aljaz/gitpear
1
0
Fork 0
mirror of https://github.com/aljazceru/gitpear.git synced 2025-12-17 22:24:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

advanced acl: draft

Browse Source 
Signed-off-by: dzdidi <deniszalessky@gmail.com>
This commit is contained in:
dzdidi
2024-01-26 15:02:37 +00:00
parent 70b3a6c585
commit 0911049fa5
2 changed files with 24 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/rpc.js
View File

@@ -98,7 +98,7 @@ module.exports = class RPC {
})
}
async parseReq(req) {
async parseReq(req, access, branch = '*') {
let payload
let request = JSON.parse(req.toString())
const result = {
@@ -106,17 +106,12 @@ module.exports = class RPC {
branch: request.body.data?.split('#')[0],
url: request.body.url
}
if (process.env.GIT_PEAR_AUTH) {
if (!request.header) throw new Error('You are not allowed to access this repo')
if (!process.env.GIT_PEAR_AUTH) return result
if (!request.header) throw new Error('You are not allowed to access this repo')
payload = await acl.getId({ ...request.body, payload: request.header })
const aclList = home.getACL(result.repoName)
// TODO: read specific permissions for the user
if (!Object.keys(aclList).includes(payload.userId)) {
throw new Error('You are not allowed to access this repo')
}
}
payload = await acl.getId({ ...request.body, payload: request.header })
const aclList = home.getACL(result.repoName)
const userACL = aclList[payload.userId]
if (!userACL) throw new Error('You are not allowed to access this repo')
return result
}
}
if (result.branch !== 'master'