From 414ee1d371a645c38517a19dd8d75c672673b94d Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Sat, 23 Mar 2024 22:20:24 +0100
Subject: [PATCH] start imp. server side set filters for agents

will allow https://github.com/woodpecker-ci/woodpecker/issues/267

TODOs: API to set server-side-agent-filters; WebUI; secure all rpc endpoints; secure set of labels for non-admins
---
 server/grpc/rpc.go    | 9 +++++++--
 server/model/agent.go | 2 ++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/server/grpc/rpc.go b/server/grpc/rpc.go
index c4293c6ab..30a4bd950 100644
--- a/server/grpc/rpc.go
+++ b/server/grpc/rpc.go
@@ -56,13 +56,18 @@ func (s *RPC) Next(c context.Context, agentFilter rpc.Filter) (*rpc.Workflow, er
 		log.Debug().Msgf("agent connected: %s: polling", hostname)
 	}
 
-	filterFn := createFilterFunc(agentFilter)
-
 	agent, err := s.getAgentFromContext(c)
 	if err != nil {
 		return nil, err
 	}
 
+	// enforce server set agent filters
+	for k, v := range agent.Filters {
+		agentFilter.Labels[k] = v
+	}
+
+	filterFn := createFilterFunc(agentFilter)
+
 	if agent.NoSchedule {
 		time.Sleep(1 * time.Second)
 		return nil, nil
diff --git a/server/model/agent.go b/server/model/agent.go
index c268644c1..a68e3af9e 100644
--- a/server/model/agent.go
+++ b/server/model/agent.go
@@ -27,6 +27,8 @@ type Agent struct {
 	Capacity    int32  `json:"capacity"      xorm:"capacity"`
 	Version     string `json:"version"       xorm:"'version'"`
 	NoSchedule  bool   `json:"no_schedule"   xorm:"no_schedule"`
+	// Server side enforced agent filters
+	Filters map[string]string `json:"filters" xorm:"'filters' json"`
 } //	@name Agent
 
 // TableName return database table name for xorm