mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-03-27 23:02:54 +00:00
pass repo to remote perm func (#653)
* pass repo to remote perm func * go:generate mockery Co-authored-by: 6543 <6543@obermui.de>
This commit is contained in:
Anbraten
GitHub
parent
a2429eb570
commit
f7d1451ca3
17 changed files with 53 additions and 46 deletions
|
|
@ -180,11 +180,11 @@ func (c *config) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error
|
|||
// does not have an endpoint to access user permissions, we attempt to fetch
|
||||
// the repository hook list, which is restricted to administrators to calculate
|
||||
// administrative access to a repository.
|
||||
func (c *config) Perm(ctx context.Context, u *model.User, owner, name string) (*model.Perm, error) {
|
||||
func (c *config) Perm(ctx context.Context, u *model.User, r *model.Repo) (*model.Perm, error) {
|
||||
client := c.newClient(ctx, u)
|
||||
|
||||
perms := new(model.Perm)
|
||||
repo, err := client.FindRepo(owner, name)
|
||||
repo, err := client.FindRepo(r.Owner, r.Name)
|
||||
if err != nil {
|
||||
return perms, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -138,25 +138,25 @@ func Test_bitbucket(t *testing.T) {
|
|||
|
||||
g.Describe("When requesting repository permissions", func() {
|
||||
g.It("Should handle not found errors", func() {
|
||||
_, err := c.Perm(ctx, fakeUser, fakeRepoNotFound.Owner, fakeRepoNotFound.Name)
|
||||
_, err := c.Perm(ctx, fakeUser, fakeRepoNotFound)
|
||||
g.Assert(err).IsNotNil()
|
||||
})
|
||||
g.It("Should authorize read access", func() {
|
||||
perm, err := c.Perm(ctx, fakeUser, fakeRepoReadOnly.Owner, fakeRepoReadOnly.Name)
|
||||
perm, err := c.Perm(ctx, fakeUser, fakeRepoReadOnly)
|
||||
g.Assert(err).IsNil()
|
||||
g.Assert(perm.Pull).IsTrue()
|
||||
g.Assert(perm.Push).IsFalse()
|
||||
g.Assert(perm.Admin).IsFalse()
|
||||
})
|
||||
g.It("Should authorize write access", func() {
|
||||
perm, err := c.Perm(ctx, fakeUser, fakeRepoWriteOnly.Owner, fakeRepoWriteOnly.Name)
|
||||
perm, err := c.Perm(ctx, fakeUser, fakeRepoWriteOnly)
|
||||
g.Assert(err).IsNil()
|
||||
g.Assert(perm.Pull).IsTrue()
|
||||
g.Assert(perm.Push).IsTrue()
|
||||
g.Assert(perm.Admin).IsFalse()
|
||||
})
|
||||
g.It("Should authorize admin access", func() {
|
||||
perm, err := c.Perm(ctx, fakeUser, fakeRepoAdmin.Owner, fakeRepoAdmin.Name)
|
||||
perm, err := c.Perm(ctx, fakeUser, fakeRepoAdmin)
|
||||
g.Assert(err).IsNil()
|
||||
g.Assert(perm.Pull).IsTrue()
|
||||
g.Assert(perm.Push).IsTrue()
|
||||
|
|
|
|||
|
|
@ -169,10 +169,10 @@ func (c *Config) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error
|
|||
return all, nil
|
||||
}
|
||||
|
||||
func (c *Config) Perm(ctx context.Context, u *model.User, owner, repo string) (*model.Perm, error) {
|
||||
func (c *Config) Perm(ctx context.Context, u *model.User, repo *model.Repo) (*model.Perm, error) {
|
||||
client := internal.NewClientWithToken(ctx, c.URL, c.Consumer, u.Token)
|
||||
|
||||
return client.FindRepoPerms(owner, repo)
|
||||
return client.FindRepoPerms(repo.Owner, repo.Name)
|
||||
}
|
||||
|
||||
func (c *Config) File(ctx context.Context, u *model.User, r *model.Repo, b *model.Build, f string) ([]byte, error) {
|
||||
|
|
|
|||
|
|
@ -213,8 +213,8 @@ func (c *Coding) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error
|
|||
|
||||
// Perm fetches the named repository permissions from
|
||||
// the remote system for the specified user.
|
||||
func (c *Coding) Perm(ctx context.Context, u *model.User, owner, repo string) (*model.Perm, error) {
|
||||
project, err := c.newClient(ctx, u).GetProject(owner, repo)
|
||||
func (c *Coding) Perm(ctx context.Context, u *model.User, repo *model.Repo) (*model.Perm, error) {
|
||||
project, err := c.newClient(ctx, u).GetProject(repo.Owner, repo.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -128,35 +128,35 @@ func Test_coding(t *testing.T) {
|
|||
|
||||
g.Describe("When requesting repository permissions", func() {
|
||||
g.It("Should authorize admin access for project owner", func() {
|
||||
perm, err := c.Perm(ctx, fakeUser, "demo1", "perm_owner")
|
||||
perm, err := c.Perm(ctx, fakeUser, &model.Repo{Owner: "demo1", Name: "perm_owner"})
|
||||
g.Assert(err).IsNil()
|
||||
g.Assert(perm.Pull).IsTrue()
|
||||
g.Assert(perm.Push).IsTrue()
|
||||
g.Assert(perm.Admin).IsTrue()
|
||||
})
|
||||
g.It("Should authorize admin access for project admin", func() {
|
||||
perm, err := c.Perm(ctx, fakeUser, "demo1", "perm_admin")
|
||||
perm, err := c.Perm(ctx, fakeUser, &model.Repo{Owner: "demo1", Name: "perm_admin"})
|
||||
g.Assert(err).IsNil()
|
||||
g.Assert(perm.Pull).IsTrue()
|
||||
g.Assert(perm.Push).IsTrue()
|
||||
g.Assert(perm.Admin).IsTrue()
|
||||
})
|
||||
g.It("Should authorize read access for project member", func() {
|
||||
perm, err := c.Perm(ctx, fakeUser, "demo1", "perm_member")
|
||||
perm, err := c.Perm(ctx, fakeUser, &model.Repo{Owner: "demo1", Name: "perm_member"})
|
||||
g.Assert(err).IsNil()
|
||||
g.Assert(perm.Pull).IsTrue()
|
||||
g.Assert(perm.Push).IsTrue()
|
||||
g.Assert(perm.Admin).IsFalse()
|
||||
})
|
||||
g.It("Should authorize no access for project guest", func() {
|
||||
perm, err := c.Perm(ctx, fakeUser, "demo1", "perm_guest")
|
||||
perm, err := c.Perm(ctx, fakeUser, &model.Repo{Owner: "demo1", Name: "perm_guest"})
|
||||
g.Assert(err).IsNil()
|
||||
g.Assert(perm.Pull).IsFalse()
|
||||
g.Assert(perm.Push).IsFalse()
|
||||
g.Assert(perm.Admin).IsFalse()
|
||||
})
|
||||
g.It("Should handle not found errors", func() {
|
||||
_, err := c.Perm(ctx, fakeUser, fakeRepoNotFound.Owner, fakeRepoNotFound.Name)
|
||||
_, err := c.Perm(ctx, fakeUser, fakeRepoNotFound)
|
||||
g.Assert(err).IsNotNil()
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -279,13 +279,13 @@ func (c *Gitea) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error)
|
|||
}
|
||||
|
||||
// Perm returns the user permissions for the named Gitea repository.
|
||||
func (c *Gitea) Perm(ctx context.Context, u *model.User, owner, name string) (*model.Perm, error) {
|
||||
func (c *Gitea) Perm(ctx context.Context, u *model.User, r *model.Repo) (*model.Perm, error) {
|
||||
client, err := c.newClientToken(ctx, u.Token)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
repo, _, err := client.GetRepo(owner, name)
|
||||
repo, _, err := client.GetRepo(r.Owner, r.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -108,14 +108,14 @@ func Test_gitea(t *testing.T) {
|
|||
|
||||
g.Describe("Requesting repository permissions", func() {
|
||||
g.It("Should return the permission details", func() {
|
||||
perm, err := c.Perm(ctx, fakeUser, fakeRepo.Owner, fakeRepo.Name)
|
||||
perm, err := c.Perm(ctx, fakeUser, fakeRepo)
|
||||
g.Assert(err).IsNil()
|
||||
g.Assert(perm.Admin).IsTrue()
|
||||
g.Assert(perm.Push).IsTrue()
|
||||
g.Assert(perm.Pull).IsTrue()
|
||||
})
|
||||
g.It("Should handle a not found error", func() {
|
||||
_, err := c.Perm(ctx, fakeUser, fakeRepoNotFound.Owner, fakeRepoNotFound.Name)
|
||||
_, err := c.Perm(ctx, fakeUser, fakeRepoNotFound)
|
||||
g.Assert(err).IsNotNil()
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -213,9 +213,9 @@ func (c *client) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error
|
|||
}
|
||||
|
||||
// Perm returns the user permissions for the named GitHub repository.
|
||||
func (c *client) Perm(ctx context.Context, u *model.User, owner, name string) (*model.Perm, error) {
|
||||
func (c *client) Perm(ctx context.Context, u *model.User, r *model.Repo) (*model.Perm, error) {
|
||||
client := c.newClientToken(ctx, u.Token)
|
||||
repo, _, err := client.Repositories.Get(ctx, owner, name)
|
||||
repo, _, err := client.Repositories.Get(ctx, r.Owner, r.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -113,14 +113,14 @@ func Test_github(t *testing.T) {
|
|||
|
||||
g.Describe("Requesting repository permissions", func() {
|
||||
g.It("Should return the permission details", func() {
|
||||
perm, err := c.Perm(ctx, fakeUser, fakeRepo.Owner, fakeRepo.Name)
|
||||
perm, err := c.Perm(ctx, fakeUser, fakeRepo)
|
||||
g.Assert(err).IsNil()
|
||||
g.Assert(perm.Admin).IsTrue()
|
||||
g.Assert(perm.Push).IsTrue()
|
||||
g.Assert(perm.Pull).IsTrue()
|
||||
})
|
||||
g.It("Should handle a not found error", func() {
|
||||
_, err := c.Perm(ctx, fakeUser, fakeRepoNotFound.Owner, fakeRepoNotFound.Name)
|
||||
_, err := c.Perm(ctx, fakeUser, fakeRepoNotFound)
|
||||
g.Assert(err).IsNotNil()
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -261,12 +261,12 @@ func (g *Gitlab) Repos(ctx context.Context, user *model.User) ([]*model.Repo, er
|
|||
}
|
||||
|
||||
// Perm fetches the named repository from the remote system.
|
||||
func (g *Gitlab) Perm(ctx context.Context, user *model.User, owner, name string) (*model.Perm, error) {
|
||||
func (g *Gitlab) Perm(ctx context.Context, user *model.User, r *model.Repo) (*model.Perm, error) {
|
||||
client, err := newClient(g.URL, user.Token, g.SkipVerify)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
repo, err := g.getProject(ctx, client, owner, name)
|
||||
repo, err := g.getProject(ctx, client, r.Owner, r.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -109,21 +109,27 @@ func Test_Gitlab(t *testing.T) {
|
|||
// Test permissions method
|
||||
g.Describe("Perm", func() {
|
||||
g.It("Should return repo permissions", func() {
|
||||
perm, err := client.Perm(ctx, &user, "diaspora", "diaspora-client")
|
||||
perm, err := client.Perm(ctx, &user, &repo)
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, perm.Admin)
|
||||
assert.True(t, perm.Pull)
|
||||
assert.True(t, perm.Push)
|
||||
})
|
||||
g.It("Should return repo permissions when user is admin", func() {
|
||||
perm, err := client.Perm(ctx, &user, "brightbox", "puppet")
|
||||
perm, err := client.Perm(ctx, &user, &model.Repo{
|
||||
Owner: "brightbox",
|
||||
Name: "puppet",
|
||||
})
|
||||
assert.NoError(t, err)
|
||||
g.Assert(perm.Admin).Equal(true)
|
||||
g.Assert(perm.Pull).Equal(true)
|
||||
g.Assert(perm.Push).Equal(true)
|
||||
})
|
||||
g.It("Should return error, when repo is not exist", func() {
|
||||
_, err := client.Perm(ctx, &user, "not-existed", "not-existed")
|
||||
_, err := client.Perm(ctx, &user, &model.Repo{
|
||||
Owner: "not-existed",
|
||||
Name: "not-existed",
|
||||
})
|
||||
|
||||
g.Assert(err).IsNotNil()
|
||||
})
|
||||
|
|
|
|||
|
|
@ -171,9 +171,9 @@ func (c *client) Repos(ctx context.Context, u *model.User) ([]*model.Repo, error
|
|||
}
|
||||
|
||||
// Perm returns the user permissions for the named Gogs repository.
|
||||
func (c *client) Perm(ctx context.Context, u *model.User, owner, name string) (*model.Perm, error) {
|
||||
func (c *client) Perm(ctx context.Context, u *model.User, r *model.Repo) (*model.Perm, error) {
|
||||
client := c.newClientToken(u.Token)
|
||||
repo, err := client.GetRepo(owner, name)
|
||||
repo, err := client.GetRepo(r.Owner, r.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -106,14 +106,14 @@ func Test_gogs(t *testing.T) {
|
|||
|
||||
g.Describe("Requesting repository permissions", func() {
|
||||
g.It("Should return the permission details", func() {
|
||||
perm, err := c.Perm(ctx, fakeUser, fakeRepo.Owner, fakeRepo.Name)
|
||||
perm, err := c.Perm(ctx, fakeUser, fakeRepo)
|
||||
g.Assert(err).IsNil()
|
||||
g.Assert(perm.Admin).IsTrue()
|
||||
g.Assert(perm.Push).IsTrue()
|
||||
g.Assert(perm.Pull).IsTrue()
|
||||
})
|
||||
g.It("Should handle a not found error", func() {
|
||||
_, err := c.Perm(ctx, fakeUser, fakeRepoNotFound.Owner, fakeRepoNotFound.Name)
|
||||
_, err := c.Perm(ctx, fakeUser, fakeRepoNotFound)
|
||||
g.Assert(err).IsNotNil()
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
mock "github.com/stretchr/testify/mock"
|
||||
|
||||
model "github.com/woodpecker-ci/woodpecker/server/model"
|
||||
|
||||
remote "github.com/woodpecker-ci/woodpecker/server/remote"
|
||||
)
|
||||
|
||||
|
|
@ -213,13 +214,13 @@ func (_m *Remote) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) {
|
|||
return r0, r1
|
||||
}
|
||||
|
||||
// Perm provides a mock function with given fields: ctx, u, owner, repo
|
||||
func (_m *Remote) Perm(ctx context.Context, u *model.User, owner string, repo string) (*model.Perm, error) {
|
||||
ret := _m.Called(ctx, u, owner, repo)
|
||||
// Perm provides a mock function with given fields: ctx, u, r
|
||||
func (_m *Remote) Perm(ctx context.Context, u *model.User, r *model.Repo) (*model.Perm, error) {
|
||||
ret := _m.Called(ctx, u, r)
|
||||
|
||||
var r0 *model.Perm
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *model.User, string, string) *model.Perm); ok {
|
||||
r0 = rf(ctx, u, owner, repo)
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *model.User, *model.Repo) *model.Perm); ok {
|
||||
r0 = rf(ctx, u, r)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).(*model.Perm)
|
||||
|
|
@ -227,8 +228,8 @@ func (_m *Remote) Perm(ctx context.Context, u *model.User, owner string, repo st
|
|||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *model.User, string, string) error); ok {
|
||||
r1 = rf(ctx, u, owner, repo)
|
||||
if rf, ok := ret.Get(1).(func(context.Context, *model.User, *model.Repo) error); ok {
|
||||
r1 = rf(ctx, u, r)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
|
@ -282,13 +283,13 @@ func (_m *Remote) Repos(ctx context.Context, u *model.User) ([]*model.Repo, erro
|
|||
return r0, r1
|
||||
}
|
||||
|
||||
// Status provides a mock function with given fields: ctx, u, r, b, link, proc
|
||||
func (_m *Remote) Status(ctx context.Context, u *model.User, r *model.Repo, b *model.Build, proc *model.Proc) error {
|
||||
ret := _m.Called(ctx, u, r, b, proc)
|
||||
// Status provides a mock function with given fields: ctx, u, r, b, p
|
||||
func (_m *Remote) Status(ctx context.Context, u *model.User, r *model.Repo, b *model.Build, p *model.Proc) error {
|
||||
ret := _m.Called(ctx, u, r, b, p)
|
||||
|
||||
var r0 error
|
||||
if rf, ok := ret.Get(0).(func(context.Context, *model.User, *model.Repo, *model.Build, *model.Proc) error); ok {
|
||||
r0 = rf(ctx, u, r, b, proc)
|
||||
r0 = rf(ctx, u, r, b, p)
|
||||
} else {
|
||||
r0 = ret.Error(0)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ type Remote interface {
|
|||
|
||||
// Perm fetches the named repository permissions from
|
||||
// the remote system for the specified user.
|
||||
Perm(ctx context.Context, u *model.User, owner, repo string) (*model.Perm, error)
|
||||
Perm(ctx context.Context, u *model.User, r *model.Repo) (*model.Perm, error)
|
||||
|
||||
// File fetches a file from the remote repository and returns in string
|
||||
// format.
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ func SetPerm() gin.HandlerFunc {
|
|||
user.Login, repo.FullName, err)
|
||||
}
|
||||
if time.Unix(perm.Synced, 0).Add(time.Hour).Before(time.Now()) {
|
||||
perm, err = server.Config.Services.Remote.Perm(c, user, repo.Owner, repo.Name)
|
||||
perm, err = server.Config.Services.Remote.Perm(c, user, repo)
|
||||
if err == nil {
|
||||
log.Debug().Msgf("Synced user permission for %s %s", user.Login, repo.FullName)
|
||||
perm.Repo = repo.FullName
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ func (s *Syncer) Sync(ctx context.Context, user *model.User, flatPermissions boo
|
|||
repo.Perm.Admin = true
|
||||
}
|
||||
} else {
|
||||
remotePerm, err := s.Remote.Perm(ctx, user, repo.Owner, repo.Name)
|
||||
remotePerm, err := s.Remote.Perm(ctx, user, repo)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not fetch permission of repo '%s': %v", repo.FullName, err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue