From 7e0033aeea99c1d0e0953767054b3755f89312e0 Mon Sep 17 00:00:00 2001
From: ychao_1983 <ychao_1983@sina.com>
Date: Mon, 6 Dec 2021 10:46:06 +0800
Subject: [PATCH] =?UTF-8?q?fix-969=E4=BA=91=E8=84=91=E4=BB=BB=E5=8A=A1?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E8=A7=84=E5=88=99=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 modules/cloudbrain/cloudbrain.go | 51 ++++++++++++++++++++++++++++++++++++++--
 routers/routes/routes.go         | 32 +++++++++++++------------
 2 files changed, 66 insertions(+), 17 deletions(-)

diff --git a/modules/cloudbrain/cloudbrain.go b/modules/cloudbrain/cloudbrain.go
index 8f6bf4e17..43419e138 100755
--- a/modules/cloudbrain/cloudbrain.go
+++ b/modules/cloudbrain/cloudbrain.go
@@ -1,9 +1,10 @@
 package cloudbrain
 
 import (
-	"code.gitea.io/gitea/modules/setting"
 	"errors"
 
+	"code.gitea.io/gitea/modules/setting"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
@@ -16,7 +17,7 @@ const (
 	ModelMountPath        = "/model"
 	BenchMarkMountPath    = "/benchmark"
 	Snn4imagenetMountPath = "/snn4imagenet"
-	BrainScoreMountPath = "/brainscore"
+	BrainScoreMountPath   = "/brainscore"
 	TaskInfoName          = "/taskInfo"
 
 	SubTaskName = "task1"
@@ -28,6 +29,52 @@ var (
 	ResourceSpecs *models.ResourceSpecs
 )
 
+func isAdminOrOwnerOrJobCreater(ctx *context.Context, jobId string) bool {
+
+	job, err := models.GetCloudbrainByJobID(jobId)
+
+	if err != nil {
+		return ctx.IsUserRepoOwner() || ctx.IsUserSiteAdmin()
+	} else {
+		return ctx.IsUserRepoOwner() || ctx.IsUserSiteAdmin() || ctx.User.ID == job.UserID
+	}
+
+}
+
+func isAdminOrJobCreater(ctx *context.Context, jobId string) bool {
+
+	job, err := models.GetCloudbrainByJobID(jobId)
+
+	if err != nil {
+		return ctx.IsUserSiteAdmin()
+	} else {
+		return ctx.IsUserSiteAdmin() || ctx.User.ID == job.UserID
+	}
+
+}
+
+func AdminOrOwnerOrJobCreaterRight(ctx *context.Context) {
+
+	var jobID = ctx.Params(":jobid")
+
+	if !isAdminOrOwnerOrJobCreater(ctx, jobID) {
+
+		ctx.NotFound(ctx.Req.URL.RequestURI(), nil)
+	}
+
+}
+
+func AdminOrJobCreaterRight(ctx *context.Context) {
+
+	var jobID = ctx.Params(":jobid")
+
+	if !isAdminOrJobCreater(ctx, jobID) {
+
+		ctx.NotFound(ctx.Req.URL.RequestURI(), nil)
+	}
+
+}
+
 func GenerateTask(ctx *context.Context, jobName, image, command, uuid, codePath, modelPath, benchmarkPath, snn4imagenetPath, brainScorePath, jobType, gpuQueue string, resourceSpecId int) error {
 	dataActualPath := setting.Attachment.Minio.RealPath +
 		setting.Attachment.Minio.Bucket + "/" +
diff --git a/routers/routes/routes.go b/routers/routes/routes.go
index 3bacb7549..5e9deec62 100755
--- a/routers/routes/routes.go
+++ b/routers/routes/routes.go
@@ -12,6 +12,8 @@ import (
 	"text/template"
 	"time"
 
+	"code.gitea.io/gitea/modules/cloudbrain"
+
 	"code.gitea.io/gitea/routers/operation"
 	"code.gitea.io/gitea/routers/private"
 
@@ -957,15 +959,15 @@ func RegisterRoutes(m *macaron.Macaron) {
 			m.Get("", reqRepoCloudBrainReader, repo.CloudBrainIndex)
 			m.Group("/:jobid", func() {
 				m.Get("", reqRepoCloudBrainReader, repo.CloudBrainShow)
-				m.Get("/debug", reqRepoCloudBrainReader, repo.CloudBrainDebug)
-				m.Post("/commit_image", reqRepoCloudBrainWriter, bindIgnErr(auth.CommitImageCloudBrainForm{}), repo.CloudBrainCommitImage)
-				m.Post("/stop", reqRepoCloudBrainWriter, repo.CloudBrainStop)
-				m.Post("/del", reqRepoCloudBrainWriter, repo.CloudBrainDel)
+				m.Get("/debug", reqRepoCloudBrainWriter, repo.CloudBrainDebug)
+				m.Post("/commit_image", cloudbrain.AdminOrOwnerOrJobCreaterRight, bindIgnErr(auth.CommitImageCloudBrainForm{}), repo.CloudBrainCommitImage)
+				m.Post("/stop", cloudbrain.AdminOrOwnerOrJobCreaterRight, repo.CloudBrainStop)
+				m.Post("/del", cloudbrain.AdminOrOwnerOrJobCreaterRight, repo.CloudBrainDel)
 				m.Get("/rate", reqRepoCloudBrainReader, repo.GetRate)
 				m.Get("/models", reqRepoCloudBrainReader, repo.CloudBrainShowModels)
-				m.Get("/download_model", reqRepoCloudBrainReader, repo.CloudBrainDownloadModel)
+				m.Get("/download_model", cloudbrain.AdminOrOwnerOrJobCreaterRight, repo.CloudBrainDownloadModel)
 			})
-			m.Get("/create", reqRepoCloudBrainReader, repo.CloudBrainNew)
+			m.Get("/create", reqRepoCloudBrainWriter, repo.CloudBrainNew)
 			m.Post("/create", reqRepoCloudBrainWriter, bindIgnErr(auth.CreateCloudBrainForm{}), repo.CloudBrainCreate)
 		}, context.RepoRef())
 
@@ -974,9 +976,9 @@ func RegisterRoutes(m *macaron.Macaron) {
 				m.Get("", reqRepoCloudBrainReader, repo.NotebookIndex)
 				m.Group("/:jobid", func() {
 					m.Get("", reqRepoCloudBrainReader, repo.NotebookShow)
-					m.Get("/debug", reqRepoCloudBrainReader, repo.NotebookDebug)
-					m.Post("/stop", reqRepoCloudBrainWriter, repo.NotebookStop)
-					m.Post("/del", reqRepoCloudBrainWriter, repo.NotebookDel)
+					m.Get("/debug", reqRepoCloudBrainWriter, repo.NotebookDebug)
+					m.Post("/stop", cloudbrain.AdminOrOwnerOrJobCreaterRight, repo.NotebookStop)
+					m.Post("/del", cloudbrain.AdminOrOwnerOrJobCreaterRight, repo.NotebookDel)
 				})
 				m.Get("/create", reqRepoCloudBrainWriter, repo.NotebookNew)
 				m.Post("/create", reqRepoCloudBrainWriter, bindIgnErr(auth.CreateModelArtsNotebookForm{}), repo.NotebookCreate)
@@ -986,13 +988,13 @@ func RegisterRoutes(m *macaron.Macaron) {
 				m.Get("", reqRepoCloudBrainReader, repo.TrainJobIndex)
 				m.Group("/:jobid", func() {
 					m.Get("", reqRepoCloudBrainReader, repo.TrainJobShow)
-					m.Post("/stop", reqRepoCloudBrainWriter, repo.TrainJobStop)
-					m.Post("/del", reqRepoCloudBrainWriter, repo.TrainJobDel)
-					m.Get("/model_download", reqRepoCloudBrainReader, repo.ModelDownload)
-					m.Get("/create_version", reqRepoCloudBrainReader, repo.TrainJobNewVersion)
-					m.Post("/create_version", reqRepoCloudBrainWriter, bindIgnErr(auth.CreateModelArtsTrainJobForm{}), repo.TrainJobCreateVersion)
+					m.Post("/stop", cloudbrain.AdminOrOwnerOrJobCreaterRight, repo.TrainJobStop)
+					m.Post("/del", cloudbrain.AdminOrOwnerOrJobCreaterRight, repo.TrainJobDel)
+					m.Get("/model_download", cloudbrain.AdminOrOwnerOrJobCreaterRight, repo.ModelDownload)
+					m.Get("/create_version", cloudbrain.AdminOrJobCreaterRight, repo.TrainJobNewVersion)
+					m.Post("/create_version", cloudbrain.AdminOrJobCreaterRight, bindIgnErr(auth.CreateModelArtsTrainJobForm{}), repo.TrainJobCreateVersion)
 				})
-				m.Get("/create", reqRepoCloudBrainReader, repo.TrainJobNew)
+				m.Get("/create", reqRepoCloudBrainWriter, repo.TrainJobNew)
 				m.Post("/create", reqRepoCloudBrainWriter, bindIgnErr(auth.CreateModelArtsTrainJobForm{}), repo.TrainJobCreate)
 
 				m.Get("/para-config-list", reqRepoCloudBrainReader, repo.TrainJobGetConfigList)