From 3c5827f08a9b42851c118cf1ab1254f68d66f0dd Mon Sep 17 00:00:00 2001 From: Anbraten Date: Tue, 26 Oct 2021 21:29:30 +0200 Subject: [PATCH] Fix repo access (#476) * fix repo access * fix permission syncing --- server/api/stream.go | 2 +- server/api/user.go | 2 +- server/shared/userSyncer.go | 7 +- server/store/datastore/repos.go | 5 +- server/store/datastore/repos_test.go | 74 ++++++++++++++++++- .../store/datastore/sql/mysql/files/feed.sql | 2 + .../store/datastore/sql/mysql/files/repos.sql | 29 ++++++++ server/store/datastore/sql/mysql/sql_gen.go | 32 ++++++++ .../datastore/sql/postgres/files/feed.sql | 2 + .../datastore/sql/postgres/files/repos.sql | 29 ++++++++ .../store/datastore/sql/postgres/sql_gen.go | 32 ++++++++ .../store/datastore/sql/sqlite/files/feed.sql | 2 + .../datastore/sql/sqlite/files/repos.sql | 29 ++++++++ server/store/datastore/sql/sqlite/sql_gen.go | 32 ++++++++ server/store/datastore/users_test.go | 4 +- server/store/store.go | 4 +- 16 files changed, 274 insertions(+), 13 deletions(-) diff --git a/server/api/stream.go b/server/api/stream.go index 643d00036..6ebaeb45f 100644 --- a/server/api/stream.go +++ b/server/api/stream.go @@ -60,7 +60,7 @@ func EventStreamSSE(c *gin.Context) { user := session.User(c) repo := map[string]bool{} if user != nil { - repos, _ := store.FromContext(c).RepoList(user) + repos, _ := store.FromContext(c).RepoList(user, false) for _, r := range repos { repo[r.FullName] = true } diff --git a/server/api/user.go b/server/api/user.go index d7c377b46..df63199a5 100644 --- a/server/api/user.go +++ b/server/api/user.go @@ -107,7 +107,7 @@ func GetRepos(c *gin.Context) { } } - repos, err := store.FromContext(c).RepoList(user) + repos, err := store.FromContext(c).RepoList(user, true) if err != nil { c.String(500, "Error fetching repository list. %s", err) return diff --git a/server/shared/userSyncer.go b/server/shared/userSyncer.go index fdfe6f8bb..a46bdde6f 100644 --- a/server/shared/userSyncer.go +++ b/server/shared/userSyncer.go @@ -82,9 +82,10 @@ func (s *Syncer) Sync(ctx context.Context, user *model.User) error { Pull: true, Synced: unix, } - if repo.Perm != nil { - perm.Push = repo.Perm.Push - perm.Admin = repo.Perm.Admin + remotePerm, err := s.Remote.Perm(ctx, user, repo.Owner, repo.Name) + if err == nil && remotePerm != nil { + perm.Push = remotePerm.Push + perm.Admin = remotePerm.Admin } perms = append(perms, &perm) } diff --git a/server/store/datastore/repos.go b/server/store/datastore/repos.go index 10a088d94..94cb23089 100644 --- a/server/store/datastore/repos.go +++ b/server/store/datastore/repos.go @@ -54,8 +54,11 @@ func (db *datastore) DeleteRepo(repo *model.Repo) error { return err } -func (db *datastore) RepoList(user *model.User) ([]*model.Repo, error) { +func (db *datastore) RepoList(user *model.User, owned bool) ([]*model.Repo, error) { stmt := sql.Lookup(db.driver, "repo-find-user") + if owned { + stmt = sql.Lookup(db.driver, "repo-find-user-owned") + } data := []*model.Repo{} err := meddler.QueryAll(db, &data, stmt, user.ID) return data, err diff --git a/server/store/datastore/repos_test.go b/server/store/datastore/repos_test.go index 8cdccea99..22f91245f 100644 --- a/server/store/datastore/repos_test.go +++ b/server/store/datastore/repos_test.go @@ -164,7 +164,75 @@ func TestRepoList(t *testing.T) { {UserID: user.ID, Repo: repo2.FullName}, }) - repos, err := s.RepoList(user) + repos, err := s.RepoList(user, false) + if err != nil { + t.Error(err) + return + } + if got, want := len(repos), 2; got != want { + t.Errorf("Want %d repositories, got %d", want, got) + } + if got, want := repos[0].ID, repo1.ID; got != want { + t.Errorf("Want repository id %d, got %d", want, got) + } + if got, want := repos[1].ID, repo2.ID; got != want { + t.Errorf("Want repository id %d, got %d", want, got) + } +} + +func TestOwnedRepoList(t *testing.T) { + s := newTest() + s.Exec("delete from repos") + s.Exec("delete from users") + s.Exec("delete from perms") + + defer func() { + s.Exec("delete from repos") + s.Exec("delete from users") + s.Exec("delete from perms") + s.Close() + }() + + user := &model.User{ + Login: "joe", + Email: "foo@bar.com", + Token: "e42080dddf012c718e476da161d21ad5", + } + s.CreateUser(user) + + repo1 := &model.Repo{ + Owner: "bradrydzewski", + Name: "test", + FullName: "bradrydzewski/test", + } + repo2 := &model.Repo{ + Owner: "test", + Name: "test", + FullName: "test/test", + } + repo3 := &model.Repo{ + Owner: "octocat", + Name: "hello-world", + FullName: "octocat/hello-world", + } + repo4 := &model.Repo{ + Owner: "demo", + Name: "demo", + FullName: "demo/demo", + } + s.CreateRepo(repo1) + s.CreateRepo(repo2) + s.CreateRepo(repo3) + s.CreateRepo(repo4) + + s.PermBatch([]*model.Perm{ + {UserID: user.ID, Repo: repo1.FullName, Push: true, Admin: false}, + {UserID: user.ID, Repo: repo2.FullName, Push: false, Admin: true}, + {UserID: user.ID, Repo: repo3.FullName}, + {UserID: user.ID, Repo: repo4.FullName}, + }) + + repos, err := s.RepoList(user, true) if err != nil { t.Error(err) return @@ -219,8 +287,8 @@ func TestRepoListLatest(t *testing.T) { s.CreateRepo(repo3) s.PermBatch([]*model.Perm{ - {UserID: user.ID, Repo: repo1.FullName}, - {UserID: user.ID, Repo: repo2.FullName}, + {UserID: user.ID, Repo: repo1.FullName, Push: true, Admin: false}, + {UserID: user.ID, Repo: repo2.FullName, Push: true, Admin: true}, }) build1 := &model.Build{ diff --git a/server/store/datastore/sql/mysql/files/feed.sql b/server/store/datastore/sql/mysql/files/feed.sql index 8710a0a26..d0f003eab 100644 --- a/server/store/datastore/sql/mysql/files/feed.sql +++ b/server/store/datastore/sql/mysql/files/feed.sql @@ -28,6 +28,7 @@ FROM repos LEFT OUTER JOIN builds ON build_id = ( ) INNER JOIN perms ON perms.perm_repo_id = repos.repo_id WHERE perms.perm_user_id = ? + AND (perms.perm_push = 1 OR perms.perm_admin = 1) AND repos.repo_active = true ORDER BY repo_full_name ASC; @@ -57,5 +58,6 @@ FROM repos INNER JOIN perms ON perms.perm_repo_id = repos.repo_id INNER JOIN builds ON builds.build_repo_id = repos.repo_id WHERE perms.perm_user_id = ? + AND (perms.perm_push = 1 OR perms.perm_admin = 1) ORDER BY build_id DESC LIMIT 50 diff --git a/server/store/datastore/sql/mysql/files/repos.sql b/server/store/datastore/sql/mysql/files/repos.sql index 2609a91ed..9c141643b 100644 --- a/server/store/datastore/sql/mysql/files/repos.sql +++ b/server/store/datastore/sql/mysql/files/repos.sql @@ -32,6 +32,35 @@ INNER JOIN perms ON perms.perm_repo_id = repos.repo_id WHERE perms.perm_user_id = ? ORDER BY repo_full_name ASC +-- name: repo-find-user-owned + +SELECT + repo_id +,repo_user_id +,repo_owner +,repo_name +,repo_full_name +,repo_avatar +,repo_link +,repo_clone +,repo_branch +,repo_timeout +,repo_private +,repo_trusted +,repo_active +,repo_allow_pr +,repo_hash +,repo_scm +,repo_config_path +,repo_gated +,repo_visibility +,repo_counter +FROM repos +INNER JOIN perms ON perms.perm_repo_id = repos.repo_id +WHERE perms.perm_user_id = ? + AND (perms.perm_push = 1 OR perms.perm_admin = 1) +ORDER BY repo_full_name ASC + -- name: repo-insert-ignore INSERT IGNORE INTO repos ( diff --git a/server/store/datastore/sql/mysql/sql_gen.go b/server/store/datastore/sql/mysql/sql_gen.go index be6b35442..4227ee29d 100644 --- a/server/store/datastore/sql/mysql/sql_gen.go +++ b/server/store/datastore/sql/mysql/sql_gen.go @@ -36,6 +36,7 @@ var index = map[string]string{ "registry-delete": registryDelete, "repo-update-counter": repoUpdateCounter, "repo-find-user": repoFindUser, + "repo-find-user-owned": repoFindUserOwned, "repo-insert-ignore": repoInsertIgnore, "repo-delete": repoDelete, "secret-find-repo": secretFindRepo, @@ -134,6 +135,7 @@ FROM repos LEFT OUTER JOIN builds ON build_id = ( ) INNER JOIN perms ON perms.perm_repo_id = repos.repo_id WHERE perms.perm_user_id = ? + AND (perms.perm_push = 1 OR perms.perm_admin = 1) AND repos.repo_active = true ORDER BY repo_full_name ASC; ` @@ -163,6 +165,7 @@ FROM repos INNER JOIN perms ON perms.perm_repo_id = repos.repo_id INNER JOIN builds ON builds.build_repo_id = repos.repo_id WHERE perms.perm_user_id = ? + AND (perms.perm_push = 1 OR perms.perm_admin = 1) ORDER BY build_id DESC LIMIT 50 ` @@ -451,6 +454,35 @@ WHERE perms.perm_user_id = ? ORDER BY repo_full_name ASC ` +var repoFindUserOwned = ` +SELECT + repo_id +,repo_user_id +,repo_owner +,repo_name +,repo_full_name +,repo_avatar +,repo_link +,repo_clone +,repo_branch +,repo_timeout +,repo_private +,repo_trusted +,repo_active +,repo_allow_pr +,repo_hash +,repo_scm +,repo_config_path +,repo_gated +,repo_visibility +,repo_counter +FROM repos +INNER JOIN perms ON perms.perm_repo_id = repos.repo_id +WHERE perms.perm_user_id = ? + AND (perms.perm_push = 1 OR perms.perm_admin = 1) +ORDER BY repo_full_name ASC +` + var repoInsertIgnore = ` INSERT IGNORE INTO repos ( repo_user_id diff --git a/server/store/datastore/sql/postgres/files/feed.sql b/server/store/datastore/sql/postgres/files/feed.sql index 8c4de5848..941678144 100644 --- a/server/store/datastore/sql/postgres/files/feed.sql +++ b/server/store/datastore/sql/postgres/files/feed.sql @@ -26,6 +26,7 @@ FROM repos LEFT OUTER JOIN ( ) b ON b.build_repo_id = repos.repo_id INNER JOIN perms ON perms.perm_repo_id = repos.repo_id WHERE perms.perm_user_id = $1 + AND (perms.perm_push = true OR perms.perm_admin = true) AND repos.repo_active = TRUE ORDER BY repo_full_name ASC; @@ -55,5 +56,6 @@ FROM repos INNER JOIN perms ON perms.perm_repo_id = repos.repo_id INNER JOIN builds ON builds.build_repo_id = repos.repo_id WHERE perms.perm_user_id = $1 + AND (perms.perm_push = true OR perms.perm_admin = true) ORDER BY build_id DESC LIMIT 50 diff --git a/server/store/datastore/sql/postgres/files/repos.sql b/server/store/datastore/sql/postgres/files/repos.sql index 09199ed50..6e8c6aedf 100644 --- a/server/store/datastore/sql/postgres/files/repos.sql +++ b/server/store/datastore/sql/postgres/files/repos.sql @@ -32,6 +32,35 @@ INNER JOIN perms ON perms.perm_repo_id = repos.repo_id WHERE perms.perm_user_id = $1 ORDER BY repo_full_name ASC +-- name: repo-find-user-owned + +SELECT + repo_id +,repo_user_id +,repo_owner +,repo_name +,repo_full_name +,repo_avatar +,repo_link +,repo_clone +,repo_branch +,repo_timeout +,repo_private +,repo_trusted +,repo_active +,repo_allow_pr +,repo_hash +,repo_scm +,repo_config_path +,repo_gated +,repo_visibility +,repo_counter +FROM repos +INNER JOIN perms ON perms.perm_repo_id = repos.repo_id +WHERE perms.perm_user_id = $1 + AND (perms.perm_push = true OR perms.perm_admin = true) +ORDER BY repo_full_name ASC + -- name: repo-insert-ignore INSERT INTO repos ( diff --git a/server/store/datastore/sql/postgres/sql_gen.go b/server/store/datastore/sql/postgres/sql_gen.go index 8a47f8145..3803b818e 100644 --- a/server/store/datastore/sql/postgres/sql_gen.go +++ b/server/store/datastore/sql/postgres/sql_gen.go @@ -36,6 +36,7 @@ var index = map[string]string{ "registry-delete": registryDelete, "repo-update-counter": repoUpdateCounter, "repo-find-user": repoFindUser, + "repo-find-user-owned": repoFindUserOwned, "repo-insert-ignore": repoInsertIgnore, "repo-delete": repoDelete, "secret-find-repo": secretFindRepo, @@ -132,6 +133,7 @@ FROM repos LEFT OUTER JOIN ( ) b ON b.build_repo_id = repos.repo_id INNER JOIN perms ON perms.perm_repo_id = repos.repo_id WHERE perms.perm_user_id = $1 + AND (perms.perm_push = true OR perms.perm_admin = true) AND repos.repo_active = TRUE ORDER BY repo_full_name ASC; ` @@ -161,6 +163,7 @@ FROM repos INNER JOIN perms ON perms.perm_repo_id = repos.repo_id INNER JOIN builds ON builds.build_repo_id = repos.repo_id WHERE perms.perm_user_id = $1 + AND (perms.perm_push = true OR perms.perm_admin = true) ORDER BY build_id DESC LIMIT 50 ` @@ -454,6 +457,35 @@ WHERE perms.perm_user_id = $1 ORDER BY repo_full_name ASC ` +var repoFindUserOwned = ` +SELECT + repo_id +,repo_user_id +,repo_owner +,repo_name +,repo_full_name +,repo_avatar +,repo_link +,repo_clone +,repo_branch +,repo_timeout +,repo_private +,repo_trusted +,repo_active +,repo_allow_pr +,repo_hash +,repo_scm +,repo_config_path +,repo_gated +,repo_visibility +,repo_counter +FROM repos +INNER JOIN perms ON perms.perm_repo_id = repos.repo_id +WHERE perms.perm_user_id = $1 + AND (perms.perm_push = true OR perms.perm_admin = true) +ORDER BY repo_full_name ASC +` + var repoInsertIgnore = ` INSERT INTO repos ( repo_user_id diff --git a/server/store/datastore/sql/sqlite/files/feed.sql b/server/store/datastore/sql/sqlite/files/feed.sql index b04d374c0..1e967f3e0 100644 --- a/server/store/datastore/sql/sqlite/files/feed.sql +++ b/server/store/datastore/sql/sqlite/files/feed.sql @@ -28,6 +28,7 @@ FROM repos LEFT OUTER JOIN builds ON build_id = ( ) INNER JOIN perms ON perms.perm_repo_id = repos.repo_id WHERE perms.perm_user_id = ? + AND (perms.perm_push = 1 OR perms.perm_admin = 1) AND repos.repo_active = 1 ORDER BY repo_full_name ASC; @@ -57,5 +58,6 @@ FROM repos INNER JOIN perms ON perms.perm_repo_id = repos.repo_id INNER JOIN builds ON builds.build_repo_id = repos.repo_id WHERE perms.perm_user_id = ? + AND (perms.perm_push = 1 OR perms.perm_admin = 1) ORDER BY build_id DESC LIMIT 50 diff --git a/server/store/datastore/sql/sqlite/files/repos.sql b/server/store/datastore/sql/sqlite/files/repos.sql index cf8db973a..8c3cb86c0 100644 --- a/server/store/datastore/sql/sqlite/files/repos.sql +++ b/server/store/datastore/sql/sqlite/files/repos.sql @@ -32,6 +32,35 @@ INNER JOIN perms ON perms.perm_repo_id = repos.repo_id WHERE perms.perm_user_id = ? ORDER BY repo_full_name ASC +-- name: repo-find-user-owned + +SELECT + repo_id +,repo_user_id +,repo_owner +,repo_name +,repo_full_name +,repo_avatar +,repo_link +,repo_clone +,repo_branch +,repo_timeout +,repo_private +,repo_trusted +,repo_active +,repo_allow_pr +,repo_hash +,repo_scm +,repo_config_path +,repo_gated +,repo_visibility +,repo_counter +FROM repos +INNER JOIN perms ON perms.perm_repo_id = repos.repo_id +WHERE perms.perm_user_id = ? + AND (perms.perm_push = 1 OR perms.perm_admin = 1) +ORDER BY repo_full_name ASC + -- name: repo-insert-ignore INSERT OR IGNORE INTO repos ( diff --git a/server/store/datastore/sql/sqlite/sql_gen.go b/server/store/datastore/sql/sqlite/sql_gen.go index d3d092ae7..3372cee80 100644 --- a/server/store/datastore/sql/sqlite/sql_gen.go +++ b/server/store/datastore/sql/sqlite/sql_gen.go @@ -36,6 +36,7 @@ var index = map[string]string{ "registry-delete": registryDelete, "repo-update-counter": repoUpdateCounter, "repo-find-user": repoFindUser, + "repo-find-user-owned": repoFindUserOwned, "repo-insert-ignore": repoInsertIgnore, "repo-delete": repoDelete, "secret-find-repo": secretFindRepo, @@ -134,6 +135,7 @@ FROM repos LEFT OUTER JOIN builds ON build_id = ( ) INNER JOIN perms ON perms.perm_repo_id = repos.repo_id WHERE perms.perm_user_id = ? + AND (perms.perm_push = 1 OR perms.perm_admin = 1) AND repos.repo_active = 1 ORDER BY repo_full_name ASC; ` @@ -163,6 +165,7 @@ FROM repos INNER JOIN perms ON perms.perm_repo_id = repos.repo_id INNER JOIN builds ON builds.build_repo_id = repos.repo_id WHERE perms.perm_user_id = ? + AND (perms.perm_push = 1 OR perms.perm_admin = 1) ORDER BY build_id DESC LIMIT 50 ` @@ -451,6 +454,35 @@ WHERE perms.perm_user_id = ? ORDER BY repo_full_name ASC ` +var repoFindUserOwned = ` +SELECT + repo_id +,repo_user_id +,repo_owner +,repo_name +,repo_full_name +,repo_avatar +,repo_link +,repo_clone +,repo_branch +,repo_timeout +,repo_private +,repo_trusted +,repo_active +,repo_allow_pr +,repo_hash +,repo_scm +,repo_config_path +,repo_gated +,repo_visibility +,repo_counter +FROM repos +INNER JOIN perms ON perms.perm_repo_id = repos.repo_id +WHERE perms.perm_user_id = ? + AND (perms.perm_push = 1 OR perms.perm_admin = 1) +ORDER BY repo_full_name ASC +` + var repoInsertIgnore = ` INSERT OR IGNORE INTO repos ( repo_user_id diff --git a/server/store/datastore/users_test.go b/server/store/datastore/users_test.go index 6f24b4351..8054726c3 100644 --- a/server/store/datastore/users_test.go +++ b/server/store/datastore/users_test.go @@ -211,8 +211,8 @@ func TestUsers(t *testing.T) { s.CreateRepo(repo3) s.PermBatch([]*model.Perm{ - {UserID: user.ID, Repo: repo1.FullName}, - {UserID: user.ID, Repo: repo2.FullName}, + {UserID: user.ID, Repo: repo1.FullName, Push: true, Admin: false}, + {UserID: user.ID, Repo: repo2.FullName, Push: false, Admin: true}, }) build1 := &model.Build{ diff --git a/server/store/store.go b/server/store/store.go index d834b3561..598980891 100644 --- a/server/store/store.go +++ b/server/store/store.go @@ -100,8 +100,8 @@ type Store interface { UserFeed(*model.User) ([]*model.Feed, error) - RepoList(*model.User) ([]*model.Repo, error) - RepoListLatest(*model.User) ([]*model.Feed, error) + RepoList(user *model.User, owned bool) ([]*model.Repo, error) + RepoListLatest(user *model.User) ([]*model.Feed, error) RepoBatch([]*model.Repo) error PermFind(user *model.User, repo *model.Repo) (*model.Perm, error)