From 007edd38bea3c7cb478a57be7bf6bde3d55aac32 Mon Sep 17 00:00:00 2001 From: xxq250 Date: Tue, 28 Mar 2023 14:36:05 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E9=87=8D=E5=86=99user.gitea=5Ftoken,?= =?UTF-8?q?=E5=BD=93=E7=94=A8=E6=88=B7=E4=B8=BAbot=E7=B1=BB=E5=9E=8B?= =?UTF-8?q?=E6=97=B6=EF=BC=8C=E6=9B=BF=E6=8D=A2=E6=88=90=E7=AE=A1=E7=90=86?= =?UTF-8?q?=E5=91=98token?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/models/user.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/app/models/user.rb b/app/models/user.rb index 5e21212ab..dbaf74ccc 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -845,6 +845,15 @@ class User < Owner end end + # 重写gitea_token,当用户为bot类型时,替换成管理员token + def gitea_token + if self.platform == "bot" + GiteaService.gitea_config[:admin_token] + else + self['gitea_token'] + end + end + protected def validate_password_length # 管理员的初始密码是5位 From 38ddb850c1e6f8f166f45163b47b3889fb9ac845 Mon Sep 17 00:00:00 2001 From: xxq250 Date: Tue, 28 Mar 2023 14:36:58 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E9=87=8D=E5=86=99user.gitea=5Ftoken,?= =?UTF-8?q?=E7=AE=A1=E7=90=86=E5=91=98token,yml=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config/configuration.yml.example | 1 + 1 file changed, 1 insertion(+) diff --git a/config/configuration.yml.example b/config/configuration.yml.example index 6ae32e4f3..b446c0109 100644 --- a/config/configuration.yml.example +++ b/config/configuration.yml.example @@ -55,6 +55,7 @@ default: &default access_key_secret: '' domain: 'https://testgit.trustie.net' base_url: '/api/v1' + admin_token: '123123' accelerator: access_key_id: '' access_key_secret: '' From ca449ccc8a2a97737f516435ecce0051a2d55d93 Mon Sep 17 00:00:00 2001 From: xxq250 Date: Tue, 28 Mar 2023 14:38:44 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E9=A1=B9=E7=9B=AE=E6=9D=83=E9=99=90?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0bot=E7=94=A8=E6=88=B7=E6=9D=83=E9=99=90?= =?UTF-8?q?=EF=BC=8C=E5=B7=B2=E5=AE=89=E8=A3=85bot=EF=BC=8C=E5=BD=93?= =?UTF-8?q?=E5=89=8Dbot=E7=94=A8=E6=88=B7=E5=8D=B3=E6=8B=A5=E6=9C=89?= =?UTF-8?q?=E6=9D=83=E9=99=90=EF=BC=8C=E6=9D=83=E9=99=90=E7=B2=92=E5=BA=A6?= =?UTF-8?q?=E5=BE=85=E5=AE=8C=E5=96=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/models/concerns/project_operable.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/models/concerns/project_operable.rb b/app/models/concerns/project_operable.rb index 0bac02ce6..d5d45a468 100644 --- a/app/models/concerns/project_operable.rb +++ b/app/models/concerns/project_operable.rb @@ -190,22 +190,24 @@ module ProjectOperable end # 项目管理员(包含项目拥有者),权限:仓库设置、仓库可读可写 + # 增加bot用户权限,已安装bot,当前bot用户即拥有权限,权限粒度待完善 def manager?(user) if owner.is_a?(User) - managers.exists?(user_id: user.id) + managers.exists?(user_id: user.id) || (user.platform == "bot" && BotInstall.joins(:bot).where(bot: { uid: user.id }).where(store_id: self.id).exists?) elsif owner.is_a?(Organization) - managers.exists?(user_id: user.id) || owner.is_owner?(user.id) || (owner.is_only_admin?(user.id) && (teams.pluck(:id) & user.teams.pluck(:id)).size > 0) + managers.exists?(user_id: user.id) || owner.is_owner?(user.id) || (owner.is_only_admin?(user.id) && (teams.pluck(:id) & user.teams.pluck(:id)).size > 0) || (user.platform == "bot" && BotInstall.joins(:bot).where(bot: { uid: user.id }).where(store_id: self.id).exists?) else false end end # 项目开发者,可读可写权限 + # 增加bot用户权限,已安装当前bot用户对应的bot即拥有权限,权限粒度待完善 def develper?(user) if owner.is_a?(User) - developers.exists?(user_id: user.id) + developers.exists?(user_id: user.id) || (user.platform == "bot" && BotInstall.joins(:bot).where(bot: { uid: user.id }).where(store_id: self.id).exists?) elsif owner.is_a?(Organization) - developers.exists?(user_id: user.id) || (owner.is_only_write?(user.id) && (teams.pluck(:id) & user.teams.pluck(:id)).size > 0) + developers.exists?(user_id: user.id) || (owner.is_only_write?(user.id) && (teams.pluck(:id) & user.teams.pluck(:id)).size > 0) || (user.platform == "bot" && BotInstall.joins(:bot).where(bot: { uid: user.id }).where(store_id: self.id).exists?) else false end