diff --git a/src/main/scala/gitbucket/core/controller/PullRequestsController.scala b/src/main/scala/gitbucket/core/controller/PullRequestsController.scala index e8c7208..dcaeda0 100644 --- a/src/main/scala/gitbucket/core/controller/PullRequestsController.scala +++ b/src/main/scala/gitbucket/core/controller/PullRequestsController.scala @@ -333,7 +333,7 @@ Some(forkedRepository.name) } else if(forkedRepository.repository.originUserName.isEmpty){ // when ForkedRepository is the original repository - getForkedRepositories(forkedRepository.owner, forkedRepository.name).find(_._1 == originOwner).map(_._2) + getForkedRepositories(forkedRepository.owner, forkedRepository.name).find(_.userName == originOwner).map(_.repositoryName) } else if(Some(originOwner) == forkedRepository.repository.originUserName){ // Original repository forkedRepository.repository.originRepositoryName @@ -381,9 +381,13 @@ commits, diffs, ((forkedRepository.repository.originUserName, forkedRepository.repository.originRepositoryName) match { - case (Some(userName), Some(repositoryName)) => (userName, repositoryName) :: getForkedRepositories(userName, repositoryName) - case _ => (forkedRepository.owner, forkedRepository.name) :: getForkedRepositories(forkedRepository.owner, forkedRepository.name) - }).filter { case (owner, name) => hasGuestRole(owner, name, context.loginAccount) }, + case (Some(userName), Some(repositoryName)) => getRepository(userName, repositoryName) match { + case Some(originRepository) => originRepository.repository :: getForkedRepositories(userName, repositoryName) + case None => getForkedRepositories(userName, repositoryName) + } + case _ => forkedRepository.repository :: getForkedRepositories(forkedRepository.owner, forkedRepository.name) + }).filter { repository => isReadable(repository, context.loginAccount) } + .map { repository => (repository.userName, repository.repositoryName) }, commits.flatten.map(commit => getCommitComments(forkedRepository.owner, forkedRepository.name, commit.id, false)).flatten.toList, originId, forkedId, @@ -419,7 +423,7 @@ Some(forkedRepository.name) } else { forkedRepository.repository.originRepositoryName.orElse { - getForkedRepositories(forkedRepository.owner, forkedRepository.name).find(_._1 == originOwner).map(_._2) + getForkedRepositories(forkedRepository.owner, forkedRepository.name).find(_.userName == originOwner).map(_.repositoryName) } }; originRepository <- getRepository(originOwner, originRepositoryName) diff --git a/src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala b/src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala index e6cd4f8..5565793 100644 --- a/src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala +++ b/src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala @@ -658,7 +658,8 @@ repository.repository.originRepositoryName.getOrElse(repository.name)), getForkedRepositories( repository.repository.originUserName.getOrElse(repository.owner), - repository.repository.originRepositoryName.getOrElse(repository.name)), + repository.repository.originRepositoryName.getOrElse(repository.name) + ).map { repository => (repository.userName, repository.repositoryName) }, context.loginAccount match { case None => List() case account: Option[Account] => getGroupsByUserName(account.get.userName) diff --git a/src/main/scala/gitbucket/core/service/RepositoryService.scala b/src/main/scala/gitbucket/core/service/RepositoryService.scala index 769f0e1..8cf037c 100644 --- a/src/main/scala/gitbucket/core/service/RepositoryService.scala +++ b/src/main/scala/gitbucket/core/service/RepositoryService.scala @@ -443,17 +443,31 @@ } } + def isReadable(repository: Repository, loginAccount: Option[Account])(implicit s: Session): Boolean = { + if(!repository.isPrivate){ + true + } else { + loginAccount match { + case Some(x) if(x.isAdmin) => true + case Some(x) if(repository.userName == x.userName) => true + case Some(x) if(getGroupMembers(repository.userName).exists(_.userName == x.userName)) => true + case Some(x) if(getCollaboratorUserNames(repository.userName, repository.repositoryName).contains(x.userName)) => true + case _ => false + } + } + } + private def getForkedCount(userName: String, repositoryName: String)(implicit s: Session): Int = Query(Repositories.filter { t => (t.originUserName === userName.bind) && (t.originRepositoryName === repositoryName.bind) }.length).first - def getForkedRepositories(userName: String, repositoryName: String)(implicit s: Session): List[(String, String)] = + def getForkedRepositories(userName: String, repositoryName: String)(implicit s: Session): List[Repository] = Repositories.filter { t => (t.originUserName === userName.bind) && (t.originRepositoryName === repositoryName.bind) } - .sortBy(_.userName asc).map(t => t.userName -> t.repositoryName).list + .sortBy(_.userName asc).list//.map(t => t.userName -> t.repositoryName).list private val templateExtensions = Seq("md", "markdown") diff --git a/src/main/scala/gitbucket/core/util/Authenticator.scala b/src/main/scala/gitbucket/core/util/Authenticator.scala index 30e6ae0..8065130 100644 --- a/src/main/scala/gitbucket/core/util/Authenticator.scala +++ b/src/main/scala/gitbucket/core/util/Authenticator.scala @@ -97,16 +97,10 @@ { defining(request.paths){ paths => getRepository(paths(0), paths(1)).map { repository => - if(!repository.repository.isPrivate){ + if(isReadable(repository.repository, context.loginAccount)){ action(repository) } else { - context.loginAccount match { - case Some(x) if(x.isAdmin) => action(repository) - case Some(x) if(paths(0) == x.userName) => action(repository) - case Some(x) if(getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository) - case Some(x) if(getCollaboratorUserNames(paths(0), paths(1)).contains(x.userName)) => action(repository) - case _ => Unauthorized() - } + Unauthorized() } } getOrElse NotFound() }