add panic checks, add comments

Author: wxiaoguang

models/actions/runner.go

@@ -14,6 +14,7 @@ import (
 	"code.gitea.io/gitea/models/shared/types"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/optional"
+	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/modules/util"
@@ -123,12 +124,15 @@ func (r *ActionRunner) IsOnline() bool {
 	return false
 }
 
-// Editable checks if the runner is editable by the user
-// ownerID == 0 and repoID == 0 means any runner including global runners
-// ownerID == 0 and repoID != 0 means any runner for the given repo
-// ownerID != 0 and repoID == 0 means any runner for the given user/org
-// ownerID != 0 and repoID != 0 means any runner for the given user/org or repo
-func (r *ActionRunner) Editable(ownerID, repoID int64) bool {
+// EditableInContext checks if the runner is editable by the "context" owner/repo
+// ownerID == 0 and repoID == 0 means "admin" context, any runner including global runners could be edited
+// ownerID == 0 and repoID != 0 means "repo" context, any runner belonging to the given repo could be edited
+// ownerID != 0 and repoID == 0 means "org" context, any runner belonging to the given user/org could be edited
+// ownerID != 0 and repoID != 0 means "owner" OR "repo" context, legacy behavior, but we should forbid using it
+func (r *ActionRunner) EditableInContext(ownerID, repoID int64) bool {
+	if ownerID != 0 && repoID != 0 {
+		setting.PanicInDevOrTesting("ownerID and repoID should not be both set")
+	}
 	if ownerID == 0 && repoID == 0 {
 		return true
 	}

routers/api/v1/shared/runners.go

@@ -9,6 +9,7 @@ import (
 
 	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers/api/v1/utils"
@@ -35,13 +36,16 @@ func GetRegistrationToken(ctx *context.APIContext, ownerID, repoID int64) {
 	ctx.JSON(http.StatusOK, RegistrationToken{Token: token.Token})
 }
 
-// List Runners for api route validated ownerID and repoID
+// ListRunners lists runners for api route validated ownerID and repoID
 // ownerID == 0 and repoID == 0 means all runners including global runners, does not appear in sql where clause
 // ownerID == 0 and repoID != 0 means all runners for the given repo
 // ownerID != 0 and repoID == 0 means all runners for the given user/org
 // ownerID != 0 and repoID != 0 undefined behavior
 // Access rights are checked at the API route level
 func ListRunners(ctx *context.APIContext, ownerID, repoID int64) {
+	if ownerID != 0 && repoID != 0 {
+		setting.PanicInDevOrTesting("ownerID and repoID should not be both set")
+	}
 	runners, total, err := db.FindAndCount[actions_model.ActionRunner](ctx, &actions_model.FindRunnerOptions{
 		OwnerID:     ownerID,
 		RepoID:      repoID,
@@ -63,38 +67,44 @@ func ListRunners(ctx *context.APIContext, ownerID, repoID int64) {
 	ctx.JSON(http.StatusOK, &res)
 }
 
-// Get Runners for api route validated ownerID and repoID
+// GetRunner get the runner for api route validated ownerID and repoID
 // ownerID == 0 and repoID == 0 means any runner including global runners
 // ownerID == 0 and repoID != 0 means any runner for the given repo
 // ownerID != 0 and repoID == 0 means any runner for the given user/org
 // ownerID != 0 and repoID != 0 undefined behavior
 // Access rights are checked at the API route level
 func GetRunner(ctx *context.APIContext, ownerID, repoID, runnerID int64) {
+	if ownerID != 0 && repoID != 0 {
+		setting.PanicInDevOrTesting("ownerID and repoID should not be both set")
+	}
 	runner, err := actions_model.GetRunnerByID(ctx, runnerID)
 	if err != nil {
 		ctx.APIErrorNotFound(err)
 		return
 	}
-	if !runner.Editable(ownerID, repoID) {
+	if !runner.EditableInContext(ownerID, repoID) {
 		ctx.APIErrorNotFound("No permission to get this runner")
 		return
 	}
 	ctx.JSON(http.StatusOK, convert.ToActionRunner(ctx, runner))
 }
 
-// Delete Runner for api route validated ownerID and repoID
+// DeleteRunner deletes the runner for api route validated ownerID and repoID
 // ownerID == 0 and repoID == 0 means any runner including global runners
 // ownerID == 0 and repoID != 0 means any runner for the given repo
 // ownerID != 0 and repoID == 0 means any runner for the given user/org
 // ownerID != 0 and repoID != 0 undefined behavior
 // Access rights are checked at the API route level
 func DeleteRunner(ctx *context.APIContext, ownerID, repoID, runnerID int64) {
+	if ownerID != 0 && repoID != 0 {
+		setting.PanicInDevOrTesting("ownerID and repoID should not be both set")
+	}
 	runner, err := actions_model.GetRunnerByID(ctx, runnerID)
 	if err != nil {
 		ctx.APIErrorInternal(err)
 		return
 	}
-	if !runner.Editable(ownerID, repoID) {
+	if !runner.EditableInContext(ownerID, repoID) {
 		ctx.APIErrorNotFound("No permission to delete this runner")
 		return
 	}

routers/web/shared/actions/runners.go

@@ -197,7 +197,7 @@ func RunnersEdit(ctx *context.Context) {
 		ctx.ServerError("LoadAttributes", err)
 		return
 	}
-	if !runner.Editable(ownerID, repoID) {
+	if !runner.EditableInContext(ownerID, repoID) {
 		err = errors.New("no permission to edit this runner")
 		ctx.NotFound(err)
 		return
@@ -250,7 +250,7 @@ func RunnersEditPost(ctx *context.Context) {
 		ctx.ServerError("RunnerDetailsEditPost.GetRunnerByID", err)
 		return
 	}
-	if !runner.Editable(ownerID, repoID) {
+	if !runner.EditableInContext(ownerID, repoID) {
 		ctx.NotFound(util.NewPermissionDeniedErrorf("no permission to edit this runner"))
 		return
 	}
@@ -304,7 +304,7 @@ func RunnerDeletePost(ctx *context.Context) {
 		return
 	}
 
-	if !runner.Editable(rCtx.OwnerID, rCtx.RepoID) {
+	if !runner.EditableInContext(rCtx.OwnerID, rCtx.RepoID) {
 		ctx.NotFound(util.NewPermissionDeniedErrorf("no permission to delete this runner"))
 		return
 	}

tests/integration/api_org_runner_test.go

@@ -108,7 +108,7 @@ func TestAPIRunnerGetAdminRunnerNotFoundOrgApi(t *testing.T) {
 	userUsername := "user2"
 	token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadOrganization)
 	// Verify get a runner by id of different entity is not found
-	// runner.Editable(ownerID, repoID) false
+	// runner.EditableInContext(ownerID, repoID) false
 	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34349)).AddTokenAuth(token)
 	MakeRequest(t, req, http.StatusNotFound)
 }
@@ -118,7 +118,7 @@ func TestAPIRunnerDeleteAdminRunnerNotFoundOrgApi(t *testing.T) {
 	userUsername := "user2"
 	token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteOrganization)
 	// Verify delete a runner by id of different entity is not found
-	// runner.Editable(ownerID, repoID) false
+	// runner.EditableInContext(ownerID, repoID) false
 	req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34349)).AddTokenAuth(token)
 	MakeRequest(t, req, http.StatusNotFound)
 }

tests/integration/api_repo_runner_test.go

@@ -108,7 +108,7 @@ func TestAPIRunnerGetAdminRunnerNotFoundRepoApi(t *testing.T) {
 	userUsername := "user2"
 	token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadRepository)
 	// Verify get a runner by id of different entity is not found
-	// runner.Editable(ownerID, repoID) false
+	// runner.EditableInContext(ownerID, repoID) false
 	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34349)).AddTokenAuth(token)
 	MakeRequest(t, req, http.StatusNotFound)
 }
@@ -118,7 +118,7 @@ func TestAPIRunnerDeleteAdminRunnerNotFoundRepoApi(t *testing.T) {
 	userUsername := "user2"
 	token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteRepository)
 	// Verify delete a runner by id of different entity is not found
-	// runner.Editable(ownerID, repoID) false
+	// runner.EditableInContext(ownerID, repoID) false
 	req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34349)).AddTokenAuth(token)
 	MakeRequest(t, req, http.StatusNotFound)
 }