From 579b45dfa4572462dc28a4f44a62ae8421be35f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cxxq250=E2=80=9D?= <“xxq250@qq.com”> Date: Thu, 28 Jul 2022 17:19:39 +0800 Subject: [PATCH 1/6] =?UTF-8?q?fixed=20=E7=B2=BE=E9=80=89=E9=A1=B9?= =?UTF-8?q?=E7=9B=AE=E4=B8=8D=E5=8C=85=E5=90=AB=E7=A7=81=E6=9C=89=E4=BB=93?= =?UTF-8?q?=E5=BA=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/services/gitea/repository/languages/list_service.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/services/gitea/repository/languages/list_service.rb b/app/services/gitea/repository/languages/list_service.rb index 88d5dcbe..9c96d56e 100644 --- a/app/services/gitea/repository/languages/list_service.rb +++ b/app/services/gitea/repository/languages/list_service.rb @@ -10,7 +10,7 @@ class Gitea::Repository::Languages::ListService < Gitea::ClientService def initialize(owner, repo, token) @owner = owner @repo = repo - @args = token + @token = token end def call From b22909a654a19d5c861acd4720b3fb46b7b06105 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cxxq250=E2=80=9D?= <“xxq250@qq.com”> Date: Thu, 28 Jul 2022 17:20:22 +0800 Subject: [PATCH 2/6] =?UTF-8?q?fixed=20=E8=AF=AD=E8=A8=80=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3token=E5=8F=82=E6=95=B0=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/services/gitea/repository/languages/list_service.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/services/gitea/repository/languages/list_service.rb b/app/services/gitea/repository/languages/list_service.rb index 9c96d56e..355c149d 100644 --- a/app/services/gitea/repository/languages/list_service.rb +++ b/app/services/gitea/repository/languages/list_service.rb @@ -10,7 +10,7 @@ class Gitea::Repository::Languages::ListService < Gitea::ClientService def initialize(owner, repo, token) @owner = owner @repo = repo - @token = token + @token = token end def call From f12cfabee3d6e6ba8037680d8eabc1b2821987af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cxxq250=E2=80=9D?= <“xxq250@qq.com”> Date: Thu, 28 Jul 2022 17:30:09 +0800 Subject: [PATCH 3/6] =?UTF-8?q?fixed=20=E7=B2=BE=E9=80=89=E9=A1=B9?= =?UTF-8?q?=E7=9B=AE=E4=B8=8D=E5=8C=85=E5=90=AB=E7=A7=81=E6=9C=89=E4=BB=93?= =?UTF-8?q?=E5=BA=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/users/is_pinned_projects_controller.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/app/controllers/users/is_pinned_projects_controller.rb b/app/controllers/users/is_pinned_projects_controller.rb index 1ddadd27..ff45120f 100644 --- a/app/controllers/users/is_pinned_projects_controller.rb +++ b/app/controllers/users/is_pinned_projects_controller.rb @@ -1,7 +1,10 @@ class Users::IsPinnedProjectsController < Users::BaseController before_action :private_user_resources!, only: [:pin] - def index - @is_pinned_projects = observed_user.pinned_projects.order(position: :desc, created_at: :asc).includes(project: [:project_category, :project_language, :repository]).order(position: :desc) + def index + @is_pinned_projects = observed_user.pinned_projects.left_joins(:project) + .where("projects.is_public = TRUE") + .order(position: :desc, created_at: :asc) + .includes(project: [:project_category, :project_language, :repository]).order(position: :desc) @is_pinned_projects = kaminari_paginate(@is_pinned_projects) end From df57312056589974d2d622c0604eca6ad9e0eebf Mon Sep 17 00:00:00 2001 From: yystopf Date: Fri, 29 Jul 2022 17:29:25 +0800 Subject: [PATCH 4/6] =?UTF-8?q?=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/services/trace/client_service.rb | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/app/services/trace/client_service.rb b/app/services/trace/client_service.rb index 72ffa8ca..67da5d7a 100644 --- a/app/services/trace/client_service.rb +++ b/app/services/trace/client_service.rb @@ -8,8 +8,11 @@ class Trace::ClientService < ApplicationService def authed_post(token, url, params={}) puts "[trace][POST] request params: #{params}" puts "[trace][POST] request token: #{token}" - conn.headers['Authorization'] = token - conn.post(full_url(url), params[:data]) + conn.post do |req| + req.url full_url(url, 'post') + req.headers['Authorization'] = token + req.body = params[:data].as_json + end end def get(url, params={}) @@ -42,8 +45,11 @@ class Trace::ClientService < ApplicationService def authed_delete(token, url, params={}) puts "[trace][DELETE] request params: #{params}" puts "[trace][DELETE] request token: #{token}" - conn.headers['Authorization'] = token - conn.delete(full_url(url), params[:data]) + conn.delete do |req| + req.url full_url(url, 'delete') + req.headers['Authorization'] = token + req.body = params[:data].as_json + end end def patch(url, params={}) @@ -54,8 +60,11 @@ class Trace::ClientService < ApplicationService def authed_patch(token, url, params={}) puts "[trace][PATCH] request params: #{params}" puts "[trace][PATCH] request token: #{token}" - conn.headers['Authorization'] = token - conn.patch(full_url(url), params[:data]) + conn.patch do |req| + req.url full_url(url, 'patch') + req.headers['Authorization'] = token + req.body = params[:data].as_json + end end def put(url, params={}) @@ -66,8 +75,11 @@ class Trace::ClientService < ApplicationService def authed_put(token, url, params={}) puts "[trace][PUT] request params: #{params}" puts "[trace][PUT] request token: #{token}" - conn.headers['Authorization'] = token - conn.put(full_url(url), params[:data]) + conn.put do |req| + req.url full_url(url, 'put') + req.headers['Authorization'] = token + req.body = params[:data].as_json + end end def conn From b06e29260ad6e2db729fa99d1c317d3be2d912bc Mon Sep 17 00:00:00 2001 From: yystopf Date: Mon, 1 Aug 2022 14:28:44 +0800 Subject: [PATCH 5/6] =?UTF-8?q?=E4=BF=AE=E5=A4=8D:=20return=20error=20stat?= =?UTF-8?q?us=E9=BB=98=E8=AE=A4=E4=B8=BA-1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/concerns/render_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/concerns/render_helper.rb b/app/controllers/concerns/render_helper.rb index 851a3ccf..b90af99b 100644 --- a/app/controllers/concerns/render_helper.rb +++ b/app/controllers/concerns/render_helper.rb @@ -3,7 +3,7 @@ module RenderHelper render json: { status: 0, message: 'success' }.merge(data) end - def render_error(message = '') + def render_error(message = '', status = -1) render json: { status: status, message: message } end From 096b0b954d2c6474f9677792e027d509ecee43e2 Mon Sep 17 00:00:00 2001 From: yystopf Date: Mon, 1 Aug 2022 17:14:32 +0800 Subject: [PATCH 6/6] =?UTF-8?q?=E6=96=B0=E5=A2=9E:=20fork=E4=BB=93?= =?UTF-8?q?=E5=BA=93=E5=8D=8F=E4=BD=9C=E8=80=85=E5=8F=AF=E4=BB=A5=E6=8F=90?= =?UTF-8?q?=E4=BA=A4=E6=96=87=E4=BB=B6=E8=87=B3=E4=BB=93=E5=BA=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/api/v1/base_controller.rb | 7 +++++++ app/controllers/api/v1/projects/contents_controller.rb | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v1/base_controller.rb b/app/controllers/api/v1/base_controller.rb index c765906b..b937d798 100644 --- a/app/controllers/api/v1/base_controller.rb +++ b/app/controllers/api/v1/base_controller.rb @@ -40,6 +40,13 @@ class Api::V1::BaseController < ApplicationController return render_forbidden if !current_user.admin? && !@project.operator?(current_user) end + # 具有仓库的操作权限或者fork仓库的操作权限 + def require_operate_above_or_fork_project + @project = load_project + puts !current_user.admin? && !@project.operator?(current_user) && !(@project.fork_project.present? && @project.fork_project.operator?(current_user)) + return render_forbidden if !current_user.admin? && !@project.operator?(current_user) && !(@project.fork_project.present? && @project.fork_project.operator?(current_user)) + end + # 具有对仓库的访问权限 def require_public_and_member_above @project = load_project diff --git a/app/controllers/api/v1/projects/contents_controller.rb b/app/controllers/api/v1/projects/contents_controller.rb index 44ab8c54..1c59164a 100644 --- a/app/controllers/api/v1/projects/contents_controller.rb +++ b/app/controllers/api/v1/projects/contents_controller.rb @@ -1,13 +1,13 @@ class Api::V1::Projects::ContentsController < Api::V1::BaseController - before_action :require_operate_above, only: [:batch] + before_action :require_operate_above_or_fork_project, only: [:batch] def batch @batch_content_params = batch_content_params # 处理下author和committer信息,如果没传则默认为当前用户信息 @batch_content_params.merge!(author_email: current_user.mail, author_name: current_user.login) if batch_content_params[:author_email].blank? && batch_content_params[:author_name].blank? @batch_content_params.merge!(committer_email: current_user.mail, committer_name: current_user.login) if batch_content_params[:committer_email].blank? && batch_content_params[:committer_name].blank? - @result_object = Api::V1::Projects::Contents::BatchCreateService.call(@project, @batch_content_params, current_user&.gitea_token) - puts @result_object + + @result_object = Api::V1::Projects::Contents::BatchCreateService.call(@project, @batch_content_params, @project.owner.gitea_token) end private