From 0de0d2fcef4f9e50b1b1390203a0a2a68e01e291 Mon Sep 17 00:00:00 2001 From: Johannes Batzill Date: Wed, 19 Apr 2023 09:24:38 -0700 Subject: [PATCH] updating permission check to april milestone --- internal/api/controller/pullreq/comment_create.go | 2 +- internal/api/controller/pullreq/comment_delete.go | 2 +- internal/api/controller/pullreq/comment_update.go | 2 +- internal/api/controller/pullreq/pr_commits.go | 2 +- internal/api/controller/pullreq/pr_diff.go | 2 +- internal/api/controller/pullreq/pr_state.go | 2 +- internal/api/controller/pullreq/pr_update.go | 2 +- internal/api/controller/pullreq/review_submit.go | 2 +- internal/api/controller/repo/commit.go | 2 +- internal/api/controller/repo/create_branch.go | 2 +- internal/api/controller/repo/delete_branch.go | 2 +- internal/api/handler/repo/http_git.go | 3 +-- internal/router/router.go | 4 ++-- 13 files changed, 14 insertions(+), 15 deletions(-) diff --git a/internal/api/controller/pullreq/comment_create.go b/internal/api/controller/pullreq/comment_create.go index 096687d27..7dedf5b0d 100644 --- a/internal/api/controller/pullreq/comment_create.go +++ b/internal/api/controller/pullreq/comment_create.go @@ -79,7 +79,7 @@ func (c *Controller) CommentCreate( prNum int64, in *CommentCreateInput, ) (*types.PullReqActivity, error) { - repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit) + repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView) if err != nil { return nil, fmt.Errorf("failed to acquire access to repo: %w", err) } diff --git a/internal/api/controller/pullreq/comment_delete.go b/internal/api/controller/pullreq/comment_delete.go index f4c183e3b..1d5584b3a 100644 --- a/internal/api/controller/pullreq/comment_delete.go +++ b/internal/api/controller/pullreq/comment_delete.go @@ -21,7 +21,7 @@ func (c *Controller) CommentDelete( prNum int64, commentID int64, ) error { - repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit) + repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView) if err != nil { return fmt.Errorf("failed to acquire access to repo: %w", err) } diff --git a/internal/api/controller/pullreq/comment_update.go b/internal/api/controller/pullreq/comment_update.go index c033b596d..9ce5ffd1c 100644 --- a/internal/api/controller/pullreq/comment_update.go +++ b/internal/api/controller/pullreq/comment_update.go @@ -31,7 +31,7 @@ func (c *Controller) CommentUpdate( commentID int64, in *CommentUpdateInput, ) (*types.PullReqActivity, error) { - repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit) + repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView) if err != nil { return nil, fmt.Errorf("failed to acquire access to repo: %w", err) } diff --git a/internal/api/controller/pullreq/pr_commits.go b/internal/api/controller/pullreq/pr_commits.go index a4e1827f1..54e7adc58 100644 --- a/internal/api/controller/pullreq/pr_commits.go +++ b/internal/api/controller/pullreq/pr_commits.go @@ -23,7 +23,7 @@ func (c *Controller) Commits( pullreqNum int64, filter *types.PaginationFilter, ) ([]types.Commit, error) { - repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit) + repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView) if err != nil { return nil, fmt.Errorf("failed to acquire access to repo: %w", err) } diff --git a/internal/api/controller/pullreq/pr_diff.go b/internal/api/controller/pullreq/pr_diff.go index f048833de..d9ee00d5a 100644 --- a/internal/api/controller/pullreq/pr_diff.go +++ b/internal/api/controller/pullreq/pr_diff.go @@ -22,7 +22,7 @@ func (c *Controller) RawDiff( pullreqNum int64, w io.Writer, ) error { - repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit) + repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView) if err != nil { return fmt.Errorf("failed to acquire access to target repo: %w", err) } diff --git a/internal/api/controller/pullreq/pr_state.go b/internal/api/controller/pullreq/pr_state.go index 1070bf4a1..df5ecc944 100644 --- a/internal/api/controller/pullreq/pr_state.go +++ b/internal/api/controller/pullreq/pr_state.go @@ -55,7 +55,7 @@ func (c *Controller) State(ctx context.Context, return nil, err } - targetRepo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit) + targetRepo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoPush) if err != nil { return nil, fmt.Errorf("failed to acquire access to target repo: %w", err) } diff --git a/internal/api/controller/pullreq/pr_update.go b/internal/api/controller/pullreq/pr_update.go index 100350107..1c53041f4 100644 --- a/internal/api/controller/pullreq/pr_update.go +++ b/internal/api/controller/pullreq/pr_update.go @@ -45,7 +45,7 @@ func (c *Controller) Update(ctx context.Context, return nil, err } - targetRepo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit) + targetRepo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoPush) if err != nil { return nil, fmt.Errorf("failed to acquire access to target repo: %w", err) } diff --git a/internal/api/controller/pullreq/review_submit.go b/internal/api/controller/pullreq/review_submit.go index 1f87ec5f5..62a3f47f8 100644 --- a/internal/api/controller/pullreq/review_submit.go +++ b/internal/api/controller/pullreq/review_submit.go @@ -58,7 +58,7 @@ func (c *Controller) ReviewSubmit( return nil, err } - repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit) + repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView) if err != nil { return nil, fmt.Errorf("failed to acquire access to repo: %w", err) } diff --git a/internal/api/controller/repo/commit.go b/internal/api/controller/repo/commit.go index 13699aca3..0fafcd001 100644 --- a/internal/api/controller/repo/commit.go +++ b/internal/api/controller/repo/commit.go @@ -46,7 +46,7 @@ func (c *Controller) CommitFiles(ctx context.Context, session *auth.Session, return CommitFilesResponse{}, err } - if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoEdit, false); err != nil { + if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoPush, false); err != nil { return CommitFilesResponse{}, err } diff --git a/internal/api/controller/repo/create_branch.go b/internal/api/controller/repo/create_branch.go index 5e801c78a..9e335f7b1 100644 --- a/internal/api/controller/repo/create_branch.go +++ b/internal/api/controller/repo/create_branch.go @@ -33,7 +33,7 @@ func (c *Controller) CreateBranch(ctx context.Context, session *auth.Session, return nil, err } - if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoEdit, false); err != nil { + if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoPush, false); err != nil { return nil, err } diff --git a/internal/api/controller/repo/delete_branch.go b/internal/api/controller/repo/delete_branch.go index 212ed57b6..c02763940 100644 --- a/internal/api/controller/repo/delete_branch.go +++ b/internal/api/controller/repo/delete_branch.go @@ -22,7 +22,7 @@ func (c *Controller) DeleteBranch(ctx context.Context, session *auth.Session, re return err } - if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoEdit, false); err != nil { + if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoPush, false); err != nil { return err } diff --git a/internal/api/handler/repo/http_git.go b/internal/api/handler/repo/http_git.go index 1ce7a91d4..75c3416b1 100644 --- a/internal/api/handler/repo/http_git.go +++ b/internal/api/handler/repo/http_git.go @@ -12,7 +12,6 @@ import ( "strings" "github.com/harness/gitness/gitrpc" - "github.com/harness/gitness/internal/api/auth" apiauth "github.com/harness/gitness/internal/api/auth" repoctrl "github.com/harness/gitness/internal/api/controller/repo" "github.com/harness/gitness/internal/api/request" @@ -115,7 +114,7 @@ func PostReceivePack(client gitrpc.Interface, urlProvider *url.Provider, return } - if errors.Is(err, auth.ErrNotAuthorized) { + if errors.Is(err, apiauth.ErrNotAuthorized) { http.Error(w, err.Error(), http.StatusForbidden) return } diff --git a/internal/router/router.go b/internal/router/router.go index 1e1c039b5..e5f811e14 100644 --- a/internal/router/router.go +++ b/internal/router/router.go @@ -10,11 +10,11 @@ import ( "net/http" "strings" - "github.com/go-logr/logr" - "github.com/go-logr/zerologr" "github.com/harness/gitness/internal/api/render" "github.com/harness/gitness/internal/request" + "github.com/go-logr/logr" + "github.com/go-logr/zerologr" "github.com/rs/zerolog" "github.com/rs/zerolog/hlog" "github.com/rs/zerolog/log"