From eebd5aa32bac4540ac9ac1170c02f0ea30fe0f4d Mon Sep 17 00:00:00 2001 From: zouap Date: Thu, 5 Aug 2021 16:32:31 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E9=A1=B9=E7=9B=AE?= =?UTF-8?q?=E5=88=9B=E5=BB=BA=E8=80=85=E4=B8=8D=E8=83=BD=E4=B8=8B=E8=BD=BD?= =?UTF-8?q?=20=E5=8D=8F=E4=BD=9C=E8=80=85=E4=B8=8A=E4=BC=A0=E7=9A=84?= =?UTF-8?q?=E7=A7=81=E6=9C=89=E6=95=B0=E6=8D=AE=E9=9B=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zouap --- routers/repo/attachment.go | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/routers/repo/attachment.go b/routers/repo/attachment.go index ed9f7c47e..cdb73c8a0 100755 --- a/routers/repo/attachment.go +++ b/routers/repo/attachment.go @@ -152,6 +152,7 @@ func DownloadUserIsOrgOrCollaboration(ctx *context.Context, attach *models.Attac } else { repo.GetOwner() if ctx.User != nil { + if repo.Owner.IsOrganization() { if repo.Owner.IsUserPartOfOrg(ctx.User.ID) { log.Info("org user may visit the attach.") @@ -177,6 +178,7 @@ func GetAttachment(ctx *context.Context) { ctx.ServerError("checkTypeCloudBrain failed", err) return } + attach, err := models.GetAttachmentByUUID(ctx.Params(":uuid")) if err != nil { if models.IsErrAttachmentNotExist(err) { @@ -186,22 +188,31 @@ func GetAttachment(ctx *context.Context) { } return } + repository, unitType, err := attach.LinkedRepository() if err != nil { ctx.ServerError("LinkedRepository", err) return } + dataSet, err := attach.LinkedDataSet() + + if repository == nil && dataSet != nil { + repository, _ = models.GetRepositoryByID(dataSet.RepoID) + unitType = models.UnitTypeDatasets + } + if repository == nil { //If not linked //if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && attach.IsPrivate { //We block if not the uploader + //log.Info("ctx.IsSigned =" + fmt.Sprintf("%v", ctx.IsSigned)) if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && attach.IsPrivate && !DownloadUserIsOrgOrCollaboration(ctx, attach) { //We block if not the uploader ctx.Error(http.StatusNotFound) return } } else { //If we have the repository we check access - perm, err := models.GetUserRepoPermission(repository, ctx.User) - if err != nil { - ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error()) + perm, errPermission := models.GetUserRepoPermission(repository, ctx.User) + if errPermission != nil { + ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", errPermission.Error()) return } if !perm.CanRead(unitType) { @@ -209,12 +220,11 @@ func GetAttachment(ctx *context.Context) { return } } - dataSet, err := attach.LinkedDataSet() + //dataSet, err := attach.LinkedDataSet() if err != nil { ctx.ServerError("LinkedDataSet", err) return } - if dataSet != nil { isPermit, err := models.GetUserDataSetPermission(dataSet, ctx.User) if err != nil { From 495addb579311ca31b46398b34db55a1f766a5e4 Mon Sep 17 00:00:00 2001 From: zouap Date: Thu, 5 Aug 2021 16:50:27 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E6=9F=A5=E8=AF=A2=E6=95=B0=E6=8D=AE?= =?UTF-8?q?=E9=9B=86=E7=9A=84=E9=94=99=E8=AF=AF=E5=88=A4=E6=96=AD=E9=80=BB?= =?UTF-8?q?=E8=BE=91=E5=BE=80=E4=B8=8A=E6=8F=90=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zouap --- routers/repo/attachment.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/routers/repo/attachment.go b/routers/repo/attachment.go index cdb73c8a0..fea7a3384 100755 --- a/routers/repo/attachment.go +++ b/routers/repo/attachment.go @@ -195,6 +195,10 @@ func GetAttachment(ctx *context.Context) { return } dataSet, err := attach.LinkedDataSet() + if err != nil { + ctx.ServerError("LinkedDataSet", err) + return + } if repository == nil && dataSet != nil { repository, _ = models.GetRepositoryByID(dataSet.RepoID) @@ -220,11 +224,7 @@ func GetAttachment(ctx *context.Context) { return } } - //dataSet, err := attach.LinkedDataSet() - if err != nil { - ctx.ServerError("LinkedDataSet", err) - return - } + if dataSet != nil { isPermit, err := models.GetUserDataSetPermission(dataSet, ctx.User) if err != nil {