Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ceres/src/protocol/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ impl SmartProtocol {

pub async fn pack_handler(&self) -> Result<Arc<dyn PackHandler>, ProtocolError> {
let import_dir = self.context.config.monorepo.import_dir.clone();
if self.path.starts_with(import_dir.clone()) && self.path != import_dir {
if self.path.starts_with(import_dir.clone()) {
let storage = self.context.services.git_db_storage.clone();
let path_str = self.path.to_str().unwrap();
let model = storage.find_git_repo_exact_match(path_str).await.unwrap();
Expand Down
1 change: 0 additions & 1 deletion saturn/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ edition = "2021"

[dependencies]
common = { workspace = true }
tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread"] }
serde = { workspace = true }
serde_json = { workspace = true }
tracing = { workspace = true }
Expand Down
56 changes: 0 additions & 56 deletions saturn/entities.json

This file was deleted.

7 changes: 3 additions & 4 deletions saturn/mega.cedarschema
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,15 @@ entity Repository = {
"is_private": Bool,
"admins": UserGroup,
"maintainers": UserGroup,
"readers": UserGroup,
};

entity MergeRequest = {
"repo": Repository,
"owner": User,
};

entity Issue = {
"repo": Repository,
"owner": User,
};

action "deleteRepo", "viewRepo", "forkRepo", "pullRepo", "pushRepo" appliesTo {
Expand All @@ -24,12 +23,12 @@ action "deleteRepo", "viewRepo", "forkRepo", "pullRepo", "pushRepo" appliesTo {

action "createMergeRequest", "editMergeRequest", "deleteMergeRequest", "approveMergeRequest" appliesTo {
principal: [User],
resource: [MergeRequest],
resource: [Repository],
};

action "openIssue", "assignIssue", "deleteIssue", "editIssue" appliesTo {
principal: [User],
resource: [Issue],
resource: [Repository],
};

action "addMaintainer", "addAdmin" appliesTo {
Expand Down
54 changes: 26 additions & 28 deletions saturn/mega_policies.cedar
Original file line number Diff line number Diff line change
Expand Up @@ -5,55 +5,53 @@ permit (
[Action::"viewRepo",
Action::"pullRepo",
Action::"forkRepo",
Action::"pushRepo"],
Action::"pushRepo",
Action::"openIssue",
Action::"createMergeRequest"],
resource
)
unless { resource.is_private };

//Actions for readers
permit (
principal,
action in [Action::"openIssue", Action::"createMergeRequest"],
action in
[Action::"viewRepo",
Action::"pullRepo",
Action::"forkRepo",
Action::"pushRepo",
Action::"openIssue",
Action::"createMergeRequest"],
resource
)
unless { resource.repo.is_private };
when { principal in resource.readers };

//Actions for maintainers
permit (
principal,
action in [Action::"editIssue", Action::"editMergeRequest"],
resource
)
when { principal in resource.repo.maintainers || principal == resource.owner };

permit (
principal,
action in [Action::"assignIssue", Action::"approveMergeRequest"],
action in
[Action::"editIssue",
Action::"editMergeRequest",
Action::"assignIssue",
Action::"approveMergeRequest"],
resource
)
when { principal in resource.repo.maintainers };
when { principal in resource.maintainers };

//Actions for admins
permit (
principal,
action in
[Action::"viewRepo",
Action::"pullRepo",
Action::"forkRepo",
Action::"pushRepo",
Action::"addMaintainer",
[Action::"addMaintainer",
Action::"addAdmin",
Action::"deleteRepo"],
resource
)
when { principal in resource.admins };

permit (
principal,
action in
[Action::"openIssue",
Action::"createMergeRequest",
Action::"deleteRepo",
Action::"deleteIssue",
Action::"deleteMergeRequest"],
resource
)
when { principal in resource.repo.admins };
when { principal in resource.admins };


// root admin can do anything
permit (principal, action, resource)
when { principal == User::"genedna" };
6 changes: 2 additions & 4 deletions saturn/src/context.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ use crate::{entitystore::EntityStore, util::EntityUid};

#[allow(dead_code)]
pub struct AppContext {
entities: EntityStore,
pub entities: EntityStore,
authorizer: Authorizer,
policies: PolicySet,
schema: Schema,
Expand Down Expand Up @@ -44,7 +44,7 @@ pub enum Error {

impl AppContext {
pub fn new(
entities_path: impl Into<PathBuf>,
entities: EntityStore,
schema_path: impl Into<PathBuf>,
policies_path: impl Into<PathBuf>,
) -> Result<Self, ContextError> {
Expand All @@ -53,8 +53,6 @@ impl AppContext {

let schema_file = std::fs::File::open(schema_path)?;
let (schema, _) = Schema::from_file_natural(schema_file).unwrap();
let entities_file = std::fs::File::open(entities_path.into())?;
let entities = serde_json::from_reader(entities_file)?;
let policy_src = std::fs::read_to_string(policies_path)?;
let policies = policy_src.parse()?;
let validator = Validator::new(schema.clone());
Expand Down
8 changes: 8 additions & 0 deletions saturn/src/entitystore.rs
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,12 @@ impl EntityStore {
.chain(issues);
Entities::from_entities(all, Some(schema)).unwrap()
}

pub fn merge(&mut self, other: EntityStore) {
self.users.extend(other.users);
self.repos.extend(other.repos);
self.merge_requests.extend(other.merge_requests);
self.issues.extend(other.issues);
self.user_groups.extend(other.user_groups);
}
}
Loading