Merge pull request #2409 from folex/master

Use proper Bitbucket API for permission detection

.gitignore

@@ -7,3 +7,4 @@ extras/
 release/
 
 server/swagger/files/*.json
+.idea/

remote/bitbucket/bitbucket.go

@@ -176,17 +176,27 @@ func (c *config) Perm(u *model.User, owner, name string) (*model.Perm, error) {
 	client := c.newClient(u)
 
 	perms := new(model.Perm)
-	_, err := client.FindRepo(owner, name)
+	repo, err := client.FindRepo(owner, name)
 	if err != nil {
 		return perms, err
 	}
 
-	_, err = client.ListHooks(owner, name, &internal.ListOpts{})
+	perm, err := client.GetPermission(repo.FullName)
-	if err == nil {
+	if err != nil {
-		perms.Push = true
+		return perms, err
-		perms.Admin = true
 	}
+
+	switch perm.Permission {
+	case "admin":
+		perms.Admin = true
+		fallthrough
+	case "write":
+		perms.Push = true
+		fallthrough
+	default:
 		perms.Pull = true
+	}
+
 	return perms, nil
 }
 

remote/bitbucket/bitbucket_test.go

@@ -161,19 +161,30 @@ func Test_bitbucket(t *testing.T) {
 			g.It("Should authorize read access", func() {
 				perm, err := c.Perm(
 					fakeUser,
-					fakeRepoNoHooks.Owner,
+					fakeRepoReadOnly.Owner,
-					fakeRepoNoHooks.Name,
+					fakeRepoReadOnly.Name,
 				)
 				g.Assert(err == nil).IsTrue()
 				g.Assert(perm.Pull).IsTrue()
 				g.Assert(perm.Push).IsFalse()
 				g.Assert(perm.Admin).IsFalse()
 			})
+			g.It("Should authorize write access", func() {
+				perm, err := c.Perm(
+					fakeUser,
+					fakeRepoWriteOnly.Owner,
+					fakeRepoWriteOnly.Name,
+				)
+				g.Assert(err == nil).IsTrue()
+				g.Assert(perm.Pull).IsTrue()
+				g.Assert(perm.Push).IsTrue()
+				g.Assert(perm.Admin).IsFalse()
+			})
 			g.It("Should authorize admin access", func() {
 				perm, err := c.Perm(
 					fakeUser,
-					fakeRepo.Owner,
+					fakeRepoAdmin.Owner,
-					fakeRepo.Name,
+					fakeRepoAdmin.Name,
 				)
 				g.Assert(err == nil).IsTrue()
 				g.Assert(perm.Pull).IsTrue()
@@ -350,6 +361,24 @@ var (
 		FullName: "test_name/hook_empty",
 	}
 
+	fakeRepoReadOnly = &model.Repo{
+		Owner:    "test_name",
+		Name:     "permission_read",
+		FullName: "test_name/permission_read",
+	}
+
+	fakeRepoWriteOnly = &model.Repo{
+		Owner:    "test_name",
+		Name:     "permission_write",
+		FullName: "test_name/permission_write",
+	}
+
+	fakeRepoAdmin = &model.Repo{
+		Owner:    "test_name",
+		Name:     "permission_admin",
+		FullName: "test_name/permission_admin",
+	}
+
 	fakeBuild = &model.Build{
 		Commit: "9ecad50",
 	}

remote/bitbucket/fixtures/handler.go

@@ -15,6 +15,7 @@
 package fixtures
 
 import (
+	"fmt"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
@@ -36,6 +37,7 @@ func Handler() http.Handler {
 	e.GET("/2.0/repositories/:owner", getUserRepos)
 	e.GET("/2.0/teams/", getUserTeams)
 	e.GET("/2.0/user/", getUser)
+	e.GET("/2.0/user/permissions/repositories", getPermissions)
 
 	return e
 }
@@ -70,6 +72,8 @@ func getRepo(c *gin.Context) {
 	switch c.Param("name") {
 	case "not_found", "repo_unknown", "repo_not_found":
 		c.String(404, "")
+	case "permission_read", "permission_write", "permission_admin":
+		c.String(200, fmt.Sprintf(permissionRepoPayload, c.Param("name")))
 	default:
 		c.String(200, repoPayload)
 	}
@@ -144,6 +148,24 @@ func getUserRepos(c *gin.Context) {
 	}
 }
 
+func permission(p string) string {
+	return fmt.Sprintf(permissionPayload, p)
+}
+
+func getPermissions(c *gin.Context) {
+	query := c.Request.URL.Query()["q"][0]
+	switch query {
+	case `repository.full_name="test_name/permission_read"`:
+		c.String(200, permission("read"))
+	case `repository.full_name="test_name/permission_write"`:
+		c.String(200, permission("write"))
+	case `repository.full_name="test_name/permission_admin"`:
+		c.String(200, permission("admin"))
+	default:
+		c.String(200, permission("read"))
+	}
+}
+
 const tokenPayload = `
 {
 	"access_token":"2YotnFZFEjr1zCsicMWpAA",
@@ -170,6 +192,14 @@ const repoPayload = `
 }
 `
 
+const permissionRepoPayload = `
+{
+  "full_name": "test_name/%s",
+  "scm": "git",
+  "is_private": true
+}
+`
+
 const repoHookPayload = `
 {
   "pagelen": 10,
@@ -238,3 +268,15 @@ const userTeamPayload = `
   ]
 }
 `
+
+const permissionPayload = `
+{
+  "pagelen": 1,
+  "values": [
+    {
+      "permission": "%s"
+    }
+  ],
+  "page": 1
+}
+`

remote/bitbucket/internal/client.go

@@ -36,6 +36,7 @@ const (
 const (
 	pathUser        = "%s/2.0/user/"
 	pathEmails      = "%s/2.0/user/emails"
+	pathPermissions = "%s/2.0/user/permissions/repositories?q=repository.full_name=%q"
 	pathTeams       = "%s/2.0/teams/?%s"
 	pathRepo        = "%s/2.0/repositories/%s/%s"
 	pathRepos       = "%s/2.0/repositories/%s?%s"
@@ -152,6 +153,22 @@ func (c *Client) CreateStatus(owner, name, revision string, status *BuildStatus)
 	return c.do(uri, post, status, nil)
 }
 
+func (c *Client) GetPermission(fullName string) (*RepoPerm, error) {
+	out := new(RepoPermResp)
+	uri := fmt.Sprintf(pathPermissions, c.base, fullName)
+	err := c.do(uri, get, nil, out)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if len(out.Values) == 0 {
+		return nil, fmt.Errorf("no permissions in repository %s", fullName)
+	} else {
+		return out.Values[0], nil
+	}
+}
+
 func (c *Client) do(rawurl, method string, in, out interface{}) error {
 
 	uri, err := url.Parse(rawurl)

remote/bitbucket/internal/types.go

@@ -224,3 +224,13 @@ type Error struct {
 func (e Error) Error() string {
 	return e.Body.Message
 }
+
+type RepoPermResp struct {
+	Page   int         `json:"page"`
+	Pages  int         `json:"pagelen"`
+	Values []*RepoPerm `json:"values"`
+}
+
+type RepoPerm struct {
+	Permission string `json:"permission"`
+}