···

       
7
       
7
       
 
       
	"fmt"

     

       
8
       
8
       
 
       
	"log"

     

       
9
       
9
       
 
       
	"net/http"

     

       
10
       
10
       
+
       
	"slices"

     

       
10
       
11
       
 
       
	"sort"

     

       
11
       
12
       
 
       
	"strconv"

     

       
12
       
13
       
 
       
	"strings"

     
···

       
24
       
25
       
 
       
	"tangled.org/core/appview/xrpcclient"

     

       
25
       
26
       
 
       
	"tangled.org/core/idresolver"

     

       
26
       
27
       
 
       
	"tangled.org/core/patchutil"

     

       
28
       
28
       
+
       
	"tangled.org/core/rbac"

     

       
27
       
29
       
 
       
	"tangled.org/core/tid"

     

       
28
       
30
       
 
       
	"tangled.org/core/types"

     

       
29
       
31
       
 
       


     
···

       
43
       
45
       
 
       
	db           *db.DB

     

       
44
       
46
       
 
       
	config       *config.Config

     

       
45
       
47
       
 
       
	notifier     notify.Notifier

     

       
48
       
48
       
+
       
	enforcer     *rbac.Enforcer

     

       
46
       
49
       
 
       
}

     

       
47
       
50
       
 
       


     

       
48
       
51
       
 
       
func New(

     
···

       
53
       
56
       
 
       
	db *db.DB,

     

       
54
       
57
       
 
       
	config *config.Config,

     

       
55
       
58
       
 
       
	notifier notify.Notifier,

     

       
59
       
59
       
+
       
	enforcer *rbac.Enforcer,

     

       
56
       
60
       
 
       
) *Pulls {

     

       
57
       
61
       
 
       
	return &Pulls{

     

       
58
       
62
       
 
       
		oauth:        oauth,

     
···

       
62
       
66
       
 
       
		db:           db,

     

       
63
       
67
       
 
       
		config:       config,

     

       
64
       
68
       
 
       
		notifier:     notifier,

     

       
69
       
69
       
+
       
		enforcer:     enforcer,

     

       
65
       
70
       
 
       
	}

     

       
66
       
71
       
 
       
}

     

       
67
       
72
       
 
       


     
···

       
326
       
331
       
 
       
		branch = pull.PullSource.Branch

     

       
327
       
332
       
 
       
		repo = pull.PullSource.Repo

     

       
328
       
333
       
 
       
	} else {

     

       
334
       
334
       
+
       
		return nil

     

       
335
       
335
       
+
       
	}

     

       
336
       
336
       
+
       


     

       
337
       
337
       
+
       
	// user can only delete branch if they are a collaborator in the repo that the branch belongs to

     

       
338
       
338
       
+
       
	perms := s.enforcer.GetPermissionsInRepo(user.Did, repo.Knot, repo.DidSlashRepo())

     

       
339
       
339
       
+
       
	if !slices.Contains(perms, "repo:push") {

     

       
329
       
340
       
 
       
		return nil

     

       
330
       
341
       
 
       
	}

     

       
331
       
342
       
 
       


     

···

       
258
       
258
       
 
       
}

     

       
259
       
259
       
 
       


     

       
260
       
260
       
 
       
func (s *State) PullsRouter(mw *middleware.Middleware) http.Handler {

     

       
261
       
261
       
-
       
	pulls := pulls.New(s.oauth, s.repoResolver, s.pages, s.idResolver, s.db, s.config, s.notifier)

     

       
261
       
261
       
+
       
	pulls := pulls.New(s.oauth, s.repoResolver, s.pages, s.idResolver, s.db, s.config, s.notifier, s.enforcer)

     

       
262
       
262
       
 
       
	return pulls.Router(mw)

     

       
263
       
263
       
 
       
}

     

       
264
       
264