Fix repo access (#476)

* fix repo access

* fix permission syncing
This commit is contained in:
Anbraten 2021-10-26 21:29:30 +02:00 committed by GitHub
parent b10f10a290
commit 3c5827f08a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 274 additions and 13 deletions

View file

@ -60,7 +60,7 @@ func EventStreamSSE(c *gin.Context) {
user := session.User(c)
repo := map[string]bool{}
if user != nil {
repos, _ := store.FromContext(c).RepoList(user)
repos, _ := store.FromContext(c).RepoList(user, false)
for _, r := range repos {
repo[r.FullName] = true
}

View file

@ -107,7 +107,7 @@ func GetRepos(c *gin.Context) {
}
}
repos, err := store.FromContext(c).RepoList(user)
repos, err := store.FromContext(c).RepoList(user, true)
if err != nil {
c.String(500, "Error fetching repository list. %s", err)
return

View file

@ -82,9 +82,10 @@ func (s *Syncer) Sync(ctx context.Context, user *model.User) error {
Pull: true,
Synced: unix,
}
if repo.Perm != nil {
perm.Push = repo.Perm.Push
perm.Admin = repo.Perm.Admin
remotePerm, err := s.Remote.Perm(ctx, user, repo.Owner, repo.Name)
if err == nil && remotePerm != nil {
perm.Push = remotePerm.Push
perm.Admin = remotePerm.Admin
}
perms = append(perms, &perm)
}

View file

@ -54,8 +54,11 @@ func (db *datastore) DeleteRepo(repo *model.Repo) error {
return err
}
func (db *datastore) RepoList(user *model.User) ([]*model.Repo, error) {
func (db *datastore) RepoList(user *model.User, owned bool) ([]*model.Repo, error) {
stmt := sql.Lookup(db.driver, "repo-find-user")
if owned {
stmt = sql.Lookup(db.driver, "repo-find-user-owned")
}
data := []*model.Repo{}
err := meddler.QueryAll(db, &data, stmt, user.ID)
return data, err

View file

@ -164,7 +164,75 @@ func TestRepoList(t *testing.T) {
{UserID: user.ID, Repo: repo2.FullName},
})
repos, err := s.RepoList(user)
repos, err := s.RepoList(user, false)
if err != nil {
t.Error(err)
return
}
if got, want := len(repos), 2; got != want {
t.Errorf("Want %d repositories, got %d", want, got)
}
if got, want := repos[0].ID, repo1.ID; got != want {
t.Errorf("Want repository id %d, got %d", want, got)
}
if got, want := repos[1].ID, repo2.ID; got != want {
t.Errorf("Want repository id %d, got %d", want, got)
}
}
func TestOwnedRepoList(t *testing.T) {
s := newTest()
s.Exec("delete from repos")
s.Exec("delete from users")
s.Exec("delete from perms")
defer func() {
s.Exec("delete from repos")
s.Exec("delete from users")
s.Exec("delete from perms")
s.Close()
}()
user := &model.User{
Login: "joe",
Email: "foo@bar.com",
Token: "e42080dddf012c718e476da161d21ad5",
}
s.CreateUser(user)
repo1 := &model.Repo{
Owner: "bradrydzewski",
Name: "test",
FullName: "bradrydzewski/test",
}
repo2 := &model.Repo{
Owner: "test",
Name: "test",
FullName: "test/test",
}
repo3 := &model.Repo{
Owner: "octocat",
Name: "hello-world",
FullName: "octocat/hello-world",
}
repo4 := &model.Repo{
Owner: "demo",
Name: "demo",
FullName: "demo/demo",
}
s.CreateRepo(repo1)
s.CreateRepo(repo2)
s.CreateRepo(repo3)
s.CreateRepo(repo4)
s.PermBatch([]*model.Perm{
{UserID: user.ID, Repo: repo1.FullName, Push: true, Admin: false},
{UserID: user.ID, Repo: repo2.FullName, Push: false, Admin: true},
{UserID: user.ID, Repo: repo3.FullName},
{UserID: user.ID, Repo: repo4.FullName},
})
repos, err := s.RepoList(user, true)
if err != nil {
t.Error(err)
return
@ -219,8 +287,8 @@ func TestRepoListLatest(t *testing.T) {
s.CreateRepo(repo3)
s.PermBatch([]*model.Perm{
{UserID: user.ID, Repo: repo1.FullName},
{UserID: user.ID, Repo: repo2.FullName},
{UserID: user.ID, Repo: repo1.FullName, Push: true, Admin: false},
{UserID: user.ID, Repo: repo2.FullName, Push: true, Admin: true},
})
build1 := &model.Build{

View file

@ -28,6 +28,7 @@ FROM repos LEFT OUTER JOIN builds ON build_id = (
)
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
AND (perms.perm_push = 1 OR perms.perm_admin = 1)
AND repos.repo_active = true
ORDER BY repo_full_name ASC;
@ -57,5 +58,6 @@ FROM repos
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
INNER JOIN builds ON builds.build_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
AND (perms.perm_push = 1 OR perms.perm_admin = 1)
ORDER BY build_id DESC
LIMIT 50

View file

@ -32,6 +32,35 @@ INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
ORDER BY repo_full_name ASC
-- name: repo-find-user-owned
SELECT
repo_id
,repo_user_id
,repo_owner
,repo_name
,repo_full_name
,repo_avatar
,repo_link
,repo_clone
,repo_branch
,repo_timeout
,repo_private
,repo_trusted
,repo_active
,repo_allow_pr
,repo_hash
,repo_scm
,repo_config_path
,repo_gated
,repo_visibility
,repo_counter
FROM repos
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
AND (perms.perm_push = 1 OR perms.perm_admin = 1)
ORDER BY repo_full_name ASC
-- name: repo-insert-ignore
INSERT IGNORE INTO repos (

View file

@ -36,6 +36,7 @@ var index = map[string]string{
"registry-delete": registryDelete,
"repo-update-counter": repoUpdateCounter,
"repo-find-user": repoFindUser,
"repo-find-user-owned": repoFindUserOwned,
"repo-insert-ignore": repoInsertIgnore,
"repo-delete": repoDelete,
"secret-find-repo": secretFindRepo,
@ -134,6 +135,7 @@ FROM repos LEFT OUTER JOIN builds ON build_id = (
)
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
AND (perms.perm_push = 1 OR perms.perm_admin = 1)
AND repos.repo_active = true
ORDER BY repo_full_name ASC;
`
@ -163,6 +165,7 @@ FROM repos
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
INNER JOIN builds ON builds.build_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
AND (perms.perm_push = 1 OR perms.perm_admin = 1)
ORDER BY build_id DESC
LIMIT 50
`
@ -451,6 +454,35 @@ WHERE perms.perm_user_id = ?
ORDER BY repo_full_name ASC
`
var repoFindUserOwned = `
SELECT
repo_id
,repo_user_id
,repo_owner
,repo_name
,repo_full_name
,repo_avatar
,repo_link
,repo_clone
,repo_branch
,repo_timeout
,repo_private
,repo_trusted
,repo_active
,repo_allow_pr
,repo_hash
,repo_scm
,repo_config_path
,repo_gated
,repo_visibility
,repo_counter
FROM repos
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
AND (perms.perm_push = 1 OR perms.perm_admin = 1)
ORDER BY repo_full_name ASC
`
var repoInsertIgnore = `
INSERT IGNORE INTO repos (
repo_user_id

View file

@ -26,6 +26,7 @@ FROM repos LEFT OUTER JOIN (
) b ON b.build_repo_id = repos.repo_id
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = $1
AND (perms.perm_push = true OR perms.perm_admin = true)
AND repos.repo_active = TRUE
ORDER BY repo_full_name ASC;
@ -55,5 +56,6 @@ FROM repos
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
INNER JOIN builds ON builds.build_repo_id = repos.repo_id
WHERE perms.perm_user_id = $1
AND (perms.perm_push = true OR perms.perm_admin = true)
ORDER BY build_id DESC
LIMIT 50

View file

@ -32,6 +32,35 @@ INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = $1
ORDER BY repo_full_name ASC
-- name: repo-find-user-owned
SELECT
repo_id
,repo_user_id
,repo_owner
,repo_name
,repo_full_name
,repo_avatar
,repo_link
,repo_clone
,repo_branch
,repo_timeout
,repo_private
,repo_trusted
,repo_active
,repo_allow_pr
,repo_hash
,repo_scm
,repo_config_path
,repo_gated
,repo_visibility
,repo_counter
FROM repos
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = $1
AND (perms.perm_push = true OR perms.perm_admin = true)
ORDER BY repo_full_name ASC
-- name: repo-insert-ignore
INSERT INTO repos (

View file

@ -36,6 +36,7 @@ var index = map[string]string{
"registry-delete": registryDelete,
"repo-update-counter": repoUpdateCounter,
"repo-find-user": repoFindUser,
"repo-find-user-owned": repoFindUserOwned,
"repo-insert-ignore": repoInsertIgnore,
"repo-delete": repoDelete,
"secret-find-repo": secretFindRepo,
@ -132,6 +133,7 @@ FROM repos LEFT OUTER JOIN (
) b ON b.build_repo_id = repos.repo_id
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = $1
AND (perms.perm_push = true OR perms.perm_admin = true)
AND repos.repo_active = TRUE
ORDER BY repo_full_name ASC;
`
@ -161,6 +163,7 @@ FROM repos
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
INNER JOIN builds ON builds.build_repo_id = repos.repo_id
WHERE perms.perm_user_id = $1
AND (perms.perm_push = true OR perms.perm_admin = true)
ORDER BY build_id DESC
LIMIT 50
`
@ -454,6 +457,35 @@ WHERE perms.perm_user_id = $1
ORDER BY repo_full_name ASC
`
var repoFindUserOwned = `
SELECT
repo_id
,repo_user_id
,repo_owner
,repo_name
,repo_full_name
,repo_avatar
,repo_link
,repo_clone
,repo_branch
,repo_timeout
,repo_private
,repo_trusted
,repo_active
,repo_allow_pr
,repo_hash
,repo_scm
,repo_config_path
,repo_gated
,repo_visibility
,repo_counter
FROM repos
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = $1
AND (perms.perm_push = true OR perms.perm_admin = true)
ORDER BY repo_full_name ASC
`
var repoInsertIgnore = `
INSERT INTO repos (
repo_user_id

View file

@ -28,6 +28,7 @@ FROM repos LEFT OUTER JOIN builds ON build_id = (
)
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
AND (perms.perm_push = 1 OR perms.perm_admin = 1)
AND repos.repo_active = 1
ORDER BY repo_full_name ASC;
@ -57,5 +58,6 @@ FROM repos
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
INNER JOIN builds ON builds.build_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
AND (perms.perm_push = 1 OR perms.perm_admin = 1)
ORDER BY build_id DESC
LIMIT 50

View file

@ -32,6 +32,35 @@ INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
ORDER BY repo_full_name ASC
-- name: repo-find-user-owned
SELECT
repo_id
,repo_user_id
,repo_owner
,repo_name
,repo_full_name
,repo_avatar
,repo_link
,repo_clone
,repo_branch
,repo_timeout
,repo_private
,repo_trusted
,repo_active
,repo_allow_pr
,repo_hash
,repo_scm
,repo_config_path
,repo_gated
,repo_visibility
,repo_counter
FROM repos
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
AND (perms.perm_push = 1 OR perms.perm_admin = 1)
ORDER BY repo_full_name ASC
-- name: repo-insert-ignore
INSERT OR IGNORE INTO repos (

View file

@ -36,6 +36,7 @@ var index = map[string]string{
"registry-delete": registryDelete,
"repo-update-counter": repoUpdateCounter,
"repo-find-user": repoFindUser,
"repo-find-user-owned": repoFindUserOwned,
"repo-insert-ignore": repoInsertIgnore,
"repo-delete": repoDelete,
"secret-find-repo": secretFindRepo,
@ -134,6 +135,7 @@ FROM repos LEFT OUTER JOIN builds ON build_id = (
)
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
AND (perms.perm_push = 1 OR perms.perm_admin = 1)
AND repos.repo_active = 1
ORDER BY repo_full_name ASC;
`
@ -163,6 +165,7 @@ FROM repos
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
INNER JOIN builds ON builds.build_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
AND (perms.perm_push = 1 OR perms.perm_admin = 1)
ORDER BY build_id DESC
LIMIT 50
`
@ -451,6 +454,35 @@ WHERE perms.perm_user_id = ?
ORDER BY repo_full_name ASC
`
var repoFindUserOwned = `
SELECT
repo_id
,repo_user_id
,repo_owner
,repo_name
,repo_full_name
,repo_avatar
,repo_link
,repo_clone
,repo_branch
,repo_timeout
,repo_private
,repo_trusted
,repo_active
,repo_allow_pr
,repo_hash
,repo_scm
,repo_config_path
,repo_gated
,repo_visibility
,repo_counter
FROM repos
INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
WHERE perms.perm_user_id = ?
AND (perms.perm_push = 1 OR perms.perm_admin = 1)
ORDER BY repo_full_name ASC
`
var repoInsertIgnore = `
INSERT OR IGNORE INTO repos (
repo_user_id

View file

@ -211,8 +211,8 @@ func TestUsers(t *testing.T) {
s.CreateRepo(repo3)
s.PermBatch([]*model.Perm{
{UserID: user.ID, Repo: repo1.FullName},
{UserID: user.ID, Repo: repo2.FullName},
{UserID: user.ID, Repo: repo1.FullName, Push: true, Admin: false},
{UserID: user.ID, Repo: repo2.FullName, Push: false, Admin: true},
})
build1 := &model.Build{

View file

@ -100,8 +100,8 @@ type Store interface {
UserFeed(*model.User) ([]*model.Feed, error)
RepoList(*model.User) ([]*model.Repo, error)
RepoListLatest(*model.User) ([]*model.Feed, error)
RepoList(user *model.User, owned bool) ([]*model.Repo, error)
RepoListLatest(user *model.User) ([]*model.Feed, error)
RepoBatch([]*model.Repo) error
PermFind(user *model.User, repo *model.Repo) (*model.Perm, error)