[v15.0/forgejo] chore(refactor): remove GetX redundant accessors and use X in services/context/api.go (#13218)

**Backport:** https://codeberg.org/forgejo/forgejo/pulls/13215

Followup of the refactor adding setter/getter to APIContext  https://codeberg.org/forgejo/forgejo/pulls/13143

- Only has an impact on the getters used by `routers/api/v1/permissions`
- When GetX and X both exist, remove GetX
- When GetX exists and X does not, rename GetX to X
- GetOrg is an exception as it would conflict with Org and is renamed Organization. This is due to APIContext having its own Org structure that includes an Organization.

Co-authored-by: limiting-factor <limiting-factor@posteo.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13218
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
This commit is contained in:
forgejo-backport-action 2026-06-27 22:51:26 +02:00 committed by Mathieu Fenniak
commit 4f72d99964
36 changed files with 161 additions and 185 deletions

View file

@ -219,33 +219,33 @@ forgejo.org/modules/zstd
Writer.Close
forgejo.org/routers/api/v1/permissions
Permissions.GetContext
Permissions.Context
Permissions.SetContext
Permissions.GetToken
Permissions.SetToken
Permissions.GetRepository
Permissions.Repository
Permissions.SetRepository
Permissions.GetDoer
Permissions.Doer
Permissions.SetDoer
Permissions.GetUser
Permissions.User
Permissions.SetUser
Permissions.GetOrg
Permissions.SetOrg
Permissions.GetTeam
Permissions.Organization
Permissions.SetOrganization
Permissions.Team
Permissions.SetTeam
Permissions.GetPackageOwner
Permissions.PackageOwner
Permissions.SetPackageOwner
Permissions.GetPackageAccessMode
Permissions.PackageAccessMode
Permissions.SetPackageAccessMode
Permissions.GetPermission
Permissions.Permission
Permissions.SetPermission
Permissions.GetIsSigned
Permissions.IsSigned
Permissions.SetIsSigned
Permissions.GetPublicOnly
Permissions.PublicOnly
Permissions.SetPublicOnly
Permissions.GetReducer
Permissions.Reducer
Permissions.SetReducer
Permissions.GetAuthentication
Permissions.Authentication
Permissions.SetAuthentication
Permissions.RequiredScopeCategories
Permissions.SetRequiredScopeCategories

View file

@ -10,7 +10,7 @@ import (
)
func APIAuthorization(ctx Context) {
if hasScope, scope := ctx.GetAuthentication().Scope().Get(); hasScope {
if hasScope, scope := ctx.Authentication().Scope().Get(); hasScope {
publicOnly, err := scope.PublicOnly()
if err != nil {
ctx.Error(http.StatusForbidden, "tokenRequiresScope", "parsing public resource scope failed: "+err.Error())
@ -19,14 +19,14 @@ func APIAuthorization(ctx Context) {
ctx.SetPublicOnly(publicOnly)
}
reducer := ctx.GetAuthentication().Reducer()
reducer := ctx.Authentication().Reducer()
if reducer != nil {
ctx.SetReducer(reducer)
} else {
// No Reducer will be populated if the auth method wasn't an PAT. In this case, we populate `ctx.Reducer` so no
// nil checks are needed, and we respect the scope `PublicOnly()` so that it it's safe to just rely on
// `ctx.Reducer` to account for public-only access:
if ctx.GetPublicOnly() {
if ctx.PublicOnly() {
ctx.SetReducer(&authz.PublicReposAuthorizationReducer{})
} else {
ctx.SetReducer(&authz.AllAccessAuthorizationReducer{})

View file

@ -12,7 +12,7 @@ import (
)
func CheckTokenPublicOnly(ctx Context, user, org, packageOwner *user_model.User) {
if !ctx.GetPublicOnly() {
if !ctx.PublicOnly() {
return
}
@ -24,12 +24,12 @@ func CheckTokenPublicOnly(ctx Context, user, org, packageOwner *user_model.User)
// public Only permission check
switch {
case auth_model.ContainsCategory(requiredScopeCategories, auth_model.AccessTokenScopeCategoryRepository):
if ctx.GetRepository() != nil && ctx.GetRepository().IsPrivate {
if ctx.Repository() != nil && ctx.Repository().IsPrivate {
ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public repos")
return
}
case auth_model.ContainsCategory(requiredScopeCategories, auth_model.AccessTokenScopeCategoryIssue):
if ctx.GetRepository() != nil && ctx.GetRepository().IsPrivate {
if ctx.Repository() != nil && ctx.Repository().IsPrivate {
ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public issues")
return
}
@ -53,7 +53,7 @@ func CheckTokenPublicOnly(ctx Context, user, org, packageOwner *user_model.User)
return
}
case auth_model.ContainsCategory(requiredScopeCategories, auth_model.AccessTokenScopeCategoryNotification):
if ctx.GetRepository() != nil && ctx.GetRepository().IsPrivate {
if ctx.Repository() != nil && ctx.Repository().IsPrivate {
ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public notifications")
return
}

View file

@ -10,19 +10,19 @@ import (
)
func IsUserSiteAdmin(ctx Context) bool {
if !ctx.GetReducer().AllowAdminOverride() {
if !ctx.Reducer().AllowAdminOverride() {
return false
}
return ctx.GetIsSigned() && ctx.GetDoer().IsAdmin
return ctx.IsSigned() && ctx.Doer().IsAdmin
}
func IsUserRepoAdmin(ctx Context) bool {
if !ctx.GetReducer().AllowAdminOverride() {
if !ctx.Reducer().AllowAdminOverride() {
return false
}
return ctx.GetPermission().IsAdmin()
return ctx.Permission().IsAdmin()
}
func IsUserRepoWriter(ctx Context, unitTypes []unit.Type) bool {
return slices.ContainsFunc(unitTypes, ctx.GetPermission().CanWrite)
return slices.ContainsFunc(unitTypes, ctx.Permission().CanWrite)
}

View file

@ -9,15 +9,15 @@ import (
func IndividualPermsChecker(ctx Context) {
// org permissions have been checked in context.OrgAssignment(), but individual permissions haven't been checked.
if ctx.GetUser().IsIndividual() {
switch ctx.GetUser().Visibility {
if ctx.User().IsIndividual() {
switch ctx.User().Visibility {
case api.VisibleTypePrivate:
if ctx.GetDoer() == nil || (ctx.GetUser().ID != ctx.GetDoer().ID && !IsUserSiteAdmin(ctx)) {
if ctx.Doer() == nil || (ctx.User().ID != ctx.Doer().ID && !IsUserSiteAdmin(ctx)) {
ctx.NotFound("Visit Project", nil)
return
}
case api.VisibleTypeLimited:
if ctx.GetDoer() == nil {
if ctx.Doer() == nil {
ctx.NotFound("Visit Project", nil)
return
}

View file

@ -17,33 +17,33 @@ import (
)
type Context interface {
GetContext() context.Context
Context() context.Context
GetRepository() *repo_model.Repository
Repository() *repo_model.Repository
GetDoer() *user_model.User
Doer() *user_model.User
GetUser() *user_model.User
User() *user_model.User
GetOrg() *org_model.Organization
Organization() *org_model.Organization
GetTeam() *org_model.Team
Team() *org_model.Team
GetPackageOwner() *user_model.User
GetPackageAccessMode() perm.AccessMode
PackageOwner() *user_model.User
PackageAccessMode() perm.AccessMode
GetPermission() *access_model.Permission
Permission() *access_model.Permission
SetPermission(*access_model.Permission)
GetIsSigned() bool
IsSigned() bool
GetPublicOnly() bool
PublicOnly() bool
SetPublicOnly(bool)
GetReducer() authz.AuthorizationReducer
Reducer() authz.AuthorizationReducer
SetReducer(authz.AuthorizationReducer)
GetAuthentication() auth.AuthenticationResult
Authentication() auth.AuthenticationResult
RequiredScopeCategories() []auth_model.AccessTokenScopeCategory
SetRequiredScopeCategories([]auth_model.AccessTokenScopeCategory)

View file

@ -9,21 +9,21 @@ import (
)
func MustAllowPulls(ctx Context) {
if !ctx.GetRepository().CanEnablePulls() || !ctx.GetPermission().CanRead(unit.TypePullRequests) {
if ctx.GetRepository().CanEnablePulls() && log.IsTrace() {
if ctx.GetIsSigned() {
if !ctx.Repository().CanEnablePulls() || !ctx.Permission().CanRead(unit.TypePullRequests) {
if ctx.Repository().CanEnablePulls() && log.IsTrace() {
if ctx.IsSigned() {
log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+
"User in Repo has Permissions: %-+v",
ctx.GetDoer(),
ctx.Doer(),
unit.TypePullRequests,
ctx.GetRepository(),
ctx.GetPermission())
ctx.Repository(),
ctx.Permission())
} else {
log.Trace("Permission Denied: Anonymous user cannot read %-v in Repo %-v\n"+
"Anonymous user in Repo has Permissions: %-+v",
unit.TypePullRequests,
ctx.GetRepository(),
ctx.GetPermission())
ctx.Repository(),
ctx.Permission())
}
}
ctx.NotFound()

View file

@ -9,21 +9,21 @@ import (
)
func MustEnableIssues(ctx Context) {
if !ctx.GetPermission().CanRead(unit.TypeIssues) {
if !ctx.Permission().CanRead(unit.TypeIssues) {
if log.IsTrace() {
if ctx.GetIsSigned() {
if ctx.IsSigned() {
log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+
"User in Repo has Permissions: %-+v",
ctx.GetDoer(),
ctx.Doer(),
unit.TypeIssues,
ctx.GetRepository(),
ctx.GetPermission())
ctx.Repository(),
ctx.Permission())
} else {
log.Trace("Permission Denied: Anonymous user cannot read %-v in Repo %-v\n"+
"Anonymous user in Repo has Permissions: %-+v",
unit.TypeIssues,
ctx.GetRepository(),
ctx.GetPermission())
ctx.Repository(),
ctx.Permission())
}
}
ctx.NotFound()

View file

@ -9,24 +9,24 @@ import (
)
func MustEnableIssuesOrPulls(ctx Context) {
if !ctx.GetPermission().CanRead(unit.TypeIssues) &&
(!ctx.GetRepository().CanEnablePulls() || !ctx.GetPermission().CanRead(unit.TypePullRequests)) {
if ctx.GetRepository().CanEnablePulls() && log.IsTrace() {
if ctx.GetIsSigned() {
if !ctx.Permission().CanRead(unit.TypeIssues) &&
(!ctx.Repository().CanEnablePulls() || !ctx.Permission().CanRead(unit.TypePullRequests)) {
if ctx.Repository().CanEnablePulls() && log.IsTrace() {
if ctx.IsSigned() {
log.Trace("Permission Denied: User %-v cannot read %-v and %-v in Repo %-v\n"+
"User in Repo has Permissions: %-+v",
ctx.GetDoer(),
ctx.Doer(),
unit.TypeIssues,
unit.TypePullRequests,
ctx.GetRepository(),
ctx.GetPermission())
ctx.Repository(),
ctx.Permission())
} else {
log.Trace("Permission Denied: Anonymous user cannot read %-v and %-v in Repo %-v\n"+
"Anonymous user in Repo has Permissions: %-+v",
unit.TypeIssues,
unit.TypePullRequests,
ctx.GetRepository(),
ctx.GetPermission())
ctx.Repository(),
ctx.Permission())
}
}
ctx.NotFound()

View file

@ -11,11 +11,11 @@ import (
)
func MustEnableLocalIssuesIfIsIssue(ctx Context, index int64) {
if ctx.GetRepository().UnitEnabled(ctx.GetContext(), unit.TypeIssues) {
if ctx.Repository().UnitEnabled(ctx.Context(), unit.TypeIssues) {
return
}
issue, err := issues_model.GetIssueByIndex(ctx.GetContext(), ctx.GetRepository().ID, index)
issue, err := issues_model.GetIssueByIndex(ctx.Context(), ctx.Repository().ID, index)
if err != nil {
if issues_model.IsErrIssueNotExist(err) {
ctx.NotFound()

View file

@ -8,7 +8,7 @@ import (
)
func MustEnableWiki(ctx Context) {
if !(ctx.GetPermission().CanRead(unit.TypeWiki)) {
if !(ctx.Permission().CanRead(unit.TypeWiki)) {
ctx.NotFound()
return
}

View file

@ -9,7 +9,7 @@ import (
)
func MustNotBeArchived(ctx Context) {
if ctx.GetRepository().IsArchived {
ctx.Error(http.StatusLocked, "RepoArchived", fmt.Errorf("%s is archived", ctx.GetRepository().LogString()))
if ctx.Repository().IsArchived {
ctx.Error(http.StatusLocked, "RepoArchived", fmt.Errorf("%s is archived", ctx.Repository().LogString()))
}
}

View file

@ -41,7 +41,7 @@ type Permissions struct {
message string
}
func (o *Permissions) GetContext() context.Context {
func (o *Permissions) Context() context.Context {
return o.ctx
}
@ -57,7 +57,7 @@ func (o *Permissions) SetToken(token *auth_model.AccessToken) {
o.token = token
}
func (o *Permissions) GetRepository() *repo_model.Repository {
func (o *Permissions) Repository() *repo_model.Repository {
return o.repository
}
@ -65,7 +65,7 @@ func (o *Permissions) SetRepository(repository *repo_model.Repository) {
o.repository = repository
}
func (o *Permissions) GetDoer() *user_model.User {
func (o *Permissions) Doer() *user_model.User {
return o.doer
}
@ -73,7 +73,7 @@ func (o *Permissions) SetDoer(doer *user_model.User) {
o.doer = doer
}
func (o *Permissions) GetUser() *user_model.User {
func (o *Permissions) User() *user_model.User {
return o.user
}
@ -81,15 +81,15 @@ func (o *Permissions) SetUser(user *user_model.User) {
o.user = user
}
func (o *Permissions) GetOrg() *org_model.Organization {
func (o *Permissions) Organization() *org_model.Organization {
return o.org
}
func (o *Permissions) SetOrg(org *org_model.Organization) {
func (o *Permissions) SetOrganization(org *org_model.Organization) {
o.org = org
}
func (o *Permissions) GetTeam() *org_model.Team {
func (o *Permissions) Team() *org_model.Team {
return o.team
}
@ -97,7 +97,7 @@ func (o *Permissions) SetTeam(team *org_model.Team) {
o.team = team
}
func (o *Permissions) GetPackageOwner() *user_model.User {
func (o *Permissions) PackageOwner() *user_model.User {
return o.packageOwner
}
@ -105,7 +105,7 @@ func (o *Permissions) SetPackageOwner(packageOwner *user_model.User) {
o.packageOwner = packageOwner
}
func (o *Permissions) GetPackageAccessMode() perm.AccessMode {
func (o *Permissions) PackageAccessMode() perm.AccessMode {
return o.packageAccessMode
}
@ -113,7 +113,7 @@ func (o *Permissions) SetPackageAccessMode(packageAccessMode perm.AccessMode) {
o.packageAccessMode = packageAccessMode
}
func (o *Permissions) GetPermission() *access_model.Permission {
func (o *Permissions) Permission() *access_model.Permission {
return o.permission
}
@ -121,7 +121,7 @@ func (o *Permissions) SetPermission(permission *access_model.Permission) {
o.permission = permission
}
func (o *Permissions) GetIsSigned() bool {
func (o *Permissions) IsSigned() bool {
return o.isSigned
}
@ -129,7 +129,7 @@ func (o *Permissions) SetIsSigned(isSigned bool) {
o.isSigned = isSigned
}
func (o *Permissions) GetPublicOnly() bool {
func (o *Permissions) PublicOnly() bool {
return o.publicOnly
}
@ -137,7 +137,7 @@ func (o *Permissions) SetPublicOnly(publicOnly bool) {
o.publicOnly = publicOnly
}
func (o *Permissions) GetReducer() authz.AuthorizationReducer {
func (o *Permissions) Reducer() authz.AuthorizationReducer {
return o.reducer
}
@ -145,7 +145,7 @@ func (o *Permissions) SetReducer(reducer authz.AuthorizationReducer) {
o.reducer = reducer
}
func (o *Permissions) GetAuthentication() auth.AuthenticationResult {
func (o *Permissions) Authentication() auth.AuthenticationResult {
return o.authentication
}

View file

@ -14,35 +14,35 @@ import (
)
func RepoAccess(ctx Context) {
if ctx.GetDoer() != nil && ctx.GetDoer().ID == user_model.ActionsUserID && ctx.GetAuthentication().ActionsTaskID().Has() {
_, taskID := ctx.GetAuthentication().ActionsTaskID().Get()
task, err := actions_model.GetTaskByID(ctx.GetContext(), taskID)
if ctx.Doer() != nil && ctx.Doer().ID == user_model.ActionsUserID && ctx.Authentication().ActionsTaskID().Has() {
_, taskID := ctx.Authentication().ActionsTaskID().Get()
task, err := actions_model.GetTaskByID(ctx.Context(), taskID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "actions_model.GetTaskByID", err)
return
}
if task.RepoID != ctx.GetRepository().ID {
if task.RepoID != ctx.Repository().ID {
ctx.NotFound()
return
}
if task.IsForkPullRequest {
ctx.GetPermission().AccessMode = perm.AccessModeRead
ctx.Permission().AccessMode = perm.AccessModeRead
} else {
ctx.GetPermission().AccessMode = perm.AccessModeWrite
ctx.Permission().AccessMode = perm.AccessModeWrite
}
if err := ctx.GetRepository().LoadUnits(ctx.GetContext()); err != nil {
if err := ctx.Repository().LoadUnits(ctx.Context()); err != nil {
ctx.Error(http.StatusInternalServerError, "LoadUnits", err)
return
}
ctx.GetPermission().Units = ctx.GetRepository().Units
ctx.GetPermission().UnitsMode = make(map[unit.Type]perm.AccessMode)
for _, u := range ctx.GetRepository().Units {
ctx.GetPermission().UnitsMode[u.Type] = ctx.GetPermission().AccessMode
ctx.Permission().Units = ctx.Repository().Units
ctx.Permission().UnitsMode = make(map[unit.Type]perm.AccessMode)
for _, u := range ctx.Repository().Units {
ctx.Permission().UnitsMode[u.Type] = ctx.Permission().AccessMode
}
} else {
permission, err := access_model.GetUserRepoPermissionWithReducer(ctx.GetContext(), ctx.GetRepository(), ctx.GetDoer(), ctx.GetReducer())
permission, err := access_model.GetUserRepoPermissionWithReducer(ctx.Context(), ctx.Repository(), ctx.Doer(), ctx.Reducer())
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err)
return
@ -50,7 +50,7 @@ func RepoAccess(ctx Context) {
ctx.SetPermission(&permission)
}
if !ctx.GetPermission().HasAccess() {
if !ctx.Permission().HasAccess() {
ctx.NotFound()
return
}

View file

@ -12,7 +12,7 @@ import (
func ReqAdmin(ctx Context, unitTypes []unit.Type) {
if len(unitTypes) > 0 && !slices.ContainsFunc(unitTypes, func(unitType unit.Type) bool {
return ctx.GetRepository().UnitEnabled(ctx.GetContext(), unitType)
return ctx.Repository().UnitEnabled(ctx.Context(), unitType)
}) {
ctx.NotFound()
return

View file

@ -8,7 +8,7 @@ import (
)
func ReqAnyRepoReader(ctx Context) {
if !ctx.GetPermission().HasAccess() && !IsUserSiteAdmin(ctx) {
if !ctx.Permission().HasAccess() && !IsUserSiteAdmin(ctx) {
ctx.Error(http.StatusForbidden, "reqAnyRepoReader", "user should have any permission to read repository or permissions of site admin")
return
}

View file

@ -10,13 +10,13 @@ import (
)
func ReqBasicOrRevProxyAuth(ctx Context) {
if ctx.GetIsSigned() && setting.Service.EnableReverseProxyAuthAPI && ctx.GetAuthentication().IsReverseProxyAuthentication() {
if ctx.IsSigned() && setting.Service.EnableReverseProxyAuthAPI && ctx.Authentication().IsReverseProxyAuthentication() {
return
}
// Require basic authorization method to be used and that basic
// authorization used password login to verify the user.
if !ctx.GetAuthentication().IsPasswordAuthentication() {
if !ctx.Authentication().IsPasswordAuthentication() {
ctx.Error(http.StatusUnauthorized, "reqBasicAuth", "auth method not allowed")
return
}

View file

@ -10,7 +10,7 @@ import (
)
func ReqExploreSignIn(ctx Context) {
if (setting.Service.RequireSignInView || setting.Service.Explore.RequireSigninView) && !ctx.GetIsSigned() {
if (setting.Service.RequireSignInView || setting.Service.Explore.RequireSigninView) && !ctx.IsSigned() {
ctx.Error(http.StatusUnauthorized, "reqExploreSignIn", "you must be signed in to search for users")
}
}

View file

@ -8,7 +8,7 @@ import (
)
func ReqGitHook(ctx Context) {
if !ctx.GetDoer().CanEditGitHook() {
if !ctx.Doer().CanEditGitHook() {
ctx.Error(http.StatusForbidden, "", "must be allowed to edit Git hooks")
return
}

View file

@ -15,20 +15,20 @@ func ReqOrgMembership(ctx Context) {
}
var orgID int64
if ctx.GetOrg() != nil {
orgID = ctx.GetOrg().ID
} else if ctx.GetTeam() != nil {
orgID = ctx.GetTeam().OrgID
if ctx.Organization() != nil {
orgID = ctx.Organization().ID
} else if ctx.Team() != nil {
orgID = ctx.Team().OrgID
} else {
ctx.Error(http.StatusInternalServerError, "", "reqOrgMembership: unprepared context")
return
}
if isMember, err := organization.IsOrganizationMember(ctx.GetContext(), orgID, ctx.GetDoer().ID); err != nil {
if isMember, err := organization.IsOrganizationMember(ctx.Context(), orgID, ctx.Doer().ID); err != nil {
ctx.Error(http.StatusInternalServerError, "IsOrganizationMember", err)
return
} else if !isMember {
if ctx.GetOrg() != nil {
if ctx.Organization() != nil {
ctx.Error(http.StatusForbidden, "", "Must be an organization member")
} else {
ctx.NotFound()

View file

@ -15,21 +15,21 @@ func ReqOrgOwnership(ctx Context) {
}
var orgID int64
if ctx.GetOrg() != nil {
orgID = ctx.GetOrg().ID
} else if ctx.GetTeam() != nil {
orgID = ctx.GetTeam().OrgID
if ctx.Organization() != nil {
orgID = ctx.Organization().ID
} else if ctx.Team() != nil {
orgID = ctx.Team().OrgID
} else {
ctx.Error(http.StatusInternalServerError, "", "reqOrgOwnership: unprepared context")
return
}
isOwner, err := organization.IsOrganizationOwner(ctx.GetContext(), orgID, ctx.GetDoer().ID)
isOwner, err := organization.IsOrganizationOwner(ctx.Context(), orgID, ctx.Doer().ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "IsOrganizationOwner", err)
return
} else if !isOwner {
if ctx.GetOrg() != nil {
if ctx.Organization() != nil {
ctx.Error(http.StatusForbidden, "", "Must be an organization owner")
} else {
ctx.NotFound()

View file

@ -12,12 +12,12 @@ import (
func ReqOwner(ctx Context, unitTypes []unit.Type) {
if len(unitTypes) > 0 && !slices.ContainsFunc(unitTypes, func(unitType unit.Type) bool {
return ctx.GetRepository().UnitEnabled(ctx.GetContext(), unitType)
return ctx.Repository().UnitEnabled(ctx.Context(), unitType)
}) {
ctx.NotFound()
return
}
if !ctx.GetPermission().IsOwner() && !IsUserSiteAdmin(ctx) {
if !ctx.Permission().IsOwner() && !IsUserSiteAdmin(ctx) {
ctx.Error(http.StatusForbidden, "reqOwner", "user should be the owner of the repo")
return
}

View file

@ -10,7 +10,7 @@ import (
)
func ReqPackageAccess(ctx Context, accessMode perm.AccessMode) {
if ctx.GetPackageAccessMode() < accessMode && !IsUserSiteAdmin(ctx) {
if ctx.PackageAccessMode() < accessMode && !IsUserSiteAdmin(ctx) {
ctx.Error(http.StatusForbidden, "reqPackageAccess", "user should have specific permission or be a site admin")
return
}

View file

@ -10,7 +10,7 @@ import (
)
func ReqRepoBranchWriter(ctx Context, branch string) {
if !issues_model.CanMaintainerWriteToBranch(ctx.GetContext(), *ctx.GetPermission(), branch, ctx.GetDoer()) && !IsUserSiteAdmin(ctx) {
if !issues_model.CanMaintainerWriteToBranch(ctx.Context(), *ctx.Permission(), branch, ctx.Doer()) && !IsUserSiteAdmin(ctx) {
ctx.Error(http.StatusForbidden, "reqRepoBranchWriter", "user should have a permission to write to this branch")
}
}

View file

@ -10,11 +10,11 @@ import (
)
func ReqRepoReader(ctx Context, unitType unit.Type) {
if !ctx.GetRepository().UnitEnabled(ctx.GetContext(), unitType) {
if !ctx.Repository().UnitEnabled(ctx.Context(), unitType) {
ctx.NotFound()
return
}
if !ctx.GetPermission().CanRead(unitType) && !IsUserRepoAdmin(ctx) && !IsUserSiteAdmin(ctx) {
if !ctx.Permission().CanRead(unitType) && !IsUserRepoAdmin(ctx) && !IsUserSiteAdmin(ctx) {
ctx.Error(http.StatusForbidden, "reqRepoReader", "user should have specific read permission or be a repo admin or a site admin")
return
}

View file

@ -12,7 +12,7 @@ import (
func ReqRepoWriter(ctx Context, unitTypes []unit.Type) {
if !slices.ContainsFunc(unitTypes, func(unitType unit.Type) bool {
return ctx.GetRepository().UnitEnabled(ctx.GetContext(), unitType)
return ctx.Repository().UnitEnabled(ctx.Context(), unitType)
}) {
ctx.NotFound()
return

View file

@ -17,7 +17,7 @@ func ReqSelfOrAdmin(ctx Context) {
return user.ID
}
if !IsUserSiteAdmin(ctx) && getID(ctx.GetUser()) != getID(ctx.GetDoer()) {
if !IsUserSiteAdmin(ctx) && getID(ctx.User()) != getID(ctx.Doer()) {
ctx.Error(http.StatusForbidden, "reqSelfOrAdmin", "doer should be the site admin or be same as the contextUser")
return
}

View file

@ -13,13 +13,13 @@ func ReqTeamMembership(ctx Context) {
if IsUserSiteAdmin(ctx) {
return
}
if ctx.GetTeam() == nil {
if ctx.Team() == nil {
ctx.Error(http.StatusInternalServerError, "", "reqTeamMembership: unprepared context")
return
}
orgID := ctx.GetTeam().OrgID
isOwner, err := organization.IsOrganizationOwner(ctx.GetContext(), orgID, ctx.GetDoer().ID)
orgID := ctx.Team().OrgID
isOwner, err := organization.IsOrganizationOwner(ctx.Context(), orgID, ctx.Doer().ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "IsOrganizationOwner", err)
return
@ -27,11 +27,11 @@ func ReqTeamMembership(ctx Context) {
return
}
if isTeamMember, err := organization.IsTeamMember(ctx.GetContext(), orgID, ctx.GetTeam().ID, ctx.GetDoer().ID); err != nil {
if isTeamMember, err := organization.IsTeamMember(ctx.Context(), orgID, ctx.Team().ID, ctx.Doer().ID); err != nil {
ctx.Error(http.StatusInternalServerError, "IsTeamMember", err)
return
} else if !isTeamMember {
isOrgMember, err := organization.IsOrganizationMember(ctx.GetContext(), orgID, ctx.GetDoer().ID)
isOrgMember, err := organization.IsOrganizationMember(ctx.Context(), orgID, ctx.Doer().ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "IsOrganizationMember", err)
} else if isOrgMember {

View file

@ -9,11 +9,11 @@ import (
func ReqToken(ctx Context) {
// If actions token is present
if ctx.GetAuthentication().ActionsTaskID().Has() {
if ctx.Authentication().ActionsTaskID().Has() {
return
}
if ctx.GetIsSigned() {
if ctx.IsSigned() {
return
}
ctx.Error(http.StatusUnauthorized, "reqToken", "token is required")

View file

@ -8,12 +8,12 @@ import (
)
func ReqValidCommentID(ctx Context, comment *issues_model.Comment) {
if comment.Issue == nil || comment.Issue.RepoID != ctx.GetRepository().ID {
if comment.Issue == nil || comment.Issue.RepoID != ctx.Repository().ID {
ctx.NotFound()
return
}
if !ctx.GetPermission().CanReadIssuesOrPulls(comment.Issue.IsPull) {
if !ctx.Permission().CanReadIssuesOrPulls(comment.Issue.IsPull) {
ctx.NotFound()
return
}

View file

@ -158,7 +158,7 @@ func fixtureSetPackageOwner(t *testing.T, permissions *apiv1_permissions.Permiss
}
owner := fixtureCreateUser(t, &user_model.User{Name: fixtureData.Get("packageOwner")})
permissions.SetPackageOwner(owner)
mode, err := packages_service.DeterminePackageAccessMode(permissions.GetContext(), permissions.GetPackageOwner(), permissions.GetDoer())
mode, err := packages_service.DeterminePackageAccessMode(permissions.Context(), permissions.PackageOwner(), permissions.Doer())
require.NoError(t, err)
permissions.SetPackageAccessMode(mode)
}
@ -168,7 +168,7 @@ func fixtureSetDoer(t *testing.T, permissions *apiv1_permissions.Permissions, fi
if !fixtureData.Has("doer") {
return
}
if doer := permissions.GetDoer(); doer != nil {
if doer := permissions.Doer(); doer != nil {
if doer.Name != fixtureData.Get("doer") {
panic(fmt.Sprintf("attempting to override already doer %s with %s", doer.Name, fixtureData.Get("doer")))
}
@ -204,7 +204,7 @@ func (r *actionsTaskTokenAuthenticationResult) ActionsTaskID() optional.Option[i
func fixtureSetDoerActionsUser(t *testing.T, permissions *apiv1_permissions.Permissions, fixtureData *fixtureData) {
permissions.SetDoer(user_model.NewActionsUser())
repository := permissions.GetRepository()
repository := permissions.Repository()
require.NotNil(t, repository)
repositoryID := repository.ID
if fixtureData.Get("task.RepoID") == "unrelated" {
@ -223,9 +223,9 @@ func fixtureSetDoerActionsUser(t *testing.T, permissions *apiv1_permissions.Perm
require.NotZero(t, task.ID)
}
permissions.SetAuthentication(&actionsTaskTokenAuthenticationResult{user: permissions.GetDoer(), taskID: task.ID})
permissions.SetAuthentication(&actionsTaskTokenAuthenticationResult{user: permissions.Doer(), taskID: task.ID})
permissions.SetReducer(&authz.AllAccessAuthorizationReducer{})
permission, err := access_model.GetUserRepoPermissionWithReducer(permissions.GetContext(), permissions.GetRepository(), permissions.GetDoer(), permissions.GetReducer())
permission, err := access_model.GetUserRepoPermissionWithReducer(permissions.Context(), permissions.Repository(), permissions.Doer(), permissions.Reducer())
require.NoError(t, err)
permissions.SetPermission(&permission)
}
@ -303,29 +303,29 @@ func fixtureSetDoerRegularUser(t *testing.T, permissions *apiv1_permissions.Perm
panic(fmt.Errorf("attempting to set doer with no name"))
}
if permissions.GetDoer() == nil {
if permissions.Doer() == nil {
permissions.SetAuthentication(&auth.UnauthenticatedResult{})
} else {
token, err := fixtureCreateToken(t, permissions.GetDoer(), scope)
token, err := fixtureCreateToken(t, permissions.Doer(), scope)
require.NoError(t, err)
tokenReducer, err := authz.GetAuthorizationReducerForAccessToken(t.Context(), token)
require.NoError(t, err)
permissions.SetIsSigned(true)
switch fixtureData.Get("authentication") {
case "basic":
permissions.SetAuthentication(&basicPasswordAuthenticationResult{user: permissions.GetDoer()})
permissions.SetAuthentication(&basicPasswordAuthenticationResult{user: permissions.Doer()})
case "proxy":
permissions.SetAuthentication(&reverseProxyAuthenticationResult{user: permissions.GetDoer()})
permissions.SetAuthentication(&reverseProxyAuthenticationResult{user: permissions.Doer()})
default:
permissions.SetToken(token)
permissions.SetAuthentication(&accessTokenAuthenticationResult{user: permissions.GetDoer(), scope: token.Scope, reducer: tokenReducer})
permissions.SetAuthentication(&accessTokenAuthenticationResult{user: permissions.Doer(), scope: token.Scope, reducer: tokenReducer})
}
}
}
func fixtureCreateBranch(t *testing.T, permissions *apiv1_permissions.Permissions, branch string) {
t.Helper()
repository := permissions.GetRepository()
repository := permissions.Repository()
require.NotNil(t, repository)
gitRepo, err := git.OpenRepository(t.Context(), repository.RepoPath())
@ -341,7 +341,7 @@ func fixtureCreatePullRequest(t *testing.T, permissions *apiv1_permissions.Permi
return
}
repository := permissions.GetRepository()
repository := permissions.Repository()
require.NotNil(t, repository)
poster := fixtureGetUser(t, fixtureData.Get("pullRequestAuthor"))
@ -390,7 +390,7 @@ func fixtureSetRepository(t *testing.T, permissions *apiv1_permissions.Permissio
if !fixtureData.Has("repository") {
return
}
if repository := permissions.GetRepository(); repository != nil {
if repository := permissions.Repository(); repository != nil {
if repository.FullName() != fixtureData.Get("repository") {
panic(fmt.Sprintf("attempting to override already repository %s with %s", repository.FullName(), fixtureData.Get("repository")))
}
@ -440,7 +440,7 @@ func fixtureSetIssue(t *testing.T, permissions *apiv1_permissions.Permissions, f
if fixtureGetIssue(t, fixtureData) == nil {
authorName := fixtureData.Get("issueAuthor")
author := fixtureCreateUser(t, &user_model.User{Name: authorName})
_ = fixtureCreateIssue(t, author, permissions.GetRepository(), dataToString(t, fixtureData, "issue"), "issue description")
_ = fixtureCreateIssue(t, author, permissions.Repository(), dataToString(t, fixtureData, "issue"), "issue description")
}
}
@ -464,7 +464,7 @@ func fixtureCreateComment(t *testing.T, permissions *apiv1_permissions.Permissio
Type: issues_model.CommentTypeComment,
Doer: author,
Issue: fixtureGetIssue(t, fixtureData),
Repo: permissions.GetRepository(),
Repo: permissions.Repository(),
Content: dataToString(t, fixtureData, "comment"),
})
require.NoError(t, err)
@ -473,7 +473,7 @@ func fixtureCreateComment(t *testing.T, permissions *apiv1_permissions.Permissio
func fixtureDisableRepoUnit(t *testing.T, permissions *apiv1_permissions.Permissions, unitType unit_model.Type) {
t.Helper()
repo := permissions.GetRepository()
repo := permissions.Repository()
require.NotNil(t, repo)
forgery.DisableRepoUnits(t, repo, unitType)
}

View file

@ -36,7 +36,7 @@ var _ = registerFunctionTest(apiv1_permissions.ReqOrgMembership, functionTest{
}
if data.Get("setOrg") == "true" {
permissions.SetOrg(org)
permissions.SetOrganization(org)
}
if data.Get("setTeam") == "true" {

View file

@ -36,7 +36,7 @@ var _ = registerFunctionTest(apiv1_permissions.ReqOrgOwnership, functionTest{
}
if data.Get("setOrg") == "true" {
permissions.SetOrg(org)
permissions.SetOrganization(org)
}
if data.Get("setTeam") == "true" {

View file

@ -18,7 +18,7 @@ var _ = registerFunctionTest(apiv1_permissions.ReqSelfOrAdmin, functionTest{
interpret: func(t *testing.T, permissions *apiv1_permissions.Permissions, data *fixtureData) {
if data.Has("user") && data.Get("user") != "anonymous" {
name := data.Get("user")
user := permissions.GetUser()
user := permissions.User()
if user == nil {
fixtureCreateUser(t, &user_model.User{Name: name})
permissions.SetUser(fixtureGetUser(t, name))

View file

@ -17,7 +17,7 @@ func TokenRequiresScopes(ctx Context, requiredScopeCategories []auth_model.Acces
}
// Need OAuth2 token to be present.
hasScope, scope := ctx.GetAuthentication().Scope().Get()
hasScope, scope := ctx.Authentication().Scope().Get()
if !hasScope {
return
}

View file

@ -185,7 +185,7 @@ func (ctx *APIContext) ServerError(title string, err error) {
ctx.Error(http.StatusInternalServerError, title, err)
}
func (ctx *APIContext) GetContext() context.Context {
func (ctx *APIContext) Context() context.Context {
return ctx.originCtx
}
@ -193,10 +193,6 @@ func (ctx *APIContext) Cache() cache.Cache {
return ctx.cache
}
func (ctx *APIContext) GetDoer() *user_model.User {
return ctx.Doer()
}
func (ctx *APIContext) Doer() *user_model.User {
return ctx.doer
}
@ -213,10 +209,6 @@ func (ctx *APIContext) SetIsSigned(isSigned bool) {
ctx.isSigned = isSigned
}
func (ctx *APIContext) GetIsSigned() bool {
return ctx.IsSigned()
}
func (ctx *APIContext) Authentication() auth.AuthenticationResult {
return ctx.authentication
}
@ -225,14 +217,6 @@ func (ctx *APIContext) SetAuthentication(authentication auth.AuthenticationResul
ctx.authentication = authentication
}
func (ctx *APIContext) GetAuthentication() auth.AuthenticationResult {
return ctx.Authentication()
}
func (ctx *APIContext) GetUser() *user_model.User {
return ctx.User()
}
func (ctx *APIContext) User() *user_model.User {
return ctx.user
}
@ -249,11 +233,11 @@ func (ctx *APIContext) SetRepo(repo *Repository) {
ctx.repo = repo
}
func (ctx *APIContext) GetRepository() *repo_model.Repository {
func (ctx *APIContext) Repository() *repo_model.Repository {
return ctx.Repo().Repository
}
func (ctx *APIContext) GetPermission() *access_model.Permission {
func (ctx *APIContext) Permission() *access_model.Permission {
return &ctx.Repo().Permission
}
@ -269,7 +253,7 @@ func (ctx *APIContext) SetComment(comment *issues_model.Comment) {
ctx.comment = comment
}
func (ctx *APIContext) GetOrg() *org_model.Organization {
func (ctx *APIContext) Organization() *org_model.Organization {
return ctx.Org().Organization
}
@ -281,7 +265,7 @@ func (ctx *APIContext) SetOrg(org *APIOrganization) {
ctx.org = org
}
func (ctx *APIContext) GetTeam() *org_model.Team {
func (ctx *APIContext) Team() *org_model.Team {
return ctx.Org().Team
}
@ -289,14 +273,14 @@ func (ctx *APIContext) Package() *Package {
return ctx.pkg
}
func (ctx *APIContext) GetPackageOwner() *user_model.User {
func (ctx *APIContext) PackageOwner() *user_model.User {
if ctx.Package() == nil {
return nil
}
return ctx.Package().Owner
}
func (ctx *APIContext) GetPackageAccessMode() perm.AccessMode {
func (ctx *APIContext) PackageAccessMode() perm.AccessMode {
if ctx.Package() == nil {
return perm.AccessModeNone
}
@ -319,10 +303,6 @@ func (ctx *APIContext) SetPublicOnly(publicOnly bool) {
ctx.publicOnly = publicOnly
}
func (ctx *APIContext) GetPublicOnly() bool {
return ctx.PublicOnly()
}
func (ctx *APIContext) Reducer() authz.AuthorizationReducer {
return ctx.reducer
}
@ -331,10 +311,6 @@ func (ctx *APIContext) SetReducer(reducer authz.AuthorizationReducer) {
ctx.reducer = reducer
}
func (ctx *APIContext) GetReducer() authz.AuthorizationReducer {
return ctx.Reducer()
}
func (ctx *APIContext) RequiredScopeCategories() []auth_model.AccessTokenScopeCategory {
return ctx.requiredScopeCategories
}