notnite.com / core
forked from tangled.org/core
this repo has no description
fork atom

appview: do not resolve handles for acl checks

oppi.li 57783f58 b4e433c5

options
unified split
Changed files
+13 -9
appview
state
middleware.go
repo.go
repo_util.go
+1 -1
appview/state/middleware.go 
···

       
152

       
 

       
				return


     

       
153

       
 

       
			}


     

       
154

       
 

       



     

       
155

       
-

       
			ok, err := s.enforcer.E.Enforce(actor.Did, f.Knot, f.OwnerSlashRepo(), requiredPerm)


     

       
156

       
 

       
			if err != nil || !ok {


     

       
157

       
 

       
				// we need a logged in user


     

       
158

       
 

       
				log.Printf("%s does not have perms of a %s in repo %s", actor.Did, requiredPerm, f.OwnerSlashRepo())


     
···

       
152

       
 

       
				return


     

       
153

       
 

       
			}


     

       
154

       
 

       



     

       
155

       
+

       
			ok, err := s.enforcer.E.Enforce(actor.Did, f.Knot, f.DidSlashRepo(), requiredPerm)


     

       
156

       
 

       
			if err != nil || !ok {


     

       
157

       
 

       
				// we need a logged in user


     

       
158

       
 

       
				log.Printf("%s does not have perms of a %s in repo %s", actor.Did, requiredPerm, f.OwnerSlashRepo())
+11 -6
appview/state/repo.go 
···

       
584

       
 

       
		}


     

       
585

       
 

       
	}()


     

       
586

       
 

       



     

       
587

       
-

       
	err = s.enforcer.AddCollaborator(collaboratorIdent.DID.String(), f.Knot, f.OwnerSlashRepo())


     

       
588

       
 

       
	if err != nil {


     

       
589

       
 

       
		w.Write([]byte(fmt.Sprint("failed to add collaborator: ", err)))


     

       
590

       
 

       
		return


     
···

       
677

       
 

       
	}()


     

       
678

       
 

       



     

       
679

       
 

       
	// remove collaborator RBAC


     

       
680

       
-

       
	repoCollaborators, err := s.enforcer.E.GetImplicitUsersForResourceByDomain(f.OwnerSlashRepo(), f.Knot)


     

       
681

       
 

       
	if err != nil {


     

       
682

       
 

       
		s.pages.Notice(w, "settings-delete", "Failed to remove collaborators")


     

       
683

       
 

       
		return


     

       
684

       
 

       
	}


     

       
685

       
 

       
	for _, c := range repoCollaborators {


     

       
686

       
 

       
		did := c[0]


     

       
687

       
-

       
		s.enforcer.RemoveCollaborator(did, f.Knot, f.OwnerSlashRepo())


     

       
688

       
 

       
	}


     

       
689

       
 

       
	log.Println("removed collaborators")


     

       
690

       
 

       



     

       
691

       
 

       
	// remove repo RBAC


     

       
692

       
-

       
	err = s.enforcer.RemoveRepo(f.OwnerDid(), f.Knot, f.OwnerSlashRepo())


     

       
693

       
 

       
	if err != nil {


     

       
694

       
 

       
		s.pages.Notice(w, "settings-delete", "Failed to update RBAC rules")


     

       
695

       
 

       
		return


     
···

       
777

       
 

       



     

       
778

       
 

       
		isCollaboratorInviteAllowed := false


     

       
779

       
 

       
		if user != nil {


     

       
780

       
-

       
			ok, err := s.enforcer.IsCollaboratorInviteAllowed(user.Did, f.Knot, f.OwnerSlashRepo())


     

       
781

       
 

       
			if err == nil && ok {


     

       
782

       
 

       
				isCollaboratorInviteAllowed = true


     

       
783

       
 

       
			}


     
···

       
873

       
 

       
	return p


     

       
874

       
 

       
}


     

       
875

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
876

       
 

       
func (f *FullyResolvedRepo) Collaborators(ctx context.Context, s *State) ([]pages.Collaborator, error) {


     

       
877

       
-

       
	repoCollaborators, err := s.enforcer.E.GetImplicitUsersForResourceByDomain(f.OwnerSlashRepo(), f.Knot)


     

       
878

       
 

       
	if err != nil {


     

       
879

       
 

       
		return nil, err


     

       
880

       
 

       
	}


     
···

       
584

       
 

       
		}


     

       
585

       
 

       
	}()


     

       
586

       
 

       



     

       
587

       
+

       
	err = s.enforcer.AddCollaborator(collaboratorIdent.DID.String(), f.Knot, f.DidSlashRepo())


     

       
588

       
 

       
	if err != nil {


     

       
589

       
 

       
		w.Write([]byte(fmt.Sprint("failed to add collaborator: ", err)))


     

       
590

       
 

       
		return


     
···

       
677

       
 

       
	}()


     

       
678

       
 

       



     

       
679

       
 

       
	// remove collaborator RBAC


     

       
680

       
+

       
	repoCollaborators, err := s.enforcer.E.GetImplicitUsersForResourceByDomain(f.DidSlashRepo(), f.Knot)


     

       
681

       
 

       
	if err != nil {


     

       
682

       
 

       
		s.pages.Notice(w, "settings-delete", "Failed to remove collaborators")


     

       
683

       
 

       
		return


     

       
684

       
 

       
	}


     

       
685

       
 

       
	for _, c := range repoCollaborators {


     

       
686

       
 

       
		did := c[0]


     

       
687

       
+

       
		s.enforcer.RemoveCollaborator(did, f.Knot, f.DidSlashRepo())


     

       
688

       
 

       
	}


     

       
689

       
 

       
	log.Println("removed collaborators")


     

       
690

       
 

       



     

       
691

       
 

       
	// remove repo RBAC


     

       
692

       
+

       
	err = s.enforcer.RemoveRepo(f.OwnerDid(), f.Knot, f.DidSlashRepo())


     

       
693

       
 

       
	if err != nil {


     

       
694

       
 

       
		s.pages.Notice(w, "settings-delete", "Failed to update RBAC rules")


     

       
695

       
 

       
		return


     
···

       
777

       
 

       



     

       
778

       
 

       
		isCollaboratorInviteAllowed := false


     

       
779

       
 

       
		if user != nil {


     

       
780

       
+

       
			ok, err := s.enforcer.IsCollaboratorInviteAllowed(user.Did, f.Knot, f.DidSlashRepo())


     

       
781

       
 

       
			if err == nil && ok {


     

       
782

       
 

       
				isCollaboratorInviteAllowed = true


     

       
783

       
 

       
			}


     
···

       
873

       
 

       
	return p


     

       
874

       
 

       
}


     

       
875

       
 

       



     

       
876

       
+

       
func (f *FullyResolvedRepo) DidSlashRepo() string {


     

       
877

       
+

       
	p, _ := securejoin.SecureJoin(f.OwnerDid(), f.RepoName)


     

       
878

       
+

       
	return p


     

       
879

       
+

       
}


     

       
880

       
+

       



     

       
881

       
 

       
func (f *FullyResolvedRepo) Collaborators(ctx context.Context, s *State) ([]pages.Collaborator, error) {


     

       
882

       
+

       
	repoCollaborators, err := s.enforcer.E.GetImplicitUsersForResourceByDomain(f.DidSlashRepo(), f.Knot)


     

       
883

       
 

       
	if err != nil {


     

       
884

       
 

       
		return nil, err


     

       
885

       
 

       
	}
+1 -2
appview/state/repo_util.go 
···

       
58

       
 

       



     

       
59

       
 

       
func RolesInRepo(s *State, u *auth.User, f *FullyResolvedRepo) pages.RolesInRepo {


     

       
60

       
 

       
	if u != nil {


     

       
61

       
-

       
		ownerSlashRepo := fmt.Sprintf("%s/%s", f.OwnerDid(), f.RepoName)


     

       
62

       
-

       
		r := s.enforcer.GetPermissionsInRepo(u.Did, f.Knot, ownerSlashRepo)


     

       
63

       
 

       
		return pages.RolesInRepo{r}


     

       
64

       
 

       
	} else {


     

       
65

       
 

       
		return pages.RolesInRepo{}


     
···

       
58

       
 

       



     

       
59

       
 

       
func RolesInRepo(s *State, u *auth.User, f *FullyResolvedRepo) pages.RolesInRepo {


     

       
60

       
 

       
	if u != nil {


     

       
61

       
+

       
		r := s.enforcer.GetPermissionsInRepo(u.Did, f.Knot, f.DidSlashRepo())


     

       

       

       
     

       
62

       
 

       
		return pages.RolesInRepo{r}


     

       
63

       
 

       
	} else {


     

       
64

       
 

       
		return pages.RolesInRepo{}