From 6d7f1bf2955837350003fde61fc80838009f8b62 Mon Sep 17 00:00:00 2001 From: Joachim Hill-Grannec Date: Mon, 13 Jun 2016 22:08:56 -0500 Subject: [PATCH] Getting security to work on the stash. Looks at hooks to see if someone has admin rights. --- remote/bitbucketserver/bitbucketserver.go | 98 ++++++++++++++--------- 1 file changed, 58 insertions(+), 40 deletions(-) diff --git a/remote/bitbucketserver/bitbucketserver.go b/remote/bitbucketserver/bitbucketserver.go index 8271d2b06..196d44dd1 100644 --- a/remote/bitbucketserver/bitbucketserver.go +++ b/remote/bitbucketserver/bitbucketserver.go @@ -151,47 +151,11 @@ func (*client) Teams(u *model.User) ([]*model.Team, error) { } func (c *client) Repo(u *model.User, owner, name string) (*model.Repo, error) { - client := NewClientWithToken(&c.Consumer, u.Token) - - urlString := fmt.Sprintf("%s/rest/api/1.0/projects/%s/repos/%s", c.URL, owner, name) - - response, err := client.Get(urlString) + repo , err := c.FindRepo(client,owner,name) if err != nil { - log.Error(err) - } - defer response.Body.Close() - contents, err := ioutil.ReadAll(response.Body) - bsRepo := BSRepo{} - err = json.Unmarshal(contents, &bsRepo) - if err !=nil { return nil, err } - repo := &model.Repo{ - Name: bsRepo.Slug, - Owner: bsRepo.Project.Key, - Branch: "master", - Kind: model.RepoGit, - IsPrivate: true, // TODO(josmo) possibly set this as a setting - must always be private to use netrc - FullName: fmt.Sprintf("%s/%s", bsRepo.Project.Key, bsRepo.Slug), - } - - for _, item := range bsRepo.Links.Clone { - if item.Name == "http" { - uri, err := url.Parse(item.Href) - if err != nil { - return nil, err - } - uri.User = nil - repo.Clone = uri.String() - } - } - for _, item := range bsRepo.Links.Self { - if item.Href != "" { - repo.Link = item.Href - } - } - return repo, nil } @@ -228,11 +192,22 @@ func (c *client) Repos(u *model.User) ([]*model.RepoLite, error) { } func (c *client) Perm(u *model.User, owner, repo string) (*model.Perm, error) { - // TODO need to fetch real permissions here + client := NewClientWithToken(&c.Consumer, u.Token) perms := new(model.Perm) + + // If you don't have access return none right away + _, err := c.FindRepo(client, owner, repo) + if err != nil { + return perms, err + } + + // Must have admin to be able to list hooks. If have access the enable perms + _, err = client.Get(fmt.Sprintf("%s/rest/api/1.0/projects/%s/repos/%s/settings/hooks/%s", c.URL, owner, repo,"com.atlassian.stash.plugin.stash-web-post-receive-hooks-plugin:postReceiveHook")) + if err == nil { + perms.Push = true + perms.Admin = true + } perms.Pull = true - perms.Admin = true - perms.Push = true return perms, nil } @@ -363,3 +338,46 @@ func (bs *client) DeleteHook(client *http.Client, project, slug, hook_key, link return nil } + +func (c *client) FindRepo(client *http.Client, owner string, name string) (*model.Repo, error){ + + urlString := fmt.Sprintf("%s/rest/api/1.0/projects/%s/repos/%s", c.URL, owner, name) + + response, err := client.Get(urlString) + if err != nil { + log.Error(err) + } + defer response.Body.Close() + contents, err := ioutil.ReadAll(response.Body) + bsRepo := BSRepo{} + err = json.Unmarshal(contents, &bsRepo) + if err !=nil { + return nil, err + } + repo := &model.Repo{ + Name: bsRepo.Slug, + Owner: bsRepo.Project.Key, + Branch: "master", + Kind: model.RepoGit, + IsPrivate: true, // TODO(josmo) possibly set this as a setting - must always be private to use netrc + FullName: fmt.Sprintf("%s/%s", bsRepo.Project.Key, bsRepo.Slug), + } + + for _, item := range bsRepo.Links.Clone { + if item.Name == "http" { + uri, err := url.Parse(item.Href) + if err != nil { + return nil, err + } + uri.User = nil + repo.Clone = uri.String() + } + } + for _, item := range bsRepo.Links.Self { + if item.Href != "" { + repo.Link = item.Href + } + } + + return repo, nil +}