From 51945513bfc6dfafb890c090b7f26f2543e12dc3 Mon Sep 17 00:00:00 2001 From: Simone Gotti Date: Thu, 23 May 2019 16:58:20 +0200 Subject: [PATCH] gitsources: list only repo with enough permissions ListUserRepos will return only repos where the user has enough permissions to create webhooks and deploy keys --- internal/gitsources/gitea/gitea.go | 4 ++++ internal/gitsources/github/github.go | 8 +++++++- internal/gitsources/gitlab/gitlab.go | 1 + internal/gitsources/gitsource.go | 1 + 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/internal/gitsources/gitea/gitea.go b/internal/gitsources/gitea/gitea.go index 4997d8a..266d0df 100644 --- a/internal/gitsources/gitea/gitea.go +++ b/internal/gitsources/gitea/gitea.go @@ -377,6 +377,10 @@ func (c *Client) ListUserRepos() ([]*gitsource.RepoInfo, error) { repos := []*gitsource.RepoInfo{} for _, rr := range remoteRepos { + // keep only repos with admin permissions + if !rr.Permissions.Admin { + continue + } repos = append(repos, fromGiteaRepo(rr)) } diff --git a/internal/gitsources/github/github.go b/internal/gitsources/github/github.go index 2de700e..8de59d9 100644 --- a/internal/gitsources/github/github.go +++ b/internal/gitsources/github/github.go @@ -371,7 +371,13 @@ func (c *Client) ListUserRepos() ([]*gitsource.RepoInfo, error) { repos := []*gitsource.RepoInfo{} for _, rr := range remoteRepos { - repos = append(repos, fromGithubRepo(rr)) + // keep only repos with admin permissions + if rr.Permissions != nil { + if !(*rr.Permissions)["admin"] { + continue + } + repos = append(repos, fromGithubRepo(rr)) + } } return repos, nil diff --git a/internal/gitsources/gitlab/gitlab.go b/internal/gitsources/gitlab/gitlab.go index f14765f..079d04a 100644 --- a/internal/gitsources/gitlab/gitlab.go +++ b/internal/gitsources/gitlab/gitlab.go @@ -256,6 +256,7 @@ func (c *Client) CreateCommitStatus(repopath, commitSHA string, status gitsource } func (c *Client) ListUserRepos() ([]*gitsource.RepoInfo, error) { + // get only repos with permission greater or equal to maintainer opts := &gitlab.ListProjectsOptions{MinAccessLevel: gitlab.AccessLevel(gitlab.MaintainerPermissions)} remoteRepos, _, err := c.client.Projects.ListProjects(opts) if err != nil { diff --git a/internal/gitsources/gitsource.go b/internal/gitsources/gitsource.go index 6a4c075..fc2bc6d 100644 --- a/internal/gitsources/gitsource.go +++ b/internal/gitsources/gitsource.go @@ -43,6 +43,7 @@ type GitSource interface { CreateRepoWebhook(repopath, url, secret string) error ParseWebhook(r *http.Request, secret string) (*types.WebhookData, error) CreateCommitStatus(repopath, commitSHA string, status CommitStatus, targetURL, description, context string) error + // ListUserRepos report repos where the user has the permission to create deploy keys and webhooks ListUserRepos() ([]*RepoInfo, error) }