From 0911049fa502b5ccfb49cdb06e43d8fe60d8468c Mon Sep 17 00:00:00 2001
From: dzdidi <deniszalessky@gmail.com>
Date: Fri, 26 Jan 2024 15:02:37 +0000
Subject: [PATCH] advanced acl: draft

Signed-off-by: dzdidi <deniszalessky@gmail.com>
---
 src/home.js | 17 ++++++++++++++++-
 src/rpc.js  | 21 ++++++++-------------
 2 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/src/home.js b/src/home.js
index 078ec8d..24615d2 100644
--- a/src/home.js
+++ b/src/home.js
@@ -21,6 +21,19 @@ function shareWith (userId, branch = '*', permissions = 'rw') {
   if (permissions.split('').some(p => !['r', 'w'].includes(p))) {
     throw new Error('Permissions must be r, w or rw')
   }
+  // TODO: read file
+  // generate new conent
+  // merge with old file
+  // store file
+  //
+  // EXAMPLE:
+  // {
+  //   protectedBranches: ['master'],
+  //   ACL: {
+  //     '<userId>': { '<branch name | *>': 'r|w|rw' },
+  //     '*': { '*': 'r' }
+  //   }
+  // }
   fs.appendFileSync(`${APP_HOME}/.git-daemon-export-ok`, `${userId}\t${branch}\t${permissions}\n`)
 }
 
@@ -41,9 +54,11 @@ function getACL (name) {
   const res = {}
   for (const entry of entries) {
     const [userId, branch, permissions] = entry.split('\t')
-    res[userId] = { branch, permissions }
+    if (!res[userId]) res[userId] = []
+    res[userId].push({ branch, permissions })
   }
   return res
+  // TODO: have protected branch setting - the ACL must be assigned explicitly
 }
 
 function list (sharedOnly) {
diff --git a/src/rpc.js b/src/rpc.js
index e24ccca..253c644 100755
--- a/src/rpc.js
+++ b/src/rpc.js
@@ -98,7 +98,7 @@ module.exports = class RPC {
     })
   }
 
-  async parseReq(req) {
+  async parseReq(req, access, branch = '*') {
     let payload
     let request = JSON.parse(req.toString())
     const result = {
@@ -106,17 +106,12 @@ module.exports = class RPC {
       branch: request.body.data?.split('#')[0],
       url: request.body.url
     }
-    if (process.env.GIT_PEAR_AUTH) {
-      if (!request.header) throw new Error('You are not allowed to access this repo')
+    if (!process.env.GIT_PEAR_AUTH) return result
+    if (!request.header) throw new Error('You are not allowed to access this repo')
 
-      payload = await acl.getId({ ...request.body, payload: request.header })
-      const aclList = home.getACL(result.repoName)
-      // TODO: read specific permissions for the user
-      if (!Object.keys(aclList).includes(payload.userId)) {
-        throw new Error('You are not allowed to access this repo')
-      }
-    }
+    payload = await acl.getId({ ...request.body, payload: request.header })
+    const aclList = home.getACL(result.repoName)
+    const userACL = aclList[payload.userId]
+    if (!userACL) throw new Error('You are not allowed to access this repo')
 
-    return result
-  }
-}
+    if (result.branch !== 'master'