+11

appview/db/repos.go

reviewed

··· 411 411 return nullableSource.String, nil 412 412 } 413 413 414 414 + func GetRepoSourceRepo(e Execer, repoAt syntax.ATURI) (*models.Repo, error) { 415 415 + source, err := GetRepoSource(e, repoAt) 416 416 + if source == "" || errors.Is(err, sql.ErrNoRows) { 417 417 + return nil, nil 418 418 + } 419 419 + if err != nil { 420 420 + return nil, err 421 421 + } 422 422 + return GetRepoByAtUri(e, source) 423 423 + } 424 424 + 414 425 func GetForksByDid(e Execer, did string) ([]models.Repo, error) { 415 426 var repos []models.Repo 416 427

+8 -17

appview/issues/issues.go

reviewed

··· 7 7 "fmt" 8 8 "log/slog" 9 9 "net/http" 10 10 - "slices" 11 10 "time" 12 11 13 12 comatproto "github.com/bluesky-social/indigo/api/atproto" ··· 285 286 return 286 287 } 287 288 288 288 - collaborators, err := f.Collaborators(r.Context()) 289 289 - if err != nil { 290 290 - l.Error("failed to fetch repo collaborators", "err", err) 291 291 - } 292 292 - isCollaborator := slices.ContainsFunc(collaborators, func(collab pages.Collaborator) bool { 293 293 - return user.Did == collab.Did 294 294 - }) 289 289 + roles := f.RolesInRepo(user) 290 290 + isRepoOwner := roles.IsOwner() 291 291 + isCollaborator := roles.IsCollaborator() 295 292 isIssueOwner := user.Did == issue.Did 296 293 297 294 // TODO: make this more granular 298 298 - if isIssueOwner || isCollaborator { 295 295 + if isIssueOwner || isRepoOwner || isCollaborator { 299 296 err = db.CloseIssues( 300 297 rp.db, 301 298 db.FilterEq("id", issue.Id), ··· 333 338 return 334 339 } 335 340 336 336 - collaborators, err := f.Collaborators(r.Context()) 337 337 - if err != nil { 338 338 - l.Error("failed to fetch repo collaborators", "err", err) 339 339 - } 340 340 - isCollaborator := slices.ContainsFunc(collaborators, func(collab pages.Collaborator) bool { 341 341 - return user.Did == collab.Did 342 342 - }) 341 341 + roles := f.RolesInRepo(user) 342 342 + isRepoOwner := roles.IsOwner() 343 343 + isCollaborator := roles.IsCollaborator() 343 344 isIssueOwner := user.Did == issue.Did 344 345 345 345 - if isCollaborator || isIssueOwner { 346 346 + if isCollaborator || isRepoOwner || isIssueOwner { 346 347 err := db.ReopenIssues( 347 348 rp.db, 348 349 db.FilterEq("id", issue.Id),

+4 -2

appview/pulls/pulls.go

reviewed

··· 877 877 } 878 878 879 879 // Determine PR type based on input parameters 880 880 - isPushAllowed := f.RepoInfo(user).Roles.IsPushAllowed() 880 880 + roles := f.RolesInRepo(user) 881 881 + isPushAllowed := roles.IsPushAllowed() 881 882 isBranchBased := isPushAllowed && sourceBranch != "" && fromFork == "" 882 883 isForkBased := fromFork != "" && sourceBranch != "" 883 884 isPatchBased := patch != "" && !isBranchBased && !isForkBased ··· 1674 1673 return 1675 1674 } 1676 1675 1677 1677 - if !f.RepoInfo(user).Roles.IsPushAllowed() { 1676 1676 + roles := f.RolesInRepo(user) 1677 1677 + if !roles.IsPushAllowed() { 1678 1678 log.Println("unauthorized user") 1679 1679 w.WriteHeader(http.StatusUnauthorized) 1680 1680 return

+30 -2

appview/repo/settings.go

reviewed

··· 10 10 11 11 "tangled.org/core/api/tangled" 12 12 "tangled.org/core/appview/db" 13 13 + "tangled.org/core/appview/models" 13 14 "tangled.org/core/appview/oauth" 14 15 "tangled.org/core/appview/pages" 15 16 xrpcclient "tangled.org/core/appview/xrpcclient" ··· 272 271 f, err := rp.repoResolver.Resolve(r) 273 272 user := rp.oauth.GetUser(r) 274 273 275 275 - repoCollaborators, err := f.Collaborators(r.Context()) 274 274 + collaborators, err := func(repo *models.Repo) ([]pages.Collaborator, error) { 275 275 + repoCollaborators, err := rp.enforcer.E.GetImplicitUsersForResourceByDomain(repo.DidSlashRepo(), repo.Knot) 276 276 + if err != nil { 277 277 + return nil, err 278 278 + } 279 279 + var collaborators []pages.Collaborator 280 280 + for _, item := range repoCollaborators { 281 281 + // currently only two roles: owner and member 282 282 + var role string 283 283 + switch item[3] { 284 284 + case "repo:owner": 285 285 + role = "owner" 286 286 + case "repo:collaborator": 287 287 + role = "collaborator" 288 288 + default: 289 289 + continue 290 290 + } 291 291 + 292 292 + did := item[0] 293 293 + 294 294 + c := pages.Collaborator{ 295 295 + Did: did, 296 296 + Role: role, 297 297 + } 298 298 + collaborators = append(collaborators, c) 299 299 + } 300 300 + return collaborators, nil 301 301 + }(&f.Repo) 276 302 if err != nil { 277 303 l.Error("failed to get collaborators", "err", err) 278 304 } ··· 309 281 RepoInfo: f.RepoInfo(user), 310 282 Tabs: settingsTabs, 311 283 Tab: "access", 312 312 - Collaborators: repoCollaborators, 284 284 + Collaborators: collaborators, 313 285 }) 314 286 } 315 287

+36 -77

appview/reporesolver/resolver.go

reviewed

··· 1 1 package reporesolver 2 2 3 3 import ( 4 4 - "context" 5 5 - "database/sql" 6 6 - "errors" 7 4 "fmt" 8 5 "log" 9 6 "net/http" ··· 14 17 "tangled.org/core/appview/db" 15 18 "tangled.org/core/appview/models" 16 19 "tangled.org/core/appview/oauth" 17 17 - "tangled.org/core/appview/pages" 18 20 "tangled.org/core/appview/pages/repoinfo" 19 19 - "tangled.org/core/idresolver" 20 21 "tangled.org/core/rbac" 21 22 ) 22 23 ··· 28 33 } 29 34 30 35 type RepoResolver struct { 31 31 - config *config.Config 32 32 - enforcer *rbac.Enforcer 33 33 - idResolver *idresolver.Resolver 34 34 - execer db.Execer 36 36 + config *config.Config 37 37 + enforcer *rbac.Enforcer 38 38 + execer db.Execer 35 39 } 36 40 37 37 - func New(config *config.Config, enforcer *rbac.Enforcer, resolver *idresolver.Resolver, execer db.Execer) *RepoResolver { 38 38 - return &RepoResolver{config: config, enforcer: enforcer, idResolver: resolver, execer: execer} 41 41 + func New(config *config.Config, enforcer *rbac.Enforcer, execer db.Execer) *RepoResolver { 42 42 + return &RepoResolver{config: config, enforcer: enforcer, execer: execer} 39 43 } 40 44 41 45 // NOTE: this... should not even be here. the entire package will be removed in future refactor ··· 74 80 }, nil 75 81 } 76 82 77 77 - func (f *ResolvedRepo) Collaborators(ctx context.Context) ([]pages.Collaborator, error) { 78 78 - repoCollaborators, err := f.rr.enforcer.E.GetImplicitUsersForResourceByDomain(f.DidSlashRepo(), f.Knot) 79 79 - if err != nil { 80 80 - return nil, err 81 81 - } 82 82 - 83 83 - var collaborators []pages.Collaborator 84 84 - for _, item := range repoCollaborators { 85 85 - // currently only two roles: owner and member 86 86 - var role string 87 87 - switch item[3] { 88 88 - case "repo:owner": 89 89 - role = "owner" 90 90 - case "repo:collaborator": 91 91 - role = "collaborator" 92 92 - default: 93 93 - continue 94 94 - } 95 95 - 96 96 - did := item[0] 97 97 - 98 98 - c := pages.Collaborator{ 99 99 - Did: did, 100 100 - Role: role, 101 101 - } 102 102 - collaborators = append(collaborators, c) 103 103 - } 104 104 - 105 105 - return collaborators, nil 106 106 - } 107 107 - 108 83 // this function is a bit weird since it now returns RepoInfo from an entirely different 109 84 // package. we should refactor this or get rid of RepoInfo entirely. 110 85 func (f *ResolvedRepo) RepoInfo(user *oauth.User) repoinfo.RepoInfo { ··· 83 120 isStarred = db.GetStarStatus(f.rr.execer, user.Did, repoAt) 84 121 } 85 122 86 86 - starCount, err := db.GetStarCount(f.rr.execer, repoAt) 87 87 - if err != nil { 88 88 - log.Println("failed to get star count for ", repoAt) 89 89 - } 90 90 - issueCount, err := db.GetIssueCount(f.rr.execer, repoAt) 91 91 - if err != nil { 92 92 - log.Println("failed to get issue count for ", repoAt) 93 93 - } 94 94 - pullCount, err := db.GetPullCount(f.rr.execer, repoAt) 95 95 - if err != nil { 96 96 - log.Println("failed to get issue count for ", repoAt) 97 97 - } 98 98 - source, err := db.GetRepoSource(f.rr.execer, repoAt) 99 99 - if errors.Is(err, sql.ErrNoRows) { 100 100 - source = "" 101 101 - } else if err != nil { 102 102 - log.Println("failed to get repo source for ", repoAt, err) 103 103 - } 104 104 - 105 105 - var sourceRepo *models.Repo 106 106 - if source != "" { 107 107 - sourceRepo, err = db.GetRepoByAtUri(f.rr.execer, source) 123 123 + stats := f.RepoStats 124 124 + if stats == nil { 125 125 + starCount, err := db.GetStarCount(f.rr.execer, repoAt) 108 126 if err != nil { 109 109 - log.Println("failed to get repo by at uri", err) 127 127 + log.Println("failed to get star count for ", repoAt) 128 128 + } 129 129 + issueCount, err := db.GetIssueCount(f.rr.execer, repoAt) 130 130 + if err != nil { 131 131 + log.Println("failed to get issue count for ", repoAt) 132 132 + } 133 133 + pullCount, err := db.GetPullCount(f.rr.execer, repoAt) 134 134 + if err != nil { 135 135 + log.Println("failed to get pull count for ", repoAt) 136 136 + } 137 137 + stats = &models.RepoStats{ 138 138 + StarCount: starCount, 139 139 + IssueCount: issueCount, 140 140 + PullCount: pullCount, 110 141 } 111 142 } 112 143 113 113 - knot := f.Knot 144 144 + sourceRepo, err := db.GetRepoSourceRepo(f.rr.execer, repoAt) 145 145 + if err != nil { 146 146 + log.Println("failed to get repo by at uri", err) 147 147 + } 114 148 115 149 repoInfo := repoinfo.RepoInfo{ 150 150 + // this is basically a models.Repo 116 151 OwnerDid: f.OwnerId.DID.String(), 117 152 OwnerHandle: f.OwnerId.Handle.String(), 118 153 Name: f.Name, ··· 118 157 Description: f.Description, 119 158 Website: f.Website, 120 159 Topics: f.Topics, 121 121 - IsStarred: isStarred, 122 122 - Knot: knot, 160 160 + Knot: f.Knot, 123 161 Spindle: f.Spindle, 124 124 - Roles: f.RolesInRepo(user), 125 125 - Stats: models.RepoStats{ 126 126 - StarCount: starCount, 127 127 - IssueCount: issueCount, 128 128 - PullCount: pullCount, 129 129 - }, 162 162 + Stats: *stats, 163 163 + 164 164 + // fork repo upstream 165 165 + Source: sourceRepo, 166 166 + 130 167 CurrentDir: f.CurrentDir, 131 168 Ref: f.Ref, 132 132 - } 133 169 134 134 - if sourceRepo != nil { 135 135 - repoInfo.Source = sourceRepo 170 170 + // info related to the session 171 171 + IsStarred: isStarred, 172 172 + Roles: f.RolesInRepo(user), 136 173 } 137 174 138 175 return repoInfo

+1 -1

appview/state/state.go

reviewed

··· 96 96 } 97 97 validator := validator.New(d, res, enforcer) 98 98 99 99 - repoResolver := reporesolver.New(config, enforcer, res, d) 99 99 + repoResolver := reporesolver.New(config, enforcer, d) 100 100 101 101 wrapper := db.DbWrapper{Execer: d} 102 102 jc, err := jetstream.NewJetstreamClient(

+8

rbac/rbac.go

reviewed

··· 285 285 return e.E.Enforce(user, domain, repo, "repo:delete") 286 286 } 287 287 288 288 + func (e *Enforcer) IsRepoOwner(user, domain, repo string) (bool, error) { 289 289 + return e.E.Enforce(user, domain, repo, "repo:owner") 290 290 + } 291 291 + 292 292 + func (e *Enforcer) IsRepoCollaborator(user, domain, repo string) (bool, error) { 293 293 + return e.E.Enforce(user, domain, repo, "repo:collaborator") 294 294 + } 295 295 + 288 296 func (e *Enforcer) IsPushAllowed(user, domain, repo string) (bool, error) { 289 297 return e.E.Enforce(user, domain, repo, "repo:push") 290 298 }