perms.go 2.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
  1. // Copyright 2020 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package db
  5. import (
  6. "strings"
  7. "github.com/jinzhu/gorm"
  8. log "unknwon.dev/clog/v2"
  9. )
  10. // PermsStore is the persistent interface for permissions.
  11. //
  12. // NOTE: All methods are sorted in alphabetical order.
  13. type PermsStore interface {
  14. // AccessMode returns the access mode of given user has to the repository.
  15. AccessMode(userID int64, repo *Repository) AccessMode
  16. // Authorize returns true if the user has as good as desired access mode to the repository.
  17. Authorize(userID int64, repo *Repository, desired AccessMode) bool
  18. // SetRepoPerms does a full update to which users have which level of access to given repository.
  19. // Keys of the "accessMap" are user IDs.
  20. SetRepoPerms(repoID int64, accessMap map[int64]AccessMode) error
  21. }
  22. var Perms PermsStore
  23. var _ PermsStore = (*perms)(nil)
  24. type perms struct {
  25. *gorm.DB
  26. }
  27. func (db *perms) AccessMode(userID int64, repo *Repository) (mode AccessMode) {
  28. if repo == nil {
  29. return AccessModeNone
  30. }
  31. // Everyone has read access to public repository.
  32. if !repo.IsPrivate {
  33. mode = AccessModeRead
  34. }
  35. // Anonymous user gets the default access.
  36. if userID <= 0 {
  37. return mode
  38. }
  39. if userID == repo.OwnerID {
  40. return AccessModeOwner
  41. }
  42. access := new(Access)
  43. err := db.Where("user_id = ? AND repo_id = ?", userID, repo.ID).First(access).Error
  44. if err != nil {
  45. if !gorm.IsRecordNotFoundError(err){
  46. log.Error("Failed to get access [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)
  47. }
  48. return mode
  49. }
  50. return access.Mode
  51. }
  52. func (db *perms) Authorize(userID int64, repo *Repository, desired AccessMode) bool {
  53. return desired <= db.AccessMode(userID, repo)
  54. }
  55. func (db *perms) SetRepoPerms(repoID int64, accessMap map[int64]AccessMode) error {
  56. vals := make([]string, 0, len(accessMap))
  57. items := make([]interface{}, 0, len(accessMap)*3)
  58. for userID, mode := range accessMap {
  59. vals = append(vals, "(?, ?, ?)")
  60. items = append(items, userID, repoID, mode)
  61. }
  62. return db.Transaction(func(tx *gorm.DB) error {
  63. err := tx.Where("repo_id = ?", repoID).Delete(new(Access)).Error
  64. if err != nil {
  65. return err
  66. }
  67. sql := "INSERT INTO access (user_id, repo_id, mode) VALUES " + strings.Join(vals, ", ")
  68. return tx.Exec(sql, items...).Error
  69. })
  70. }