@@ 3,7 3,7 @@ module git.sr.ht/~sircmpwn/meta.sr.ht/api
go 1.14
require (
- git.sr.ht/~sircmpwn/core-go v0.0.0-20210824141646-99671f85b661 // indirect
+ git.sr.ht/~sircmpwn/core-go v0.0.0-20210825085627-2d9a547c395c // indirect
git.sr.ht/~sircmpwn/dowork v0.0.0-20210820133136-d3970e97def3 // indirect
git.sr.ht/~sircmpwn/go-bare v0.0.0-20210227202403-5dae5c48f917 // indirect
github.com/99designs/gqlgen v0.13.0
@@ 48,6 48,8 @@ git.sr.ht/~sircmpwn/core-go v0.0.0-20210824124722-590c9c42037a h1:dhmRBQR1EE+Sqo
git.sr.ht/~sircmpwn/core-go v0.0.0-20210824124722-590c9c42037a/go.mod h1:dOzMmMQFPH0ztBhLFNo/hFLHqck1tbhgL3aNi1XnOsI=
git.sr.ht/~sircmpwn/core-go v0.0.0-20210824141646-99671f85b661 h1:PpCR0gF2Tghq9zIGGQIQTvXTBRhxfcvKGmGgWHA5+gM=
git.sr.ht/~sircmpwn/core-go v0.0.0-20210824141646-99671f85b661/go.mod h1:dOzMmMQFPH0ztBhLFNo/hFLHqck1tbhgL3aNi1XnOsI=
+git.sr.ht/~sircmpwn/core-go v0.0.0-20210825085627-2d9a547c395c h1:FeNcbrefUbVNgZCbleaINWm2PcDNL7IC4h1NJjnQnoc=
+git.sr.ht/~sircmpwn/core-go v0.0.0-20210825085627-2d9a547c395c/go.mod h1:dOzMmMQFPH0ztBhLFNo/hFLHqck1tbhgL3aNi1XnOsI=
git.sr.ht/~sircmpwn/dowork v0.0.0-20201013160733-35ca012e4dc8/go.mod h1:8neHEO3503w/rNtttnR0JFpQgM/GFhaafVwvkPsFIDw=
git.sr.ht/~sircmpwn/dowork v0.0.0-20201121170652-c2a771442daf h1:wRE9o+wlpTSuq/ucFJsfbglAobfGPIgFdaTtZXrk8P0=
git.sr.ht/~sircmpwn/dowork v0.0.0-20201121170652-c2a771442daf/go.mod h1:8neHEO3503w/rNtttnR0JFpQgM/GFhaafVwvkPsFIDw=
@@ 481,7 481,7 @@ func (r *mutationResolver) CreateWebhook(ctx context.Context, config model.Profi
return nil, err
}
- auth := auth.ForContext(ctx)
+ user := auth.ForContext(ctx)
ac, err := corewebhooks.NewAuthConfig(ctx)
if err != nil {
return nil, err
@@ 506,13 506,7 @@ func (r *mutationResolver) CreateWebhook(ctx context.Context, config model.Profi
case model.WebhookEventSSHKeyAdded, model.WebhookEventSSHKeyRemoved:
access = "SSH_KEYS"
}
- // Note: corewebhooks.NewAuthConfig ensures that the auth context is
- // AUTH_OAUTH2, so the Access field is valid.
- if auth.Access == nil {
- // All permissions granted
- continue
- }
- if _, ok := auth.Access[access]; !ok {
+ if !user.Grants.Has(access, auth.RO) {
return nil, fmt.Errorf("Insufficient access granted for webhook event %s", ev.String())
}
}
@@ 542,7 536,7 @@ func (r *mutationResolver) CreateWebhook(ctx context.Context, config model.Profi
ac.AuthMethod,
ac.TokenHash, ac.Grants, ac.ClientID, ac.Expires, // OAUTH2
ac.NodeID, // INTERNAL
- auth.UserID)
+ user.UserID)
if err := row.Scan(&sub.ID, &sub.URL,
&sub.Query, pq.Array(&sub.Events), &sub.UserID); err != nil {