HomeLab/ForgeBucket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

repo permissions section is not functional

Browse Source
This commit is contained in:
erangel1
2026-05-07 14:49:47 +02:00
parent 8cb918b064
commit 5e60b814ed
14 changed files with 584 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.repos/3/demo-repo.git/logs/refs/heads/main
+1
View File
@@ -1 +1,2 @@
822b85a78b17deb9373a3f5a802e9db2a9893846 eed5dac1a3ac99a4e127a1b3b74acedc8c6b2945 devtest <dev@test.com> 1778145720 +0200 commit: Update README via editor 822b85a78b17deb9373a3f5a802e9db2a9893846 eed5dac1a3ac99a4e127a1b3b74acedc8c6b2945 devtest <dev@test.com> 1778145720 +0200 commit: Update README via editor
eed5dac1a3ac99a4e127a1b3b74acedc8c6b2945 b8eb0c5e1ab3acc860bb55c75fcde31ab22b83dd testuser <testuser@http.[::1]:51142> 1778158078 +0200 push
.repos/3/demo-repo.git/objects/0c/ab0d84bbc6c67a04f7783fa5309e19e063085e
BIN
View File
Binary file not shown.
.repos/3/demo-repo.git/objects/9d/aeafb9864cf43055ae93beb0afd6c7d144bfa4
BIN
View File
Binary file not shown.
.repos/3/demo-repo.git/objects/b8/eb0c5e1ab3acc860bb55c75fcde31ab22b83dd
BIN
View File
Binary file not shown.
.repos/3/demo-repo.git/refs/heads/main
+1 -1
View File
@@ -1 +1 @@
eed5dac1a3ac99a4e127a1b3b74acedc8c6b2945 b8eb0c5e1ab3acc860bb55c75fcde31ab22b83dd
frontend/src/api/queries/members.ts
+65
View File
@@ -0,0 +1,65 @@
import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query'
import { z } from 'zod'
import { api } from '../client'
import type { RepoMember } from '../../types/api'
const memberSchema = z.object({
userId: z.number(),
username: z.string(),
avatarUrl: z.string().default(''),
permission: z.enum(['read', 'write', 'admin']),
isOwner: z.boolean(),
addedAt: z.string().default(''),
})
const membersSchema = z.array(memberSchema)
export function useRepoMembers(owner: string, repo: string) {
return useQuery({
queryKey: ['repos', owner, repo, 'members'],
queryFn: () =>
api.get<RepoMember[]>(`/api/v1/repos/${owner}/${repo}/members`, membersSchema),
enabled: Boolean(owner && repo),
})
}
export function useAddMember(owner: string, repo: string) {
const queryClient = useQueryClient()
return useMutation({
mutationFn: (data: { username: string; permission: string }) =>
api.post<RepoMember>(
`/api/v1/repos/${owner}/${repo}/members`,
memberSchema,
data,
),
onSuccess: () =>
queryClient.invalidateQueries({ queryKey: ['repos', owner, repo, 'members'] }),
})
}
export function useUpdateMember(owner: string, repo: string) {
const queryClient = useQueryClient()
return useMutation({
mutationFn: ({ username, permission }: { username: string; permission: string }) =>
api.patch<RepoMember>(
`/api/v1/repos/${owner}/${repo}/members/${username}`,
memberSchema,
{ permission },
),
onSuccess: () =>
queryClient.invalidateQueries({ queryKey: ['repos', owner, repo, 'members'] }),
})
}
export function useRemoveMember(owner: string, repo: string) {
const queryClient = useQueryClient()
return useMutation({
mutationFn: (username: string) =>
api.delete(
`/api/v1/repos/${owner}/${repo}/members/${username}`,
z.any(),
),
onSuccess: () =>
queryClient.invalidateQueries({ queryKey: ['repos', owner, repo, 'members'] }),
})
}
frontend/src/pages/RepoSettingsPage.tsx
+213 -4
View File
@@ -1,7 +1,9 @@
import { useState, useEffect, useRef, useCallback } from 'react' import { useState, useEffect, useRef, useCallback } from 'react'
import { useParams, Link, useNavigate, useSearchParams } from 'react-router-dom' import { useParams, Link, useNavigate, useSearchParams } from 'react-router-dom'
import { useRepo, useUpdateRepo, useDeleteRepo, useUploadRepoAvatar } from '../api/queries/repos' import { useRepo, useUpdateRepo, useDeleteRepo, useUploadRepoAvatar } from '../api/queries/repos'
import { useRepoMembers, useAddMember, useUpdateMember, useRemoveMember } from '../api/queries/members'
import { useRecentRepos } from '../hooks/useRecentRepos' import { useRecentRepos } from '../hooks/useRecentRepos'
import { useAuth } from '../contexts/AuthContext'
import { Skeleton } from '../ui/Skeleton' import { Skeleton } from '../ui/Skeleton'
import { RepoAvatar } from '../ui/RepoAvatar' import { RepoAvatar } from '../ui/RepoAvatar'
@@ -128,10 +130,9 @@ export default function RepoSettingsPage() {
{SIDEBAR.map(g => g.items.map(i => <option key={i.id} value={i.id}>{g.group} {i.label}</option>))} {SIDEBAR.map(g => g.items.map(i => <option key={i.id} value={i.id}>{g.group} {i.label}</option>))}
</select> </select>
</div> </div>
{section === 'repository-details' {section === 'repository-details' && <RepositoryDetailsSection owner={owner} repo={repoName} />}
? <RepositoryDetailsSection owner={owner} repo={repoName} /> {section === 'repository-permissions' && <RepositoryPermissionsSection owner={owner} repo={repoName} />}
: <ComingSoon sectionId={section} /> {section !== 'repository-details' && section !== 'repository-permissions' && <ComingSoon sectionId={section} />}
}
</main> </main>
</div> </div>
) )
@@ -500,6 +501,214 @@ function RepositoryDetailsSection({ owner, repo }: { owner: string; repo: string
) )
} }
// ─── Repository permissions section ──────────────────────────────────────────
const PERMISSION_LABELS: Record<string, { label: string; description: string; color: string }> = {
read: { label: 'Read', description: 'Can clone and pull', color: 'bg-[var(--c-surface-muted)] text-[var(--c-muted)]' },
write: { label: 'Write', description: 'Can push branches and commits', color: 'bg-blue-100 text-blue-700 dark:bg-blue-900/40 dark:text-blue-300' },
admin: { label: 'Admin', description: 'Can manage settings and members', color: 'bg-purple-100 text-purple-700 dark:bg-purple-900/40 dark:text-purple-300' },
}
function PermissionBadge({ permission }: { permission: string }) {
const p = PERMISSION_LABELS[permission] ?? PERMISSION_LABELS.read
return (
<span className={`text-[10px] font-semibold uppercase tracking-wide px-2 py-0.5 rounded-full ${p.color}`}>
{p.label}
</span>
)
}
function RepositoryPermissionsSection({ owner, repo }: { owner: string; repo: string }) {
const { user } = useAuth()
const { data: members, isLoading } = useRepoMembers(owner, repo)
const addMember = useAddMember(owner, repo)
const updateMember = useUpdateMember(owner, repo)
const removeMember = useRemoveMember(owner, repo)
const [username, setUsername] = useState('')
const [permission, setPermission] = useState('write')
const [addError, setAddError] = useState('')
const isOwner = members?.find(m => m.isOwner)?.username === user?.username
async function handleAdd(e: React.FormEvent) {
e.preventDefault()
setAddError('')
if (!username.trim()) return
try {
await addMember.mutateAsync({ username: username.trim(), permission })
setUsername('')
} catch (err) {
setAddError((err as Error).message)
}
}
async function handlePermissionChange(memberUsername: string, newPermission: string) {
await updateMember.mutateAsync({ username: memberUsername, permission: newPermission })
}
async function handleRemove(memberUsername: string) {
await removeMember.mutateAsync(memberUsername)
}
return (
<div className="max-w-2xl px-6 py-6 space-y-6">
<div>
<h1 className="text-xl font-semibold text-[var(--c-text)]">Repository permissions</h1>
<p className="text-sm text-[var(--c-muted)] mt-1">
Manage who has access to this repository and what they can do.
</p>
</div>
<div className="border-t border-[var(--c-border)]" />
{/* Permission level reference */}
<div className="grid grid-cols-3 gap-3">
{Object.entries(PERMISSION_LABELS).map(([key, val]) => (
<div key={key} className="border border-[var(--c-border)] rounded-lg p-3 bg-[var(--c-surface)]">
<PermissionBadge permission={key} />
<p className="text-xs text-[var(--c-muted)] mt-2">{val.description}</p>
</div>
))}
</div>
{/* Member list */}
<div className="border border-[var(--c-border)] rounded-lg overflow-hidden bg-[var(--c-surface)]">
<div className="px-4 py-3 border-b border-[var(--c-border)] bg-[var(--c-surface-raised)] flex items-center justify-between">
<h2 className="text-sm font-semibold text-[var(--c-text)]">Members</h2>
<span className="text-xs text-[var(--c-muted)]">{members?.length ?? 0} {members?.length === 1 ? 'person' : 'people'}</span>
</div>
{isLoading ? (
<div className="p-4 space-y-3">
{[1,2].map(i => (
<div key={i} className="flex items-center gap-3">
<Skeleton className="w-8 h-8 rounded-full" />
<Skeleton className="h-4 w-32" />
<Skeleton className="h-4 w-16 ml-auto" />
</div>
))}
</div>
) : (
<ul className="divide-y divide-[var(--c-border)]">
{members?.map(member => (
<li key={member.userId} className="flex items-center gap-3 px-4 py-3">
{/* Avatar */}
<div className="w-8 h-8 rounded-full overflow-hidden shrink-0 bg-[var(--c-brand)] flex items-center justify-center text-white text-sm font-bold">
{member.avatarUrl
? <img src={member.avatarUrl} alt={member.username} className="w-full h-full object-cover" />
: member.username[0]?.toUpperCase()
}
</div>
{/* Name */}
<div className="flex-1 min-w-0">
<span className="text-sm font-medium text-[var(--c-text)]">{member.username}</span>
{member.isOwner && (
<span className="ml-2 text-[10px] text-[var(--c-muted)]">owner</span>
)}
</div>
{/* Permission selector or badge */}
{member.isOwner ? (
<PermissionBadge permission="admin" />
) : isOwner ? (
<div className="flex items-center gap-2">
<select
value={member.permission}
onChange={e => handlePermissionChange(member.username, e.target.value)}
disabled={updateMember.isPending}
className="text-xs border border-[var(--c-border)] rounded px-2 py-1 bg-[var(--c-surface)] text-[var(--c-text)] focus:outline-none focus:border-[var(--c-brand-focus)]"
>
<option value="read">Read</option>
<option value="write">Write</option>
<option value="admin">Admin</option>
</select>
<button
onClick={() => handleRemove(member.username)}
disabled={removeMember.isPending}
className="text-[var(--c-danger)] hover:text-[var(--c-danger-dark)] disabled:opacity-40 p-1 rounded hover:bg-[var(--c-danger-tint)] transition-colors"
title="Remove member"
>
<svg width="14" height="14" fill="none" stroke="currentColor" strokeWidth="2" viewBox="0 0 24 24">
<path strokeLinecap="round" strokeLinejoin="round" d="M6 18 18 6M6 6l12 12" />
</svg>
</button>
</div>
) : (
<PermissionBadge permission={member.permission} />
)}
</li>
))}
</ul>
)}
</div>
{/* Add member form — only for owner/admin */}
{isOwner && (
<div className="border border-[var(--c-border)] rounded-lg overflow-hidden bg-[var(--c-surface)]">
<div className="px-4 py-3 border-b border-[var(--c-border)] bg-[var(--c-surface-raised)]">
<h2 className="text-sm font-semibold text-[var(--c-text)]">Add a member</h2>
</div>
<form onSubmit={handleAdd} className="p-4 space-y-4">
<div className="flex gap-3 flex-wrap">
<div className="flex-1 min-w-[180px]">
<label className="block text-xs font-medium text-[var(--c-muted)] mb-1">Username</label>
<input
value={username}
onChange={e => { setUsername(e.target.value); setAddError('') }}
placeholder="e.g. alice"
className="w-full border border-[var(--c-border)] rounded px-3 py-2 text-sm bg-[var(--c-surface)] text-[var(--c-text)] focus:outline-none focus:border-[var(--c-brand-focus)] focus:ring-1 focus:ring-[var(--c-brand-focus)]"
/>
</div>
<div className="w-36">
<label className="block text-xs font-medium text-[var(--c-muted)] mb-1">Permission</label>
<select
value={permission}
onChange={e => setPermission(e.target.value)}
className="w-full border border-[var(--c-border)] rounded px-3 py-2 text-sm bg-[var(--c-surface)] text-[var(--c-text)] focus:outline-none focus:border-[var(--c-brand-focus)]"
>
<option value="read">Read</option>
<option value="write">Write</option>
<option value="admin">Admin</option>
</select>
</div>
</div>
<div className="text-xs text-[var(--c-muted)]">
{PERMISSION_LABELS[permission]?.description}
</div>
{addError && (
<p className="text-xs text-[var(--c-danger)]">{addError}</p>
)}
<button
type="submit"
disabled={addMember.isPending || !username.trim()}
className="px-4 py-2 rounded bg-[var(--c-brand)] text-white text-sm font-medium hover:bg-[var(--c-brand-hover)] disabled:opacity-50"
>
{addMember.isPending ? 'Adding…' : 'Add member'}
</button>
</form>
</div>
)}
{/* Info for non-owners */}
{!isOwner && !isLoading && (
<div className="flex items-start gap-3 p-4 border border-[var(--c-border)] rounded-lg bg-[var(--c-surface-raised)]">
<svg width="16" height="16" fill="none" stroke="var(--c-muted)" strokeWidth="1.5" viewBox="0 0 24 24" className="shrink-0 mt-0.5">
<path strokeLinecap="round" strokeLinejoin="round" d="m11.25 11.25.041-.02a.75.75 0 0 1 1.063.852l-.708 2.836a.75.75 0 0 0 1.063.853l.041-.021M21 12a9 9 0 1 1-18 0 9 9 0 0 1 18 0Zm-9-3.75h.008v.008H12V8.25Z" />
</svg>
<p className="text-sm text-[var(--c-muted)]">
Only the repository owner and admins can manage member permissions.
</p>
</div>
)}
</div>
)
}
// ─── Coming soon ────────────────────────────────────────────────────────────── // ─── Coming soon ──────────────────────────────────────────────────────────────
function ComingSoon({ sectionId }: { sectionId: SectionId }) { function ComingSoon({ sectionId }: { sectionId: SectionId }) {
frontend/src/types/api.ts
+9
View File
@@ -92,6 +92,15 @@ export interface SSHKey {
createdAt: string createdAt: string
} }
export interface RepoMember {
userId: number
username: string
avatarUrl: string
permission: 'read' | 'write' | 'admin'
isOwner: boolean
addedAt: string
}
export interface ApiError { export interface ApiError {
error: string error: string
status: number status: number
internal/api/handlers/githttp.go
+11 -1
View File
@@ -59,11 +59,21 @@ func (h *GitHTTPHandler) ServeGit(w http.ResponseWriter, r *http.Request) {
} }
} }
// Require authentication for push; allow anonymous read for public repos // Authenticate and enforce permission checks.
var authedUser string var authedUser string
user, authed := h.basicAuth(r) user, authed := h.basicAuth(r)
if authed { if authed {
authedUser = user authedUser = user
// Push requires write or admin permission.
if service == "git-receive-pack" && !HasPermission(h.db, &repo, user, "write") {
http.Error(w, "forbidden: you do not have write access to this repository", http.StatusForbidden)
return
}
// Pull on a private repo requires at least read permission.
if repo.IsPrivate && !HasPermission(h.db, &repo, user, "read") {
http.Error(w, "forbidden: you do not have read access to this repository", http.StatusForbidden)
return
}
} else if service == "git-receive-pack" || repo.IsPrivate { } else if service == "git-receive-pack" || repo.IsPrivate {
w.Header().Set("WWW-Authenticate", `Basic realm="ForgeBucket"`) w.Header().Set("WWW-Authenticate", `Basic realm="ForgeBucket"`)
http.Error(w, "authentication required", http.StatusUnauthorized) http.Error(w, "authentication required", http.StatusUnauthorized)
internal/api/handlers/members.go
+250
View File
@@ -0,0 +1,250 @@
package handlers
import (
"encoding/json"
"net/http"
"github.com/go-chi/chi/v5"
"xorm.io/xorm"
"github.com/forgeo/forgebucket/internal/api/middleware"
"github.com/forgeo/forgebucket/internal/models"
)
type MemberHandler struct {
db *xorm.Engine
}
func NewMemberHandler(db *xorm.Engine) *MemberHandler {
return &MemberHandler{db: db}
}
type memberResponse struct {
UserID int64 `json:"userId"`
Username string `json:"username"`
AvatarURL string `json:"avatarUrl"`
Permission string `json:"permission"`
IsOwner bool `json:"isOwner"`
AddedAt string `json:"addedAt"`
}
// lookupRepoForMembers resolves the repo from URL params and returns the owner User.
func (h *MemberHandler) lookupRepoAndOwner(w http.ResponseWriter, r *http.Request) (*models.Repository, *models.User, bool) {
ownerName := chi.URLParam(r, "owner")
repoName := chi.URLParam(r, "repo")
var owner models.User
if found, _ := h.db.Where("username = ?", ownerName).Get(&owner); !found {
jsonError(w, "repository not found", http.StatusNotFound)
return nil, nil, false
}
var repo models.Repository
if found, _ := h.db.Where("owner_id = ? AND name = ?", owner.ID, repoName).Get(&repo); !found {
jsonError(w, "repository not found", http.StatusNotFound)
return nil, nil, false
}
return &repo, &owner, true
}
// callerCanManage returns true if callerID is the repo owner or has admin permission.
func (h *MemberHandler) callerCanManage(repo *models.Repository, callerID int64) bool {
if callerID == repo.OwnerID {
return true
}
var m models.RepoMember
found, _ := h.db.Where("repo_id = ? AND user_id = ? AND permission = 'admin'", repo.ID, callerID).Get(&m)
return found
}
// List returns all members (explicit + owner) for a repo.
func (h *MemberHandler) List(w http.ResponseWriter, r *http.Request) {
repo, owner, ok := h.lookupRepoAndOwner(w, r)
if !ok {
return
}
result := []memberResponse{
{
UserID: owner.ID,
Username: owner.Username,
AvatarURL: owner.AvatarURL,
Permission: "admin",
IsOwner: true,
AddedAt: repo.CreatedAt.Format("2006-01-02T15:04:05Z07:00"),
},
}
var members []models.RepoMember
h.db.Where("repo_id = ?", repo.ID).OrderBy("created_at").Find(&members)
for _, m := range members {
var u models.User
if found, _ := h.db.ID(m.UserID).Get(&u); !found {
continue
}
result = append(result, memberResponse{
UserID: u.ID,
Username: u.Username,
AvatarURL: u.AvatarURL,
Permission: m.Permission,
IsOwner: false,
AddedAt: m.CreatedAt.Format("2006-01-02T15:04:05Z07:00"),
})
}
jsonOK(w, result)
}
// Add grants a user access to the repo.
func (h *MemberHandler) Add(w http.ResponseWriter, r *http.Request) {
repo, _, ok := h.lookupRepoAndOwner(w, r)
if !ok {
return
}
callerID, _ := middleware.UserIDFromContext(r.Context())
if !h.callerCanManage(repo, callerID) {
jsonError(w, "only the owner or an admin can manage members", http.StatusForbidden)
return
}
var body struct {
Username string `json:"username"`
Permission string `json:"permission"`
}
if err := json.NewDecoder(r.Body).Decode(&body); err != nil || body.Username == "" {
jsonError(w, "username is required", http.StatusBadRequest)
return
}
if body.Permission != "read" && body.Permission != "write" && body.Permission != "admin" {
jsonError(w, "permission must be read, write, or admin", http.StatusBadRequest)
return
}
var target models.User
if found, _ := h.db.Where("username = ?", body.Username).Get(&target); !found {
jsonError(w, "user not found", http.StatusNotFound)
return
}
if target.ID == repo.OwnerID {
jsonError(w, "the repository owner always has admin access", http.StatusConflict)
return
}
// Upsert: if already a member, update permission.
var existing models.RepoMember
found, _ := h.db.Where("repo_id = ? AND user_id = ?", repo.ID, target.ID).Get(&existing)
if found {
existing.Permission = body.Permission
h.db.ID(existing.ID).Cols("permission").Update(&existing)
} else {
m := &models.RepoMember{RepoID: repo.ID, UserID: target.ID, Permission: body.Permission}
if _, err := h.db.Insert(m); err != nil {
jsonError(w, "could not add member", http.StatusInternalServerError)
return
}
}
jsonOK(w, memberResponse{
UserID: target.ID,
Username: target.Username,
AvatarURL: target.AvatarURL,
Permission: body.Permission,
IsOwner: false,
})
}
// UpdatePermission changes an existing member's permission level.
func (h *MemberHandler) UpdatePermission(w http.ResponseWriter, r *http.Request) {
repo, owner, ok := h.lookupRepoAndOwner(w, r)
if !ok {
return
}
callerID, _ := middleware.UserIDFromContext(r.Context())
if !h.callerCanManage(repo, callerID) {
jsonError(w, "only the owner or an admin can manage members", http.StatusForbidden)
return
}
targetUsername := chi.URLParam(r, "username")
var target models.User
if found, _ := h.db.Where("username = ?", targetUsername).Get(&target); !found {
jsonError(w, "user not found", http.StatusNotFound)
return
}
if target.ID == owner.ID {
jsonError(w, "cannot change the owner's permission", http.StatusConflict)
return
}
var body struct {
Permission string `json:"permission"`
}
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
jsonError(w, "invalid body", http.StatusBadRequest)
return
}
if body.Permission != "read" && body.Permission != "write" && body.Permission != "admin" {
jsonError(w, "permission must be read, write, or admin", http.StatusBadRequest)
return
}
var m models.RepoMember
if found, _ := h.db.Where("repo_id = ? AND user_id = ?", repo.ID, target.ID).Get(&m); !found {
jsonError(w, "user is not a member", http.StatusNotFound)
return
}
m.Permission = body.Permission
h.db.ID(m.ID).Cols("permission").Update(&m)
jsonOK(w, memberResponse{
UserID: target.ID,
Username: target.Username,
Permission: body.Permission,
IsOwner: false,
})
}
// Remove revokes a user's access to the repo.
func (h *MemberHandler) Remove(w http.ResponseWriter, r *http.Request) {
repo, owner, ok := h.lookupRepoAndOwner(w, r)
if !ok {
return
}
callerID, _ := middleware.UserIDFromContext(r.Context())
if !h.callerCanManage(repo, callerID) {
jsonError(w, "only the owner or an admin can manage members", http.StatusForbidden)
return
}
targetUsername := chi.URLParam(r, "username")
var target models.User
if found, _ := h.db.Where("username = ?", targetUsername).Get(&target); !found {
jsonError(w, "user not found", http.StatusNotFound)
return
}
if target.ID == owner.ID {
jsonError(w, "cannot remove the repository owner", http.StatusConflict)
return
}
h.db.Where("repo_id = ? AND user_id = ?", repo.ID, target.ID).Delete(&models.RepoMember{})
w.WriteHeader(http.StatusNoContent)
}
// HasPermission checks if a user (by username) has at least the given permission level on a repo.
// Permission hierarchy: read < write < admin. Owner always passes.
func HasPermission(db *xorm.Engine, repo *models.Repository, username, required string) bool {
var u models.User
if found, _ := db.Where("username = ?", username).Get(&u); !found {
return false
}
if u.ID == repo.OwnerID {
return true
}
var m models.RepoMember
if found, _ := db.Where("repo_id = ? AND user_id = ?", repo.ID, u.ID).Get(&m); !found {
return false
}
rank := map[string]int{"read": 1, "write": 2, "admin": 3}
return rank[m.Permission] >= rank[required]
}
internal/api/router.go
+7
View File
@@ -43,6 +43,7 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, staticFi
gitH := handlers.NewGitHTTPHandler(engine, cfg) gitH := handlers.NewGitHTTPHandler(engine, cfg)
issueH := handlers.NewIssueHandler(engine) issueH := handlers.NewIssueHandler(engine)
sshKeyH := handlers.NewSSHKeyHandler(engine) sshKeyH := handlers.NewSSHKeyHandler(engine)
memberH := handlers.NewMemberHandler(engine)
// ── Git smart-HTTP transport ─────────────────────────────────────────────── // ── Git smart-HTTP transport ───────────────────────────────────────────────
// These routes MUST be registered before the SPA catch-all and outside CSRF. // These routes MUST be registered before the SPA catch-all and outside CSRF.
@@ -134,6 +135,12 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, staticFi
r.Get("/", pipeH.List) r.Get("/", pipeH.List)
r.Get("/{runID}", pipeH.Get) r.Get("/{runID}", pipeH.Get)
}) })
r.Route("/members", func(r chi.Router) {
r.Get("/", memberH.List)
r.With(csrf).Post("/", memberH.Add)
r.With(csrf).Patch("/{username}", memberH.UpdatePermission)
r.With(csrf).Delete("/{username}", memberH.Remove)
})
}) })
}) })
}) })
internal/models/member.go
+13
View File
@@ -0,0 +1,13 @@
package models
import "time"
// RepoMember stores the explicit permission a user has been granted on a repository.
// The repository owner always has implicit admin access and is never stored here.
type RepoMember struct {
ID int64 `xorm:"'id' pk autoincr"`
RepoID int64 `xorm:"'repo_id' notnull index"`
UserID int64 `xorm:"'user_id' notnull index"`
Permission string `xorm:"'permission' notnull"` // read | write | admin
CreatedAt time.Time `xorm:"'created_at' created"`
}
internal/models/migrations/001_init.go
+4 -1
View File
@@ -16,5 +16,8 @@ func Run(engine *xorm.Engine) error {
); err != nil { ); err != nil {
return err return err
} }
return Run002(engine) if err := Run002(engine); err != nil {
return err
}
return Run003(engine)
} }
internal/models/migrations/003_members.go
+10
View File
@@ -0,0 +1,10 @@
package migrations
import (
"github.com/forgeo/forgebucket/internal/models"
"xorm.io/xorm"
)
func Run003(engine *xorm.Engine) error {
return engine.Sync2(&models.RepoMember{})
}