From 72aa97964429f97705501b00ae412f504b78230c Mon Sep 17 00:00:00 2001
From: Anbraten <anton@ju60.de>
Date: Wed, 13 Oct 2021 14:16:26 +0200
Subject: [PATCH] Add repo permission endpoint (#436)

---
 server/api/repo.go   |  5 +++
 server/router/api.go | 82 ++++++++++++++++++++++++--------------------
 2 files changed, 49 insertions(+), 38 deletions(-)

diff --git a/server/api/repo.go b/server/api/repo.go
index 1a7cbe580..fcc823f9b 100644
--- a/server/api/repo.go
+++ b/server/api/repo.go
@@ -165,6 +165,11 @@ func GetRepo(c *gin.Context) {
 	c.JSON(http.StatusOK, session.Repo(c))
 }
 
+func GetRepoPermissions(c *gin.Context) {
+	perm := session.Perm(c)
+	c.JSON(http.StatusOK, perm)
+}
+
 func DeleteRepo(c *gin.Context) {
 	remove, _ := strconv.ParseBool(c.Query("remove"))
 	r := remote.FromContext(c)
diff --git a/server/router/api.go b/server/router/api.go
index 5cea75515..5a31c9358 100644
--- a/server/router/api.go
+++ b/server/router/api.go
@@ -43,54 +43,60 @@ func apiRoutes(e *gin.Engine) {
 		users.DELETE("/:login", api.DeleteUser)
 	}
 
-	repo := e.Group("/api/repos/:owner/:name")
+	repoBase := e.Group("/api/repos/:owner/:name")
 	{
-		repo.Use(session.SetRepo())
-		repo.Use(session.SetPerm())
-		repo.Use(session.MustPull)
+		repoBase.Use(session.SetRepo())
+		repoBase.Use(session.SetPerm())
 
-		repo.POST("", session.MustRepoAdmin(), api.PostRepo)
-		repo.GET("", api.GetRepo)
+		repoBase.GET("/permissions", api.GetRepoPermissions)
 
-		repo.GET("/builds", api.GetBuilds)
-		repo.GET("/builds/:number", api.GetBuild)
+		repo := repoBase.Group("")
+		{
+			repo.Use(session.MustPull)
 
-		// requires push permissions
-		repo.POST("/builds/:number", session.MustPush, api.PostBuild)
-		repo.DELETE("/builds/:number", session.MustPush, api.DeleteBuild)
-		repo.POST("/builds/:number/approve", session.MustPush, api.PostApproval)
-		repo.POST("/builds/:number/decline", session.MustPush, api.PostDecline)
-		repo.DELETE("/builds/:number/:job", session.MustPush, api.DeleteBuild)
+			repo.POST("", session.MustRepoAdmin(), api.PostRepo)
+			repo.GET("", api.GetRepo)
 
-		repo.GET("/logs/:number/:pid", api.GetProcLogs)
-		repo.GET("/logs/:number/:pid/:proc", api.GetBuildLogs)
+			repo.GET("/builds", api.GetBuilds)
+			repo.GET("/builds/:number", api.GetBuild)
 
-		// requires push permissions
-		repo.DELETE("/logs/:number", session.MustPush, api.DeleteBuildLogs)
+			// requires push permissions
+			repo.POST("/builds/:number", session.MustPush, api.PostBuild)
+			repo.DELETE("/builds/:number", session.MustPush, api.DeleteBuild)
+			repo.POST("/builds/:number/approve", session.MustPush, api.PostApproval)
+			repo.POST("/builds/:number/decline", session.MustPush, api.PostDecline)
+			repo.DELETE("/builds/:number/:job", session.MustPush, api.DeleteBuild)
 
-		repo.GET("/files/:number", api.FileList)
-		repo.GET("/files/:number/:proc/*file", api.FileGet)
+			repo.GET("/logs/:number/:pid", api.GetProcLogs)
+			repo.GET("/logs/:number/:pid/:proc", api.GetBuildLogs)
 
-		// requires push permissions
-		repo.GET("/secrets", session.MustPush, api.GetSecretList)
-		repo.POST("/secrets", session.MustPush, api.PostSecret)
-		repo.GET("/secrets/:secret", session.MustPush, api.GetSecret)
-		repo.PATCH("/secrets/:secret", session.MustPush, api.PatchSecret)
-		repo.DELETE("/secrets/:secret", session.MustPush, api.DeleteSecret)
+			// requires push permissions
+			repo.DELETE("/logs/:number", session.MustPush, api.DeleteBuildLogs)
 
-		// requires push permissions
-		repo.GET("/registry", session.MustPush, api.GetRegistryList)
-		repo.POST("/registry", session.MustPush, api.PostRegistry)
-		repo.GET("/registry/:registry", session.MustPush, api.GetRegistry)
-		repo.PATCH("/registry/:registry", session.MustPush, api.PatchRegistry)
-		repo.DELETE("/registry/:registry", session.MustPush, api.DeleteRegistry)
+			repo.GET("/files/:number", api.FileList)
+			repo.GET("/files/:number/:proc/*file", api.FileGet)
 
-		// requires admin permissions
-		repo.PATCH("", session.MustRepoAdmin(), api.PatchRepo)
-		repo.DELETE("", session.MustRepoAdmin(), api.DeleteRepo)
-		repo.POST("/chown", session.MustRepoAdmin(), api.ChownRepo)
-		repo.POST("/repair", session.MustRepoAdmin(), api.RepairRepo)
-		repo.POST("/move", session.MustRepoAdmin(), api.MoveRepo)
+			// requires push permissions
+			repo.GET("/secrets", session.MustPush, api.GetSecretList)
+			repo.POST("/secrets", session.MustPush, api.PostSecret)
+			repo.GET("/secrets/:secret", session.MustPush, api.GetSecret)
+			repo.PATCH("/secrets/:secret", session.MustPush, api.PatchSecret)
+			repo.DELETE("/secrets/:secret", session.MustPush, api.DeleteSecret)
+
+			// requires push permissions
+			repo.GET("/registry", session.MustPush, api.GetRegistryList)
+			repo.POST("/registry", session.MustPush, api.PostRegistry)
+			repo.GET("/registry/:registry", session.MustPush, api.GetRegistry)
+			repo.PATCH("/registry/:registry", session.MustPush, api.PatchRegistry)
+			repo.DELETE("/registry/:registry", session.MustPush, api.DeleteRegistry)
+
+			// requires admin permissions
+			repo.PATCH("", session.MustRepoAdmin(), api.PatchRepo)
+			repo.DELETE("", session.MustRepoAdmin(), api.DeleteRepo)
+			repo.POST("/chown", session.MustRepoAdmin(), api.ChownRepo)
+			repo.POST("/repair", session.MustRepoAdmin(), api.RepairRepo)
+			repo.POST("/move", session.MustRepoAdmin(), api.MoveRepo)
+		}
 	}
 
 	badges := e.Group("/api/badges/:owner/:name")