sanin.dev / core
forked from tangled.org/core
this repo has no description
fork atom

appview: do not resolve handles for acl checks

oppi.li 57783f58 b4e433c5

options
unified split
Changed files
+13 -9
appview
state
middleware.go
repo.go
repo_util.go
+1 -1
appview/state/middleware.go
··· 152 152 return 153 153 } 154 154 155 - ok, err := s.enforcer.E.Enforce(actor.Did, f.Knot, f.OwnerSlashRepo(), requiredPerm) 155 + ok, err := s.enforcer.E.Enforce(actor.Did, f.Knot, f.DidSlashRepo(), requiredPerm) 156 156 if err != nil || !ok { 157 157 // we need a logged in user 158 158 log.Printf("%s does not have perms of a %s in repo %s", actor.Did, requiredPerm, f.OwnerSlashRepo())
+11 -6
appview/state/repo.go
··· 584 584 } 585 585 }() 586 586 587 - err = s.enforcer.AddCollaborator(collaboratorIdent.DID.String(), f.Knot, f.OwnerSlashRepo()) 587 + err = s.enforcer.AddCollaborator(collaboratorIdent.DID.String(), f.Knot, f.DidSlashRepo()) 588 588 if err != nil { 589 589 w.Write([]byte(fmt.Sprint("failed to add collaborator: ", err))) 590 590 return ··· 677 677 }() 678 678 679 679 // remove collaborator RBAC 680 - repoCollaborators, err := s.enforcer.E.GetImplicitUsersForResourceByDomain(f.OwnerSlashRepo(), f.Knot) 680 + repoCollaborators, err := s.enforcer.E.GetImplicitUsersForResourceByDomain(f.DidSlashRepo(), f.Knot) 681 681 if err != nil { 682 682 s.pages.Notice(w, "settings-delete", "Failed to remove collaborators") 683 683 return 684 684 } 685 685 for _, c := range repoCollaborators { 686 686 did := c[0] 687 - s.enforcer.RemoveCollaborator(did, f.Knot, f.OwnerSlashRepo()) 687 + s.enforcer.RemoveCollaborator(did, f.Knot, f.DidSlashRepo()) 688 688 } 689 689 log.Println("removed collaborators") 690 690 691 691 // remove repo RBAC 692 - err = s.enforcer.RemoveRepo(f.OwnerDid(), f.Knot, f.OwnerSlashRepo()) 692 + err = s.enforcer.RemoveRepo(f.OwnerDid(), f.Knot, f.DidSlashRepo()) 693 693 if err != nil { 694 694 s.pages.Notice(w, "settings-delete", "Failed to update RBAC rules") 695 695 return ··· 777 777 778 778 isCollaboratorInviteAllowed := false 779 779 if user != nil { 780 - ok, err := s.enforcer.IsCollaboratorInviteAllowed(user.Did, f.Knot, f.OwnerSlashRepo()) 780 + ok, err := s.enforcer.IsCollaboratorInviteAllowed(user.Did, f.Knot, f.DidSlashRepo()) 781 781 if err == nil && ok { 782 782 isCollaboratorInviteAllowed = true 783 783 } ··· 873 873 return p 874 874 } 875 875 876 + func (f *FullyResolvedRepo) DidSlashRepo() string { 877 + p, _ := securejoin.SecureJoin(f.OwnerDid(), f.RepoName) 878 + return p 879 + } 880 + 876 881 func (f *FullyResolvedRepo) Collaborators(ctx context.Context, s *State) ([]pages.Collaborator, error) { 877 - repoCollaborators, err := s.enforcer.E.GetImplicitUsersForResourceByDomain(f.OwnerSlashRepo(), f.Knot) 882 + repoCollaborators, err := s.enforcer.E.GetImplicitUsersForResourceByDomain(f.DidSlashRepo(), f.Knot) 878 883 if err != nil { 879 884 return nil, err 880 885 }
+1 -2
appview/state/repo_util.go
··· 58 58 59 59 func RolesInRepo(s *State, u *auth.User, f *FullyResolvedRepo) pages.RolesInRepo { 60 60 if u != nil { 61 - ownerSlashRepo := fmt.Sprintf("%s/%s", f.OwnerDid(), f.RepoName) 62 - r := s.enforcer.GetPermissionsInRepo(u.Did, f.Knot, ownerSlashRepo) 61 + r := s.enforcer.GetPermissionsInRepo(u.Did, f.Knot, f.DidSlashRepo()) 63 62 return pages.RolesInRepo{r} 64 63 } else { 65 64 return pages.RolesInRepo{}