edent.tel / core
forked from tangled.org/core
this repo has no description
fork atom

rbac,knotserver: move `ThisServer` const to rbac pkg

Signed-off-by: oppiliappan <me@oppi.li>

authored by oppi.li and committed by Tangled dee839bf 2a339ede

options
unified split
Changed files
+14 -13
knotserver
ingester.go
internal.go
routes.go
util.go
rbac
rbac.go
+3 -2
knotserver/ingester.go
··· 21 "tangled.sh/tangled.sh/core/knotserver/db" 22 "tangled.sh/tangled.sh/core/knotserver/git" 23 "tangled.sh/tangled.sh/core/log" 24 "tangled.sh/tangled.sh/core/workflow" 25 ) 26 ··· 46 return fmt.Errorf("domain mismatch: %s != %s", record.Domain, h.c.Server.Hostname) 47 } 48 49 - ok, err := h.e.E.Enforce(did, ThisServer, ThisServer, "server:invite") 50 if err != nil || !ok { 51 l.Error("failed to add member", "did", did) 52 return fmt.Errorf("failed to enforce permissions: %w", err) 53 } 54 55 - if err := h.e.AddKnotMember(ThisServer, record.Subject); err != nil { 56 l.Error("failed to add member", "error", err) 57 return fmt.Errorf("failed to add member: %w", err) 58 }
··· 21 "tangled.sh/tangled.sh/core/knotserver/db" 22 "tangled.sh/tangled.sh/core/knotserver/git" 23 "tangled.sh/tangled.sh/core/log" 24 + "tangled.sh/tangled.sh/core/rbac" 25 "tangled.sh/tangled.sh/core/workflow" 26 ) 27 ··· 47 return fmt.Errorf("domain mismatch: %s != %s", record.Domain, h.c.Server.Hostname) 48 } 49 50 + ok, err := h.e.E.Enforce(did, rbac.ThisServer, rbac.ThisServer, "server:invite") 51 if err != nil || !ok { 52 l.Error("failed to add member", "did", did) 53 return fmt.Errorf("failed to enforce permissions: %w", err) 54 } 55 56 + if err := h.e.AddKnotMember(rbac.ThisServer, record.Subject); err != nil { 57 l.Error("failed to add member", "error", err) 58 return fmt.Errorf("failed to add member: %w", err) 59 }
+1 -1
knotserver/internal.go
··· 38 return 39 } 40 41 - ok, err := h.e.IsPushAllowed(user, ThisServer, repo) 42 if err != nil || !ok { 43 w.WriteHeader(http.StatusForbidden) 44 return
··· 38 return 39 } 40 41 + ok, err := h.e.IsPushAllowed(user, rbac.ThisServer, repo) 42 if err != nil || !ok { 43 w.WriteHeader(http.StatusForbidden) 44 return
+6 -5
knotserver/routes.go
··· 29 "tangled.sh/tangled.sh/core/knotserver/db" 30 "tangled.sh/tangled.sh/core/knotserver/git" 31 "tangled.sh/tangled.sh/core/patchutil" 32 "tangled.sh/tangled.sh/core/types" 33 ) 34 ··· 674 } 675 676 // add perms for this user to access the repo 677 - err = h.e.AddRepo(did, ThisServer, relativeRepoPath) 678 if err != nil { 679 l.Error("adding repo permissions", "error", err.Error()) 680 writeError(w, err.Error(), http.StatusInternalServerError) ··· 892 } 893 894 // add perms for this user to access the repo 895 - err = h.e.AddRepo(did, ThisServer, relativeRepoPath) 896 if err != nil { 897 l.Error("adding repo permissions", "error", err.Error()) 898 writeError(w, err.Error(), http.StatusInternalServerError) ··· 1146 } 1147 h.jc.AddDid(did) 1148 1149 - if err := h.e.AddKnotMember(ThisServer, did); err != nil { 1150 l.Error("adding member", "error", err.Error()) 1151 writeError(w, err.Error(), http.StatusInternalServerError) 1152 return ··· 1184 h.jc.AddDid(data.Did) 1185 1186 repoName, _ := securejoin.SecureJoin(ownerDid, repo) 1187 - if err := h.e.AddCollaborator(data.Did, ThisServer, repoName); err != nil { 1188 l.Error("adding repo collaborator", "error", err.Error()) 1189 writeError(w, err.Error(), http.StatusInternalServerError) 1190 return ··· 1281 } 1282 h.jc.AddDid(data.Did) 1283 1284 - if err := h.e.AddKnotOwner(ThisServer, data.Did); err != nil { 1285 l.Error("adding owner", "error", err.Error()) 1286 writeError(w, err.Error(), http.StatusInternalServerError) 1287 return
··· 29 "tangled.sh/tangled.sh/core/knotserver/db" 30 "tangled.sh/tangled.sh/core/knotserver/git" 31 "tangled.sh/tangled.sh/core/patchutil" 32 + "tangled.sh/tangled.sh/core/rbac" 33 "tangled.sh/tangled.sh/core/types" 34 ) 35 ··· 675 } 676 677 // add perms for this user to access the repo 678 + err = h.e.AddRepo(did, rbac.ThisServer, relativeRepoPath) 679 if err != nil { 680 l.Error("adding repo permissions", "error", err.Error()) 681 writeError(w, err.Error(), http.StatusInternalServerError) ··· 893 } 894 895 // add perms for this user to access the repo 896 + err = h.e.AddRepo(did, rbac.ThisServer, relativeRepoPath) 897 if err != nil { 898 l.Error("adding repo permissions", "error", err.Error()) 899 writeError(w, err.Error(), http.StatusInternalServerError) ··· 1147 } 1148 h.jc.AddDid(did) 1149 1150 + if err := h.e.AddKnotMember(rbac.ThisServer, did); err != nil { 1151 l.Error("adding member", "error", err.Error()) 1152 writeError(w, err.Error(), http.StatusInternalServerError) 1153 return ··· 1185 h.jc.AddDid(data.Did) 1186 1187 repoName, _ := securejoin.SecureJoin(ownerDid, repo) 1188 + if err := h.e.AddCollaborator(data.Did, rbac.ThisServer, repoName); err != nil { 1189 l.Error("adding repo collaborator", "error", err.Error()) 1190 writeError(w, err.Error(), http.StatusInternalServerError) 1191 return ··· 1282 } 1283 h.jc.AddDid(data.Did) 1284 1285 + if err := h.e.AddKnotOwner(rbac.ThisServer, data.Did); err != nil { 1286 l.Error("adding owner", "error", err.Error()) 1287 writeError(w, err.Error(), http.StatusInternalServerError) 1288 return
-5
knotserver/util.go
··· 8 "github.com/bluesky-social/indigo/atproto/syntax" 9 securejoin "github.com/cyphar/filepath-securejoin" 10 "github.com/go-chi/chi/v5" 11 - "github.com/microcosm-cc/bluemonday" 12 ) 13 - 14 - func sanitize(content []byte) []byte { 15 - return bluemonday.UGCPolicy().SanitizeBytes([]byte(content)) 16 - } 17 18 func didPath(r *http.Request) string { 19 did := chi.URLParam(r, "did")
··· 8 "github.com/bluesky-social/indigo/atproto/syntax" 9 securejoin "github.com/cyphar/filepath-securejoin" 10 "github.com/go-chi/chi/v5" 11 ) 12 13 func didPath(r *http.Request) string { 14 did := chi.URLParam(r, "did")
+4
rbac/rbac.go
··· 11 ) 12 13 const ( 14 Model = ` 15 [request_definition] 16 r = sub, dom, obj, act
··· 11 ) 12 13 const ( 14 + ThisServer = "thisserver" // resource identifier for local rbac enforcement 15 + ) 16 + 17 + const ( 18 Model = ` 19 [request_definition] 20 r = sub, dom, obj, act