github/drone
5
0
Fork 0
mirror of https://github.com/harness/drone.git synced 2025-05-07 23:32:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'jobatzil/rbac' of _OKE5H2PQKOUfzFFDuD4FA/default/CODE/gitness (#31)

Browse Source
This commit is contained in:
Johannes Batzill 2023-04-19 16:26:55 +00:00 committed by Harness
commit 83a417616a
13 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/api/controller/pullreq/comment_create.go
View File

@ -79,7 +79,7 @@ func (c *Controller) CommentCreate(
prNum int64,
in *CommentCreateInput,
) (*types.PullReqActivity, error) {
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView)
if err != nil {
return nil, fmt.Errorf("failed to acquire access to repo: %w", err)
}

2
internal/api/controller/pullreq/comment_delete.go
View File

@ -21,7 +21,7 @@ func (c *Controller) CommentDelete(
prNum int64,
commentID int64,
) error {
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView)
if err != nil {
return fmt.Errorf("failed to acquire access to repo: %w", err)
}

2
internal/api/controller/pullreq/comment_update.go
View File

@ -31,7 +31,7 @@ func (c *Controller) CommentUpdate(
commentID int64,
in *CommentUpdateInput,
) (*types.PullReqActivity, error) {
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView)
if err != nil {
return nil, fmt.Errorf("failed to acquire access to repo: %w", err)
}

2
internal/api/controller/pullreq/pr_commits.go
View File

@ -23,7 +23,7 @@ func (c *Controller) Commits(
pullreqNum int64,
filter *types.PaginationFilter,
) ([]types.Commit, error) {
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView)
if err != nil {
return nil, fmt.Errorf("failed to acquire access to repo: %w", err)
}

2
internal/api/controller/pullreq/pr_diff.go
View File

@ -22,7 +22,7 @@ func (c *Controller) RawDiff(
pullreqNum int64,
w io.Writer,
) error {
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView)
if err != nil {
return fmt.Errorf("failed to acquire access to target repo: %w", err)
}

2
internal/api/controller/pullreq/pr_state.go
View File

@ -55,7 +55,7 @@ func (c *Controller) State(ctx context.Context,
return nil, err
}
targetRepo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
targetRepo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoPush)
if err != nil {
return nil, fmt.Errorf("failed to acquire access to target repo: %w", err)
}

2
internal/api/controller/pullreq/pr_update.go
View File

@ -45,7 +45,7 @@ func (c *Controller) Update(ctx context.Context,
return nil, err
}
targetRepo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
targetRepo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoPush)
if err != nil {
return nil, fmt.Errorf("failed to acquire access to target repo: %w", err)
}

2
internal/api/controller/pullreq/review_submit.go
View File

@ -58,7 +58,7 @@ func (c *Controller) ReviewSubmit(
return nil, err
}
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView)
if err != nil {
return nil, fmt.Errorf("failed to acquire access to repo: %w", err)
}

2
internal/api/controller/repo/commit.go
View File

@ -46,7 +46,7 @@ func (c *Controller) CommitFiles(ctx context.Context, session *auth.Session,
return CommitFilesResponse{}, err
}
if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoEdit, false); err != nil {
if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoPush, false); err != nil {
return CommitFilesResponse{}, err
}

2
internal/api/controller/repo/create_branch.go
View File

@ -33,7 +33,7 @@ func (c *Controller) CreateBranch(ctx context.Context, session *auth.Session,
return nil, err
}
if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoEdit, false); err != nil {
if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoPush, false); err != nil {
return nil, err
}

2
internal/api/controller/repo/delete_branch.go
View File

@ -22,7 +22,7 @@ func (c *Controller) DeleteBranch(ctx context.Context, session *auth.Session, re
return err
}
if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoEdit, false); err != nil {
if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoPush, false); err != nil {
return err
}

3
internal/api/handler/repo/http_git.go
View File

@ -12,7 +12,6 @@ import (
"strings"
"github.com/harness/gitness/gitrpc"
"github.com/harness/gitness/internal/api/auth"
apiauth "github.com/harness/gitness/internal/api/auth"
repoctrl "github.com/harness/gitness/internal/api/controller/repo"
"github.com/harness/gitness/internal/api/request"
@ -115,7 +114,7 @@ func PostReceivePack(client gitrpc.Interface, urlProvider *url.Provider,
return
}
if errors.Is(err, auth.ErrNotAuthorized) {
if errors.Is(err, apiauth.ErrNotAuthorized) {
http.Error(w, err.Error(), http.StatusForbidden)
return
}

4
internal/router/router.go
View File

@ -10,11 +10,11 @@ import (
"net/http"
"strings"
"github.com/go-logr/logr"
"github.com/go-logr/zerologr"
"github.com/harness/gitness/internal/api/render"
"github.com/harness/gitness/internal/request"
"github.com/go-logr/logr"
"github.com/go-logr/zerologr"
"github.com/rs/zerolog"
"github.com/rs/zerolog/hlog"
"github.com/rs/zerolog/log"