HomeLab/ForgeBucket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

repo permissions section is not functional

Browse Source
This commit is contained in:
erangel1
2026-05-07 14:49:47 +02:00
parent 8cb918b064
commit 5e60b814ed
14 changed files with 584 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/handlers/githttp.go
+11 -1
View File
@@ -59,11 +59,21 @@ func (h *GitHTTPHandler) ServeGit(w http.ResponseWriter, r *http.Request) {
}
}
// Require authentication for push; allow anonymous read for public repos
// Authenticate and enforce permission checks.
var authedUser string
user, authed := h.basicAuth(r)
if authed {
authedUser = user
// Push requires write or admin permission.
if service == "git-receive-pack" && !HasPermission(h.db, &repo, user, "write") {
http.Error(w, "forbidden: you do not have write access to this repository", http.StatusForbidden)
return
}
// Pull on a private repo requires at least read permission.
if repo.IsPrivate && !HasPermission(h.db, &repo, user, "read") {
http.Error(w, "forbidden: you do not have read access to this repository", http.StatusForbidden)
return
}
} else if service == "git-receive-pack" || repo.IsPrivate {
w.Header().Set("WWW-Authenticate", `Basic realm="ForgeBucket"`)
http.Error(w, "authentication required", http.StatusUnauthorized)