back round 0 view raw

appview: remove `ResolvedRepo.RolesInRepo()` #809

merged

opened by

boltless.me 4 weeks ago targeting master from sl/yurolxtlpsmz

replace with rbac enforcer instead

Signed-off-by: Seongmin Lee git@boltless.me

options

unified split

Changed files

+16 -16

appview

issues

issues.go

pulls

pulls.go

reporesolver

resolver.go

state

router.go

+7 -2

appview/issues/issues.go

···

       24
       24
        
       	"tangled.org/core/appview/oauth"

     

       25
       25
        
       	"tangled.org/core/appview/pages"

     

       26
       26
        
       	"tangled.org/core/appview/pages/markup"

     

       27
       27
       +
       	"tangled.org/core/appview/pages/repoinfo"

     

       27
       28
        
       	"tangled.org/core/appview/pagination"

     

       28
       29
        
       	"tangled.org/core/appview/reporesolver"

     

       29
       30
        
       	"tangled.org/core/appview/validator"

     

       30
       31
        
       	"tangled.org/core/idresolver"

     

       32
       32
       +
       	"tangled.org/core/rbac"

     

       31
       33
        
       	"tangled.org/core/tid"

     

       32
       34
        
       )

     

       33
       35
        
       

     

       34
       36
        
       type Issues struct {

     

       35
       37
        
       	oauth        *oauth.OAuth

     

       36
       38
        
       	repoResolver *reporesolver.RepoResolver

     

       39
       39
       +
       	enforcer     *rbac.Enforcer

     

       37
       40
        
       	pages        *pages.Pages

     

       38
       41
        
       	idResolver   *idresolver.Resolver

     

       39
       42
        
       	db           *db.DB

     
···

       47
       50
        
       func New(

     

       48
       51
        
       	oauth *oauth.OAuth,

     

       49
       52
        
       	repoResolver *reporesolver.RepoResolver,

     

       53
       53
       +
       	enforcer *rbac.Enforcer,

     

       50
       54
        
       	pages *pages.Pages,

     

       51
       55
        
       	idResolver *idresolver.Resolver,

     

       52
       56
        
       	db *db.DB,

     
···

       59
       63
        
       	return &Issues{

     

       60
       64
        
       		oauth:        oauth,

     

       61
       65
        
       		repoResolver: repoResolver,

     

       66
       66
       +
       		enforcer:     enforcer,

     

       62
       67
        
       		pages:        pages,

     

       63
       68
        
       		idResolver:   idResolver,

     

       64
       69
        
       		db:           db,

     
···

       285
       290
        
       		return

     

       286
       291
        
       	}

     

       287
       292
        
       

     

       288
       288
       -
       	roles := f.RolesInRepo(user)

     

       293
       293
       +
       	roles := repoinfo.RolesInRepo{Roles: rp.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())}

     

       289
       294
        
       	isRepoOwner := roles.IsOwner()

     

       290
       295
        
       	isCollaborator := roles.IsCollaborator()

     

       291
       296
        
       	isIssueOwner := user.Did == issue.Did

     
···

       333
       338
        
       		return

     

       334
       339
        
       	}

     

       335
       340
        
       

     

       336
       336
       -
       	roles := f.RolesInRepo(user)

     

       341
       341
       +
       	roles := repoinfo.RolesInRepo{Roles: rp.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())}

     

       337
       342
        
       	isRepoOwner := roles.IsOwner()

     

       338
       343
        
       	isCollaborator := roles.IsCollaborator()

     

       339
       344
        
       	isIssueOwner := user.Did == issue.Did

+5 -4

appview/pulls/pulls.go

···

       23
       23
        
       	"tangled.org/core/appview/oauth"

     

       24
       24
        
       	"tangled.org/core/appview/pages"

     

       25
       25
        
       	"tangled.org/core/appview/pages/markup"

     

       26
       26
       +
       	"tangled.org/core/appview/pages/repoinfo"

     

       26
       27
        
       	"tangled.org/core/appview/reporesolver"

     

       27
       28
        
       	"tangled.org/core/appview/validator"

     

       28
       29
        
       	"tangled.org/core/appview/xrpcclient"

     
···

       875
       876
        
       		}

     

       876
       877
        
       

     

       877
       878
        
       		// Determine PR type based on input parameters

     

       878
       878
       -
       		roles := f.RolesInRepo(user)

     

       879
       879
       +
       		roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())}

     

       879
       880
        
       		isPushAllowed := roles.IsPushAllowed()

     

       880
       881
        
       		isBranchBased := isPushAllowed && sourceBranch != "" && fromFork == ""

     

       881
       882
        
       		isForkBased := fromFork != "" && sourceBranch != ""

     
···

       1672
       1673
        
       		return

     

       1673
       1674
        
       	}

     

       1674
       1675
        
       

     

       1675
       1675
       -
       	roles := f.RolesInRepo(user)

     

       1676
       1676
       +
       	roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())}

     

       1676
       1677
        
       	if !roles.IsPushAllowed() {

     

       1677
       1678
        
       		log.Println("unauthorized user")

     

       1678
       1679
        
       		w.WriteHeader(http.StatusUnauthorized)

     
···

       2259
       2260
        
       	}

     

       2260
       2261
        
       

     

       2261
       2262
        
       	// auth filter: only owner or collaborators can close

     

       2262
       2262
       -
       	roles := f.RolesInRepo(user)

     

       2263
       2263
       +
       	roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())}

     

       2263
       2264
        
       	isOwner := roles.IsOwner()

     

       2264
       2265
        
       	isCollaborator := roles.IsCollaborator()

     

       2265
       2266
        
       	isPullAuthor := user.Did == pull.OwnerDid

     
···

       2333
       2334
        
       	}

     

       2334
       2335
        
       

     

       2335
       2336
        
       	// auth filter: only owner or collaborators can close

     

       2336
       2336
       -
       	roles := f.RolesInRepo(user)

     

       2337
       2337
       +
       	roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())}

     

       2337
       2338
        
       	isOwner := roles.IsOwner()

     

       2338
       2339
        
       	isCollaborator := roles.IsCollaborator()

     

       2339
       2340
        
       	isPullAuthor := user.Did == pull.OwnerDid

+3 -10

appview/reporesolver/resolver.go

···

       79
       79
        
       func (f *ResolvedRepo) RepoInfo(user *oauth.User) repoinfo.RepoInfo {

     

       80
       80
        
       	repoAt := f.RepoAt()

     

       81
       81
        
       	isStarred := false

     

       82
       82
       +
       	roles := repoinfo.RolesInRepo{}

     

       82
       83
        
       	if user != nil {

     

       83
       84
        
       		isStarred = db.GetStarStatus(f.rr.execer, user.Did, repoAt)

     

       85
       85
       +
       		roles.Roles = f.rr.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())

     

       84
       86
        
       	}

     

       85
       87
        
       

     

       86
       88
        
       	stats := f.RepoStats

     
···

       130
       132
        
       

     

       131
       133
        
       		// info related to the session

     

       132
       134
        
       		IsStarred: isStarred,

     

       133
       133
       -
       		Roles:     f.RolesInRepo(user),

     

       135
       135
       +
       		Roles:     roles,

     

       134
       136
        
       	}

     

       135
       137
        
       

     

       136
       138
        
       	return repoInfo

     

       137
       139
        
       }

     

       138
       140
        
       

     

       139
       139
       -
       func (f *ResolvedRepo) RolesInRepo(u *oauth.User) repoinfo.RolesInRepo {

     

       140
       140
       -
       	if u != nil {

     

       141
       141
       -
       		r := f.rr.enforcer.GetPermissionsInRepo(u.Did, f.Knot, f.DidSlashRepo())

     

       142
       142
       -
       		return repoinfo.RolesInRepo{Roles: r}

     

       143
       143
       -
       	} else {

     

       144
       144
       -
       		return repoinfo.RolesInRepo{}

     

       145
       145
       -
       	}

     

       146
       146
       -
       }

     

       147
       147
       -
       

     

       148
       141
        
       // extractPathAfterRef gets the actual repository path

     

       149
       142
        
       // after the ref. for example:

     

       150
       143
        
       //

appview/state/router.go

···

       261
       261
        
       	issues := issues.New(

     

       262
       262
        
       		s.oauth,

     

       263
       263
        
       		s.repoResolver,

     

       264
       264
       +
       		s.enforcer,

     

       264
       265
        
       		s.pages,

     

       265
       266
        
       		s.idResolver,

     

       266
       267
        
       		s.db,