From 4ae9f82298306f566ee9ac3d30f4fb6815d06be8 Mon Sep 17 00:00:00 2001 From: Seongmin Lee Date: Mon, 17 Nov 2025 03:42:09 +0900 Subject: [PATCH] appview: remove `ResolvedRepo.RolesInRepo()` Change-Id: vvqtzmwtuxrtxzwvwrpmrswktklunykz replace with rbac enforcer instead Signed-off-by: Seongmin Lee --- appview/issues/issues.go | 9 +++++++-- appview/pulls/pulls.go | 9 +++++---- appview/reporesolver/resolver.go | 13 +++---------- appview/state/router.go | 1 + 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/appview/issues/issues.go b/appview/issues/issues.go index b4644518..8116e446 100644 --- a/appview/issues/issues.go +++ b/appview/issues/issues.go @@ -24,16 +24,19 @@ import ( "tangled.org/core/appview/oauth" "tangled.org/core/appview/pages" "tangled.org/core/appview/pages/markup" + "tangled.org/core/appview/pages/repoinfo" "tangled.org/core/appview/pagination" "tangled.org/core/appview/reporesolver" "tangled.org/core/appview/validator" "tangled.org/core/idresolver" + "tangled.org/core/rbac" "tangled.org/core/tid" ) type Issues struct { oauth *oauth.OAuth repoResolver *reporesolver.RepoResolver + enforcer *rbac.Enforcer pages *pages.Pages idResolver *idresolver.Resolver db *db.DB @@ -47,6 +50,7 @@ type Issues struct { func New( oauth *oauth.OAuth, repoResolver *reporesolver.RepoResolver, + enforcer *rbac.Enforcer, pages *pages.Pages, idResolver *idresolver.Resolver, db *db.DB, @@ -59,6 +63,7 @@ func New( return &Issues{ oauth: oauth, repoResolver: repoResolver, + enforcer: enforcer, pages: pages, idResolver: idResolver, db: db, @@ -285,7 +290,7 @@ func (rp *Issues) CloseIssue(w http.ResponseWriter, r *http.Request) { return } - roles := f.RolesInRepo(user) + roles := repoinfo.RolesInRepo{Roles: rp.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())} isRepoOwner := roles.IsOwner() isCollaborator := roles.IsCollaborator() isIssueOwner := user.Did == issue.Did @@ -333,7 +338,7 @@ func (rp *Issues) ReopenIssue(w http.ResponseWriter, r *http.Request) { return } - roles := f.RolesInRepo(user) + roles := repoinfo.RolesInRepo{Roles: rp.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())} isRepoOwner := roles.IsOwner() isCollaborator := roles.IsCollaborator() isIssueOwner := user.Did == issue.Did diff --git a/appview/pulls/pulls.go b/appview/pulls/pulls.go index b3c739af..694d3b7a 100644 --- a/appview/pulls/pulls.go +++ b/appview/pulls/pulls.go @@ -23,6 +23,7 @@ import ( "tangled.org/core/appview/oauth" "tangled.org/core/appview/pages" "tangled.org/core/appview/pages/markup" + "tangled.org/core/appview/pages/repoinfo" "tangled.org/core/appview/reporesolver" "tangled.org/core/appview/validator" "tangled.org/core/appview/xrpcclient" @@ -875,7 +876,7 @@ func (s *Pulls) NewPull(w http.ResponseWriter, r *http.Request) { } // Determine PR type based on input parameters - roles := f.RolesInRepo(user) + roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())} isPushAllowed := roles.IsPushAllowed() isBranchBased := isPushAllowed && sourceBranch != "" && fromFork == "" isForkBased := fromFork != "" && sourceBranch != "" @@ -1672,7 +1673,7 @@ func (s *Pulls) resubmitBranch(w http.ResponseWriter, r *http.Request) { return } - roles := f.RolesInRepo(user) + roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())} if !roles.IsPushAllowed() { log.Println("unauthorized user") w.WriteHeader(http.StatusUnauthorized) @@ -2259,7 +2260,7 @@ func (s *Pulls) ClosePull(w http.ResponseWriter, r *http.Request) { } // auth filter: only owner or collaborators can close - roles := f.RolesInRepo(user) + roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())} isOwner := roles.IsOwner() isCollaborator := roles.IsCollaborator() isPullAuthor := user.Did == pull.OwnerDid @@ -2333,7 +2334,7 @@ func (s *Pulls) ReopenPull(w http.ResponseWriter, r *http.Request) { } // auth filter: only owner or collaborators can close - roles := f.RolesInRepo(user) + roles := repoinfo.RolesInRepo{Roles: s.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo())} isOwner := roles.IsOwner() isCollaborator := roles.IsCollaborator() isPullAuthor := user.Did == pull.OwnerDid diff --git a/appview/reporesolver/resolver.go b/appview/reporesolver/resolver.go index 5351e3b1..078b8c10 100644 --- a/appview/reporesolver/resolver.go +++ b/appview/reporesolver/resolver.go @@ -79,8 +79,10 @@ func (rr *RepoResolver) Resolve(r *http.Request) (*ResolvedRepo, error) { func (f *ResolvedRepo) RepoInfo(user *oauth.User) repoinfo.RepoInfo { repoAt := f.RepoAt() isStarred := false + roles := repoinfo.RolesInRepo{} if user != nil { isStarred = db.GetStarStatus(f.rr.execer, user.Did, repoAt) + roles.Roles = f.rr.enforcer.GetPermissionsInRepo(user.Did, f.Knot, f.DidSlashRepo()) } stats := f.RepoStats @@ -130,21 +132,12 @@ func (f *ResolvedRepo) RepoInfo(user *oauth.User) repoinfo.RepoInfo { // info related to the session IsStarred: isStarred, - Roles: f.RolesInRepo(user), + Roles: roles, } return repoInfo } -func (f *ResolvedRepo) RolesInRepo(u *oauth.User) repoinfo.RolesInRepo { - if u != nil { - r := f.rr.enforcer.GetPermissionsInRepo(u.Did, f.Knot, f.DidSlashRepo()) - return repoinfo.RolesInRepo{Roles: r} - } else { - return repoinfo.RolesInRepo{} - } -} - // extractPathAfterRef gets the actual repository path // after the ref. for example: // diff --git a/appview/state/router.go b/appview/state/router.go index fd2c4e84..0b86f246 100644 --- a/appview/state/router.go +++ b/appview/state/router.go @@ -261,6 +261,7 @@ func (s *State) IssuesRouter(mw *middleware.Middleware) http.Handler { issues := issues.New( s.oauth, s.repoResolver, + s.enforcer, s.pages, s.idResolver, s.db, -- 2.43.0