Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.

Commit

Permalink
feat: Adds permission check shortcut using repo.installed_by (#33)
Browse files Browse the repository at this point in the history 
* feat: Adds new option to check permission

* feat: Enhances permission check

* fix: Fixed permission check
  • Loading branch information
@frgfm
frgfm authored Nov 8, 2023
1 parent b7efdf0 commit 00e9192
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 9 deletions.
8 changes: 4 additions & 4 deletions src/app/api/api_v1/endpoints/guidelines.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ async def create_guideline(
telemetry_client.capture(user.id, event="guideline-creation", properties={"repo_id": payload.repo_id})
# Check if user is allowed
repo = cast(Repository, await repos.get(payload.repo_id, strict=True))
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
return await guidelines.create(GuidelineCreation(**payload.dict()))


Expand Down Expand Up @@ -65,7 +65,7 @@ async def update_guideline_content(
telemetry_client.capture(user.id, event="guideline-content", properties={"repo_id": guideline.repo_id})
# Check if user is allowed
repo = cast(Repository, await repos.get(guideline.repo_id, strict=True))
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
return guideline


Expand All @@ -82,7 +82,7 @@ async def update_guideline_order(
telemetry_client.capture(user.id, event="guideline-order", properties={"repo_id": guideline.repo_id})
# Check if user is allowed
repo = cast(Repository, await repos.get(guideline.repo_id, strict=True))
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
return guideline


Expand All @@ -98,5 +98,5 @@ async def delete_guideline(
telemetry_client.capture(user.id, event="guideline-deletion", properties={"repo_id": guideline.repo_id})
# Check if user is allowed
repo = cast(Repository, await repos.get(guideline.repo_id, strict=True))
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
await guidelines.delete(guideline_id)
6 changes: 3 additions & 3 deletions src/app/api/api_v1/endpoints/repos.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ async def reorder_repo_guidelines(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY, detail="Guideline IDs for that repo don't match."
)
# Check if user is allowed
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
# Update all order
return [
await guidelines.update(guideline_id, OrderUpdate(order=order_idx, updated_at=datetime.utcnow()))
Expand All @@ -99,7 +99,7 @@ async def disable_repo(
telemetry_client.capture(user.id, event="repo-disable", properties={"repo_id": repo_id})
# Check if user is allowed
repo = cast(Repository, await repos.get(repo_id, strict=True))
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
return await repos.update(repo_id, RepoUpdate(is_active=False))


Expand All @@ -113,7 +113,7 @@ async def enable_repo(
telemetry_client.capture(user.id, event="repo-enable", properties={"repo_id": repo_id})
# Check if user is allowed
repo = cast(Repository, await repos.get(repo_id, strict=True))
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token)
gh_client.check_user_permission(user, repo.full_name, repo.owner_id, payload.github_token, repo.installed_by)
return await repos.update(repo_id, RepoUpdate(is_active=True))


Expand Down
13 changes: 11 additions & 2 deletions src/app/services/github.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,18 @@ def get_permission(self, repo_name: str, user_name: str, github_token: str) -> s
return self._get(f"repos/{repo_name}/collaborators/{user_name}/permission", github_token)["role_name"]

def check_user_permission(
self, user: User, repo_full_name: str, repo_owner_id: int, github_token: Union[str, None]
self,
user: User,
repo_full_name: str,
repo_owner_id: int,
github_token: Union[str, None],
repo_installer_id: Union[int, None] = None,
) -> None:
if user.scope != UserScope.ADMIN and repo_owner_id != user.id:
if (
user.scope != UserScope.ADMIN
and repo_owner_id != user.id
and (not isinstance(repo_installer_id, int) or repo_installer_id != user.id)
):
if not isinstance(github_token, str):
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY, detail="Expected `github_token` to check access."
Expand Down

0 comments on commit 00e9192

Please sign in to comment.