Correctly check http git access rights for reverse proxy authorized users (#3721)

This commit is contained in:
Lauris BH 2018-03-29 04:39:51 +03:00 committed by Lunny Xiao
parent 4c6e170ceb
commit ab5cc6f3a9

View File

@ -184,33 +184,33 @@ func HTTP(ctx *context.Context) {
return return
} }
} }
}
if !isPublicPull { if !isPublicPull {
has, err := models.HasAccess(authUser.ID, repo, accessMode) has, err := models.HasAccess(authUser.ID, repo, accessMode)
if err != nil { if err != nil {
ctx.ServerError("HasAccess", err) ctx.ServerError("HasAccess", err)
return return
} else if !has { } else if !has {
if accessMode == models.AccessModeRead { if accessMode == models.AccessModeRead {
has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite) has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite)
if err != nil { if err != nil {
ctx.ServerError("HasAccess2", err) ctx.ServerError("HasAccess2", err)
return return
} else if !has { } else if !has {
ctx.HandleText(http.StatusForbidden, "User permission denied")
return
}
} else {
ctx.HandleText(http.StatusForbidden, "User permission denied") ctx.HandleText(http.StatusForbidden, "User permission denied")
return return
} }
} } else {
ctx.HandleText(http.StatusForbidden, "User permission denied")
if !isPull && repo.IsMirror {
ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
return return
} }
} }
if !isPull && repo.IsMirror {
ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
return
}
} }
if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) { if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {