besaid.zone
oppi.li
+11
appview/pulls/pulls.go
+11
appview/pulls/pulls.go
···
7
7
"fmt"
8
8
"log"
9
9
"net/http"
10
+
"slices"
10
11
"sort"
11
12
"strconv"
12
13
"strings"
···
24
25
"tangled.org/core/appview/xrpcclient"
25
26
"tangled.org/core/idresolver"
26
27
"tangled.org/core/patchutil"
28
+
"tangled.org/core/rbac"
27
29
"tangled.org/core/tid"
28
30
"tangled.org/core/types"
29
31
···
43
45
db *db.DB
44
46
config *config.Config
45
47
notifier notify.Notifier
48
+
enforcer *rbac.Enforcer
46
49
}
47
50
48
51
func New(
···
53
56
db *db.DB,
54
57
config *config.Config,
55
58
notifier notify.Notifier,
59
+
enforcer *rbac.Enforcer,
56
60
) *Pulls {
57
61
return &Pulls{
58
62
oauth: oauth,
···
62
66
db: db,
63
67
config: config,
64
68
notifier: notifier,
69
+
enforcer: enforcer,
65
70
}
66
71
}
67
72
···
326
331
branch = pull.PullSource.Branch
327
332
repo = pull.PullSource.Repo
328
333
} else {
334
+
return nil
335
+
}
336
+
337
+
// user can only delete branch if they are a collaborator in the repo that the branch belongs to
338
+
perms := s.enforcer.GetPermissionsInRepo(user.Did, repo.Knot, repo.DidSlashRepo())
339
+
if !slices.Contains(perms, "repo:push") {
329
340
return nil
330
341
}
331
342
+1
-1
appview/state/router.go
+1
-1
appview/state/router.go
···
258
258
}
259
259
260
260
func (s *State) PullsRouter(mw *middleware.Middleware) http.Handler {
261
-
pulls := pulls.New(s.oauth, s.repoResolver, s.pages, s.idResolver, s.db, s.config, s.notifier)
261
+
pulls := pulls.New(s.oauth, s.repoResolver, s.pages, s.idResolver, s.db, s.config, s.notifier, s.enforcer)
262
262
return pulls.Router(mw)
263
263
}
264
264