From d5200ad8b31f2f5ac0efe034401bbc0d3e800e1a Mon Sep 17 00:00:00 2001
From: Brad Rydzewski <brad.rydzewski@gmail.com>
Date: Sun, 16 Jul 2017 13:37:16 -0400
Subject: [PATCH] improve flush capability during sync

---
 model/perm.go            |  2 +-
 server/sync.go           | 15 +++++++++++++--
 store/datastore/perms.go |  6 ++++++
 store/store.go           |  1 +
 4 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/model/perm.go b/model/perm.go
index bd8199ffd..f0aa5e184 100644
--- a/model/perm.go
+++ b/model/perm.go
@@ -6,7 +6,7 @@ type PermStore interface {
 	PermUpsert(perm *Perm) error
 	PermBatch(perms []*Perm) error
 	PermDelete(perm *Perm) error
-	// PermFlush(user *User) error
+	PermFlush(user *User, before int64) error
 }
 
 // Perm defines a repository permission for an individual user.
diff --git a/server/sync.go b/server/sync.go
index f6e07641c..adac83a7a 100644
--- a/server/sync.go
+++ b/server/sync.go
@@ -20,7 +20,7 @@ type syncer struct {
 }
 
 func (s *syncer) Sync(user *model.User) error {
-	unix := time.Now().Unix()
+	unix := time.Now().Unix() - 1 // force immediate expiration
 	repos, err := s.remote.Repos(user)
 	if err != nil {
 		return err
@@ -51,5 +51,16 @@ func (s *syncer) Sync(user *model.User) error {
 		return err
 	}
 
-	return nil
+	// this is here as a precaution. I want to make sure that if an api
+	// call to the version control system fails and (for some reason) returns
+	// an empty list, we don't wipe out the user repository permissions.
+	//
+	// the side-effect of this code is that a user with 1 repository whose
+	// access is removed will still display in the feed, but they will not
+	// be able to access the actual repository data.
+	if len(repos) == 0 {
+		return nil
+	}
+
+	return s.perms.PermFlush(user, unix)
 }
diff --git a/store/datastore/perms.go b/store/datastore/perms.go
index 876622b50..ffa4f77e1 100644
--- a/store/datastore/perms.go
+++ b/store/datastore/perms.go
@@ -42,3 +42,9 @@ func (db *datastore) PermDelete(perm *model.Perm) error {
 	_, err := db.Exec(stmt, perm.UserID, perm.RepoID)
 	return err
 }
+
+func (db *datastore) PermFlush(user *model.User, before int64) error {
+	stmt := sql.Lookup(db.driver, "perms-delete-user-date")
+	_, err := db.Exec(stmt, user.ID, before)
+	return err
+}
diff --git a/store/store.go b/store/store.go
index 6e4c23a07..4fcfece49 100644
--- a/store/store.go
+++ b/store/store.go
@@ -92,6 +92,7 @@ type Store interface {
 	PermUpsert(perm *model.Perm) error
 	PermBatch(perms []*model.Perm) error
 	PermDelete(perm *model.Perm) error
+	PermFlush(user *model.User, before int64) error
 
 	ConfigLoad(int64) (*model.Config, error)
 	ConfigFind(*model.Repo, string) (*model.Config, error)