Add sudo scope
This commit is contained in:
harryzcy
parent
cd1385014b
commit
745ec98600
2 changed files with 24 additions and 7 deletions
|
|
@ -50,6 +50,8 @@ const (
|
|||
AccessTokenScopeAdminGPGKey = "admin:gpg_key"
|
||||
AccessTokenScopeWriteGPGKey = "write:gpg_key"
|
||||
AccessTokenScopeReadGPGKey = "read:gpg_key"
|
||||
|
||||
AccessTokenScopeSudo = "sudo"
|
||||
)
|
||||
|
||||
// AllAccessTokenScopes contains all access token scopes.
|
||||
|
|
@ -65,13 +67,14 @@ var AllAccessTokenScopes = []string{
|
|||
AccessTokenScopeDeleteRepo,
|
||||
AccessTokenScopePackage, AccessTokenScopeWritePackage, AccessTokenScopeReadPackage, AccessTokenScopeDeletePackage,
|
||||
AccessTokenScopeAdminGPGKey, AccessTokenScopeWriteGPGKey, AccessTokenScopeReadGPGKey,
|
||||
AccessTokenScopeSudo,
|
||||
}
|
||||
|
||||
// AccessTokenScopeBitmap represents a bitmap of access token scopes.
|
||||
type AccessTokenScopeBitmap uint64
|
||||
|
||||
// AccessTokenScopeAllBitmap is the bitmap of all access token scopes.
|
||||
var AccessTokenScopeAllBitmap AccessTokenScopeBitmap = 1<<uint(len(AllAccessTokenScopes)) - 1
|
||||
var AccessTokenScopeAllBitmap AccessTokenScopeBitmap = 1<<uint(len(AllAccessTokenScopes)-1) - 1 // sudo is a special scope to be excluded, so -1 from the length
|
||||
|
||||
// Parse parses the scope string into a bitmap, thus removing possible duplicates.
|
||||
func (s AccessTokenScope) Parse() (AccessTokenScopeBitmap, error) {
|
||||
|
|
@ -83,7 +86,8 @@ func (s AccessTokenScope) Parse() (AccessTokenScopeBitmap, error) {
|
|||
continue
|
||||
}
|
||||
if v == AccessTokenScopeAll {
|
||||
return AccessTokenScopeAllBitmap, nil
|
||||
bitmap |= AccessTokenScopeAllBitmap
|
||||
continue
|
||||
}
|
||||
|
||||
idx := sliceIndex(AllAccessTokenScopes, v)
|
||||
|
|
@ -161,8 +165,13 @@ func (bitmap AccessTokenScopeBitmap) ToScope() AccessTokenScope {
|
|||
switch v {
|
||||
// Parse scopes that contains multiple sub-scopes
|
||||
case AccessTokenScopeRepo, AccessTokenScopeAdminOrg, AccessTokenScopeAdminPublicKey,
|
||||
AccessTokenScopeAdminRepoHook, AccessTokenScopeUser, AccessTokenScopePackage, AccessTokenScopeAdminGPGKey:
|
||||
AccessTokenScopeUser, AccessTokenScopePackage, AccessTokenScopeAdminGPGKey:
|
||||
groupedScope[v] = struct{}{}
|
||||
case AccessTokenScopeAdminRepoHook:
|
||||
groupedScope[v] = struct{}{}
|
||||
if _, ok := groupedScope[AccessTokenScopeRepo]; ok {
|
||||
continue
|
||||
}
|
||||
|
||||
// If parent scope is set, all sub-scopes shouldn't be added
|
||||
case AccessTokenScopeRepoStatus, AccessTokenScopePublicRepo:
|
||||
|
|
@ -181,6 +190,9 @@ func (bitmap AccessTokenScopeBitmap) ToScope() AccessTokenScope {
|
|||
if _, ok := groupedScope[AccessTokenScopeAdminRepoHook]; ok {
|
||||
continue
|
||||
}
|
||||
if _, ok := groupedScope[AccessTokenScopeRepo]; ok {
|
||||
continue
|
||||
}
|
||||
case AccessTokenScopeReadUser, AccessTokenScopeUserEmail, AccessTokenScopeUserFollow:
|
||||
if _, ok := groupedScope[AccessTokenScopeUser]; ok {
|
||||
continue
|
||||
|
|
@ -199,9 +211,11 @@ func (bitmap AccessTokenScopeBitmap) ToScope() AccessTokenScope {
|
|||
}
|
||||
|
||||
scope := AccessTokenScope(strings.Join(scopes, ","))
|
||||
if scope == "repo,admin:org,admin:public_key,admin:repo_hook,admin:org_hook,notification,user,delete_repo,package,admin:gpg_key" {
|
||||
return AccessTokenScopeAll
|
||||
}
|
||||
scope = AccessTokenScope(strings.ReplaceAll(
|
||||
string(scope),
|
||||
"repo,admin:org,admin:public_key,admin:org_hook,notification,user,delete_repo,package,admin:gpg_key",
|
||||
"all",
|
||||
))
|
||||
return scope
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ func TestAccessTokenScope_Normalize(t *testing.T) {
|
|||
{"admin:public_key,read:public_key", "admin:public_key", nil},
|
||||
{"admin:repo_hook,write:repo_hook", "admin:repo_hook", nil},
|
||||
{"admin:repo_hook,read:repo_hook", "admin:repo_hook", nil},
|
||||
{"repo,admin:repo_hook,read:repo_hook", "repo", nil}, // admin:repo_hook is a child scope of repo
|
||||
{"repo,read:repo_hook", "repo", nil}, // read:repo_hook is a child scope of repo
|
||||
{"user", "user", nil},
|
||||
{"user,read:user", "user", nil},
|
||||
{"user,admin:org,write:org", "admin:org,user", nil},
|
||||
|
|
@ -36,6 +38,7 @@ func TestAccessTokenScope_Normalize(t *testing.T) {
|
|||
{"admin:gpg_key,write:gpg_key,user", "user,admin:gpg_key", nil},
|
||||
{"all", "all", nil},
|
||||
{"repo,admin:org,admin:public_key,admin:repo_hook,admin:org_hook,notification,user,delete_repo,package,admin:gpg_key", "all", nil},
|
||||
{"repo,admin:org,admin:public_key,admin:repo_hook,admin:org_hook,notification,user,delete_repo,package,admin:gpg_key,sudo", "all,sudo", nil},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
|
|
@ -47,7 +50,7 @@ func TestAccessTokenScope_Normalize(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestAccessTokenScope__HasScope(t *testing.T) {
|
||||
func TestAccessTokenScope_HasScope(t *testing.T) {
|
||||
tests := []struct {
|
||||
in AccessTokenScope
|
||||
scope string
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue