Merge pull request #1852 from jmccann/ghe_org_secrets

WIP: Check remote for org secrets permissions
2026-04-15 01:41:56 +00:00 · 2016-11-20 23:30:54 +01:00
parent 877619d97e 820e0ab158
commit af296dcd2d
14 changed files with 371 additions and 10 deletions
--- a/remote/github/convert.go
+++ b/remote/github/convert.go
@@ -94,6 +94,18 @@ func convertPerm(from *github.Repository) *model.Perm {
 	}
 }

+// convertTeamPerm is a helper function used to convert a GitHub organization
+// permissions to the common Drone permissions structure.
+func convertTeamPerm(from *github.Membership) *model.Perm {
+	admin := false
+	if *from.Role == "admin" {
+		admin = true
+	}
+	return &model.Perm{
+		Admin: admin,
+	}
+}
+
 // convertRepoList is a helper function used to convert a GitHub repository
 // list to the common Drone repository structure.
 func convertRepoList(from []github.Repository) []*model.RepoLite {
--- a/remote/github/fixtures/handler.go
+++ b/remote/github/fixtures/handler.go
@@ -13,6 +13,8 @@ func Handler() http.Handler {

 	e := gin.New()
 	e.GET("/api/v3/repos/:owner/:name", getRepo)
+	e.GET("/api/v3/orgs/:org/memberships/:user", getMembership)
+	e.GET("/api/v3/user/memberships/orgs/:org", getMembership)

 	return e
 }
@@ -26,6 +28,17 @@ func getRepo(c *gin.Context) {
 	}
 }

+func getMembership(c *gin.Context) {
+	switch c.Param("org") {
+	case "org_not_found":
+		c.String(404, "")
+	case "github":
+		c.String(200, membershipIsMemberPayload)
+	default:
+		c.String(200, membershipIsOwnerPayload)
+	}
+}
+
 var repoPayload = `
 {
  "owner": {
@@ -45,3 +58,85 @@ var repoPayload = `
  }
 }
 `
+
+var membershipIsOwnerPayload = `
+{
+  "url": "https://api.github.com/orgs/octocat/memberships/octocat",
+  "state": "active",
+  "role": "admin",
+  "organization_url": "https://api.github.com/orgs/octocat",
+  "user": {
+    "login": "octocat",
+    "id": 5555555,
+    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/octocat",
+    "html_url": "https://github.com/octocat",
+    "followers_url": "https://api.github.com/users/octocat/followers",
+    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
+    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+    "organizations_url": "https://api.github.com/users/octocat/orgs",
+    "repos_url": "https://api.github.com/users/octocat/repos",
+    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/octocat/received_events",
+    "type": "User",
+    "site_admin": false
+  },
+  "organization": {
+    "login": "octocat",
+    "id": 5555556,
+    "url": "https://api.github.com/orgs/octocat",
+    "repos_url": "https://api.github.com/orgs/octocat/repos",
+    "events_url": "https://api.github.com/orgs/octocat/events",
+    "hooks_url": "https://api.github.com/orgs/octocat/hooks",
+    "issues_url": "https://api.github.com/orgs/octocat/issues",
+    "members_url": "https://api.github.com/orgs/octocat/members{/member}",
+    "public_members_url": "https://api.github.com/orgs/octocat/public_members{/member}",
+    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
+    "description": ""
+  }
+}
+`
+
+var membershipIsMemberPayload = `
+{
+  "url": "https://api.github.com/orgs/github/memberships/octocat",
+  "state": "active",
+  "role": "member",
+  "organization_url": "https://api.github.com/orgs/github",
+  "user": {
+    "login": "octocat",
+    "id": 5555555,
+    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/octocat",
+    "html_url": "https://github.com/octocat",
+    "followers_url": "https://api.github.com/users/octocat/followers",
+    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
+    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+    "organizations_url": "https://api.github.com/users/octocat/orgs",
+    "repos_url": "https://api.github.com/users/octocat/repos",
+    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/octocat/received_events",
+    "type": "User",
+    "site_admin": false
+  },
+  "organization": {
+    "login": "octocat",
+    "id": 5555557,
+    "url": "https://api.github.com/orgs/github",
+    "repos_url": "https://api.github.com/orgs/github/repos",
+    "events_url": "https://api.github.com/orgs/github/events",
+    "hooks_url": "https://api.github.com/orgs/github/hooks",
+    "issues_url": "https://api.github.com/orgs/github/issues",
+    "members_url": "https://api.github.com/orgs/github/members{/member}",
+    "public_members_url": "https://api.github.com/orgs/github/public_members{/member}",
+    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
+    "description": ""
+  }
+}
+`
--- a/remote/github/github.go
+++ b/remote/github/github.go
@@ -158,6 +158,16 @@ func (c *client) Teams(u *model.User) ([]*model.Team, error) {
 	return teams, nil
 }

+// TeamPerm returns the user permissions for the named GitHub organization.
+func (c *client) TeamPerm(u *model.User, org string) (*model.Perm, error) {
+	client := c.newClientToken(u.Token)
+	membership, _, err := client.Organizations.GetOrgMembership(u.Login, org)
+	if err != nil {
+		return nil, err
+	}
+	return convertTeamPerm(membership), nil
+}
+
 // Repo returns the named GitHub repository.
 func (c *client) Repo(u *model.User, owner, name string) (*model.Repo, error) {
 	client := c.newClientToken(u.Token)
--- a/remote/github/github_test.go
+++ b/remote/github/github_test.go
@@ -110,6 +110,23 @@ func Test_github(t *testing.T) {
 			})
 		})

+		g.Describe("Requesting organization permissions", func() {
+			g.It("Should return the permission details of an admin", func() {
+				perm, err := c.TeamPerm(fakeUser, "octocat")
+				g.Assert(err == nil).IsTrue()
+				g.Assert(perm.Admin).IsTrue()
+			})
+			g.It("Should return the permission details of a member", func() {
+				perm, err := c.TeamPerm(fakeUser, "github")
+				g.Assert(err == nil).IsTrue()
+				g.Assert(perm.Admin).IsFalse()
+			})
+			g.It("Should handle a not found error", func() {
+				_, err := c.TeamPerm(fakeUser, "org_not_found")
+				g.Assert(err != nil).IsTrue()
+			})
+		})
+
 		g.It("Should return a user repository list")

 		g.It("Should return a user team list")