Add flag for not fetching permissions (FlatPermissions) (#491) (#625)

Co-authored-by: Alex Eftimie <alex.eftimie@getyourguide.com>
2025-02-04 18:21:06 +02:00 · 2021-12-19 12:04:29 +01:00 · 2021-12-19 12:04:29 +01:00 · ef597eca0c
commit ef597eca0c
parent ed0a9fd756
5 changed files with 30 additions and 9 deletions
--- a/cmd/server/flags.go
+++ b/cmd/server/flags.go
@ -211,6 +211,13 @@ var flags = []cli.Flag{
 	//
 	// remote parameters
 	//
+	&cli.BoolFlag{
+		Name:    "flat-permissions",
+		Usage:   "no remote call for permissions should be made",
+		EnvVars: []string{"WOODPECKER_FLAT_PERMISSIONS"},
+		Hidden:  true,
+		// TODO(485) temporary workaround to not hit api rate limits
+	},
 	&cli.BoolFlag{
 		EnvVars: []string{"WOODPECKER_GITHUB"},
 		Name:    "github",
--- a/cmd/server/server.go
+++ b/cmd/server/server.go
@ -304,6 +304,9 @@ func setupEvilGlobals(c *cli.Context, v store.Store, r remote.Remote) {

 	// prometheus
 	server.Config.Prometheus.AuthToken = c.String("prometheus-auth-token")
+
+	// TODO(485) temporary workaround to not hit api rate limits
+	server.Config.FlatPermissions = c.Bool("flat-permissions")
 }

 type authorizer struct {
--- a/server/api/user.go
+++ b/server/api/user.go
@ -60,7 +60,7 @@ func GetFeed(c *gin.Context) {
 			Perms:  _store,
 			Match:  shared.NamespaceFilter(config.OwnersWhitelist),
 		}
-		if err := sync.Sync(c, user); err != nil {
+		if err := sync.Sync(c, user, server.Config.FlatPermissions); err != nil {
 			log.Debug().Msgf("sync error: %s: %s", user.Login, err)
 		} else {
 			log.Debug().Msgf("sync complete: %s", user.Login)
@ -110,7 +110,7 @@ func GetRepos(c *gin.Context) {
 			Match:  shared.NamespaceFilter(config.OwnersWhitelist),
 		}

-		if err := sync.Sync(c, user); err != nil {
+		if err := sync.Sync(c, user, server.Config.FlatPermissions); err != nil {
 			log.Debug().Msgf("sync error: %s: %s", user.Login, err)
 		} else {
 			log.Debug().Msgf("sync complete: %s", user.Login)
--- a/server/config.go
+++ b/server/config.go
@ -71,4 +71,5 @@ var Config = struct {
 		Networks   []string
 		Privileged []string
 	}
+	FlatPermissions bool // TODO(485) temporary workaround to not hit api rate limits
 }{}
--- a/server/shared/userSyncer.go
+++ b/server/shared/userSyncer.go
@ -59,7 +59,7 @@ func (s *Syncer) SetFilter(fn FilterFunc) {
 	s.Match = fn
 }

-func (s *Syncer) Sync(ctx context.Context, user *model.User) error {
+func (s *Syncer) Sync(ctx context.Context, user *model.User, flatPermissions bool) error {
 	unix := time.Now().Unix() - (3601) // force immediate expiration. note 1 hour expiration is hard coded at the moment
 	repos, err := s.Remote.Repos(ctx, user)
 	if err != nil {
@ -75,13 +75,23 @@ func (s *Syncer) Sync(ctx context.Context, user *model.User) error {
 				Repo:   repo.FullName,
 				Synced: unix,
 			}
-			remotePerm, err := s.Remote.Perm(ctx, user, repo.Owner, repo.Name)
-			if err != nil {
-				return fmt.Errorf("could not fetch permission of repo '%s': %v", repo.FullName, err)
+
+			// TODO(485) temporary workaround to not hit api rate limits
+			if flatPermissions {
+				if repo.Perm == nil {
+					repo.Perm.Pull = true
+					repo.Perm.Push = true
+					repo.Perm.Admin = true
+				}
+			} else {
+				remotePerm, err := s.Remote.Perm(ctx, user, repo.Owner, repo.Name)
+				if err != nil {
+					return fmt.Errorf("could not fetch permission of repo '%s': %v", repo.FullName, err)
+				}
+				repo.Perm.Pull = remotePerm.Pull
+				repo.Perm.Push = remotePerm.Push
+				repo.Perm.Admin = remotePerm.Admin
 			}
-			repo.Perm.Pull = remotePerm.Pull
-			repo.Perm.Push = remotePerm.Push
-			repo.Perm.Admin = remotePerm.Admin

 			remoteRepos = append(remoteRepos, repo)
 		}