// Copyright 2023 Harness, Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package check import ( "context" "fmt" "github.com/harness/gitness/gitrpc" apiauth "github.com/harness/gitness/pkg/api/auth" "github.com/harness/gitness/pkg/api/usererror" "github.com/harness/gitness/pkg/auth" "github.com/harness/gitness/pkg/auth/authz" "github.com/harness/gitness/pkg/store" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" "github.com/jmoiron/sqlx" ) type Controller struct { db *sqlx.DB authorizer authz.Authorizer repoStore store.RepoStore checkStore store.CheckStore gitRPCClient gitrpc.Interface } func NewController( db *sqlx.DB, authorizer authz.Authorizer, repoStore store.RepoStore, checkStore store.CheckStore, gitRPCClient gitrpc.Interface, ) *Controller { return &Controller{ db: db, authorizer: authorizer, repoStore: repoStore, checkStore: checkStore, gitRPCClient: gitRPCClient, } } func (c *Controller) getRepoCheckAccess(ctx context.Context, session *auth.Session, repoRef string, reqPermission enum.Permission, ) (*types.Repository, error) { if repoRef == "" { return nil, usererror.BadRequest("A valid repository reference must be provided.") } repo, err := c.repoStore.FindByRef(ctx, repoRef) if err != nil { return nil, fmt.Errorf("failed to find repository: %w", err) } if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, reqPermission, false); err != nil { return nil, fmt.Errorf("access check failed: %w", err) } return repo, nil }