mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-05-12 22:10:25 +00:00
feat(ui): display repositories accessible by repo-specific access tokens (#11604)
When an access token is repository specific, display the repositories that it can access when expanded in the UI (token **test** in this screenshot):  Default, collapsed view is unchanged:  Bulk loading of repositories is refactored out of the access token API endpoint into a `BulkGetRepositoriesForAccessTokens` method that can be used in both this UI, and the original API location. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes (can be removed for JavaScript changes) - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [x] `make pr-go` before pushing ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11604 Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
This commit is contained in:
Mathieu Fenniak
Mathieu Fenniak
parent
8b57cfc152
commit
6e804c8b1b
6 changed files with 158 additions and 43 deletions
|
|
@ -18,7 +18,6 @@ import (
|
|||
"forgejo.org/models/db"
|
||||
access_model "forgejo.org/models/perm/access"
|
||||
repo_model "forgejo.org/models/repo"
|
||||
"forgejo.org/modules/container"
|
||||
"forgejo.org/modules/optional"
|
||||
api "forgejo.org/modules/structs"
|
||||
"forgejo.org/modules/web"
|
||||
|
|
@ -66,42 +65,34 @@ func ListAccessTokens(ctx *context.APIContext) {
|
|||
}
|
||||
|
||||
// Load all the AccessTokenResourceRepo for the tokens that we're returning:
|
||||
allRepoIDs := container.Set[int64]{}
|
||||
repoResourcesByTokenID, err := auth_model.GetRepositoriesAccessibleWithTokens(ctx, tokens)
|
||||
if err != nil {
|
||||
ctx.InternalServerError(err)
|
||||
return
|
||||
}
|
||||
|
||||
// Load all the Repository models that are referenced by the AccessTokenResourceRepo's:
|
||||
for _, repoResources := range repoResourcesByTokenID {
|
||||
for _, repoResource := range repoResources {
|
||||
allRepoIDs.Add(repoResource.RepoID)
|
||||
}
|
||||
}
|
||||
reposByID, err := repo_model.GetRepositoriesMapByIDs(ctx, allRepoIDs.Slice())
|
||||
if err != nil {
|
||||
ctx.InternalServerError(err)
|
||||
return
|
||||
}
|
||||
|
||||
// Prepare a lookup map to access the repositories by token ID:
|
||||
reposByTokenID := make(map[int64][]*api.RepositoryMeta)
|
||||
for tokenID, repoResources := range repoResourcesByTokenID {
|
||||
for _, repoResource := range repoResources {
|
||||
repo, ok := reposByID[repoResource.RepoID]
|
||||
if !ok {
|
||||
// Shouldn't be possible with the foreign key on `AccessTokenResourceRepo` to the repository table.
|
||||
ctx.Error(http.StatusInternalServerError, "reposById", "missing repository")
|
||||
return
|
||||
repoModelsByTokenID, err := repo_model.BulkGetRepositoriesForAccessTokens(ctx, tokens,
|
||||
func(repo *repo_model.Repository) (bool, error) {
|
||||
// Repos associated with a repo-specific access token should already be visible to the token owner, but it's
|
||||
// possible that access has changed, such as a removed collaborator on a repo -- don't provide info on that
|
||||
// repo if so.
|
||||
permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
reposByTokenID[tokenID] = append(reposByTokenID[tokenID], &api.RepositoryMeta{
|
||||
return permission.HasAccess(), nil
|
||||
})
|
||||
if err != nil {
|
||||
ctx.InternalServerError(err)
|
||||
return
|
||||
}
|
||||
// Convert map[int64]*Repository -> map[int64]*RepositoryMeta...
|
||||
reposByTokenID := make(map[int64][]*api.RepositoryMeta)
|
||||
for tokenID, repoModels := range repoModelsByTokenID {
|
||||
repos := make([]*api.RepositoryMeta, len(repoModels))
|
||||
for i, repo := range repoModels {
|
||||
repos[i] = &api.RepositoryMeta{
|
||||
ID: repo.ID,
|
||||
Name: repo.Name,
|
||||
Owner: repo.OwnerName,
|
||||
FullName: repo.FullName(),
|
||||
})
|
||||
}
|
||||
}
|
||||
reposByTokenID[tokenID] = repos
|
||||
}
|
||||
|
||||
apiTokens := make([]*api.AccessToken, len(tokens))
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@ import (
|
|||
|
||||
auth_model "forgejo.org/models/auth"
|
||||
"forgejo.org/models/db"
|
||||
access_model "forgejo.org/models/perm/access"
|
||||
repo_model "forgejo.org/models/repo"
|
||||
"forgejo.org/modules/base"
|
||||
"forgejo.org/modules/log"
|
||||
"forgejo.org/modules/setting"
|
||||
|
|
@ -112,6 +114,11 @@ func RegenerateApplication(ctx *context.Context) {
|
|||
ctx.JSONRedirect(setting.AppSubURL + "/user/settings/applications")
|
||||
}
|
||||
|
||||
type TokenWithResources struct {
|
||||
Token *auth_model.AccessToken
|
||||
Repositories []*repo_model.Repository
|
||||
}
|
||||
|
||||
func loadApplicationsData(ctx *context.Context) {
|
||||
ctx.Data["AccessTokenScopePublicOnly"] = auth_model.AccessTokenScopePublicOnly
|
||||
tokens, err := db.Find[auth_model.AccessToken](ctx, auth_model.ListAccessTokensOptions{UserID: ctx.Doer.ID})
|
||||
|
|
@ -119,7 +126,33 @@ func loadApplicationsData(ctx *context.Context) {
|
|||
ctx.ServerError("ListAccessTokens", err)
|
||||
return
|
||||
}
|
||||
ctx.Data["Tokens"] = tokens
|
||||
|
||||
// Load all the AccessTokenResourceRepo for the tokens that we're returning:
|
||||
reposByTokenID, err := repo_model.BulkGetRepositoriesForAccessTokens(ctx, tokens,
|
||||
func(repo *repo_model.Repository) (bool, error) {
|
||||
// Repos associated with a repo-specific access token should already be visible to the token owner, but it's
|
||||
// possible that access has changed, such as a removed collaborator on a repo -- don't provide info on that
|
||||
// repo if so.
|
||||
permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return permission.HasAccess(), nil
|
||||
})
|
||||
if err != nil {
|
||||
ctx.ServerError("BulkGetRepositoriesForAccessTokens", err)
|
||||
return
|
||||
}
|
||||
|
||||
tokensWithResources := make([]*TokenWithResources, len(tokens))
|
||||
for i := range tokens {
|
||||
tokensWithResources[i] = &TokenWithResources{
|
||||
Token: tokens[i],
|
||||
Repositories: reposByTokenID[tokens[i].ID],
|
||||
}
|
||||
}
|
||||
|
||||
ctx.Data["TokensWithResources"] = tokensWithResources
|
||||
ctx.Data["EnableOAuth2"] = setting.OAuth2.Enabled
|
||||
ctx.Data["IsAdmin"] = ctx.Doer.IsAdmin
|
||||
if setting.OAuth2.Enabled {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue