Use repo edit and repo view permissions for space label handling (#2569)

* Use repo edit and repo view permissions for space label handling

app/api/controller/space/label_define.go

@@ -30,7 +30,7 @@ func (c *Controller) DefineLabel(
 	spaceRef string,
 	in *types.DefineLabelInput,
 ) (*types.Label, error) {
-	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionSpaceEdit)
+	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionRepoEdit)
 	if err != nil {
 		return nil, fmt.Errorf("failed to acquire access to space: %w", err)
 	}

app/api/controller/space/label_delete.go

@@ -29,7 +29,7 @@ func (c *Controller) DeleteLabel(
 	spaceRef string,
 	key string,
 ) error {
-	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionSpaceEdit)
+	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionRepoEdit)
 	if err != nil {
 		return fmt.Errorf("failed to acquire access to space: %w", err)
 	}

app/api/controller/space/label_list.go

@@ -30,7 +30,7 @@ func (c *Controller) ListLabels(
 	spaceRef string,
 	filter *types.LabelFilter,
 ) ([]*types.Label, int64, error) {
-	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionSpaceView)
+	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionRepoView)
 	if err != nil {
 		return nil, 0, fmt.Errorf("failed to acquire access to space: %w", err)
 	}

app/api/controller/space/label_save.go

@@ -30,7 +30,7 @@ func (c *Controller) SaveLabel(
 	spaceRef string,
 	in *types.SaveInput,
 ) (*types.LabelWithValues, error) {
-	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionSpaceEdit)
+	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionRepoEdit)
 	if err != nil {
 		return nil, fmt.Errorf("failed to acquire access to space: %w", err)
 	}

app/api/controller/space/label_update.go

@@ -31,7 +31,7 @@ func (c *Controller) UpdateLabel(
 	key string,
 	in *types.UpdateLabelInput,
 ) (*types.Label, error) {
-	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionSpaceEdit)
+	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionRepoEdit)
 	if err != nil {
 		return nil, fmt.Errorf("failed to acquire access to space: %w", err)
 	}

app/api/controller/space/label_value_define.go

@@ -32,7 +32,7 @@ func (c *Controller) DefineLabelValue(
 	in *types.DefineValueInput,
 ) (*types.LabelValue, error) {
 	// TODO: permission check should be based on static vs dynamic label
-	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionSpaceEdit)
+	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionRepoEdit)
 	if err != nil {
 		return nil, fmt.Errorf("failed to acquire access to space: %w", err)
 	}

app/api/controller/space/label_value_delete.go

@@ -30,7 +30,7 @@ func (c *Controller) DeleteLabelValue(
 	key string,
 	value string,
 ) error {
-	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionSpaceEdit)
+	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionRepoEdit)
 	if err != nil {
 		return fmt.Errorf("failed to acquire access to space: %w", err)
 	}

app/api/controller/space/label_value_list.go

@@ -31,7 +31,7 @@ func (c *Controller) ListLabelValues(
 	key string,
 	filter *types.ListQueryFilter,
 ) ([]*types.LabelValue, error) {
-	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionSpaceView)
+	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionRepoView)
 	if err != nil {
 		return nil, fmt.Errorf("failed to acquire access to space: %w", err)
 	}

app/api/controller/space/label_value_update.go

@@ -32,7 +32,7 @@ func (c *Controller) UpdateLabelValue(
 	value string,
 	in *types.UpdateValueInput,
 ) (*types.LabelValue, error) {
-	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionSpaceEdit)
+	space, err := c.getSpaceCheckAuth(ctx, session, spaceRef, enum.PermissionRepoEdit)
 	if err != nil {
 		return nil, fmt.Errorf("failed to acquire access to space: %w", err)
 	}