jacknudt
/
socialforge
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

版本库访问权限控制清理

This commit is contained in:
huang 2017-02-22 12:33:45 +08:00
parent 0629b31e53
commit 3f105cefe7
3 changed files with 66 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/application_controller.rb
View File

@ -312,7 +312,11 @@ class ApplicationController < ActionController::Base
def authorize_allowed(ctrl = params[:controller], action = params[:action], global = false)
#modify by NWB
if @project
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
if ctrl == "repositories" && action == "show" && @project.hidden_repo
allowed = User.current.admin? || (User.current.member_of?(@project) && !(role_of_members_in_project(@project.id, User.current.id) == "Reporter"))
else
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
end
elsif @course
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @course || @courses, :global => global)
else

104
app/controllers/repositories_controller.rb
View File

@ -40,7 +40,8 @@ class RepositoriesController < ApplicationController
# before_filter :connect_gitlab, :only => [:quality_analysis, :commit_diff]
before_filter :find_changeset, :only => [:revision, :add_related_issue, :remove_related_issue]
before_filter :authorize , :except => [:newrepo,:newcreate,:fork, :to_gitlab, :forked, :project_archive, :quality_analysis, :commit_diff]
# before_filter :authorize , :except => [:newrepo,:newcreate,:fork, :to_gitlab, :forked, :project_archive, :quality_analysis, :commit_diff]
before_filter :authorize_visible , :except => [:newrepo,:newcreate,:fork, :to_gitlab, :forked, :project_archive, :quality_analysis, :commit_diff]
# 版本库新增权限
# before_filter :show_rep, :only => [:show, :stats, :revisions, :revision, :diff, :commit_diff ]
accept_rss_auth :revisions
@ -396,55 +397,55 @@ update
redirect_to :controller => 'repositories', :action => 'show', :id => @project.id, to: 'gitlab'
end
# 权限:
# 如果项目隐藏了版本库,则非项目成员及项目报告人员不能够访问版本库
# 如果没有隐藏版本库,只要项目公开,其它成员都可以看到版本库
# 项目关联了课程,课程的老师是可以看到版本库的
# 超级管理员可以看到项目版本库
def show
if !User.current.admin? && (@project.hidden_repo && (role_of_members_in_project(@project.id, User.current.id) == "Reporter" || !is_project_member?(User.current.id, @project.id)))
render_403
return
# 顶部导航
@project_menu_type = 5
# TODO: the below will move to filter, done.
# 获取版本库目录结构
@entries = @repository.entries(@path, @rev)
if request.xhr?
@entries ? render(:partial => 'dir_list_content') : render(:nothing => true)
else
# 顶部导航
@project_menu_type = 5
@changesets_latest_coimmit = @g.rep_last_changes(@project.gpid, :rev => @rev, :path => @path)
# @g.rep_last_changes(@project.gpid, :rev => @rev, :path => @path)
# 总的提交数
@changesets_all_count = @g.user_static(@project.gpid, :rev => @rev).count
# 获取默认分支
@g_default_branch = @g_project.default_branch.nil? ? "master" : @g_project.default_branch
# TODO: the below will move to filter, done.
# 获取版本库目录结构
@entries = @repository.entries(@path, @rev)
if request.xhr?
@entries ? render(:partial => 'dir_list_content') : render(:nothing => true)
@creator = @project.owner.to_s
gitlab_address = Redmine::Configuration['gitlab_address']
gitlab_token = Gitlab.private_token
# token值加密解密
token = aes_encrypt("priEn3UwXfJs3Pmy", gitlab_token)
# token值解密
# gitlab_token = aes_dicrypt("priEn3UwXfJs3Pmy", token)
@zip_path = Gitlab.endpoint.to_s + "/projects/" + @project.gpid.to_s + "/repository/archive?&private_token=" + token
@creator = @project.owner.to_s
gitlab_address = Redmine::Configuration['gitlab_address']
@repos_url = gitlab_address.to_s+"/" + @creator + "/" + @repository.identifier+"."+"git"
# 一些数据的异步同步更新
# 访问版本庫后更新project_score表数据changeset_num为提交总数
project_score = @project.project_score
if project_score.nil?
ProjectScore.create(:project_id => @project.id, :score => false)
else
@changesets_latest_coimmit = @g.rep_last_changes(@project.gpid, :rev => @rev, :path => @path)
# @g.rep_last_changes(@project.gpid, :rev => @rev, :path => @path)
# 总的提交数
@changesets_all_count = @g.user_static(@project.gpid, :rev => @rev).count
# 获取默认分支
@g_default_branch = @g_project.default_branch.nil? ? "master" : @g_project.default_branch
@creator = @project.owner.to_s
gitlab_address = Redmine::Configuration['gitlab_address']
gitlab_token = Gitlab.private_token
# token值加密解密
token = aes_encrypt("priEn3UwXfJs3Pmy", gitlab_token)
# token值解密
# gitlab_token = aes_dicrypt("priEn3UwXfJs3Pmy", token)
@zip_path = Gitlab.endpoint.to_s + "/projects/" + @project.gpid.to_s + "/repository/archive?&private_token=" + token
@creator = @project.owner.to_s
gitlab_address = Redmine::Configuration['gitlab_address']
@repos_url = gitlab_address.to_s+"/" + @creator + "/" + @repository.identifier+"."+"git"
# 一些数据的异步同步更新
# 访问版本庫后更新project_score表数据changeset_num为提交总数
project_score = @project.project_score
if project_score.nil?
ProjectScore.create(:project_id => @project.id, :score => false)
else
project_score.update_column(:changeset_num, @changesets_all_count)
end
# 更新提交时间,用于课程
unless @changesets_latest_coimmit.blank?
update_commits_date(@project, @changesets_latest_coimmit)
end
render :layout => 'base_projects'
project_score.update_column(:changeset_num, @changesets_all_count)
end
# 更新提交时间,用于课程
unless @changesets_latest_coimmit.blank?
update_commits_date(@project, @changesets_latest_coimmit)
end
render :layout => 'base_projects'
end
end
@ -696,6 +697,19 @@ update
end
end
def authorize_visible
allowed = authorize_allowed(params[:controller], params[:action], global = false)
if allowed || User.current.admin? || (@project.hidden_repo && User.current.member_of?(@project) && !role_of_members_in_project(@project.id, User.current.id) == "Reporter")
true
else
if @project && @project.archived?
render_403 :message => :notice_not_authorized_archived_project
else
deny_access
end
end
end
private
# 更新项目统计数
def update_commits_count project, count

7
app/views/layouts/_base_project_top.html.erb
View File

@ -49,11 +49,8 @@
<%= link_to project_file_num > 0 ? "#{l(:project_module_files)}<span class='issues_nav_tag ml5'>#{switch_integer_into_k project_file_num}</span>".html_safe : l(:project_module_files), project_files_path(@project), :class => "pro_new_proname", :title => "#{project_file_num}" %>
<% end %>
<!--版本库-->
<% if visible_repository?(@project) %>
<% if User.current.admin? || (is_project_member?(User.current.id, @project.id) && role_of_members_in_project(@project.id, User.current.id) != "Reporter" ) %>
<li id="project_menu_05"><%= link_to @project.project_score.changeset_num.to_i > 0 ? "#{l(:project_module_repository)}<span class='issues_nav_tag ml5'>#{switch_integer_into_k project_score.changeset_num}</span>".html_safe : "#{l(:project_module_repository)}",({:controller => 'repositories', :action => 'show', :id => @project, :repository_id => gitlab_repository(@project).try(:identifier)}), :class => "pro_new_proname", :title => "#{project_score.changeset_num}" %>
</li>
<% end %>
<% if !@project.enabled_modules.where("name = 'repository'").empty? && !Repository.where(:project_id => @project.id, :type => "Repository::Gitlab").first.nil? %>
<li id="project_menu_05"><%= link_to @project.project_score.changeset_num.to_i > 0 ? "#{l(:project_module_repository)}<span class='issues_nav_tag ml5'>#{switch_integer_into_k project_score.changeset_num}</span>".html_safe : "#{l(:project_module_repository)}",({:controller => 'repositories', :action => 'show', :id => @project, :repository_id => gitlab_repository(@project).try(:identifier)}), :class => "pro_new_proname", :title => "#{project_score.changeset_num}" %></li>
<% end %>
<!--Pull Request-->
<% unless @project.gpid.nil? %>