Browse Source
Merge pull request '修改项目创建者不能下载 协作者上传的私有数据集' (#206) from zouanp into V20210731.patch
Reviewed-on: https://git.openi.org.cn/OpenI/aiforge/pulls/206pull/217/head
lewis
3 years ago
1 changed files with 18 additions and 8 deletions
Unified View
Diff Options
-
+18 -8routers/repo/attachment.go
+ 18
- 8
routers/repo/attachment.go
View File
| @@ -152,6 +152,7 @@ func DownloadUserIsOrgOrCollaboration(ctx *context.Context, attach *models.Attac | |||||
| } else { | } else { | ||||
| repo.GetOwner() | repo.GetOwner() | ||||
| if ctx.User != nil { | if ctx.User != nil { | ||||
| if repo.Owner.IsOrganization() { | if repo.Owner.IsOrganization() { | ||||
| if repo.Owner.IsUserPartOfOrg(ctx.User.ID) { | if repo.Owner.IsUserPartOfOrg(ctx.User.ID) { | ||||
| log.Info("org user may visit the attach.") | log.Info("org user may visit the attach.") | ||||
| @@ -177,6 +178,7 @@ func GetAttachment(ctx *context.Context) { | |||||
| ctx.ServerError("checkTypeCloudBrain failed", err) | ctx.ServerError("checkTypeCloudBrain failed", err) | ||||
| return | return | ||||
| } | } | ||||
| attach, err := models.GetAttachmentByUUID(ctx.Params(":uuid")) | attach, err := models.GetAttachmentByUUID(ctx.Params(":uuid")) | ||||
| if err != nil { | if err != nil { | ||||
| if models.IsErrAttachmentNotExist(err) { | if models.IsErrAttachmentNotExist(err) { | ||||
| @@ -186,22 +188,35 @@ func GetAttachment(ctx *context.Context) { | |||||
| } | } | ||||
| return | return | ||||
| } | } | ||||
| repository, unitType, err := attach.LinkedRepository() | repository, unitType, err := attach.LinkedRepository() | ||||
| if err != nil { | if err != nil { | ||||
| ctx.ServerError("LinkedRepository", err) | ctx.ServerError("LinkedRepository", err) | ||||
| return | return | ||||
| } | } | ||||
| dataSet, err := attach.LinkedDataSet() | |||||
| if err != nil { | |||||
| ctx.ServerError("LinkedDataSet", err) | |||||
| return | |||||
| } | |||||
| if repository == nil && dataSet != nil { | |||||
| repository, _ = models.GetRepositoryByID(dataSet.RepoID) | |||||
| unitType = models.UnitTypeDatasets | |||||
| } | |||||
| if repository == nil { //If not linked | if repository == nil { //If not linked | ||||
| //if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && attach.IsPrivate { //We block if not the uploader | //if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && attach.IsPrivate { //We block if not the uploader | ||||
| //log.Info("ctx.IsSigned =" + fmt.Sprintf("%v", ctx.IsSigned)) | |||||
| if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && attach.IsPrivate && !DownloadUserIsOrgOrCollaboration(ctx, attach) { //We block if not the uploader | if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && attach.IsPrivate && !DownloadUserIsOrgOrCollaboration(ctx, attach) { //We block if not the uploader | ||||
| ctx.Error(http.StatusNotFound) | ctx.Error(http.StatusNotFound) | ||||
| return | return | ||||
| } | } | ||||
| } else { //If we have the repository we check access | } else { //If we have the repository we check access | ||||
| perm, err := models.GetUserRepoPermission(repository, ctx.User) | |||||
| if err != nil { | |||||
| ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error()) | |||||
| perm, errPermission := models.GetUserRepoPermission(repository, ctx.User) | |||||
| if errPermission != nil { | |||||
| ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", errPermission.Error()) | |||||
| return | return | ||||
| } | } | ||||
| if !perm.CanRead(unitType) { | if !perm.CanRead(unitType) { | ||||
| @@ -209,11 +224,6 @@ func GetAttachment(ctx *context.Context) { | |||||
| return | return | ||||
| } | } | ||||
| } | } | ||||
| dataSet, err := attach.LinkedDataSet() | |||||
| if err != nil { | |||||
| ctx.ServerError("LinkedDataSet", err) | |||||
| return | |||||
| } | |||||
| if dataSet != nil { | if dataSet != nil { | ||||
| isPermit, err := models.GetUserDataSetPermission(dataSet, ctx.User) | isPermit, err := models.GetUserDataSetPermission(dataSet, ctx.User) | ||||