diff --git a/cmd/server/flags.go b/cmd/server/flags.go index ab9982832..eeff5521d 100644 --- a/cmd/server/flags.go +++ b/cmd/server/flags.go @@ -211,6 +211,13 @@ var flags = []cli.Flag{ // // remote parameters // + &cli.BoolFlag{ + Name: "flat-permissions", + Usage: "no remote call for permissions should be made", + EnvVars: []string{"WOODPECKER_FLAT_PERMISSIONS"}, + Hidden: true, + // TODO(485) temporary workaround to not hit api rate limits + }, &cli.BoolFlag{ EnvVars: []string{"WOODPECKER_GITHUB"}, Name: "github", diff --git a/cmd/server/server.go b/cmd/server/server.go index e9591d98f..9e758ffbc 100644 --- a/cmd/server/server.go +++ b/cmd/server/server.go @@ -304,6 +304,9 @@ func setupEvilGlobals(c *cli.Context, v store.Store, r remote.Remote) { // prometheus server.Config.Prometheus.AuthToken = c.String("prometheus-auth-token") + + // TODO(485) temporary workaround to not hit api rate limits + server.Config.FlatPermissions = c.Bool("flat-permissions") } type authorizer struct { diff --git a/server/api/user.go b/server/api/user.go index 6fd10dbdd..ec26ae836 100644 --- a/server/api/user.go +++ b/server/api/user.go @@ -60,7 +60,7 @@ func GetFeed(c *gin.Context) { Perms: _store, Match: shared.NamespaceFilter(config.OwnersWhitelist), } - if err := sync.Sync(c, user); err != nil { + if err := sync.Sync(c, user, server.Config.FlatPermissions); err != nil { log.Debug().Msgf("sync error: %s: %s", user.Login, err) } else { log.Debug().Msgf("sync complete: %s", user.Login) @@ -110,7 +110,7 @@ func GetRepos(c *gin.Context) { Match: shared.NamespaceFilter(config.OwnersWhitelist), } - if err := sync.Sync(c, user); err != nil { + if err := sync.Sync(c, user, server.Config.FlatPermissions); err != nil { log.Debug().Msgf("sync error: %s: %s", user.Login, err) } else { log.Debug().Msgf("sync complete: %s", user.Login) diff --git a/server/config.go b/server/config.go index 91b9327f5..cf351791a 100644 --- a/server/config.go +++ b/server/config.go @@ -71,4 +71,5 @@ var Config = struct { Networks []string Privileged []string } + FlatPermissions bool // TODO(485) temporary workaround to not hit api rate limits }{} diff --git a/server/shared/userSyncer.go b/server/shared/userSyncer.go index a61c12d37..5cbef9f07 100644 --- a/server/shared/userSyncer.go +++ b/server/shared/userSyncer.go @@ -59,7 +59,7 @@ func (s *Syncer) SetFilter(fn FilterFunc) { s.Match = fn } -func (s *Syncer) Sync(ctx context.Context, user *model.User) error { +func (s *Syncer) Sync(ctx context.Context, user *model.User, flatPermissions bool) error { unix := time.Now().Unix() - (3601) // force immediate expiration. note 1 hour expiration is hard coded at the moment repos, err := s.Remote.Repos(ctx, user) if err != nil { @@ -75,13 +75,23 @@ func (s *Syncer) Sync(ctx context.Context, user *model.User) error { Repo: repo.FullName, Synced: unix, } - remotePerm, err := s.Remote.Perm(ctx, user, repo.Owner, repo.Name) - if err != nil { - return fmt.Errorf("could not fetch permission of repo '%s': %v", repo.FullName, err) + + // TODO(485) temporary workaround to not hit api rate limits + if flatPermissions { + if repo.Perm == nil { + repo.Perm.Pull = true + repo.Perm.Push = true + repo.Perm.Admin = true + } + } else { + remotePerm, err := s.Remote.Perm(ctx, user, repo.Owner, repo.Name) + if err != nil { + return fmt.Errorf("could not fetch permission of repo '%s': %v", repo.FullName, err) + } + repo.Perm.Pull = remotePerm.Pull + repo.Perm.Push = remotePerm.Push + repo.Perm.Admin = remotePerm.Admin } - repo.Perm.Pull = remotePerm.Pull - repo.Perm.Push = remotePerm.Push - repo.Perm.Admin = remotePerm.Admin remoteRepos = append(remoteRepos, repo) }