mirror of https://github.com/go-gitea/gitea.git
Merge 4e2530c3bb into 0fb3be7f0e
commit
9ba47b3a2f
|
|
@ -24,6 +24,7 @@ const (
|
||||||
AccessTokenScopeCategoryIssue
|
AccessTokenScopeCategoryIssue
|
||||||
AccessTokenScopeCategoryRepository
|
AccessTokenScopeCategoryRepository
|
||||||
AccessTokenScopeCategoryUser
|
AccessTokenScopeCategoryUser
|
||||||
|
AccessTokenScopeCategoryCommitStatus
|
||||||
)
|
)
|
||||||
|
|
||||||
// AllAccessTokenScopeCategories contains all access token scope categories
|
// AllAccessTokenScopeCategories contains all access token scope categories
|
||||||
|
|
@ -37,6 +38,7 @@ var AllAccessTokenScopeCategories = []AccessTokenScopeCategory{
|
||||||
AccessTokenScopeCategoryIssue,
|
AccessTokenScopeCategoryIssue,
|
||||||
AccessTokenScopeCategoryRepository,
|
AccessTokenScopeCategoryRepository,
|
||||||
AccessTokenScopeCategoryUser,
|
AccessTokenScopeCategoryUser,
|
||||||
|
AccessTokenScopeCategoryCommitStatus,
|
||||||
}
|
}
|
||||||
|
|
||||||
// AccessTokenScopeLevel represents the access levels without a given scope category
|
// AccessTokenScopeLevel represents the access levels without a given scope category
|
||||||
|
|
@ -82,6 +84,9 @@ const (
|
||||||
|
|
||||||
AccessTokenScopeReadUser AccessTokenScope = "read:user"
|
AccessTokenScopeReadUser AccessTokenScope = "read:user"
|
||||||
AccessTokenScopeWriteUser AccessTokenScope = "write:user"
|
AccessTokenScopeWriteUser AccessTokenScope = "write:user"
|
||||||
|
|
||||||
|
AccessTokenScopeReadCommitStatus AccessTokenScope = "read:commitstatus"
|
||||||
|
AccessTokenScopeWriteCommitStatus AccessTokenScope = "write:commitstatus"
|
||||||
)
|
)
|
||||||
|
|
||||||
// accessTokenScopeBitmap represents a bitmap of access token scopes.
|
// accessTokenScopeBitmap represents a bitmap of access token scopes.
|
||||||
|
|
@ -93,7 +98,7 @@ const (
|
||||||
accessTokenScopeAllBits accessTokenScopeBitmap = accessTokenScopeWriteActivityPubBits |
|
accessTokenScopeAllBits accessTokenScopeBitmap = accessTokenScopeWriteActivityPubBits |
|
||||||
accessTokenScopeWriteAdminBits | accessTokenScopeWriteMiscBits | accessTokenScopeWriteNotificationBits |
|
accessTokenScopeWriteAdminBits | accessTokenScopeWriteMiscBits | accessTokenScopeWriteNotificationBits |
|
||||||
accessTokenScopeWriteOrganizationBits | accessTokenScopeWritePackageBits | accessTokenScopeWriteIssueBits |
|
accessTokenScopeWriteOrganizationBits | accessTokenScopeWritePackageBits | accessTokenScopeWriteIssueBits |
|
||||||
accessTokenScopeWriteRepositoryBits | accessTokenScopeWriteUserBits
|
accessTokenScopeWriteRepositoryBits | accessTokenScopeWriteUserBits | accessTokenScopeWriteCommitStatusBits
|
||||||
|
|
||||||
accessTokenScopePublicOnlyBits accessTokenScopeBitmap = 1 << iota
|
accessTokenScopePublicOnlyBits accessTokenScopeBitmap = 1 << iota
|
||||||
|
|
||||||
|
|
@ -118,12 +123,15 @@ const (
|
||||||
accessTokenScopeReadIssueBits accessTokenScopeBitmap = 1 << iota
|
accessTokenScopeReadIssueBits accessTokenScopeBitmap = 1 << iota
|
||||||
accessTokenScopeWriteIssueBits accessTokenScopeBitmap = 1<<iota | accessTokenScopeReadIssueBits
|
accessTokenScopeWriteIssueBits accessTokenScopeBitmap = 1<<iota | accessTokenScopeReadIssueBits
|
||||||
|
|
||||||
accessTokenScopeReadRepositoryBits accessTokenScopeBitmap = 1 << iota
|
accessTokenScopeReadRepositoryBits accessTokenScopeBitmap = 1<<iota | accessTokenScopeReadCommitStatusBits
|
||||||
accessTokenScopeWriteRepositoryBits accessTokenScopeBitmap = 1<<iota | accessTokenScopeReadRepositoryBits
|
accessTokenScopeWriteRepositoryBits accessTokenScopeBitmap = 1<<iota | accessTokenScopeReadRepositoryBits | accessTokenScopeWriteCommitStatusBits
|
||||||
|
|
||||||
accessTokenScopeReadUserBits accessTokenScopeBitmap = 1 << iota
|
accessTokenScopeReadUserBits accessTokenScopeBitmap = 1 << iota
|
||||||
accessTokenScopeWriteUserBits accessTokenScopeBitmap = 1<<iota | accessTokenScopeReadUserBits
|
accessTokenScopeWriteUserBits accessTokenScopeBitmap = 1<<iota | accessTokenScopeReadUserBits
|
||||||
|
|
||||||
|
accessTokenScopeReadCommitStatusBits accessTokenScopeBitmap = 1 << iota
|
||||||
|
accessTokenScopeWriteCommitStatusBits accessTokenScopeBitmap = 1<<iota | accessTokenScopeReadCommitStatusBits
|
||||||
|
|
||||||
// The current implementation only supports up to 64 token scopes.
|
// The current implementation only supports up to 64 token scopes.
|
||||||
// If we need to support > 64 scopes,
|
// If we need to support > 64 scopes,
|
||||||
// refactoring the whole implementation in this file (and only this file) is needed.
|
// refactoring the whole implementation in this file (and only this file) is needed.
|
||||||
|
|
@ -142,6 +150,7 @@ var allAccessTokenScopes = []AccessTokenScope{
|
||||||
AccessTokenScopeWriteIssue, AccessTokenScopeReadIssue,
|
AccessTokenScopeWriteIssue, AccessTokenScopeReadIssue,
|
||||||
AccessTokenScopeWriteRepository, AccessTokenScopeReadRepository,
|
AccessTokenScopeWriteRepository, AccessTokenScopeReadRepository,
|
||||||
AccessTokenScopeWriteUser, AccessTokenScopeReadUser,
|
AccessTokenScopeWriteUser, AccessTokenScopeReadUser,
|
||||||
|
AccessTokenScopeWriteCommitStatus, AccessTokenScopeReadCommitStatus,
|
||||||
}
|
}
|
||||||
|
|
||||||
// allAccessTokenScopeBits contains all access token scopes.
|
// allAccessTokenScopeBits contains all access token scopes.
|
||||||
|
|
@ -166,6 +175,8 @@ var allAccessTokenScopeBits = map[AccessTokenScope]accessTokenScopeBitmap{
|
||||||
AccessTokenScopeWriteRepository: accessTokenScopeWriteRepositoryBits,
|
AccessTokenScopeWriteRepository: accessTokenScopeWriteRepositoryBits,
|
||||||
AccessTokenScopeReadUser: accessTokenScopeReadUserBits,
|
AccessTokenScopeReadUser: accessTokenScopeReadUserBits,
|
||||||
AccessTokenScopeWriteUser: accessTokenScopeWriteUserBits,
|
AccessTokenScopeWriteUser: accessTokenScopeWriteUserBits,
|
||||||
|
AccessTokenScopeReadCommitStatus: accessTokenScopeReadCommitStatusBits,
|
||||||
|
AccessTokenScopeWriteCommitStatus: accessTokenScopeWriteCommitStatusBits,
|
||||||
}
|
}
|
||||||
|
|
||||||
// readAccessTokenScopes maps a scope category to the read permission scope
|
// readAccessTokenScopes maps a scope category to the read permission scope
|
||||||
|
|
@ -180,6 +191,7 @@ var accessTokenScopes = map[AccessTokenScopeLevel]map[AccessTokenScopeCategory]A
|
||||||
AccessTokenScopeCategoryIssue: AccessTokenScopeReadIssue,
|
AccessTokenScopeCategoryIssue: AccessTokenScopeReadIssue,
|
||||||
AccessTokenScopeCategoryRepository: AccessTokenScopeReadRepository,
|
AccessTokenScopeCategoryRepository: AccessTokenScopeReadRepository,
|
||||||
AccessTokenScopeCategoryUser: AccessTokenScopeReadUser,
|
AccessTokenScopeCategoryUser: AccessTokenScopeReadUser,
|
||||||
|
AccessTokenScopeCategoryCommitStatus: AccessTokenScopeReadCommitStatus,
|
||||||
},
|
},
|
||||||
Write: {
|
Write: {
|
||||||
AccessTokenScopeCategoryActivityPub: AccessTokenScopeWriteActivityPub,
|
AccessTokenScopeCategoryActivityPub: AccessTokenScopeWriteActivityPub,
|
||||||
|
|
@ -191,6 +203,7 @@ var accessTokenScopes = map[AccessTokenScopeLevel]map[AccessTokenScopeCategory]A
|
||||||
AccessTokenScopeCategoryIssue: AccessTokenScopeWriteIssue,
|
AccessTokenScopeCategoryIssue: AccessTokenScopeWriteIssue,
|
||||||
AccessTokenScopeCategoryRepository: AccessTokenScopeWriteRepository,
|
AccessTokenScopeCategoryRepository: AccessTokenScopeWriteRepository,
|
||||||
AccessTokenScopeCategoryUser: AccessTokenScopeWriteUser,
|
AccessTokenScopeCategoryUser: AccessTokenScopeWriteUser,
|
||||||
|
AccessTokenScopeCategoryCommitStatus: AccessTokenScopeWriteCommitStatus,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -370,7 +383,7 @@ func (bitmap accessTokenScopeBitmap) toScope() AccessTokenScope {
|
||||||
scope := AccessTokenScope(strings.Join(scopes, ","))
|
scope := AccessTokenScope(strings.Join(scopes, ","))
|
||||||
scope = AccessTokenScope(strings.ReplaceAll(
|
scope = AccessTokenScope(strings.ReplaceAll(
|
||||||
string(scope),
|
string(scope),
|
||||||
"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user",
|
"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user,write:commitstatus",
|
||||||
"all",
|
"all",
|
||||||
))
|
))
|
||||||
return scope
|
return scope
|
||||||
|
|
|
||||||
|
|
@ -17,13 +17,13 @@ type scopeTestNormalize struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestAccessTokenScope_Normalize(t *testing.T) {
|
func TestAccessTokenScope_Normalize(t *testing.T) {
|
||||||
assert.Equal(t, []string{"activitypub", "admin", "issue", "misc", "notification", "organization", "package", "repository", "user"}, GetAccessTokenCategories())
|
assert.Equal(t, []string{"activitypub", "admin", "commitstatus", "issue", "misc", "notification", "organization", "package", "repository", "user"}, GetAccessTokenCategories())
|
||||||
tests := []scopeTestNormalize{
|
tests := []scopeTestNormalize{
|
||||||
{"", "", nil},
|
{"", "", nil},
|
||||||
{"write:misc,write:notification,read:package,write:notification,public-only", "public-only,write:misc,write:notification,read:package", nil},
|
{"write:misc,write:notification,read:package,write:notification,public-only", "public-only,write:misc,write:notification,read:package", nil},
|
||||||
{"all", "all", nil},
|
{"all", "all", nil},
|
||||||
{"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user", "all", nil},
|
{"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user,write:commitstatus", "all", nil},
|
||||||
{"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user,public-only", "public-only,all", nil},
|
{"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user,write:commitstatus,public-only", "public-only,all", nil},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, scope := range GetAccessTokenCategories() {
|
for _, scope := range GetAccessTokenCategories() {
|
||||||
|
|
|
||||||
|
|
@ -1382,7 +1382,7 @@ func Routes() *web.Router {
|
||||||
}, mustAllowPulls, reqRepoReader(unit.TypeCode), context.ReferencesGitRepo())
|
}, mustAllowPulls, reqRepoReader(unit.TypeCode), context.ReferencesGitRepo())
|
||||||
m.Group("/statuses", func() {
|
m.Group("/statuses", func() {
|
||||||
m.Combo("/{sha}").Get(repo.GetCommitStatuses).
|
m.Combo("/{sha}").Get(repo.GetCommitStatuses).
|
||||||
Post(reqToken(), reqRepoWriter(unit.TypeCode), bind(api.CreateStatusOption{}), repo.NewCommitStatus)
|
Post(reqToken(), tokenRequiresScopes(auth_model.AccessTokenScopeCategoryCommitStatus), reqRepoWriter(unit.TypeCode), bind(api.CreateStatusOption{}), repo.NewCommitStatus)
|
||||||
}, reqRepoReader(unit.TypeCode))
|
}, reqRepoReader(unit.TypeCode))
|
||||||
m.Group("/commits", func() {
|
m.Group("/commits", func() {
|
||||||
m.Get("", context.ReferencesGitRepo(), repo.GetAllCommits)
|
m.Get("", context.ReferencesGitRepo(), repo.GetAllCommits)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue