1
0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-11-24 08:02:18 +02:00

use visibility to alter permissions

This commit is contained in:
Brad Rydzewski 2017-05-23 00:44:58 +02:00
parent 9ed9f8f1c9
commit b1cbe65985
5 changed files with 31 additions and 69 deletions

View File

@ -25,3 +25,9 @@ const (
RepoFossil = "fossil"
RepoPerforce = "perforce"
)
const (
VisibilityPublic = "public"
VisibilityPrivate = "private"
VisibilityInternal = "internal"
)

View File

@ -41,6 +41,7 @@ type RepoPatch struct {
IsTrusted *bool `json:"trusted,omitempty"`
IsGated *bool `json:"gated,omitempty"`
Timeout *int64 `json:"timeout,omitempty"`
Visibility *string `json:"visibility,omitempty"`
AllowPull *bool `json:"allow_pr,omitempty"`
AllowPush *bool `json:"allow_push,omitempty"`
AllowDeploy *bool `json:"allow_deploy,omitempty"`

View File

@ -2,7 +2,6 @@ package session
import (
"net/http"
"os"
"github.com/drone/drone/cache"
"github.com/drone/drone/model"
@ -79,7 +78,6 @@ func Perm(c *gin.Context) *model.Perm {
}
func SetPerm() gin.HandlerFunc {
PUBLIC_MODE := os.Getenv("PUBLIC_MODE")
return func(c *gin.Context) {
user := User(c)
@ -87,49 +85,24 @@ func SetPerm() gin.HandlerFunc {
perm := &model.Perm{}
switch {
// if the user is not authenticated, and the
// repository is private, the user has NO permission
// to view the repository.
case user == nil && repo.IsPrivate == true:
perm.Pull = false
perm.Push = false
perm.Admin = false
// if the user is not authenticated, but the repository
// is public, the user has pull-rights only.
case user == nil && repo.IsPrivate == false:
perm.Pull = true
perm.Push = false
perm.Admin = false
case user.Admin:
case user != nil && user.Admin:
perm.Pull = true
perm.Push = true
perm.Admin = true
// otherwise if the user is authenticated we should
// check the remote system to get the users permissiosn.
default:
case user != nil:
var err error
perm, err = cache.GetPerms(c, user, repo.Owner, repo.Name)
if err != nil {
perm.Pull = false
perm.Push = false
perm.Admin = false
// debug
log.Errorf("Error fetching permission for %s %s",
user.Login, repo.FullName)
}
// if we couldn't fetch permissions, but the repository
// is public, we should grant the user pull access.
if err != nil && repo.IsPrivate == false {
perm.Pull = true
}
}
// all build logs are visible in public mode
if PUBLIC_MODE != "" {
switch {
case repo.Visibility == model.VisibilityPublic:
perm.Pull = true
case repo.Visibility == model.VisibilityInternal && user != nil:
perm.Pull = true
}

View File

@ -1,44 +1,9 @@
package session
import (
"os"
"testing"
"github.com/drone/drone/model"
"github.com/franela/goblin"
"github.com/gin-gonic/gin"
)
func TestSetPerm(t *testing.T) {
g := goblin.Goblin(t)
g.Describe("SetPerm", func() {
g.BeforeEach(func() {
os.Unsetenv("PUBLIC_MODE")
})
g.It("Should set pull to false (private repo, user not logged in)", func() {
c := gin.Context{}
c.Set("repo", &model.Repo{
IsPrivate: true,
})
SetPerm()(&c)
v, ok := c.Get("perm")
g.Assert(ok).IsTrue("perm was not set")
p, ok := v.(*model.Perm)
g.Assert(ok).IsTrue("perm was the wrong type")
g.Assert(p.Pull).IsFalse("pull should be false")
})
g.It("Should set pull to true (private repo, user not logged in, public mode)", func() {
os.Setenv("PUBLIC_MODE", "true")
c := gin.Context{}
c.Set("repo", &model.Repo{
IsPrivate: true,
})
SetPerm()(&c)
v, ok := c.Get("perm")
g.Assert(ok).IsTrue("perm was not set")
p, ok := v.(*model.Perm)
g.Assert(ok).IsTrue("perm was the wrong type")
g.Assert(p.Pull).IsTrue("pull should be true")
})
})
}

View File

@ -55,11 +55,15 @@ func PostRepo(c *gin.Context) {
r.UserID = user.ID
r.AllowPush = true
r.AllowPull = true
r.Visibility = model.VisibilityPublic
r.Config = ".drone.yml"
r.Timeout = 60 // 1 hour default build time
r.Hash = base32.StdEncoding.EncodeToString(
securecookie.GenerateRandomKey(32),
)
if r.IsPrivate {
r.Visibility = model.VisibilityPrivate
}
// crates the jwt token used to verify the repository
t := token.New(token.HookToken, r.FullName)
@ -132,6 +136,19 @@ func PatchRepo(c *gin.Context) {
if in.Config != nil {
repo.Config = *in.Config
}
if in.Visibility != nil {
switch *in.Visibility {
case model.VisibilityInternal:
repo.Visibility = model.VisibilityInternal
case model.VisibilityPrivate:
repo.Visibility = model.VisibilityPrivate
case model.VisibilityPublic:
repo.Visibility = model.VisibilityPublic
default:
c.String(400, "Invalid visibility type")
return
}
}
err := store.UpdateRepo(c, repo)
if err != nil {