Clarify permission "HasAccess" behavior (#30585)

Follow #30495 "HasAccess" behavior wasn't clear, to make it clear: * Use a new name `HasAnyUnitAccess`, it will be easier to review related code and permission problems. * Separate everyone access mode to a separate field, then all calls to HasAccess are reverted to old behavior before #30495. * Add new tests. --------- Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-20 11:15:04 +08:00 · 2024-04-20 11:15:04 +08:00 · 48d4580dd5
commit 48d4580dd5
parent 89e39872ff
13 changed files with 96 additions and 41 deletions
--- a/services/context/repo.go
+++ b/services/context/repo.go
@ -374,8 +374,7 @@ func repoAssignment(ctx *Context, repo *repo_model.Repository) {
 		return
 	}

-	// Check access.
-	if !ctx.Repo.Permission.HasAccess() {
+	if !ctx.Repo.Permission.HasAnyUnitAccessOrEveryoneAccess() {
 		if ctx.FormString("go-get") == "1" {
 			EarlyResponseForGoGetMeta(ctx)
 			return
--- a/services/convert/package.go
+++ b/services/convert/package.go
@ -21,7 +21,7 @@ func ToPackage(ctx context.Context, pd *packages.PackageDescriptor, doer *user_m
 			return nil, err
 		}

-		if permission.HasAccess() {
+		if permission.HasAnyUnitAccess() {
 			repo = ToRepo(ctx, pd.Repository, permission)
 		}
 	}
--- a/services/repository/delete.go
+++ b/services/repository/delete.go
@ -374,7 +374,7 @@ func removeRepositoryFromTeam(ctx context.Context, t *organization.Team, repo *r
 		return fmt.Errorf("GetTeamMembers: %w", err)
 	}
 	for _, member := range teamMembers {
-		has, err := access_model.HasAccess(ctx, member.ID, repo)
+		has, err := access_model.HasAnyUnitAccess(ctx, member.ID, repo)
 		if err != nil {
 			return err
 		} else if has {
--- a/services/repository/transfer.go
+++ b/services/repository/transfer.go
@ -387,7 +387,7 @@ func StartRepositoryTransfer(ctx context.Context, doer, newOwner *user_model.Use
 	}

 	// In case the new owner would not have sufficient access to the repo, give access rights for read
-	hasAccess, err := access_model.HasAccess(ctx, newOwner.ID, repo)
+	hasAccess, err := access_model.HasAnyUnitAccess(ctx, newOwner.ID, repo)
 	if err != nil {
 		return err
 	}
--- a/services/repository/transfer_test.go
+++ b/services/repository/transfer_test.go
@ -67,13 +67,13 @@ func TestStartRepositoryTransferSetPermission(t *testing.T) {
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3})
 	repo.Owner = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})

-	hasAccess, err := access_model.HasAccess(db.DefaultContext, recipient.ID, repo)
+	hasAccess, err := access_model.HasAnyUnitAccess(db.DefaultContext, recipient.ID, repo)
 	assert.NoError(t, err)
 	assert.False(t, hasAccess)

 	assert.NoError(t, StartRepositoryTransfer(db.DefaultContext, doer, recipient, repo, nil))

-	hasAccess, err = access_model.HasAccess(db.DefaultContext, recipient.ID, repo)
+	hasAccess, err = access_model.HasAnyUnitAccess(db.DefaultContext, recipient.ID, repo)
 	assert.NoError(t, err)
 	assert.True(t, hasAccess)