aljaz/gitpear
1
0
Fork 0
mirror of https://github.com/aljazceru/gitpear.git synced 2025-12-17 14:14:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

advanced acl: draft

Browse Source 
Signed-off-by: dzdidi <deniszalessky@gmail.com>
This commit is contained in:
dzdidi
2024-01-26 15:02:37 +00:00
parent 70b3a6c585
commit 0911049fa5
2 changed files with 24 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/home.js
View File

@@ -21,6 +21,19 @@ function shareWith (userId, branch = '*', permissions = 'rw') {
if (permissions.split('').some(p => !['r', 'w'].includes(p))) {
throw new Error('Permissions must be r, w or rw')
}
// TODO: read file
// generate new conent
// merge with old file
// store file
//
// EXAMPLE:
// {
// protectedBranches: ['master'],
// ACL: {
// '<userId>': { '<branch name | *>': 'r|w|rw' },
// '*': { '*': 'r' }
// }
// }
fs.appendFileSync(`${APP_HOME}/.git-daemon-export-ok`, `${userId}\t${branch}\t${permissions}\n`)
}
@@ -41,9 +54,11 @@ function getACL (name) {
const res = {}
for (const entry of entries) {
const [userId, branch, permissions] = entry.split('\t')
res[userId] = { branch, permissions }
if (!res[userId]) res[userId] = []
res[userId].push({ branch, permissions })
}
return res
// TODO: have protected branch setting - the ACL must be assigned explicitly
}
function list (sharedOnly) {

21
src/rpc.js
View File

@@ -98,7 +98,7 @@ module.exports = class RPC {
})
}
async parseReq(req) {
async parseReq(req, access, branch = '*') {
let payload
let request = JSON.parse(req.toString())
const result = {
@@ -106,17 +106,12 @@ module.exports = class RPC {
branch: request.body.data?.split('#')[0],
url: request.body.url
}
if (process.env.GIT_PEAR_AUTH) {
if (!request.header) throw new Error('You are not allowed to access this repo')
if (!process.env.GIT_PEAR_AUTH) return result
if (!request.header) throw new Error('You are not allowed to access this repo')
payload = await acl.getId({ ...request.body, payload: request.header })
const aclList = home.getACL(result.repoName)
// TODO: read specific permissions for the user
if (!Object.keys(aclList).includes(payload.userId)) {
throw new Error('You are not allowed to access this repo')
}
}
payload = await acl.getId({ ...request.body, payload: request.header })
const aclList = home.getACL(result.repoName)
const userACL = aclList[payload.userId]
if (!userACL) throw new Error('You are not allowed to access this repo')
return result
}
}
if (result.branch !== 'master'