regnault.dev
appview: do not resolve handles for acl checks
oppi.li
+1
-1
appview/state/middleware.go
+1
-1
appview/state/middleware.go
+11
-6
appview/state/repo.go
+11
-6
appview/state/repo.go
···
584
}
585
}()
586
587
-
err = s.enforcer.AddCollaborator(collaboratorIdent.DID.String(), f.Knot, f.OwnerSlashRepo())
588
if err != nil {
589
w.Write([]byte(fmt.Sprint("failed to add collaborator: ", err)))
590
return
···
677
}()
678
679
// remove collaborator RBAC
680
-
repoCollaborators, err := s.enforcer.E.GetImplicitUsersForResourceByDomain(f.OwnerSlashRepo(), f.Knot)
681
if err != nil {
682
s.pages.Notice(w, "settings-delete", "Failed to remove collaborators")
683
return
684
}
685
for _, c := range repoCollaborators {
686
did := c[0]
687
-
s.enforcer.RemoveCollaborator(did, f.Knot, f.OwnerSlashRepo())
688
}
689
log.Println("removed collaborators")
690
691
// remove repo RBAC
692
-
err = s.enforcer.RemoveRepo(f.OwnerDid(), f.Knot, f.OwnerSlashRepo())
693
if err != nil {
694
s.pages.Notice(w, "settings-delete", "Failed to update RBAC rules")
695
return
···
777
778
isCollaboratorInviteAllowed := false
779
if user != nil {
780
-
ok, err := s.enforcer.IsCollaboratorInviteAllowed(user.Did, f.Knot, f.OwnerSlashRepo())
781
if err == nil && ok {
782
isCollaboratorInviteAllowed = true
783
}
···
873
return p
874
}
875
876
func (f *FullyResolvedRepo) Collaborators(ctx context.Context, s *State) ([]pages.Collaborator, error) {
877
-
repoCollaborators, err := s.enforcer.E.GetImplicitUsersForResourceByDomain(f.OwnerSlashRepo(), f.Knot)
878
if err != nil {
879
return nil, err
880
}
···
584
}
585
}()
586
587
+
err = s.enforcer.AddCollaborator(collaboratorIdent.DID.String(), f.Knot, f.DidSlashRepo())
588
if err != nil {
589
w.Write([]byte(fmt.Sprint("failed to add collaborator: ", err)))
590
return
···
677
}()
678
679
// remove collaborator RBAC
680
+
repoCollaborators, err := s.enforcer.E.GetImplicitUsersForResourceByDomain(f.DidSlashRepo(), f.Knot)
681
if err != nil {
682
s.pages.Notice(w, "settings-delete", "Failed to remove collaborators")
683
return
684
}
685
for _, c := range repoCollaborators {
686
did := c[0]
687
+
s.enforcer.RemoveCollaborator(did, f.Knot, f.DidSlashRepo())
688
}
689
log.Println("removed collaborators")
690
691
// remove repo RBAC
692
+
err = s.enforcer.RemoveRepo(f.OwnerDid(), f.Knot, f.DidSlashRepo())
693
if err != nil {
694
s.pages.Notice(w, "settings-delete", "Failed to update RBAC rules")
695
return
···
777
778
isCollaboratorInviteAllowed := false
779
if user != nil {
780
+
ok, err := s.enforcer.IsCollaboratorInviteAllowed(user.Did, f.Knot, f.DidSlashRepo())
781
if err == nil && ok {
782
isCollaboratorInviteAllowed = true
783
}
···
873
return p
874
}
875
876
+
func (f *FullyResolvedRepo) DidSlashRepo() string {
877
+
p, _ := securejoin.SecureJoin(f.OwnerDid(), f.RepoName)
878
+
return p
879
+
}
880
+
881
func (f *FullyResolvedRepo) Collaborators(ctx context.Context, s *State) ([]pages.Collaborator, error) {
882
+
repoCollaborators, err := s.enforcer.E.GetImplicitUsersForResourceByDomain(f.DidSlashRepo(), f.Knot)
883
if err != nil {
884
return nil, err
885
}
+1
-2
appview/state/repo_util.go
+1
-2
appview/state/repo_util.go
···
58
59
func RolesInRepo(s *State, u *auth.User, f *FullyResolvedRepo) pages.RolesInRepo {
60
if u != nil {
61
-
ownerSlashRepo := fmt.Sprintf("%s/%s", f.OwnerDid(), f.RepoName)
62
-
r := s.enforcer.GetPermissionsInRepo(u.Did, f.Knot, ownerSlashRepo)
63
return pages.RolesInRepo{r}
64
} else {
65
return pages.RolesInRepo{}