{ssh_*,acl}.go: Check ACL when receiving packs

author: Runxi Yu <me@runxiyu.org> 2025-02-16 01:48:39 +0800
committer: Runxi Yu <me@runxiyu.org> 2025-02-16 01:52:47 +0800
commit: d212c4606a6eb470067d5302b2350d288d4d9c88 (patch)
tree: 8eac51da018f6bfbfbae1356968ff8908b887ab6 /acl.go
parent: schema.sql: Fix public keys and add basic group ACL (diff)
download: forge-d212c4606a6eb470067d5302b2350d288d4d9c88.tar.gz
forge-d212c4606a6eb470067d5302b2350d288d4d9c88.tar.zst
forge-d212c4606a6eb470067d5302b2350d288d4d9c88.zip
1 files changed, 31 insertions, 0 deletions
diff --git a/acl.go b/acl.go
new file mode 100644
index 0000000..99cd5fb
--- /dev/null
+++ b/acl.go
@@ -0,0 +1,31 @@
+package main
+
+import (
+	"context"
+)
+
+func get_path_perm_by_group_repo_key(ctx context.Context, group_name, repo_name, ssh_pubkey string) (filesystem_path string, access bool, err error) {
+	err = database.QueryRow(ctx,
+		`SELECT 
+		r.filesystem_path,
+		CASE
+			WHEN ugr.user_id IS NOT NULL THEN TRUE
+			ELSE FALSE
+		END AS has_role_in_group
+		FROM 
+			groups g
+		JOIN 
+			repos r ON r.group_id = g.id
+		LEFT JOIN 
+			ssh_public_keys s ON s.key_string = $3
+		LEFT JOIN 
+			users u ON u.id = s.user_id
+		LEFT JOIN 
+			user_group_roles ugr ON ugr.group_id = g.id AND ugr.user_id = u.id
+		WHERE 
+			g.name = $1
+		AND r.name = $2;`,
+		group_name, repo_name, ssh_pubkey,
+	).Scan(&filesystem_path, &access)
+	return
+}
author	Runxi Yu <me@runxiyu.org>	2025-02-16 01:48:39 +0800
committer	Runxi Yu <me@runxiyu.org>	2025-02-16 01:52:47 +0800
commit	d212c4606a6eb470067d5302b2350d288d4d9c88 (patch)
tree	8eac51da018f6bfbfbae1356968ff8908b887ab6 /acl.go
parent	schema.sql: Fix public keys and add basic group ACL (diff)
download	forge-d212c4606a6eb470067d5302b2350d288d4d9c88.tar.gz forge-d212c4606a6eb470067d5302b2350d288d4d9c88.tar.zst forge-d212c4606a6eb470067d5302b2350d288d4d9c88.zip