USEFULL
/
drone
mirror of https://github.com/harness/drone.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: [CODE-2426]: Separate CODE Repo Create/Edit into distinct permissions (#2758)

pull/3576/head
Atefeh Mohseni Ejiyeh 2024-10-23 16:37:06 +00:00 committed by Harness
parent 0f3956696c
commit 0a35385255
6 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/api/controller/migrate/create_repo.go
View File

@ -185,7 +185,7 @@ func (c *Controller) spaceCheckAuth(
Identifier: "",
}
err = apiauth.Check(ctx, c.authorizer, session, scope, resource, enum.PermissionRepoEdit)
err = apiauth.Check(ctx, c.authorizer, session, scope, resource, enum.PermissionRepoCreate)
if err != nil {
return nil, fmt.Errorf("auth check failed: %w", err)
}

2
app/api/controller/repo/create.go
View File

@ -206,7 +206,7 @@ func (c *Controller) getSpaceCheckAuthRepoCreation(
session,
space,
enum.ResourceTypeRepo,
enum.PermissionRepoEdit,
enum.PermissionRepoCreate,
)
if err != nil {
return nil, fmt.Errorf("auth check failed: %w", err)

2
app/api/controller/repo/restore.go
View File

@ -46,7 +46,7 @@ func (c *Controller) Restore(
return nil, fmt.Errorf("failed to find repository: %w", err)
}
if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoEdit); err != nil {
if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoCreate); err != nil {
return nil, fmt.Errorf("access check failed: %w", err)
}

2
app/api/controller/space/import_repositories.go
View File

@ -82,7 +82,7 @@ func (c *Controller) ImportRepositories(
spaceRef string,
in *ImportRepositoriesInput,
) (ImportRepositoriesOutput, error) {
space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionRepoEdit)
space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionRepoCreate)
if err != nil {
return ImportRepositoriesOutput{}, err
}

1
types/enum/membership_role.go
View File

@ -64,6 +64,7 @@ var membershipRoleContributorPermissions = slices.Clip(slices.Insert(membershipR
))
var membershipRoleSpaceOwnerPermissions = slices.Clip(slices.Insert(membershipRoleReaderPermissions, 0,
PermissionRepoCreate,
PermissionRepoEdit,
PermissionRepoDelete,
PermissionRepoPush,

1
types/enum/permission.go
View File

@ -49,6 +49,7 @@ const (
----- REPOSITORY -----
*/
PermissionRepoView Permission = "repo_view"
PermissionRepoCreate Permission = "repo_create"
PermissionRepoEdit Permission = "repo_edit"
PermissionRepoDelete Permission = "repo_delete"
PermissionRepoPush Permission = "repo_push"