Browse Source
Merge pull request '数据集显示增加协作者可以查看及下载' (#195) from zouanp into V20210731.patch
Reviewed-on: https://git.openi.org.cn/OpenI/aiforge/pulls/195pull/199/head
lewis
3 years ago
2 changed files with 28 additions and 11 deletions
Unified View
Diff Options
-
+8 -3routers/repo/attachment.go
-
+20 -8routers/repo/dataset.go
+ 8
- 3
routers/repo/attachment.go
View File
| @@ -141,7 +141,7 @@ func DeleteAttachment(ctx *context.Context) { | |||||
| }) | }) | ||||
| } | } | ||||
| func DownloadUserIsOrg(ctx *context.Context, attach *models.Attachment) bool { | |||||
| func DownloadUserIsOrgOrCollaboration(ctx *context.Context, attach *models.Attachment) bool { | |||||
| dataset, err := models.GetDatasetByID(attach.DatasetID) | dataset, err := models.GetDatasetByID(attach.DatasetID) | ||||
| if err != nil { | if err != nil { | ||||
| log.Info("query dataset error") | log.Info("query dataset error") | ||||
| @@ -154,10 +154,15 @@ func DownloadUserIsOrg(ctx *context.Context, attach *models.Attachment) bool { | |||||
| if repo.Owner.IsOrganization() { | if repo.Owner.IsOrganization() { | ||||
| //log.Info("ower is org.") | //log.Info("ower is org.") | ||||
| if repo.Owner.IsUserPartOfOrg(ctx.User.ID) { | if repo.Owner.IsUserPartOfOrg(ctx.User.ID) { | ||||
| log.Info("user may visit the attach.") | |||||
| log.Info("org user may visit the attach.") | |||||
| return true | return true | ||||
| } | } | ||||
| } | } | ||||
| isCollaborator, _ := repo.IsCollaborator(ctx.User.ID) | |||||
| if isCollaborator { | |||||
| log.Info("Collaborator user may visit the attach.") | |||||
| return true | |||||
| } | |||||
| } | } | ||||
| } | } | ||||
| return false | return false | ||||
| @@ -190,7 +195,7 @@ func GetAttachment(ctx *context.Context) { | |||||
| if repository == nil { //If not linked | if repository == nil { //If not linked | ||||
| //if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && attach.IsPrivate { //We block if not the uploader | //if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && attach.IsPrivate { //We block if not the uploader | ||||
| if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && !DownloadUserIsOrg(ctx, attach) { //We block if not the uploader | |||||
| if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && !DownloadUserIsOrgOrCollaboration(ctx, attach) { //We block if not the uploader | |||||
| ctx.Error(http.StatusNotFound) | ctx.Error(http.StatusNotFound) | ||||
| return | return | ||||
| } | } | ||||
+ 20
- 8
routers/repo/dataset.go
View File
| @@ -28,19 +28,31 @@ func newFilterPrivateAttachments(ctx *context.Context, list []*models.Attachment | |||||
| log.Info("can write.") | log.Info("can write.") | ||||
| return list | return list | ||||
| } else { | } else { | ||||
| if repo.Owner == nil { | |||||
| repo.GetOwner() | |||||
| } | |||||
| permission := false | |||||
| if repo.Owner.IsOrganization() { | |||||
| if repo.Owner.IsUserPartOfOrg(ctx.User.ID) { | |||||
| log.Info("user is member of org.") | |||||
| permission = true | |||||
| } | |||||
| } | |||||
| if !permission { | |||||
| isCollaborator, _ := repo.IsCollaborator(ctx.User.ID) | |||||
| if isCollaborator { | |||||
| log.Info("Collaborator user may visit the attach.") | |||||
| permission = true | |||||
| } | |||||
| } | |||||
| var publicList []*models.Attachment | var publicList []*models.Attachment | ||||
| for _, attach := range list { | for _, attach := range list { | ||||
| if !attach.IsPrivate { | if !attach.IsPrivate { | ||||
| publicList = append(publicList, attach) | publicList = append(publicList, attach) | ||||
| } else { | } else { | ||||
| if repo.Owner == nil { | |||||
| repo.GetOwner() | |||||
| } | |||||
| if repo.Owner.IsOrganization() { | |||||
| if repo.Owner.IsUserPartOfOrg(ctx.User.ID) { | |||||
| log.Info("user is member of org.") | |||||
| publicList = append(publicList, attach) | |||||
| } | |||||
| if permission { | |||||
| publicList = append(publicList, attach) | |||||
| } | } | ||||
| } | } | ||||
| } | } | ||||