diff options
| author | DanConwayDev <DanConwayDev@protonmail.com> | 2024-08-07 17:16:36 +0100 |
|---|---|---|
| committer | DanConwayDev <DanConwayDev@protonmail.com> | 2024-08-07 17:16:36 +0100 |
| commit | b06df0bfd2f79f8b1467cb0b640de0e64ec27679 (patch) | |
| tree | 315b57fb9fd1107b298e17576a31dc2ac987b5ba | |
| parent | 77f1a0895050a387b232ad5f8e7c5d6953f30bea (diff) | |
fix(remote): `push` apply proposal permissions
so that only the author and repo maintainers can push to a proposal
| -rw-r--r-- | src/git_remote_helper.rs | 65 |
1 files changed, 37 insertions, 28 deletions
diff --git a/src/git_remote_helper.rs b/src/git_remote_helper.rs index 06eeff5..eed8dd6 100644 --- a/src/git_remote_helper.rs +++ b/src/git_remote_helper.rs | |||
| @@ -667,34 +667,43 @@ async fn push( | |||
| 667 | let (ahead, behind) = git_repo | 667 | let (ahead, behind) = git_repo |
| 668 | .get_commits_ahead_behind(&tip_of_proposal_commit, &tip_of_pushed_branch)?; | 668 | .get_commits_ahead_behind(&tip_of_proposal_commit, &tip_of_pushed_branch)?; |
| 669 | if behind.is_empty() { | 669 | if behind.is_empty() { |
| 670 | let thread_id = if patches.len().eq(&1) { | 670 | if [repo_ref.maintainers.clone(), vec![proposal.author()]] |
| 671 | tip_patch.id() | 671 | .concat() |
| 672 | .contains(&user_ref.public_key) | ||
| 673 | { | ||
| 674 | let thread_id = if patches.len().eq(&1) { | ||
| 675 | tip_patch.id() | ||
| 676 | } else { | ||
| 677 | get_event_root(tip_patch)? | ||
| 678 | }; | ||
| 679 | let mut parent_patch = tip_patch.clone(); | ||
| 680 | for (i, commit) in ahead.iter().enumerate() { | ||
| 681 | let new_patch = generate_patch_event( | ||
| 682 | git_repo, | ||
| 683 | &git_repo.get_root_commit()?, | ||
| 684 | commit, | ||
| 685 | Some(thread_id), | ||
| 686 | &signer, | ||
| 687 | repo_ref, | ||
| 688 | Some(parent_patch.id()), | ||
| 689 | Some(( | ||
| 690 | (patches.len() + i + 1).try_into().unwrap(), | ||
| 691 | (patches.len() + ahead.len()).try_into().unwrap(), | ||
| 692 | )), | ||
| 693 | None, | ||
| 694 | &None, | ||
| 695 | &[], | ||
| 696 | ) | ||
| 697 | .await | ||
| 698 | .context("cannot make patch event from commit")?; | ||
| 699 | events.push(new_patch.clone()); | ||
| 700 | parent_patch = new_patch; | ||
| 701 | } | ||
| 672 | } else { | 702 | } else { |
| 673 | get_event_root(tip_patch)? | 703 | println!( |
| 674 | }; | 704 | "error {to} permission denied. you are not the proposal author or a repo maintainer" |
| 675 | // TODO do I have permission? | 705 | ); |
| 676 | let mut parent_patch = tip_patch.clone(); | 706 | rejected_proposal_refspecs.push(refspec.to_string()); |
| 677 | for (i, commit) in ahead.iter().enumerate() { | ||
| 678 | let new_patch = generate_patch_event( | ||
| 679 | git_repo, | ||
| 680 | &git_repo.get_root_commit()?, | ||
| 681 | commit, | ||
| 682 | Some(thread_id), | ||
| 683 | &signer, | ||
| 684 | repo_ref, | ||
| 685 | Some(parent_patch.id()), | ||
| 686 | Some(( | ||
| 687 | (patches.len() + i + 1).try_into().unwrap(), | ||
| 688 | (patches.len() + ahead.len()).try_into().unwrap(), | ||
| 689 | )), | ||
| 690 | None, | ||
| 691 | &None, | ||
| 692 | &[], | ||
| 693 | ) | ||
| 694 | .await | ||
| 695 | .context("cannot make patch event from commit")?; | ||
| 696 | events.push(new_patch.clone()); | ||
| 697 | parent_patch = new_patch; | ||
| 698 | } | 707 | } |
| 699 | } else { | 708 | } else { |
| 700 | // we shouldn't get here | 709 | // we shouldn't get here |
| @@ -712,7 +721,7 @@ async fn push( | |||
| 712 | } | 721 | } |
| 713 | } | 722 | } |
| 714 | } else { | 723 | } else { |
| 715 | // TODO new proposal / proposal no longeer open | 724 | // TODO new proposal / proposal no longer open |
| 716 | // / we couldn't | 725 | // / we couldn't |
| 717 | } | 726 | } |
| 718 | } | 727 | } |