CODE 165-API for delete a space subspaces and their repositories

2025-05-20 19:09:59 +08:00 · 2023-05-02 16:47:09 -07:00 · 2023-05-02 16:47:09 -07:00 · a309f4ec9b
commit a309f4ec9b
parent 67048fb2c8
9 changed files with 108 additions and 37 deletions
--- a/cli/server/harness.wire_gen.go
+++ b/cli/server/harness.wire_gen.go
@ -7,7 +7,6 @@ package server

 import (
 	"context"
-
 	"github.com/harness/gitness/events"
 	"github.com/harness/gitness/gitrpc"
 	server2 "github.com/harness/gitness/gitrpc/server"
@ -94,16 +93,6 @@ func initSystem(ctx context.Context, config *types.Config) (*system, error) {
 		return nil, err
 	}
 	pathUID := check.ProvidePathUIDCheck()
-	spaceController := space.ProvideController(db, provider, pathUID, authorizer, pathStore, spaceStore, repoStore, principalStore)
-	accountClient, err := client.ProvideAccountClient(serviceJWTProvider, typesConfig)
-	if err != nil {
-		return nil, err
-	}
-	authenticator, err := authn.ProvideAuthenticator(controller, tokenClient, userClient, typesConfig, serviceAccountClient, serviceaccountController, serviceController, spaceController, accountClient)
-	if err != nil {
-		return nil, err
-	}
-	principalController := principal.NewController(principalStore)
 	gitrpcConfig, err := ProvideGitRPCClientConfig()
 	if err != nil {
 		return nil, err
@ -113,6 +102,16 @@ func initSystem(ctx context.Context, config *types.Config) (*system, error) {
 		return nil, err
 	}
 	repoController := repo.ProvideController(config, db, provider, pathUID, authorizer, pathStore, repoStore, spaceStore, principalStore, gitrpcInterface)
+	spaceController := space.ProvideController(db, provider, pathUID, authorizer, pathStore, spaceStore, repoStore, principalStore, repoController)
+	accountClient, err := client.ProvideAccountClient(serviceJWTProvider, typesConfig)
+	if err != nil {
+		return nil, err
+	}
+	authenticator, err := authn.ProvideAuthenticator(controller, tokenClient, userClient, typesConfig, serviceAccountClient, serviceaccountController, serviceController, spaceController, accountClient)
+	if err != nil {
+		return nil, err
+	}
+	principalController := principal.NewController(principalStore)
 	principalInfoView := database.ProvidePrincipalInfoView(db)
 	principalInfoCache := cache.ProvidePrincipalInfoCache(principalInfoView)
 	pullReqStore := database.ProvidePullReqStore(db, principalInfoCache)
--- a/cli/server/standalone.wire_gen.go
+++ b/cli/server/standalone.wire_gen.go
@ -7,7 +7,6 @@ package server

 import (
 	"context"
-
 	"github.com/harness/gitness/events"
 	"github.com/harness/gitness/gitrpc"
 	server2 "github.com/harness/gitness/gitrpc/server"
@ -77,7 +76,7 @@ func initSystem(ctx context.Context, config *types.Config) (*system, error) {
 		return nil, err
 	}
 	repoController := repo.ProvideController(config, db, provider, pathUID, authorizer, pathStore, repoStore, spaceStore, principalStore, gitrpcInterface)
-	spaceController := space.ProvideController(db, provider, pathUID, authorizer, pathStore, spaceStore, repoStore, principalStore)
+	spaceController := space.ProvideController(db, provider, pathUID, authorizer, pathStore, spaceStore, repoStore, principalStore, repoController)
 	principalInfoView := database.ProvidePrincipalInfoView(db)
 	principalInfoCache := cache.ProvidePrincipalInfoCache(principalInfoView)
 	pullReqStore := database.ProvidePullReqStore(db, principalInfoCache)
--- a/internal/api/controller/repo/delete.go
+++ b/internal/api/controller/repo/delete.go
@ -28,16 +28,20 @@ func (c *Controller) Delete(ctx context.Context, session *auth.Session, repoRef
 		return err
 	}

-	if err = c.DeleteRepositoryRPC(ctx, session, repo); err != nil {
+	return c.DeleteNoAuth(ctx, session, repo)
+}
+
+func (c *Controller) DeleteNoAuth(ctx context.Context, session *auth.Session, repo *types.Repository) error {
+	if err := c.DeleteRepositoryRPC(ctx, session, repo); err != nil {
 		return err
 	}

-	err = c.repoStore.Delete(ctx, repo.ID)
-	if err != nil {
+	if err := c.repoStore.Delete(ctx, repo.ID); err != nil {
 		return err
 	}
 	return nil
 }
+
 func (c *Controller) DeleteRepositoryRPC(ctx context.Context, session *auth.Session, repo *types.Repository) error {
 	writeParams, err := CreateRPCWriteParams(ctx, c.urlProvider, session, repo)
 	if err != nil {
--- a/internal/api/controller/space/controller.go
+++ b/internal/api/controller/space/controller.go
@ -5,6 +5,7 @@
 package space

 import (
+	"github.com/harness/gitness/internal/api/controller/repo"
 	"github.com/harness/gitness/internal/auth/authz"
 	"github.com/harness/gitness/internal/store"
 	"github.com/harness/gitness/internal/url"
@ -22,12 +23,14 @@ type Controller struct {
 	spaceStore     store.SpaceStore
 	repoStore      store.RepoStore
 	principalStore store.PrincipalStore
+	repoCtrl       *repo.Controller
 }

 func NewController(db *sqlx.DB, urlProvider *url.Provider,
 	uidCheck check.PathUID, authorizer authz.Authorizer,
 	pathStore store.PathStore, spaceStore store.SpaceStore,
-	repoStore store.RepoStore, principalStore store.PrincipalStore) *Controller {
+	repoStore store.RepoStore, principalStore store.PrincipalStore, repoCtrl *repo.Controller,
+) *Controller {
 	return &Controller{
 		db:             db,
 		urlProvider:    urlProvider,
@ -37,5 +40,6 @@ func NewController(db *sqlx.DB, urlProvider *url.Provider,
 		spaceStore:     spaceStore,
 		repoStore:      repoStore,
 		principalStore: principalStore,
+		repoCtrl:       repoCtrl,
 	}
 }
--- a/internal/api/controller/space/delete.go
+++ b/internal/api/controller/space/delete.go
@ -6,29 +6,54 @@ package space

 import (
 	"context"
+	"fmt"
+	"math"

 	apiauth "github.com/harness/gitness/internal/api/auth"
 	"github.com/harness/gitness/internal/auth"
+	"github.com/harness/gitness/types"
 	"github.com/harness/gitness/types/enum"
 )

-/*
-* Delete deletes a space.
- */
+// Delete deletes a space.
 func (c *Controller) Delete(ctx context.Context, session *auth.Session, spaceRef string) error {
 	space, err := c.spaceStore.FindByRef(ctx, spaceRef)
 	if err != nil {
 		return err
 	}
-
 	if err = apiauth.CheckSpace(ctx, c.authorizer, session, space, enum.PermissionSpaceDelete, false); err != nil {
 		return err
 	}
-
-	err = c.spaceStore.Delete(ctx, space.ID)
-	if err != nil {
-		return err
+	sfilter := &types.SpaceFilter{
+		Page:  1,
+		Size:  int(math.MaxInt),
+		Query: "",
+		Order: enum.OrderAsc,
+		Sort:  enum.SpaceAttrNone,
 	}
+	return c.DeleteNoAuth(ctx, session, space.ID, sfilter)
+}

+// DeleteNoAuth bypasses these permission
+// PermissionSpaceDelete, PermissionSpaceView, PermissionRepoView, PermissionRepoDelete
+func (c *Controller) DeleteNoAuth(ctx context.Context, session *auth.Session, spaceID int64, filter *types.SpaceFilter) error {
+	subSpaces, _, err := c.ListSpacesNoAuth(ctx, spaceID, filter)
+	if err != nil {
+		return fmt.Errorf("failed to list space %d sub spaces: %w", spaceID, err)
+	}
+	for _, space := range subSpaces {
+		err = c.DeleteNoAuth(ctx, session, space.ID, filter)
+		if err != nil {
+			return fmt.Errorf("failed to delete space %d: %w", space.ID, err)
+		}
+	}
+	err = c.deleteRepositoriesNoAuth(ctx, session, spaceID)
+	if err != nil {
+		return fmt.Errorf("failed to delete repositories of space %d: %w", spaceID, err)
+	}
+	err = c.spaceStore.Delete(ctx, spaceID)
+	if err != nil {
+		return fmt.Errorf("spaceStore failed to delete space %d: %w", spaceID, err)
+	}
 	return nil
 }
--- a/internal/api/controller/space/delete_repositories.go
+++ b/internal/api/controller/space/delete_repositories.go
@ -0,0 +1,34 @@
+package space
+
+import (
+	"context"
+	"fmt"
+	"math"
+
+	"github.com/harness/gitness/internal/auth"
+	"github.com/harness/gitness/types"
+	"github.com/harness/gitness/types/enum"
+)
+
+// deleteRepositoriesNoAuth does not check PermissionRepoView, and PermissionRepoDelete permissions
+// Call this through Delete(Space) api to make sure the caller has DeleteSpace permission
+func (c *Controller) deleteRepositoriesNoAuth(ctx context.Context, session *auth.Session, spaceID int64) error {
+	filter := &types.RepoFilter{
+		Page:  1,
+		Size:  int(math.MaxInt),
+		Query: "",
+		Order: enum.OrderAsc,
+		Sort:  enum.RepoAttrNone,
+	}
+	repos, _, err := c.ListRepositoriesNoAuth(ctx, spaceID, filter)
+	if err != nil {
+		return fmt.Errorf("failed to list space repositories: %w", err)
+	}
+	for _, repo := range repos {
+		err = c.repoCtrl.DeleteNoAuth(ctx, session, repo)
+		if err != nil {
+			return fmt.Errorf("failed to delete repository %d: %w", repo.ID, err)
+		}
+	}
+	return nil
+}
--- a/internal/api/controller/space/list_repositories.go
+++ b/internal/api/controller/space/list_repositories.go
@ -14,9 +14,7 @@ import (
 	"github.com/harness/gitness/types/enum"
 )

-/*
-* ListRepositories lists the repositories of a space.
- */
+// ListRepositories lists the repositories of a space.
 func (c *Controller) ListRepositories(ctx context.Context, session *auth.Session,
 	spaceRef string, filter *types.RepoFilter) ([]*types.Repository, int64, error) {
 	space, err := c.spaceStore.FindByRef(ctx, spaceRef)
@ -27,13 +25,18 @@ func (c *Controller) ListRepositories(ctx context.Context, session *auth.Session
 	if err = apiauth.CheckSpace(ctx, c.authorizer, session, space, enum.PermissionRepoView, true); err != nil {
 		return nil, 0, err
 	}
+	return c.ListRepositoriesNoAuth(ctx, space.ID, filter)

-	count, err := c.repoStore.Count(ctx, space.ID, filter)
+}
+
+// ListRepositoriesNoAuth list repositories WITHOUT checking for PermissionRepoView.
+func (c *Controller) ListRepositoriesNoAuth(ctx context.Context, spaceID int64, filter *types.RepoFilter) ([]*types.Repository, int64, error) {
+	count, err := c.repoStore.Count(ctx, spaceID, filter)
 	if err != nil {
 		return nil, 0, fmt.Errorf("failed to count child repos: %w", err)
 	}

-	repos, err := c.repoStore.List(ctx, space.ID, filter)
+	repos, err := c.repoStore.List(ctx, spaceID, filter)
 	if err != nil {
 		return nil, 0, fmt.Errorf("failed to list child repos: %w", err)
 	}
--- a/internal/api/controller/space/list_spaces.go
+++ b/internal/api/controller/space/list_spaces.go
@ -14,9 +14,7 @@ import (
 	"github.com/harness/gitness/types/enum"
 )

-/*
-* ListSpaces lists the child spaces of a space.
- */
+// ListSpaces lists the child spaces of a space.
 func (c *Controller) ListSpaces(ctx context.Context, session *auth.Session,
 	spaceRef string, filter *types.SpaceFilter) ([]*types.Space, int64, error) {
 	space, err := c.spaceStore.FindByRef(ctx, spaceRef)
@ -27,13 +25,17 @@ func (c *Controller) ListSpaces(ctx context.Context, session *auth.Session,
 	if err = apiauth.CheckSpace(ctx, c.authorizer, session, space, enum.PermissionSpaceView, true); err != nil {
 		return nil, 0, err
 	}
+	return c.ListSpacesNoAuth(ctx, space.ID, filter)
+}

-	count, err := c.spaceStore.Count(ctx, space.ID, filter)
+// List spaces WITHOUT checking PermissionSpaceView.
+func (c *Controller) ListSpacesNoAuth(ctx context.Context, spaceID int64, filter *types.SpaceFilter) ([]*types.Space, int64, error) {
+	count, err := c.spaceStore.Count(ctx, spaceID, filter)
 	if err != nil {
 		return nil, 0, fmt.Errorf("failed to count child spaces: %w", err)
 	}

-	spaces, err := c.spaceStore.List(ctx, space.ID, filter)
+	spaces, err := c.spaceStore.List(ctx, spaceID, filter)
 	if err != nil {
 		return nil, 0, fmt.Errorf("failed to list child spaces: %w", err)
 	}
--- a/internal/api/controller/space/wire.go
+++ b/internal/api/controller/space/wire.go
@ -5,6 +5,7 @@
 package space

 import (
+	"github.com/harness/gitness/internal/api/controller/repo"
 	"github.com/harness/gitness/internal/auth/authz"
 	"github.com/harness/gitness/internal/store"
 	"github.com/harness/gitness/internal/url"
@ -21,6 +22,6 @@ var WireSet = wire.NewSet(

 func ProvideController(db *sqlx.DB, urlProvider *url.Provider, uidCheck check.PathUID, authorizer authz.Authorizer,
 	pathStore store.PathStore, spaceStore store.SpaceStore, repoStore store.RepoStore,
-	principalStore store.PrincipalStore) *Controller {
-	return NewController(db, urlProvider, uidCheck, authorizer, pathStore, spaceStore, repoStore, principalStore)
+	principalStore store.PrincipalStore, repoCtrl *repo.Controller) *Controller {
+	return NewController(db, urlProvider, uidCheck, authorizer, pathStore, spaceStore, repoStore, principalStore, repoCtrl)
 }