diff --git a/models/org.go b/models/org.go index ce5067058..31db8e364 100644 --- a/models/org.go +++ b/models/org.go @@ -507,7 +507,7 @@ func (t *Team) AddRepository(repo *Repository) (err error) { mode := AuthorizeToAccessType(t.Authorize) for _, u := range t.Members { - auth, err := GetHighestAuthorize(t.OrgId, u.Id, t.Id, repo.Id) + auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, t.Id) if err != nil { sess.Rollback() return err @@ -517,13 +517,7 @@ func (t *Team) AddRepository(repo *Repository) (err error) { UserName: u.LowerName, RepoName: path.Join(repo.Owner.LowerName, repo.LowerName), } - if auth == 0 { - access.Mode = mode - if _, err = sess.Insert(access); err != nil { - sess.Rollback() - return fmt.Errorf("fail to insert access: %v", err) - } - } else if auth < t.Authorize { + if auth < t.Authorize { if err = addAccessWithAuthorize(sess, access, mode); err != nil { sess.Rollback() return err @@ -570,7 +564,7 @@ func (t *Team) RemoveRepository(repoId int64) error { // Remove access to team members. for _, u := range t.Members { - auth, err := GetHighestAuthorize(t.OrgId, u.Id, t.Id, repo.Id) + auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, t.Id) if err != nil { sess.Rollback() return err @@ -668,7 +662,7 @@ func GetTeamById(teamId int64) (*Team, error) { } // GetHighestAuthorize returns highest repository authorize level for given user and team. -func GetHighestAuthorize(orgId, uid, teamId, repoId int64) (AuthorizeType, error) { +func GetHighestAuthorize(orgId, uid, repoId, teamId int64) (AuthorizeType, error) { ts, err := GetUserTeams(orgId, uid) if err != nil { return 0, err @@ -687,6 +681,7 @@ func GetHighestAuthorize(orgId, uid, teamId, repoId int64) (AuthorizeType, error } } } + return auth, nil } @@ -728,7 +723,7 @@ func UpdateTeam(t *Team, authChanged bool) (err error) { // ORG_WRITABLE is the highest authorize level for now. // Skip checking others if current team has this level. if t.Authorize < ORG_WRITABLE { - auth, err := GetHighestAuthorize(org.Id, u.Id, t.Id, repo.Id) + auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, t.Id) if err != nil { sess.Rollback() return err @@ -782,7 +777,7 @@ func DeleteTeam(t *Team) error { // Delete all accesses. for _, repo := range t.Repos { for _, u := range t.Members { - auth, err := GetHighestAuthorize(org.Id, u.Id, t.Id, repo.Id) + auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, t.Id) if err != nil { sess.Rollback() return err @@ -943,7 +938,7 @@ func AddTeamMember(orgId, teamId, uid int64) error { // Give access to team repositories. mode := AuthorizeToAccessType(t.Authorize) for _, repo := range t.Repos { - auth, err := GetHighestAuthorize(orgId, uid, teamId, repo.Id) + auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, teamId) if err != nil { sess.Rollback() return err @@ -953,14 +948,7 @@ func AddTeamMember(orgId, teamId, uid int64) error { UserName: u.LowerName, RepoName: path.Join(org.LowerName, repo.LowerName), } - // Equal 0 means given access doesn't exist. - if auth == 0 { - access.Mode = mode - if _, err = sess.Insert(access); err != nil { - sess.Rollback() - return fmt.Errorf("fail to insert access: %v", err) - } - } else if auth < t.Authorize { + if auth < t.Authorize { if err = addAccessWithAuthorize(sess, access, mode); err != nil { sess.Rollback() return err @@ -1037,7 +1025,7 @@ func removeTeamMemberWithSess(orgId, teamId, uid int64, sess *xorm.Session) erro // Delete access to team repositories. for _, repo := range t.Repos { - auth, err := GetHighestAuthorize(orgId, uid, teamId, repo.Id) + auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, teamId) if err != nil { sess.Rollback() return err diff --git a/modules/middleware/repo.go b/modules/middleware/repo.go index 68a9a2d7f..82ef3c799 100644 --- a/modules/middleware/repo.go +++ b/modules/middleware/repo.go @@ -109,7 +109,7 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler { } // Check if current user has admin permission to repository. if u.IsOrganization() { - auth, err := models.GetHighestAuthorize(u.Id, ctx.User.Id, 0, repo.Id) + auth, err := models.GetHighestAuthorize(u.Id, ctx.User.Id, repo.Id, 0) if err != nil { ctx.Handle(500, "GetHighestAuthorize", err) return diff --git a/routers/org/teams.go b/routers/org/teams.go index b0a69da76..9aa8e5021 100644 --- a/routers/org/teams.go +++ b/routers/org/teams.go @@ -94,7 +94,7 @@ func TeamsAction(ctx *middleware.Context) { if err == models.ErrLastOrgOwner { ctx.Flash.Error(ctx.Tr("form.last_org_owner")) } else { - log.Error(4, "Action(%s): %v", ctx.Params(":action"), err) + log.Error(3, "Action(%s): %v", ctx.Params(":action"), err) ctx.JSON(200, map[string]interface{}{ "ok": false, "err": err.Error(), @@ -133,7 +133,7 @@ func TeamsRepoAction(ctx *middleware.Context) { } if err != nil { - log.Error(4, "Action(%s): %v", ctx.Params(":action"), err) + log.Error(3, "Action(%s): %v", ctx.Params(":action"), err) ctx.JSON(200, map[string]interface{}{ "ok": false, "err": err.Error(), diff --git a/routers/repo/setting.go b/routers/repo/setting.go index 2354fbc13..b30de91a3 100644 --- a/routers/repo/setting.go +++ b/routers/repo/setting.go @@ -213,7 +213,7 @@ func SettingsCollaboration(ctx *middleware.Context) { needDelete := true if ctx.User.IsOrganization() { // Check if user belongs to a team that has access to this repository. - auth, err := models.GetHighestAuthorize(ctx.Repo.Owner.Id, ctx.User.Id, 0, ctx.Repo.Repository.Id) + auth, err := models.GetHighestAuthorize(ctx.Repo.Owner.Id, ctx.User.Id, ctx.Repo.Repository.Id, 0) if err != nil { ctx.Handle(500, "GetHighestAuthorize", err) return