mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-12 08:23:48 +02:00
0970f35df5
Do not sync repos with forge if the repo is not necessary in DB. In the DB, only repos that were active once or repos that are currently active are stored. When trying to enable new repos, the repos list is fetched from the forge instead and displayed directly. In addition to this, the forge func `Perm` was removed and is now merged with `Repo`. Solves a TODO on RepoBatch. --------- Co-authored-by: Anbraten <anton@ju60.de>
194 lines
4.2 KiB
Go
194 lines
4.2 KiB
Go
// Copyright 2018 Drone.IO Inc.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package session
|
|
|
|
import (
|
|
"errors"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/rs/zerolog/log"
|
|
"github.com/woodpecker-ci/woodpecker/server"
|
|
|
|
"github.com/woodpecker-ci/woodpecker/server/model"
|
|
"github.com/woodpecker-ci/woodpecker/server/store"
|
|
"github.com/woodpecker-ci/woodpecker/server/store/types"
|
|
)
|
|
|
|
func Repo(c *gin.Context) *model.Repo {
|
|
v, ok := c.Get("repo")
|
|
if !ok {
|
|
return nil
|
|
}
|
|
r, ok := v.(*model.Repo)
|
|
if !ok {
|
|
return nil
|
|
}
|
|
return r
|
|
}
|
|
|
|
func SetRepo() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
var (
|
|
_store = store.FromContext(c)
|
|
owner = c.Param("owner")
|
|
name = c.Param("name")
|
|
user = User(c)
|
|
)
|
|
|
|
repo, err := _store.GetRepoName(owner + "/" + name)
|
|
if err == nil {
|
|
c.Set("repo", repo)
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
// debugging
|
|
log.Debug().Msgf("Cannot find repository %s/%s. %s",
|
|
owner,
|
|
name,
|
|
err.Error(),
|
|
)
|
|
|
|
if user != nil {
|
|
if errors.Is(err, types.RecordNotExist) {
|
|
c.AbortWithStatus(http.StatusNotFound)
|
|
return
|
|
}
|
|
_ = c.AbortWithError(http.StatusInternalServerError, err)
|
|
} else {
|
|
c.AbortWithStatus(http.StatusUnauthorized)
|
|
}
|
|
}
|
|
}
|
|
|
|
func Perm(c *gin.Context) *model.Perm {
|
|
v, ok := c.Get("perm")
|
|
if !ok {
|
|
return nil
|
|
}
|
|
u, ok := v.(*model.Perm)
|
|
if !ok {
|
|
return nil
|
|
}
|
|
return u
|
|
}
|
|
|
|
func SetPerm() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
_store := store.FromContext(c)
|
|
user := User(c)
|
|
repo := Repo(c)
|
|
perm := new(model.Perm)
|
|
|
|
if user != nil {
|
|
var err error
|
|
perm, err = _store.PermFind(user, repo)
|
|
if err != nil {
|
|
log.Error().Msgf("Error fetching permission for %s %s. %s",
|
|
user.Login, repo.FullName, err)
|
|
}
|
|
if time.Unix(perm.Synced, 0).Add(time.Hour).Before(time.Now()) {
|
|
_repo, err := server.Config.Services.Forge.Repo(c, user, repo.ForgeRemoteID, repo.Owner, repo.Name)
|
|
if err == nil {
|
|
log.Debug().Msgf("Synced user permission for %s %s", user.Login, repo.FullName)
|
|
perm = _repo.Perm
|
|
perm.Repo = repo
|
|
perm.RepoID = repo.ID
|
|
perm.UserID = user.ID
|
|
perm.Synced = time.Now().Unix()
|
|
if err := _store.PermUpsert(perm); err != nil {
|
|
_ = c.AbortWithError(http.StatusInternalServerError, err)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if perm == nil {
|
|
perm = new(model.Perm)
|
|
}
|
|
|
|
if user != nil && user.Admin {
|
|
perm.Pull = true
|
|
perm.Push = true
|
|
perm.Admin = true
|
|
}
|
|
|
|
if repo.Visibility == model.VisibilityPublic || (repo.Visibility == model.VisibilityInternal && user != nil) {
|
|
perm.Pull = true
|
|
}
|
|
|
|
if user != nil {
|
|
log.Debug().Msgf("%s granted %+v permission to %s",
|
|
user.Login, perm, repo.FullName)
|
|
} else {
|
|
log.Debug().Msgf("Guest granted %+v to %s", perm, repo.FullName)
|
|
}
|
|
|
|
c.Set("perm", perm)
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
func MustPull(c *gin.Context) {
|
|
user := User(c)
|
|
perm := Perm(c)
|
|
|
|
if perm.Pull {
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
// debugging
|
|
if user != nil {
|
|
c.AbortWithStatus(http.StatusNotFound)
|
|
log.Debug().Msgf("User %s denied read access to %s",
|
|
user.Login, c.Request.URL.Path)
|
|
} else {
|
|
c.AbortWithStatus(http.StatusUnauthorized)
|
|
log.Debug().Msgf("Guest denied read access to %s %s",
|
|
c.Request.Method,
|
|
c.Request.URL.Path,
|
|
)
|
|
}
|
|
}
|
|
|
|
func MustPush(c *gin.Context) {
|
|
user := User(c)
|
|
perm := Perm(c)
|
|
|
|
// if the user has push access, immediately proceed
|
|
// the middleware execution chain.
|
|
if perm.Push {
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
// debugging
|
|
if user != nil {
|
|
c.AbortWithStatus(http.StatusNotFound)
|
|
log.Debug().Msgf("User %s denied write access to %s",
|
|
user.Login, c.Request.URL.Path)
|
|
} else {
|
|
c.AbortWithStatus(http.StatusUnauthorized)
|
|
log.Debug().Msgf("Guest denied write access to %s %s",
|
|
c.Request.Method,
|
|
c.Request.URL.Path,
|
|
)
|
|
}
|
|
}
|