v3: expose repo access permissions in payload
This commit is contained in:
Konstantin Haase
parent
77ad196a86
commit
2b0ae177fa
|
|
@ -2,18 +2,27 @@ require 'travis/api/v3/access_control/generic'
|
||||||
|
|
||||||
module Travis::API::V3
|
module Travis::API::V3
|
||||||
class AccessControl::Scoped < AccessControl::Generic
|
class AccessControl::Scoped < AccessControl::Generic
|
||||||
attr_accessor :unscoped, :owner_name, :name
|
attr_accessor :unscoped, :anonymous, :owner_name, :name
|
||||||
|
|
||||||
def initialize(scope, unscoped)
|
def initialize(scope, unscoped)
|
||||||
@owner_name, @name = scope.split(?/.freeze, 2)
|
@owner_name, @name = scope.split(?/.freeze, 2)
|
||||||
@unscoped = unscoped
|
@unscoped = unscoped
|
||||||
|
@anonymous = AccessControl::Anonymous.new
|
||||||
end
|
end
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
||||||
def private_repository_visible?(repository)
|
def private_repository_visible?(repository)
|
||||||
|
scope_repository(repository).visible?(repository)
|
||||||
|
end
|
||||||
|
|
||||||
|
def repository_writable?(repository)
|
||||||
|
scope_repository(repository).writable?(repository)
|
||||||
|
end
|
||||||
|
|
||||||
|
def scope_repository(repository, method = caller_locations.first.base_label)
|
||||||
return false if name and repository.name != name
|
return false if name and repository.name != name
|
||||||
unscoped.visible?(repository) if repository.owner_name == owner_name
|
repository.owner_name == owner_name ? unscoped : anonymous
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -2,11 +2,12 @@ module Travis::API::V3
|
||||||
class Permissions::Generic
|
class Permissions::Generic
|
||||||
def self.access_rights
|
def self.access_rights
|
||||||
@access_rights ||= begin
|
@access_rights ||= begin
|
||||||
rights = superclass.respond_to?(:access_rights) ? superclass.access_rights.dup : []
|
rights = superclass.respond_to?(:access_rights) ? superclass.access_rights.dup : {}
|
||||||
public_instance_methods(false) do |method|
|
public_instance_methods(false).each do |method|
|
||||||
next unless method.to_s =~ /^([^_].+)\?$/
|
next unless method.to_s =~ /^([^_].+)\?$/
|
||||||
rights << $1.to_sym
|
rights[$1.to_sym] = method
|
||||||
end
|
end
|
||||||
|
rights
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -46,6 +47,10 @@ module Travis::API::V3
|
||||||
access_control.visible? object
|
access_control.visible? object
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def to_h
|
||||||
|
self.class.access_rights.map { |k,v| [k,!!public_send(v)] }.to_h
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def write?
|
def write?
|
||||||
|
|
|
||||||
|
|
@ -43,7 +43,7 @@ module Travis::API::V3
|
||||||
@script_name = script_name
|
@script_name = script_name
|
||||||
@include = include
|
@include = include
|
||||||
@included = included
|
@included = included
|
||||||
@access_control = access_control
|
@access_control = access_control || AccessControl::Anonymous.new
|
||||||
end
|
end
|
||||||
|
|
||||||
def href
|
def href
|
||||||
|
|
@ -74,13 +74,17 @@ module Travis::API::V3
|
||||||
nested_included = included + [model]
|
nested_included = included + [model]
|
||||||
modes = {}
|
modes = {}
|
||||||
|
|
||||||
|
if permissions = access_control.permissions(model) and (representation != :minimal or include? :@permissions)
|
||||||
|
result[:@permissions] = permissions.to_h
|
||||||
|
end
|
||||||
|
|
||||||
if include.any?
|
if include.any?
|
||||||
excepted_type = result[:@type].to_s
|
excepted_type = result[:@type].to_s
|
||||||
fields = fields.dup
|
fields = fields.dup
|
||||||
end
|
end
|
||||||
|
|
||||||
include.each do |qualified_field|
|
include.each do |qualified_field|
|
||||||
raise WrongParams, 'illegal format for include parameter'.freeze unless /\A(?<prefix>\w+)\.(?<field>\w+)\Z$/ =~ qualified_field
|
raise WrongParams, 'illegal format for include parameter'.freeze unless /\A(?<prefix>\w+)\.(?<field>@?\w+)\Z$/ =~ qualified_field
|
||||||
next if prefix != excepted_type
|
next if prefix != excepted_type
|
||||||
raise WrongParams, 'no field %p to include'.freeze % qualified_field unless self.class.available_attributes.include?(field)
|
raise WrongParams, 'no field %p to include'.freeze % qualified_field unless self.class.available_attributes.include?(field)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,11 @@ describe Travis::API::V3::Services::Owner::Find do
|
||||||
"repositories" => [{
|
"repositories" => [{
|
||||||
"@type" => "repository",
|
"@type" => "repository",
|
||||||
"@href" => "/v3/repo/#{repo.id}",
|
"@href" => "/v3/repo/#{repo.id}",
|
||||||
|
"@permissions" => {
|
||||||
|
"read" => true,
|
||||||
|
"enable" => false,
|
||||||
|
"disable" => false,
|
||||||
|
"create_request"=> false},
|
||||||
"id" => repo.id,
|
"id" => repo.id,
|
||||||
"name" => "example-repo",
|
"name" => "example-repo",
|
||||||
"slug" => "example-org/example-repo",
|
"slug" => "example-org/example-repo",
|
||||||
|
|
@ -76,6 +81,11 @@ describe Travis::API::V3::Services::Owner::Find do
|
||||||
"repositories" => [{
|
"repositories" => [{
|
||||||
"@type" => "repository",
|
"@type" => "repository",
|
||||||
"@href" => "/v3/repo/#{repo.id}",
|
"@href" => "/v3/repo/#{repo.id}",
|
||||||
|
"@permissions" => {
|
||||||
|
"read" => true,
|
||||||
|
"enable" => false,
|
||||||
|
"disable" => false,
|
||||||
|
"create_request"=> false},
|
||||||
"id" => repo.id,
|
"id" => repo.id,
|
||||||
"name" => "example-repo",
|
"name" => "example-repo",
|
||||||
"slug" => "example-org/example-repo",
|
"slug" => "example-org/example-repo",
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,11 @@ describe Travis::API::V3::Services::Owner::Repositories do
|
||||||
"repositories" => [{
|
"repositories" => [{
|
||||||
"@type" => "repository",
|
"@type" => "repository",
|
||||||
"@href" => "/v3/repo/#{repo.id}",
|
"@href" => "/v3/repo/#{repo.id}",
|
||||||
|
"@permissions" => {
|
||||||
|
"read" => true,
|
||||||
|
"enable" => false,
|
||||||
|
"disable" => false,
|
||||||
|
"create_request"=> false},
|
||||||
"id" => repo.id,
|
"id" => repo.id,
|
||||||
"name" => "minimal",
|
"name" => "minimal",
|
||||||
"slug" => "svenfuchs/minimal",
|
"slug" => "svenfuchs/minimal",
|
||||||
|
|
|
||||||
|
|
@ -3,11 +3,11 @@ require 'spec_helper'
|
||||||
describe Travis::API::V3::Services::Repositories::ForCurrentUser do
|
describe Travis::API::V3::Services::Repositories::ForCurrentUser do
|
||||||
let(:repo) { Repository.by_slug('svenfuchs/minimal').first }
|
let(:repo) { Repository.by_slug('svenfuchs/minimal').first }
|
||||||
|
|
||||||
let(:token) { Travis::Api::App::AccessToken.create(user: repo.owner, app_id: 1) }
|
let(:token) { Travis::Api::App::AccessToken.create(user: repo.owner, app_id: 1) }
|
||||||
let(:headers) {{ 'HTTP_AUTHORIZATION' => "token #{token}" }}
|
let(:headers) {{ 'HTTP_AUTHORIZATION' => "token #{token}" }}
|
||||||
before { Permission.create(repository: repo, user: repo.owner, pull: true) }
|
before { Permission.create(repository: repo, user: repo.owner, pull: true, push: true) }
|
||||||
before { repo.update_attribute(:private, true) }
|
before { repo.update_attribute(:private, true) }
|
||||||
after { repo.update_attribute(:private, false) }
|
after { repo.update_attribute(:private, false) }
|
||||||
|
|
||||||
describe "private repository, private API, authenticated as user with access" do
|
describe "private repository, private API, authenticated as user with access" do
|
||||||
before { get("/v3/repos", {}, headers) }
|
before { get("/v3/repos", {}, headers) }
|
||||||
|
|
@ -18,6 +18,11 @@ describe Travis::API::V3::Services::Repositories::ForCurrentUser do
|
||||||
"repositories" => [{
|
"repositories" => [{
|
||||||
"@type" => "repository",
|
"@type" => "repository",
|
||||||
"@href" => "/v3/repo/#{repo.id}",
|
"@href" => "/v3/repo/#{repo.id}",
|
||||||
|
"@permissions" => {
|
||||||
|
"read" => true,
|
||||||
|
"enable" => true,
|
||||||
|
"disable" => true,
|
||||||
|
"create_request"=> true},
|
||||||
"id" => repo.id,
|
"id" => repo.id,
|
||||||
"name" => "minimal",
|
"name" => "minimal",
|
||||||
"slug" => "svenfuchs/minimal",
|
"slug" => "svenfuchs/minimal",
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,11 @@ describe Travis::API::V3::Services::Repository::Find do
|
||||||
example { expect(parsed_body).to be == {
|
example { expect(parsed_body).to be == {
|
||||||
"@type" => "repository",
|
"@type" => "repository",
|
||||||
"@href" => "/v3/repo/#{repo.id}",
|
"@href" => "/v3/repo/#{repo.id}",
|
||||||
|
"@permissions" => {
|
||||||
|
"read" => true,
|
||||||
|
"enable" => false,
|
||||||
|
"disable" => false,
|
||||||
|
"create_request"=> false},
|
||||||
"id" => repo.id,
|
"id" => repo.id,
|
||||||
"name" => "minimal",
|
"name" => "minimal",
|
||||||
"slug" => "svenfuchs/minimal",
|
"slug" => "svenfuchs/minimal",
|
||||||
|
|
@ -95,6 +100,11 @@ describe Travis::API::V3::Services::Repository::Find do
|
||||||
example { expect(parsed_body).to be == {
|
example { expect(parsed_body).to be == {
|
||||||
"@type" => "repository",
|
"@type" => "repository",
|
||||||
"@href" => "/v3/repo/#{repo.id}",
|
"@href" => "/v3/repo/#{repo.id}",
|
||||||
|
"@permissions" => {
|
||||||
|
"read" => true,
|
||||||
|
"enable" => false,
|
||||||
|
"disable" => false,
|
||||||
|
"create_request"=> false},
|
||||||
"id" => repo.id,
|
"id" => repo.id,
|
||||||
"name" => "minimal",
|
"name" => "minimal",
|
||||||
"slug" => "svenfuchs/minimal",
|
"slug" => "svenfuchs/minimal",
|
||||||
|
|
@ -165,6 +175,11 @@ describe Travis::API::V3::Services::Repository::Find do
|
||||||
example { expect(parsed_body).to be == {
|
example { expect(parsed_body).to be == {
|
||||||
"@type" => "repository",
|
"@type" => "repository",
|
||||||
"@href" => "/v3/repo/#{repo.id}",
|
"@href" => "/v3/repo/#{repo.id}",
|
||||||
|
"@permissions" => {
|
||||||
|
"read" => true,
|
||||||
|
"enable" => true,
|
||||||
|
"disable" => true,
|
||||||
|
"create_request"=> true},
|
||||||
"id" => repo.id,
|
"id" => repo.id,
|
||||||
"name" => "minimal",
|
"name" => "minimal",
|
||||||
"slug" => "svenfuchs/minimal",
|
"slug" => "svenfuchs/minimal",
|
||||||
|
|
@ -241,6 +256,11 @@ describe Travis::API::V3::Services::Repository::Find do
|
||||||
example { expect(parsed_body).to be == {
|
example { expect(parsed_body).to be == {
|
||||||
"@type" => "repository",
|
"@type" => "repository",
|
||||||
"@href" => "/v3/repo/#{repo.id}",
|
"@href" => "/v3/repo/#{repo.id}",
|
||||||
|
"@permissions" => {
|
||||||
|
"read" => true,
|
||||||
|
"enable" => true,
|
||||||
|
"disable" => true,
|
||||||
|
"create_request"=> true},
|
||||||
"id" => repo.id,
|
"id" => repo.id,
|
||||||
"name" => "minimal",
|
"name" => "minimal",
|
||||||
"slug" => "svenfuchs/minimal",
|
"slug" => "svenfuchs/minimal",
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user