("HasAccess", err)
return
} else if !has {
if accessMode == models.AccessModeRead {
has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite)
if err != nil {
ctx.ServerError("HasAccess2", err)
return
} else if !has {
ctx.HandleText(http.StatusForbidden, "User permission denied")
return
}
} else {
if !isPublicPull {
has, err := models.HasAccess(authUser.ID, repo, accessMode)
if err != nil {
ctx.ServerError("HasAccess", err)
return
} else if !has {
if accessMode == models.AccessModeRead {
has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite)
if err != nil {
ctx.ServerError("HasAccess2", err)
return
} else if !has {
ctx.HandleText(http.StatusForbidden, "User permission denied")
return
}
}
if !isPull && repo.IsMirror {
ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
} else {
ctx.HandleText(http.StatusForbidden, "User permission denied")
return
}
}
if !isPull && repo.IsMirror {
ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
return
}
}
if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {