diff --git a/cli/server/harness.wire_gen.go b/cli/server/harness.wire_gen.go index 97d21df00..488962c15 100644 --- a/cli/server/harness.wire_gen.go +++ b/cli/server/harness.wire_gen.go @@ -7,7 +7,6 @@ package server import ( "context" - "github.com/harness/gitness/events" "github.com/harness/gitness/gitrpc" server2 "github.com/harness/gitness/gitrpc/server" @@ -94,16 +93,6 @@ func initSystem(ctx context.Context, config *types.Config) (*system, error) { return nil, err } pathUID := check.ProvidePathUIDCheck() - spaceController := space.ProvideController(db, provider, pathUID, authorizer, pathStore, spaceStore, repoStore, principalStore) - accountClient, err := client.ProvideAccountClient(serviceJWTProvider, typesConfig) - if err != nil { - return nil, err - } - authenticator, err := authn.ProvideAuthenticator(controller, tokenClient, userClient, typesConfig, serviceAccountClient, serviceaccountController, serviceController, spaceController, accountClient) - if err != nil { - return nil, err - } - principalController := principal.NewController(principalStore) gitrpcConfig, err := ProvideGitRPCClientConfig() if err != nil { return nil, err @@ -113,6 +102,16 @@ func initSystem(ctx context.Context, config *types.Config) (*system, error) { return nil, err } repoController := repo.ProvideController(config, db, provider, pathUID, authorizer, pathStore, repoStore, spaceStore, principalStore, gitrpcInterface) + spaceController := space.ProvideController(db, provider, pathUID, authorizer, pathStore, spaceStore, repoStore, principalStore, repoController) + accountClient, err := client.ProvideAccountClient(serviceJWTProvider, typesConfig) + if err != nil { + return nil, err + } + authenticator, err := authn.ProvideAuthenticator(controller, tokenClient, userClient, typesConfig, serviceAccountClient, serviceaccountController, serviceController, spaceController, accountClient) + if err != nil { + return nil, err + } + principalController := principal.NewController(principalStore) principalInfoView := database.ProvidePrincipalInfoView(db) principalInfoCache := cache.ProvidePrincipalInfoCache(principalInfoView) pullReqStore := database.ProvidePullReqStore(db, principalInfoCache) diff --git a/cli/server/standalone.wire_gen.go b/cli/server/standalone.wire_gen.go index e633a9b92..d3aecc75a 100644 --- a/cli/server/standalone.wire_gen.go +++ b/cli/server/standalone.wire_gen.go @@ -7,7 +7,6 @@ package server import ( "context" - "github.com/harness/gitness/events" "github.com/harness/gitness/gitrpc" server2 "github.com/harness/gitness/gitrpc/server" @@ -77,7 +76,7 @@ func initSystem(ctx context.Context, config *types.Config) (*system, error) { return nil, err } repoController := repo.ProvideController(config, db, provider, pathUID, authorizer, pathStore, repoStore, spaceStore, principalStore, gitrpcInterface) - spaceController := space.ProvideController(db, provider, pathUID, authorizer, pathStore, spaceStore, repoStore, principalStore) + spaceController := space.ProvideController(db, provider, pathUID, authorizer, pathStore, spaceStore, repoStore, principalStore, repoController) principalInfoView := database.ProvidePrincipalInfoView(db) principalInfoCache := cache.ProvidePrincipalInfoCache(principalInfoView) pullReqStore := database.ProvidePullReqStore(db, principalInfoCache) diff --git a/internal/api/controller/repo/delete.go b/internal/api/controller/repo/delete.go index 67116a0c1..12b1fc7b7 100644 --- a/internal/api/controller/repo/delete.go +++ b/internal/api/controller/repo/delete.go @@ -28,16 +28,20 @@ func (c *Controller) Delete(ctx context.Context, session *auth.Session, repoRef return err } - if err = c.DeleteRepositoryRPC(ctx, session, repo); err != nil { + return c.DeleteNoAuth(ctx, session, repo) +} + +func (c *Controller) DeleteNoAuth(ctx context.Context, session *auth.Session, repo *types.Repository) error { + if err := c.DeleteRepositoryRPC(ctx, session, repo); err != nil { return err } - err = c.repoStore.Delete(ctx, repo.ID) - if err != nil { + if err := c.repoStore.Delete(ctx, repo.ID); err != nil { return err } return nil } + func (c *Controller) DeleteRepositoryRPC(ctx context.Context, session *auth.Session, repo *types.Repository) error { writeParams, err := CreateRPCWriteParams(ctx, c.urlProvider, session, repo) if err != nil { diff --git a/internal/api/controller/space/controller.go b/internal/api/controller/space/controller.go index aefe1f539..96e55201e 100644 --- a/internal/api/controller/space/controller.go +++ b/internal/api/controller/space/controller.go @@ -5,6 +5,7 @@ package space import ( + "github.com/harness/gitness/internal/api/controller/repo" "github.com/harness/gitness/internal/auth/authz" "github.com/harness/gitness/internal/store" "github.com/harness/gitness/internal/url" @@ -22,12 +23,14 @@ type Controller struct { spaceStore store.SpaceStore repoStore store.RepoStore principalStore store.PrincipalStore + repoCtrl *repo.Controller } func NewController(db *sqlx.DB, urlProvider *url.Provider, uidCheck check.PathUID, authorizer authz.Authorizer, pathStore store.PathStore, spaceStore store.SpaceStore, - repoStore store.RepoStore, principalStore store.PrincipalStore) *Controller { + repoStore store.RepoStore, principalStore store.PrincipalStore, repoCtrl *repo.Controller, +) *Controller { return &Controller{ db: db, urlProvider: urlProvider, @@ -37,5 +40,6 @@ func NewController(db *sqlx.DB, urlProvider *url.Provider, spaceStore: spaceStore, repoStore: repoStore, principalStore: principalStore, + repoCtrl: repoCtrl, } } diff --git a/internal/api/controller/space/delete.go b/internal/api/controller/space/delete.go index 78d53529b..39e8ca28d 100644 --- a/internal/api/controller/space/delete.go +++ b/internal/api/controller/space/delete.go @@ -6,29 +6,54 @@ package space import ( "context" + "fmt" + "math" apiauth "github.com/harness/gitness/internal/api/auth" "github.com/harness/gitness/internal/auth" + "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ) -/* -* Delete deletes a space. - */ +// Delete deletes a space. func (c *Controller) Delete(ctx context.Context, session *auth.Session, spaceRef string) error { space, err := c.spaceStore.FindByRef(ctx, spaceRef) if err != nil { return err } - if err = apiauth.CheckSpace(ctx, c.authorizer, session, space, enum.PermissionSpaceDelete, false); err != nil { return err } - - err = c.spaceStore.Delete(ctx, space.ID) - if err != nil { - return err + sfilter := &types.SpaceFilter{ + Page: 1, + Size: int(math.MaxInt), + Query: "", + Order: enum.OrderAsc, + Sort: enum.SpaceAttrNone, } + return c.DeleteNoAuth(ctx, session, space.ID, sfilter) +} +// DeleteNoAuth bypasses these permission +// PermissionSpaceDelete, PermissionSpaceView, PermissionRepoView, PermissionRepoDelete +func (c *Controller) DeleteNoAuth(ctx context.Context, session *auth.Session, spaceID int64, filter *types.SpaceFilter) error { + subSpaces, _, err := c.ListSpacesNoAuth(ctx, spaceID, filter) + if err != nil { + return fmt.Errorf("failed to list space %d sub spaces: %w", spaceID, err) + } + for _, space := range subSpaces { + err = c.DeleteNoAuth(ctx, session, space.ID, filter) + if err != nil { + return fmt.Errorf("failed to delete space %d: %w", space.ID, err) + } + } + err = c.deleteRepositoriesNoAuth(ctx, session, spaceID) + if err != nil { + return fmt.Errorf("failed to delete repositories of space %d: %w", spaceID, err) + } + err = c.spaceStore.Delete(ctx, spaceID) + if err != nil { + return fmt.Errorf("spaceStore failed to delete space %d: %w", spaceID, err) + } return nil } diff --git a/internal/api/controller/space/delete_repositories.go b/internal/api/controller/space/delete_repositories.go new file mode 100644 index 000000000..8711c8af8 --- /dev/null +++ b/internal/api/controller/space/delete_repositories.go @@ -0,0 +1,34 @@ +package space + +import ( + "context" + "fmt" + "math" + + "github.com/harness/gitness/internal/auth" + "github.com/harness/gitness/types" + "github.com/harness/gitness/types/enum" +) + +// deleteRepositoriesNoAuth does not check PermissionRepoView, and PermissionRepoDelete permissions +// Call this through Delete(Space) api to make sure the caller has DeleteSpace permission +func (c *Controller) deleteRepositoriesNoAuth(ctx context.Context, session *auth.Session, spaceID int64) error { + filter := &types.RepoFilter{ + Page: 1, + Size: int(math.MaxInt), + Query: "", + Order: enum.OrderAsc, + Sort: enum.RepoAttrNone, + } + repos, _, err := c.ListRepositoriesNoAuth(ctx, spaceID, filter) + if err != nil { + return fmt.Errorf("failed to list space repositories: %w", err) + } + for _, repo := range repos { + err = c.repoCtrl.DeleteNoAuth(ctx, session, repo) + if err != nil { + return fmt.Errorf("failed to delete repository %d: %w", repo.ID, err) + } + } + return nil +} diff --git a/internal/api/controller/space/list_repositories.go b/internal/api/controller/space/list_repositories.go index a4fe73da3..ba63f546d 100644 --- a/internal/api/controller/space/list_repositories.go +++ b/internal/api/controller/space/list_repositories.go @@ -14,9 +14,7 @@ import ( "github.com/harness/gitness/types/enum" ) -/* -* ListRepositories lists the repositories of a space. - */ +// ListRepositories lists the repositories of a space. func (c *Controller) ListRepositories(ctx context.Context, session *auth.Session, spaceRef string, filter *types.RepoFilter) ([]*types.Repository, int64, error) { space, err := c.spaceStore.FindByRef(ctx, spaceRef) @@ -27,13 +25,18 @@ func (c *Controller) ListRepositories(ctx context.Context, session *auth.Session if err = apiauth.CheckSpace(ctx, c.authorizer, session, space, enum.PermissionRepoView, true); err != nil { return nil, 0, err } + return c.ListRepositoriesNoAuth(ctx, space.ID, filter) - count, err := c.repoStore.Count(ctx, space.ID, filter) +} + +// ListRepositoriesNoAuth list repositories WITHOUT checking for PermissionRepoView. +func (c *Controller) ListRepositoriesNoAuth(ctx context.Context, spaceID int64, filter *types.RepoFilter) ([]*types.Repository, int64, error) { + count, err := c.repoStore.Count(ctx, spaceID, filter) if err != nil { return nil, 0, fmt.Errorf("failed to count child repos: %w", err) } - repos, err := c.repoStore.List(ctx, space.ID, filter) + repos, err := c.repoStore.List(ctx, spaceID, filter) if err != nil { return nil, 0, fmt.Errorf("failed to list child repos: %w", err) } diff --git a/internal/api/controller/space/list_spaces.go b/internal/api/controller/space/list_spaces.go index 286c6a7b7..97e4b7220 100644 --- a/internal/api/controller/space/list_spaces.go +++ b/internal/api/controller/space/list_spaces.go @@ -14,9 +14,7 @@ import ( "github.com/harness/gitness/types/enum" ) -/* -* ListSpaces lists the child spaces of a space. - */ +// ListSpaces lists the child spaces of a space. func (c *Controller) ListSpaces(ctx context.Context, session *auth.Session, spaceRef string, filter *types.SpaceFilter) ([]*types.Space, int64, error) { space, err := c.spaceStore.FindByRef(ctx, spaceRef) @@ -27,13 +25,17 @@ func (c *Controller) ListSpaces(ctx context.Context, session *auth.Session, if err = apiauth.CheckSpace(ctx, c.authorizer, session, space, enum.PermissionSpaceView, true); err != nil { return nil, 0, err } + return c.ListSpacesNoAuth(ctx, space.ID, filter) +} - count, err := c.spaceStore.Count(ctx, space.ID, filter) +// List spaces WITHOUT checking PermissionSpaceView. +func (c *Controller) ListSpacesNoAuth(ctx context.Context, spaceID int64, filter *types.SpaceFilter) ([]*types.Space, int64, error) { + count, err := c.spaceStore.Count(ctx, spaceID, filter) if err != nil { return nil, 0, fmt.Errorf("failed to count child spaces: %w", err) } - spaces, err := c.spaceStore.List(ctx, space.ID, filter) + spaces, err := c.spaceStore.List(ctx, spaceID, filter) if err != nil { return nil, 0, fmt.Errorf("failed to list child spaces: %w", err) } diff --git a/internal/api/controller/space/wire.go b/internal/api/controller/space/wire.go index 782e350f3..f49648337 100644 --- a/internal/api/controller/space/wire.go +++ b/internal/api/controller/space/wire.go @@ -5,6 +5,7 @@ package space import ( + "github.com/harness/gitness/internal/api/controller/repo" "github.com/harness/gitness/internal/auth/authz" "github.com/harness/gitness/internal/store" "github.com/harness/gitness/internal/url" @@ -21,6 +22,6 @@ var WireSet = wire.NewSet( func ProvideController(db *sqlx.DB, urlProvider *url.Provider, uidCheck check.PathUID, authorizer authz.Authorizer, pathStore store.PathStore, spaceStore store.SpaceStore, repoStore store.RepoStore, - principalStore store.PrincipalStore) *Controller { - return NewController(db, urlProvider, uidCheck, authorizer, pathStore, spaceStore, repoStore, principalStore) + principalStore store.PrincipalStore, repoCtrl *repo.Controller) *Controller { + return NewController(db, urlProvider, uidCheck, authorizer, pathStore, spaceStore, repoStore, principalStore, repoCtrl) }