Fix repo access (#476)

* fix repo access

* fix permission syncing

server/api/stream.go

@@ -60,7 +60,7 @@ func EventStreamSSE(c *gin.Context) {
 	user := session.User(c)
 	repo := map[string]bool{}
 	if user != nil {
-		repos, _ := store.FromContext(c).RepoList(user)
+		repos, _ := store.FromContext(c).RepoList(user, false)
 		for _, r := range repos {
 			repo[r.FullName] = true
 		}

server/api/user.go

@@ -107,7 +107,7 @@ func GetRepos(c *gin.Context) {
 		}
 	}
 
-	repos, err := store.FromContext(c).RepoList(user)
+	repos, err := store.FromContext(c).RepoList(user, true)
 	if err != nil {
 		c.String(500, "Error fetching repository list. %s", err)
 		return

server/shared/userSyncer.go

@@ -82,9 +82,10 @@ func (s *Syncer) Sync(ctx context.Context, user *model.User) error {
 				Pull:   true,
 				Synced: unix,
 			}
-			if repo.Perm != nil {
-				perm.Push = repo.Perm.Push
-				perm.Admin = repo.Perm.Admin
+			remotePerm, err := s.Remote.Perm(ctx, user, repo.Owner, repo.Name)
+			if err == nil && remotePerm != nil {
+				perm.Push = remotePerm.Push
+				perm.Admin = remotePerm.Admin
 			}
 			perms = append(perms, &perm)
 		}

server/store/datastore/repos.go

@@ -54,8 +54,11 @@ func (db *datastore) DeleteRepo(repo *model.Repo) error {
 	return err
 }
 
-func (db *datastore) RepoList(user *model.User) ([]*model.Repo, error) {
+func (db *datastore) RepoList(user *model.User, owned bool) ([]*model.Repo, error) {
 	stmt := sql.Lookup(db.driver, "repo-find-user")
+	if owned {
+		stmt = sql.Lookup(db.driver, "repo-find-user-owned")
+	}
 	data := []*model.Repo{}
 	err := meddler.QueryAll(db, &data, stmt, user.ID)
 	return data, err

server/store/datastore/repos_test.go

@@ -164,7 +164,75 @@ func TestRepoList(t *testing.T) {
 		{UserID: user.ID, Repo: repo2.FullName},
 	})
 
-	repos, err := s.RepoList(user)
+	repos, err := s.RepoList(user, false)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	if got, want := len(repos), 2; got != want {
+		t.Errorf("Want %d repositories, got %d", want, got)
+	}
+	if got, want := repos[0].ID, repo1.ID; got != want {
+		t.Errorf("Want repository id %d, got %d", want, got)
+	}
+	if got, want := repos[1].ID, repo2.ID; got != want {
+		t.Errorf("Want repository id %d, got %d", want, got)
+	}
+}
+
+func TestOwnedRepoList(t *testing.T) {
+	s := newTest()
+	s.Exec("delete from repos")
+	s.Exec("delete from users")
+	s.Exec("delete from perms")
+
+	defer func() {
+		s.Exec("delete from repos")
+		s.Exec("delete from users")
+		s.Exec("delete from perms")
+		s.Close()
+	}()
+
+	user := &model.User{
+		Login: "joe",
+		Email: "foo@bar.com",
+		Token: "e42080dddf012c718e476da161d21ad5",
+	}
+	s.CreateUser(user)
+
+	repo1 := &model.Repo{
+		Owner:    "bradrydzewski",
+		Name:     "test",
+		FullName: "bradrydzewski/test",
+	}
+	repo2 := &model.Repo{
+		Owner:    "test",
+		Name:     "test",
+		FullName: "test/test",
+	}
+	repo3 := &model.Repo{
+		Owner:    "octocat",
+		Name:     "hello-world",
+		FullName: "octocat/hello-world",
+	}
+	repo4 := &model.Repo{
+		Owner:    "demo",
+		Name:     "demo",
+		FullName: "demo/demo",
+	}
+	s.CreateRepo(repo1)
+	s.CreateRepo(repo2)
+	s.CreateRepo(repo3)
+	s.CreateRepo(repo4)
+
+	s.PermBatch([]*model.Perm{
+		{UserID: user.ID, Repo: repo1.FullName, Push: true, Admin: false},
+		{UserID: user.ID, Repo: repo2.FullName, Push: false, Admin: true},
+		{UserID: user.ID, Repo: repo3.FullName},
+		{UserID: user.ID, Repo: repo4.FullName},
+	})
+
+	repos, err := s.RepoList(user, true)
 	if err != nil {
 		t.Error(err)
 		return
@@ -219,8 +287,8 @@ func TestRepoListLatest(t *testing.T) {
 	s.CreateRepo(repo3)
 
 	s.PermBatch([]*model.Perm{
-		{UserID: user.ID, Repo: repo1.FullName},
-		{UserID: user.ID, Repo: repo2.FullName},
+		{UserID: user.ID, Repo: repo1.FullName, Push: true, Admin: false},
+		{UserID: user.ID, Repo: repo2.FullName, Push: true, Admin: true},
 	})
 
 	build1 := &model.Build{

server/store/datastore/sql/mysql/files/feed.sql

@@ -28,6 +28,7 @@ FROM repos LEFT OUTER JOIN builds ON build_id = (
 )
 INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
 WHERE perms.perm_user_id = ?
+  AND (perms.perm_push = 1 OR perms.perm_admin = 1)
   AND repos.repo_active = true
 ORDER BY repo_full_name ASC;
 
@@ -57,5 +58,6 @@ FROM repos
 INNER JOIN perms  ON perms.perm_repo_id   = repos.repo_id
 INNER JOIN builds ON builds.build_repo_id = repos.repo_id
 WHERE perms.perm_user_id = ?
+  AND (perms.perm_push = 1 OR perms.perm_admin = 1)
 ORDER BY build_id DESC
 LIMIT 50

server/store/datastore/sql/mysql/files/repos.sql

@@ -32,6 +32,35 @@ INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
 WHERE perms.perm_user_id = ?
 ORDER BY repo_full_name ASC
 
+-- name: repo-find-user-owned
+
+SELECT
+ repo_id
+,repo_user_id
+,repo_owner
+,repo_name
+,repo_full_name
+,repo_avatar
+,repo_link
+,repo_clone
+,repo_branch
+,repo_timeout
+,repo_private
+,repo_trusted
+,repo_active
+,repo_allow_pr
+,repo_hash
+,repo_scm
+,repo_config_path
+,repo_gated
+,repo_visibility
+,repo_counter
+FROM repos
+INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
+WHERE perms.perm_user_id = ?
+  AND (perms.perm_push = 1 OR perms.perm_admin = 1)
+ORDER BY repo_full_name ASC
+
 -- name: repo-insert-ignore
 
 INSERT IGNORE INTO repos (

server/store/datastore/sql/mysql/sql_gen.go

@@ -36,6 +36,7 @@ var index = map[string]string{
 	"registry-delete":             registryDelete,
 	"repo-update-counter":         repoUpdateCounter,
 	"repo-find-user":              repoFindUser,
+	"repo-find-user-owned":        repoFindUserOwned,
 	"repo-insert-ignore":          repoInsertIgnore,
 	"repo-delete":                 repoDelete,
 	"secret-find-repo":            secretFindRepo,
@@ -134,6 +135,7 @@ FROM repos LEFT OUTER JOIN builds ON build_id = (
 )
 INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
 WHERE perms.perm_user_id = ?
+  AND (perms.perm_push = 1 OR perms.perm_admin = 1)
   AND repos.repo_active = true
 ORDER BY repo_full_name ASC;
 `
@@ -163,6 +165,7 @@ FROM repos
 INNER JOIN perms  ON perms.perm_repo_id   = repos.repo_id
 INNER JOIN builds ON builds.build_repo_id = repos.repo_id
 WHERE perms.perm_user_id = ?
+  AND (perms.perm_push = 1 OR perms.perm_admin = 1)
 ORDER BY build_id DESC
 LIMIT 50
 `
@@ -451,6 +454,35 @@ WHERE perms.perm_user_id = ?
 ORDER BY repo_full_name ASC
 `
 
+var repoFindUserOwned = `
+SELECT
+ repo_id
+,repo_user_id
+,repo_owner
+,repo_name
+,repo_full_name
+,repo_avatar
+,repo_link
+,repo_clone
+,repo_branch
+,repo_timeout
+,repo_private
+,repo_trusted
+,repo_active
+,repo_allow_pr
+,repo_hash
+,repo_scm
+,repo_config_path
+,repo_gated
+,repo_visibility
+,repo_counter
+FROM repos
+INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
+WHERE perms.perm_user_id = ?
+  AND (perms.perm_push = 1 OR perms.perm_admin = 1)
+ORDER BY repo_full_name ASC
+`
+
 var repoInsertIgnore = `
 INSERT IGNORE INTO repos (
  repo_user_id

server/store/datastore/sql/postgres/files/feed.sql

@@ -26,6 +26,7 @@ FROM repos LEFT OUTER JOIN (
 ) b ON b.build_repo_id = repos.repo_id
 INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
 WHERE perms.perm_user_id = $1
+  AND (perms.perm_push = true OR perms.perm_admin = true)
   AND repos.repo_active = TRUE
 ORDER BY repo_full_name ASC;
 
@@ -55,5 +56,6 @@ FROM repos
 INNER JOIN perms  ON perms.perm_repo_id   = repos.repo_id
 INNER JOIN builds ON builds.build_repo_id = repos.repo_id
 WHERE perms.perm_user_id = $1
+  AND (perms.perm_push = true OR perms.perm_admin = true)
 ORDER BY build_id DESC
 LIMIT 50

server/store/datastore/sql/postgres/files/repos.sql

@@ -32,6 +32,35 @@ INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
 WHERE perms.perm_user_id = $1
 ORDER BY repo_full_name ASC
 
+-- name: repo-find-user-owned
+
+SELECT
+ repo_id
+,repo_user_id
+,repo_owner
+,repo_name
+,repo_full_name
+,repo_avatar
+,repo_link
+,repo_clone
+,repo_branch
+,repo_timeout
+,repo_private
+,repo_trusted
+,repo_active
+,repo_allow_pr
+,repo_hash
+,repo_scm
+,repo_config_path
+,repo_gated
+,repo_visibility
+,repo_counter
+FROM repos
+INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
+WHERE perms.perm_user_id = $1
+  AND (perms.perm_push = true OR perms.perm_admin = true)
+ORDER BY repo_full_name ASC
+
 -- name: repo-insert-ignore
 
 INSERT INTO repos (

server/store/datastore/sql/postgres/sql_gen.go

@@ -36,6 +36,7 @@ var index = map[string]string{
 	"registry-delete":             registryDelete,
 	"repo-update-counter":         repoUpdateCounter,
 	"repo-find-user":              repoFindUser,
+	"repo-find-user-owned":        repoFindUserOwned,
 	"repo-insert-ignore":          repoInsertIgnore,
 	"repo-delete":                 repoDelete,
 	"secret-find-repo":            secretFindRepo,
@@ -132,6 +133,7 @@ FROM repos LEFT OUTER JOIN (
 ) b ON b.build_repo_id = repos.repo_id
 INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
 WHERE perms.perm_user_id = $1
+  AND (perms.perm_push = true OR perms.perm_admin = true)
   AND repos.repo_active = TRUE
 ORDER BY repo_full_name ASC;
 `
@@ -161,6 +163,7 @@ FROM repos
 INNER JOIN perms  ON perms.perm_repo_id   = repos.repo_id
 INNER JOIN builds ON builds.build_repo_id = repos.repo_id
 WHERE perms.perm_user_id = $1
+  AND (perms.perm_push = true OR perms.perm_admin = true)
 ORDER BY build_id DESC
 LIMIT 50
 `
@@ -454,6 +457,35 @@ WHERE perms.perm_user_id = $1
 ORDER BY repo_full_name ASC
 `
 
+var repoFindUserOwned = `
+SELECT
+ repo_id
+,repo_user_id
+,repo_owner
+,repo_name
+,repo_full_name
+,repo_avatar
+,repo_link
+,repo_clone
+,repo_branch
+,repo_timeout
+,repo_private
+,repo_trusted
+,repo_active
+,repo_allow_pr
+,repo_hash
+,repo_scm
+,repo_config_path
+,repo_gated
+,repo_visibility
+,repo_counter
+FROM repos
+INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
+WHERE perms.perm_user_id = $1
+  AND (perms.perm_push = true OR perms.perm_admin = true)
+ORDER BY repo_full_name ASC
+`
+
 var repoInsertIgnore = `
 INSERT INTO repos (
  repo_user_id

server/store/datastore/sql/sqlite/files/feed.sql

@@ -28,6 +28,7 @@ FROM repos LEFT OUTER JOIN builds ON build_id = (
 )
 INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
 WHERE perms.perm_user_id = ?
+  AND (perms.perm_push = 1 OR perms.perm_admin = 1)
   AND repos.repo_active = 1
 ORDER BY repo_full_name ASC;
 
@@ -57,5 +58,6 @@ FROM repos
 INNER JOIN perms  ON perms.perm_repo_id   = repos.repo_id
 INNER JOIN builds ON builds.build_repo_id = repos.repo_id
 WHERE perms.perm_user_id = ?
+  AND (perms.perm_push = 1 OR perms.perm_admin = 1)
 ORDER BY build_id DESC
 LIMIT 50

server/store/datastore/sql/sqlite/files/repos.sql

@@ -32,6 +32,35 @@ INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
 WHERE perms.perm_user_id = ?
 ORDER BY repo_full_name ASC
 
+-- name: repo-find-user-owned
+
+SELECT
+ repo_id
+,repo_user_id
+,repo_owner
+,repo_name
+,repo_full_name
+,repo_avatar
+,repo_link
+,repo_clone
+,repo_branch
+,repo_timeout
+,repo_private
+,repo_trusted
+,repo_active
+,repo_allow_pr
+,repo_hash
+,repo_scm
+,repo_config_path
+,repo_gated
+,repo_visibility
+,repo_counter
+FROM repos
+INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
+WHERE perms.perm_user_id = ?
+  AND (perms.perm_push = 1 OR perms.perm_admin = 1)
+ORDER BY repo_full_name ASC
+
 -- name: repo-insert-ignore
 
 INSERT OR IGNORE INTO repos (

server/store/datastore/sql/sqlite/sql_gen.go

@@ -36,6 +36,7 @@ var index = map[string]string{
 	"registry-delete":             registryDelete,
 	"repo-update-counter":         repoUpdateCounter,
 	"repo-find-user":              repoFindUser,
+	"repo-find-user-owned":        repoFindUserOwned,
 	"repo-insert-ignore":          repoInsertIgnore,
 	"repo-delete":                 repoDelete,
 	"secret-find-repo":            secretFindRepo,
@@ -134,6 +135,7 @@ FROM repos LEFT OUTER JOIN builds ON build_id = (
 )
 INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
 WHERE perms.perm_user_id = ?
+  AND (perms.perm_push = 1 OR perms.perm_admin = 1)
   AND repos.repo_active = 1
 ORDER BY repo_full_name ASC;
 `
@@ -163,6 +165,7 @@ FROM repos
 INNER JOIN perms  ON perms.perm_repo_id   = repos.repo_id
 INNER JOIN builds ON builds.build_repo_id = repos.repo_id
 WHERE perms.perm_user_id = ?
+  AND (perms.perm_push = 1 OR perms.perm_admin = 1)
 ORDER BY build_id DESC
 LIMIT 50
 `
@@ -451,6 +454,35 @@ WHERE perms.perm_user_id = ?
 ORDER BY repo_full_name ASC
 `
 
+var repoFindUserOwned = `
+SELECT
+ repo_id
+,repo_user_id
+,repo_owner
+,repo_name
+,repo_full_name
+,repo_avatar
+,repo_link
+,repo_clone
+,repo_branch
+,repo_timeout
+,repo_private
+,repo_trusted
+,repo_active
+,repo_allow_pr
+,repo_hash
+,repo_scm
+,repo_config_path
+,repo_gated
+,repo_visibility
+,repo_counter
+FROM repos
+INNER JOIN perms ON perms.perm_repo_id = repos.repo_id
+WHERE perms.perm_user_id = ?
+  AND (perms.perm_push = 1 OR perms.perm_admin = 1)
+ORDER BY repo_full_name ASC
+`
+
 var repoInsertIgnore = `
 INSERT OR IGNORE INTO repos (
  repo_user_id

server/store/datastore/users_test.go

@@ -211,8 +211,8 @@ func TestUsers(t *testing.T) {
 			s.CreateRepo(repo3)
 
 			s.PermBatch([]*model.Perm{
-				{UserID: user.ID, Repo: repo1.FullName},
-				{UserID: user.ID, Repo: repo2.FullName},
+				{UserID: user.ID, Repo: repo1.FullName, Push: true, Admin: false},
+				{UserID: user.ID, Repo: repo2.FullName, Push: false, Admin: true},
 			})
 
 			build1 := &model.Build{

server/store/store.go

@@ -100,8 +100,8 @@ type Store interface {
 
 	UserFeed(*model.User) ([]*model.Feed, error)
 
-	RepoList(*model.User) ([]*model.Repo, error)
-	RepoListLatest(*model.User) ([]*model.Feed, error)
+	RepoList(user *model.User, owned bool) ([]*model.Repo, error)
+	RepoListLatest(user *model.User) ([]*model.Feed, error)
 	RepoBatch([]*model.Repo) error
 
 	PermFind(user *model.User, repo *model.Repo) (*model.Perm, error)