Add ACL toml file

LMG · LMG · commit a4d3dcdfdcb9 · 2021-12-10T15:22:49.000+01:00
diff --git a/src/bin/josh-filter.rs b/src/bin/josh-filter.rs
@@ -115,6 +115,24 @@ fn run_filter(args: Vec<String>) -> josh::JoshResult<i32> {
                 .short("b")
                 .takes_value(true),
         )
+        .arg(
+            clap::Arg::with_name("acl")
+                .long("acl")
+                .short("a")
+                .takes_value(true),
+        )
+        .arg(
+            clap::Arg::with_name("user")
+                .long("user")
+                .short("u")
+                .takes_value(true),
+        )
+        .arg(
+            clap::Arg::with_name("repo")
+                .long("repo")
+                .short("r")
+                .takes_value(true),
+        )
         .arg(clap::Arg::with_name("version").long("version").short("v"))
         .get_matches_from(args);
 
@@ -222,14 +240,25 @@ fn run_filter(args: Vec<String>) -> josh::JoshResult<i32> {
     let check_permissions = args.is_present("check-permission");
     let mut permissions_filter = josh::filter::empty();
     if check_permissions {
-        let whitelist = match args.value_of("whitelist") {
-            Some(s) => josh::filter::parse(s)?,
-            _ => josh::filter::nop(),
-        };
-        let blacklist = match args.value_of("blacklist") {
-            Some(s) => josh::filter::parse(s)?,
-            _ => josh::filter::empty(),
-        };
+        let whitelist;
+        let blacklist;
+        if args.is_present("acl") && args.is_present("user") && args.is_present("repo") {
+            let acl = args.value_of("acl").unwrap();
+            let user = args.value_of("user").unwrap();
+            let repo = args.value_of("repo").unwrap();
+
+            whitelist = josh::get_whitelist(acl, user, repo)?;
+            blacklist = josh::get_blacklist(acl, user, repo)?;
+        } else {
+            whitelist = match args.value_of("whitelist") {
+                Some(s) => josh::filter::parse(s)?,
+                _ => josh::filter::nop(),
+            };
+            blacklist = match args.value_of("blacklist") {
+                Some(s) => josh::filter::parse(s)?,
+                _ => josh::filter::empty(),
+            };
+        }
         permissions_filter = josh::filter::make_permissions_filter(filterobj, whitelist, blacklist)
     }
 
diff --git a/src/lib.rs b/src/lib.rs
@@ -298,3 +298,67 @@ pub fn normalize_path(path: &std::path::Path) -> std::path::PathBuf {
     }
     ret
 }
+
+#[derive(Debug, serde::Deserialize)]
+struct Acl {
+    pub repo: Vec<Repo>,
+}
+
+#[derive(Debug, serde::Deserialize)]
+struct Repo {
+    pub name: String,
+    pub user: Vec<User>,
+}
+
+#[derive(Debug, serde::Deserialize)]
+struct User {
+    pub name: String,
+    pub whitelist: Option<String>,
+    pub blacklist: Option<String>,
+}
+
+pub fn get_whitelist(acl: &str, user: &str, repo: &str) -> JoshResult<filter::Filter> {
+    let acl = std::fs::read_to_string(acl).map_err(|_| josh_error("failed to read acl file"))?;
+    let acl: Acl = toml::from_str(&acl)
+        .map_err(|err| josh_error(format!("failed to parse acl file: {}", err).as_str()))?;
+    for r in acl.repo {
+        if r.name == repo {
+            for u in r.user {
+                if u.name == user {
+                    match u.whitelist {
+                        Some(w) => {
+                            let filter = filter::parse(&w)?;
+                            return Ok(filter);
+                        }
+                        _ => return Ok(filter::empty()),
+                    }
+                }
+            }
+        }
+    }
+
+    return Ok(filter::empty());
+}
+
+pub fn get_blacklist(acl: &str, user: &str, repo: &str) -> JoshResult<filter::Filter> {
+    let acl = std::fs::read_to_string(acl).map_err(|_| josh_error("failed to read acl file"))?;
+    let acl: Acl = toml::from_str(&acl)
+        .map_err(|err| josh_error(format!("failed to parse acl file: {}", err).as_str()))?;
+    for r in acl.repo {
+        if r.name == repo {
+            for u in r.user {
+                if u.name == user {
+                    match u.blacklist {
+                        Some(b) => {
+                            let filter = filter::parse(&b)?;
+                            return Ok(filter);
+                        }
+                        _ => return Ok(filter::nop()),
+                    }
+                }
+            }
+        }
+    }
+
+    return Ok(filter::nop());
+}
diff --git a/tests/filter/permissions.t b/tests/filter/permissions.t
@@ -402,6 +402,50 @@
   [13] _invert
   [16] _paths
 
+# acl
+  $ cat << EOF > acl.toml
+  > [[repo]]
+  > name = "test"
+  > [[repo.user]]
+  > name = "LMG"
+  > whitelist = ":/"
+  > blacklist = ":empty"
+  > 
+  > EOF
+  $ josh-filter -s :/ master --check-permission -a acl.toml -u bob -r test --update refs/josh/filtered
+  Warning: reference refs/josh/filtered wasn't updated
+  [1] :[
+      :/b
+      :exclude[:/b]
+  ]
+  [1] :exclude[:/a]
+  [1] :exclude[:/b]
+  [1] :exclude[:/c]
+  [1] :prefix=x
+  [2] :/a
+  [3] :/b
+  [3] :/c
+  [3] :PATHS
+  [4] :INVERT
+  [13] _invert
+  [16] _paths
+  $ josh-filter -s :/ master --check-permission -a acl.toml -u LMG -r test --update refs/josh/filtered
+  [1] :[
+      :/b
+      :exclude[:/b]
+  ]
+  [1] :exclude[:/a]
+  [1] :exclude[:/b]
+  [1] :exclude[:/c]
+  [1] :prefix=x
+  [2] :/a
+  [3] :/b
+  [3] :/c
+  [3] :PATHS
+  [4] :INVERT
+  [13] _invert
+  [16] _paths
+
   $ git diff $EMPTY_TREE HEAD
   diff --git a/a/file_a2 b/a/file_a2
   new file mode 100644
@@ -482,14 +526,15 @@
   |-- a
   |   |-- file_a2
   |   `-- workspace.josh
+  |-- acl.toml
   `-- c
       `-- d
           |-- e
           |   `-- file_cd3
           |-- file_cd
           `-- file_cd2
   
-  4 directories, 5 files
+  4 directories, 6 files
 
   $ git diff $EMPTY_TREE HEAD
   diff --git a/a/file_a2 b/a/file_a2
@@ -626,10 +671,11 @@
   |   |-- file_a2
   |   |-- newfile
   |   `-- workspace.josh
+  |-- acl.toml
   `-- b
       `-- file_b1
   
-  2 directories, 4 files
+  2 directories, 5 files
 
   $ git diff $EMPTY_TREE HEAD
   diff --git a/a/file_a2 b/a/file_a2
@@ -680,10 +726,11 @@
   |   |-- file_a2
   |   |-- newfile
   |   `-- workspace.josh
+  |-- acl.toml
   `-- b
       `-- file_b1
   
-  2 directories, 4 files
+  2 directories, 5 files
 
   $ git diff $EMPTY_TREE HEAD
   diff --git a/a/file_a2 b/a/file_a2
@@ -758,13 +805,14 @@
   $ git checkout refs/josh/filtered 2> /dev/null
   $ tree
   .
+  |-- acl.toml
   `-- d
       |-- e
       |   `-- file_cd3
       |-- file_cd
       `-- file_cd2
   
-  2 directories, 3 files
+  2 directories, 4 files
 
   $ git diff $EMPTY_TREE HEAD
   diff --git a/d/e/file_cd3 b/d/e/file_cd3
@@ -832,6 +880,7 @@
   $ git checkout refs/josh/filtered 2> /dev/null
   $ tree
   .
+  |-- acl.toml
   |-- cws
   |   `-- d
   |       |-- e
@@ -842,7 +891,7 @@
   |-- newfile
   `-- workspace.josh
   
-  3 directories, 6 files
+  3 directories, 7 files
 
   $ git diff $EMPTY_TREE HEAD
   diff --git a/cws/d/e/file_cd3 b/cws/d/e/file_cd3
