mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-27 19:00:35 +00:00
Getting security to work on the stash. Looks at hooks to see if someone has admin rights.
This commit is contained in:
parent
a4d28e39a0
commit
6d7f1bf295
1 changed files with 58 additions and 40 deletions
|
@ -151,47 +151,11 @@ func (*client) Teams(u *model.User) ([]*model.Team, error) {
|
|||
}
|
||||
|
||||
func (c *client) Repo(u *model.User, owner, name string) (*model.Repo, error) {
|
||||
|
||||
client := NewClientWithToken(&c.Consumer, u.Token)
|
||||
|
||||
urlString := fmt.Sprintf("%s/rest/api/1.0/projects/%s/repos/%s", c.URL, owner, name)
|
||||
|
||||
response, err := client.Get(urlString)
|
||||
repo , err := c.FindRepo(client,owner,name)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
}
|
||||
defer response.Body.Close()
|
||||
contents, err := ioutil.ReadAll(response.Body)
|
||||
bsRepo := BSRepo{}
|
||||
err = json.Unmarshal(contents, &bsRepo)
|
||||
if err !=nil {
|
||||
return nil, err
|
||||
}
|
||||
repo := &model.Repo{
|
||||
Name: bsRepo.Slug,
|
||||
Owner: bsRepo.Project.Key,
|
||||
Branch: "master",
|
||||
Kind: model.RepoGit,
|
||||
IsPrivate: true, // TODO(josmo) possibly set this as a setting - must always be private to use netrc
|
||||
FullName: fmt.Sprintf("%s/%s", bsRepo.Project.Key, bsRepo.Slug),
|
||||
}
|
||||
|
||||
for _, item := range bsRepo.Links.Clone {
|
||||
if item.Name == "http" {
|
||||
uri, err := url.Parse(item.Href)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
uri.User = nil
|
||||
repo.Clone = uri.String()
|
||||
}
|
||||
}
|
||||
for _, item := range bsRepo.Links.Self {
|
||||
if item.Href != "" {
|
||||
repo.Link = item.Href
|
||||
}
|
||||
}
|
||||
|
||||
return repo, nil
|
||||
}
|
||||
|
||||
|
@ -228,11 +192,22 @@ func (c *client) Repos(u *model.User) ([]*model.RepoLite, error) {
|
|||
}
|
||||
|
||||
func (c *client) Perm(u *model.User, owner, repo string) (*model.Perm, error) {
|
||||
// TODO need to fetch real permissions here
|
||||
client := NewClientWithToken(&c.Consumer, u.Token)
|
||||
perms := new(model.Perm)
|
||||
|
||||
// If you don't have access return none right away
|
||||
_, err := c.FindRepo(client, owner, repo)
|
||||
if err != nil {
|
||||
return perms, err
|
||||
}
|
||||
|
||||
// Must have admin to be able to list hooks. If have access the enable perms
|
||||
_, err = client.Get(fmt.Sprintf("%s/rest/api/1.0/projects/%s/repos/%s/settings/hooks/%s", c.URL, owner, repo,"com.atlassian.stash.plugin.stash-web-post-receive-hooks-plugin:postReceiveHook"))
|
||||
if err == nil {
|
||||
perms.Push = true
|
||||
perms.Admin = true
|
||||
}
|
||||
perms.Pull = true
|
||||
perms.Admin = true
|
||||
perms.Push = true
|
||||
return perms, nil
|
||||
}
|
||||
|
||||
|
@ -363,3 +338,46 @@ func (bs *client) DeleteHook(client *http.Client, project, slug, hook_key, link
|
|||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *client) FindRepo(client *http.Client, owner string, name string) (*model.Repo, error){
|
||||
|
||||
urlString := fmt.Sprintf("%s/rest/api/1.0/projects/%s/repos/%s", c.URL, owner, name)
|
||||
|
||||
response, err := client.Get(urlString)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
}
|
||||
defer response.Body.Close()
|
||||
contents, err := ioutil.ReadAll(response.Body)
|
||||
bsRepo := BSRepo{}
|
||||
err = json.Unmarshal(contents, &bsRepo)
|
||||
if err !=nil {
|
||||
return nil, err
|
||||
}
|
||||
repo := &model.Repo{
|
||||
Name: bsRepo.Slug,
|
||||
Owner: bsRepo.Project.Key,
|
||||
Branch: "master",
|
||||
Kind: model.RepoGit,
|
||||
IsPrivate: true, // TODO(josmo) possibly set this as a setting - must always be private to use netrc
|
||||
FullName: fmt.Sprintf("%s/%s", bsRepo.Project.Key, bsRepo.Slug),
|
||||
}
|
||||
|
||||
for _, item := range bsRepo.Links.Clone {
|
||||
if item.Name == "http" {
|
||||
uri, err := url.Parse(item.Href)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
uri.User = nil
|
||||
repo.Clone = uri.String()
|
||||
}
|
||||
}
|
||||
for _, item := range bsRepo.Links.Self {
|
||||
if item.Href != "" {
|
||||
repo.Link = item.Href
|
||||
}
|
||||
}
|
||||
|
||||
return repo, nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue