use visibility to alter permissions

shcoderAlex · May 22, 2017 · b1cbe65 · b1cbe65
1 parent 9ed9f8f
commit b1cbe65
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 69 deletions.
diff --git a/model/const.go b/model/const.go
@@ -25,3 +25,9 @@ const (
 	RepoFossil   = "fossil"
 	RepoPerforce = "perforce"
 )
+
+const (
+	VisibilityPublic   = "public"
+	VisibilityPrivate  = "private"
+	VisibilityInternal = "internal"
+)
diff --git a/model/repo.go b/model/repo.go
@@ -41,6 +41,7 @@ type RepoPatch struct {
 	IsTrusted   *bool   `json:"trusted,omitempty"`
 	IsGated     *bool   `json:"gated,omitempty"`
 	Timeout     *int64  `json:"timeout,omitempty"`
+	Visibility  *string `json:"visibility,omitempty"`
 	AllowPull   *bool   `json:"allow_pr,omitempty"`
 	AllowPush   *bool   `json:"allow_push,omitempty"`
 	AllowDeploy *bool   `json:"allow_deploy,omitempty"`

diff --git a/router/middleware/session/repo.go b/router/middleware/session/repo.go
@@ -2,7 +2,6 @@ package session
 
 import (
 	"net/http"
-	"os"
 
 	"github.com/drone/drone/cache"
 	"github.com/drone/drone/model"
@@ -79,57 +78,31 @@ func Perm(c *gin.Context) *model.Perm {
 }
 
 func SetPerm() gin.HandlerFunc {
-	PUBLIC_MODE := os.Getenv("PUBLIC_MODE")
 
 	return func(c *gin.Context) {
 		user := User(c)
 		repo := Repo(c)
 		perm := &model.Perm{}
 
 		switch {
-		// if the user is not authenticated, and the
-		// repository is private, the user has NO permission
-		// to view the repository.
-		case user == nil && repo.IsPrivate == true:
-			perm.Pull = false
-			perm.Push = false
-			perm.Admin = false
-
-		// if the user is not authenticated, but the repository
-		// is public, the user has pull-rights only.
-		case user == nil && repo.IsPrivate == false:
-			perm.Pull = true
-			perm.Push = false
-			perm.Admin = false
-
-		case user.Admin:
+		case user != nil && user.Admin:
 			perm.Pull = true
 			perm.Push = true
 			perm.Admin = true
 
-		// otherwise if the user is authenticated we should
-		// check the remote system to get the users permissiosn.
-		default:
+		case user != nil:
 			var err error
 			perm, err = cache.GetPerms(c, user, repo.Owner, repo.Name)
 			if err != nil {
-				perm.Pull = false
-				perm.Push = false
-				perm.Admin = false
-
-				// debug
 				log.Errorf("Error fetching permission for %s %s",
 					user.Login, repo.FullName)
 			}
-			// if we couldn't fetch permissions, but the repository
-			// is public, we should grant the user pull access.
-			if err != nil && repo.IsPrivate == false {
-				perm.Pull = true
-			}
 		}
 
-		// all build logs are visible in public mode
-		if PUBLIC_MODE != "" {
+		switch {
+		case repo.Visibility == model.VisibilityPublic:
+			perm.Pull = true
+		case repo.Visibility == model.VisibilityInternal && user != nil:
 			perm.Pull = true
 		}
 

diff --git a/router/middleware/session/repo_test.go b/router/middleware/session/repo_test.go
@@ -1,44 +1,9 @@
 package session
 
 import (
-	"os"
 	"testing"
-
-	"github.com/drone/drone/model"
-	"github.com/franela/goblin"
-	"github.com/gin-gonic/gin"
 )
 
 func TestSetPerm(t *testing.T) {
-	g := goblin.Goblin(t)
-	g.Describe("SetPerm", func() {
-		g.BeforeEach(func() {
-			os.Unsetenv("PUBLIC_MODE")
-		})
-		g.It("Should set pull to false (private repo, user not logged in)", func() {
-			c := gin.Context{}
-			c.Set("repo", &model.Repo{
-				IsPrivate: true,
-			})
-			SetPerm()(&c)
-			v, ok := c.Get("perm")
-			g.Assert(ok).IsTrue("perm was not set")
-			p, ok := v.(*model.Perm)
-			g.Assert(ok).IsTrue("perm was the wrong type")
-			g.Assert(p.Pull).IsFalse("pull should be false")
-		})
-		g.It("Should set pull to true (private repo, user not logged in, public mode)", func() {
-			os.Setenv("PUBLIC_MODE", "true")
-			c := gin.Context{}
-			c.Set("repo", &model.Repo{
-				IsPrivate: true,
-			})
-			SetPerm()(&c)
-			v, ok := c.Get("perm")
-			g.Assert(ok).IsTrue("perm was not set")
-			p, ok := v.(*model.Perm)
-			g.Assert(ok).IsTrue("perm was the wrong type")
-			g.Assert(p.Pull).IsTrue("pull should be true")
-		})
-	})
+
 }
diff --git a/server/repo.go b/server/repo.go
@@ -55,11 +55,15 @@ func PostRepo(c *gin.Context) {
 	r.UserID = user.ID
 	r.AllowPush = true
 	r.AllowPull = true
+	r.Visibility = model.VisibilityPublic
 	r.Config = ".drone.yml"
 	r.Timeout = 60 // 1 hour default build time
 	r.Hash = base32.StdEncoding.EncodeToString(
 		securecookie.GenerateRandomKey(32),
 	)
+	if r.IsPrivate {
+		r.Visibility = model.VisibilityPrivate
+	}
 
 	// crates the jwt token used to verify the repository
 	t := token.New(token.HookToken, r.FullName)
@@ -132,6 +136,19 @@ func PatchRepo(c *gin.Context) {
 	if in.Config != nil {
 		repo.Config = *in.Config
 	}
+	if in.Visibility != nil {
+		switch *in.Visibility {
+		case model.VisibilityInternal:
+			repo.Visibility = model.VisibilityInternal
+		case model.VisibilityPrivate:
+			repo.Visibility = model.VisibilityPrivate
+		case model.VisibilityPublic:
+			repo.Visibility = model.VisibilityPublic
+		default:
+			c.String(400, "Invalid visibility type")
+			return
+		}
+	}
 
 	err := store.UpdateRepo(c, repo)
 	if err != nil {