forked from
tangled.org/core
Mirror of @tangled.org/core. Running on a Raspberry Pi Zero 2 (Please be gentle).
appview: remove `ResolvedRepo.RolesInRepo()`
replace with rbac enforcer instead
Signed-off-by: Seongmin Lee <git@boltless.me>
authored by
Seongmin Lee
and committed by
Tangled
02ff0c9e
e4fc543c
+16
-16
+7
-2
appview/issues/issues.go
+7
-2
appview/issues/issues.go
···
24
24
"tangled.org/core/appview/oauth"
25
25
"tangled.org/core/appview/pages"
26
26
"tangled.org/core/appview/pages/markup"
27
+
"tangled.org/core/appview/pages/repoinfo"
27
28
"tangled.org/core/appview/pagination"
28
29
"tangled.org/core/appview/reporesolver"
29
30
"tangled.org/core/appview/validator"
30
31
"tangled.org/core/idresolver"
32
+
"tangled.org/core/rbac"
31
33
"tangled.org/core/tid"
32
34
)
33
35
34
36
type Issues struct {
35
37
oauth *oauth.OAuth
36
38
repoResolver *reporesolver.RepoResolver
39
+
enforcer *rbac.Enforcer
37
40
pages *pages.Pages
38
41
idResolver *idresolver.Resolver
39
42
db *db.DB
···
50
47
func New(
51
48
oauth *oauth.OAuth,
52
49
repoResolver *reporesolver.RepoResolver,
50
+
enforcer *rbac.Enforcer,
53
51
pages *pages.Pages,
54
52
idResolver *idresolver.Resolver,
55
53
db *db.DB,
···
63
59
return &Issues{
64
60
oauth: oauth,
65
61
repoResolver: repoResolver,
62
+
enforcer: enforcer,
66
63
pages: pages,
67
64
idResolver: idResolver,
68
65
db: db,
···
290
285
return
291
286
}
292
287
293
-
roles := f.RolesInRepo(user)
288
+
roles := repoinfo.RolesInRepo{Roles: rp.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())}
294
289
isRepoOwner := roles.IsOwner()
295
290
isCollaborator := roles.IsCollaborator()
296
291
isIssueOwner := user.Did == issue.Did
···
338
333
return
339
334
}
340
335
341
-
roles := f.RolesInRepo(user)
336
+
roles := repoinfo.RolesInRepo{Roles: rp.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())}
342
337
isRepoOwner := roles.IsOwner()
343
338
isCollaborator := roles.IsCollaborator()
344
339
isIssueOwner := user.Did == issue.Did
+5
-4
appview/pulls/pulls.go
+5
-4
appview/pulls/pulls.go
···
23
23
"tangled.org/core/appview/oauth"
24
24
"tangled.org/core/appview/pages"
25
25
"tangled.org/core/appview/pages/markup"
26
+
"tangled.org/core/appview/pages/repoinfo"
26
27
"tangled.org/core/appview/reporesolver"
27
28
"tangled.org/core/appview/validator"
28
29
"tangled.org/core/appview/xrpcclient"
···
878
877
}
879
878
880
879
// Determine PR type based on input parameters
881
-
roles := f.RolesInRepo(user)
880
+
roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())}
882
881
isPushAllowed := roles.IsPushAllowed()
883
882
isBranchBased := isPushAllowed && sourceBranch != "" && fromFork == ""
884
883
isForkBased := fromFork != "" && sourceBranch != ""
···
1675
1674
return
1676
1675
}
1677
1676
1678
-
roles := f.RolesInRepo(user)
1677
+
roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())}
1679
1678
if !roles.IsPushAllowed() {
1680
1679
log.Println("unauthorized user")
1681
1680
w.WriteHeader(http.StatusUnauthorized)
···
2262
2261
}
2263
2262
2264
2263
// auth filter: only owner or collaborators can close
2265
-
roles := f.RolesInRepo(user)
2264
+
roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())}
2266
2265
isOwner := roles.IsOwner()
2267
2266
isCollaborator := roles.IsCollaborator()
2268
2267
isPullAuthor := user.Did == pull.OwnerDid
···
2336
2335
}
2337
2336
2338
2337
// auth filter: only owner or collaborators can close
2339
-
roles := f.RolesInRepo(user)
2338
+
roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())}
2340
2339
isOwner := roles.IsOwner()
2341
2340
isCollaborator := roles.IsCollaborator()
2342
2341
isPullAuthor := user.Did == pull.OwnerDid
+3
-10
appview/reporesolver/resolver.go
+3
-10
appview/reporesolver/resolver.go
···
79
79
func (f *ResolvedRepo) RepoInfo(user *oauth.User) repoinfo.RepoInfo {
80
80
repoAt := f.RepoAt()
81
81
isStarred := false
82
+
roles := repoinfo.RolesInRepo{}
82
83
if user != nil {
83
84
isStarred = db.GetStarStatus(f.rr.execer, user.Did, repoAt)
85
+
roles.Roles = f.rr.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())
84
86
}
85
87
86
88
stats := f.RepoStats
···
132
130
133
131
// info related to the session
134
132
IsStarred: isStarred,
135
-
Roles: f.RolesInRepo(user),
133
+
Roles: roles,
136
134
}
137
135
138
136
return repoInfo
139
-
}
140
-
141
-
func (f *ResolvedRepo) RolesInRepo(u *oauth.User) repoinfo.RolesInRepo {
142
-
if u != nil {
143
-
r := f.rr.enforcer.GetPermissionsInRepo(u.Did, f.Knot, f.DidSlashRepo())
144
-
return repoinfo.RolesInRepo{Roles: r}
145
-
} else {
146
-
return repoinfo.RolesInRepo{}
147
-
}
148
137
}
149
138
150
139
// extractPathAfterRef gets the actual repository path