From b415358ad120a7e0a5a70ece9975c1d77a382705 Mon Sep 17 00:00:00 2001
From: Bosn <bosn@outlook.com>
Date: Thu, 19 Apr 2018 14:18:33 +0800
Subject: [PATCH] fix access bug

---
 src/routes/utils/access.ts  | 1 +
 src/service/organization.ts | 3 ++-
 src/service/repository.ts   | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/routes/utils/access.ts b/src/routes/utils/access.ts
index 4ef2a6a..9158055 100644
--- a/src/routes/utils/access.ts
+++ b/src/routes/utils/access.ts
@@ -5,6 +5,7 @@ export enum ACCESS_TYPE { ORGANIZATION, REPOSITORY, USER }
 
 export class AccessUtils {
   public static async canUserAccess(accessType: ACCESS_TYPE, curUserId: number, entityId: number): Promise<boolean> {
+    console.log(`accessType=${accessType}&curUserId=${curUserId}&&entityId=${entityId}`)
     if (accessType === ACCESS_TYPE.ORGANIZATION) {
       return await OrganizationService.canUserAccessOrganization(curUserId, entityId)
     } else if (accessType === ACCESS_TYPE.REPOSITORY) {
diff --git a/src/service/organization.ts b/src/service/organization.ts
index 7172ef1..7ec55f7 100644
--- a/src/service/organization.ts
+++ b/src/service/organization.ts
@@ -5,7 +5,7 @@ import Utils from './utils';
 export default class OrganizationService {
   public static canUserAccessOrganization(userId: number, organizationId: number): Promise<boolean> {
     const sql = `
-      SELECT COUNT(*) AS num FROM (
+      SELECT COUNT(id) AS num FROM (
         SELECT o.id, o.name
         FROM Organizations o
         WHERE visibility = ${1} OR creatorId = ${userId} OR ownerId = ${userId}
@@ -17,6 +17,7 @@ export default class OrganizationService {
       ) as result
       WHERE id = ${organizationId}
     `
+    console.log(sql)
     return new Promise(resolve => {
       seq.query(sql).spread((result: any) => {
         resolve(+result[0].num > 0)
diff --git a/src/service/repository.ts b/src/service/repository.ts
index edc5e14..4264afe 100644
--- a/src/service/repository.ts
+++ b/src/service/repository.ts
@@ -3,7 +3,8 @@ import OrganizationService from "./organization";
 
 export default class RepositoryService {
   public static async canUserAccessRepository(userId: number, repositoryId: number): Promise<boolean> {
-    const repo = await Repository.findById(repositoryId, { attributes: ['organizationId']})
+    const repo = await Repository.findById(repositoryId)
+    if (repo.creatorId === userId || repo.ownerId === userId) return true
     return OrganizationService.canUserAccessOrganization(userId, repo.organizationId)
   }
 }
\ No newline at end of file