Skip to content

Commit

Permalink
Implement HasTokenPermission for GitHub
Browse files Browse the repository at this point in the history
  • Loading branch information
yiannistri committed Sep 24, 2020
1 parent 6ed0a70 commit d323caf
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 0 deletions.
29 changes: 29 additions & 0 deletions github/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ limitations under the License.
package github

import (
"context"
"strings"

"github.com/google/go-github/v32/github"

"github.com/fluxcd/go-git-providers/gitprovider"
Expand Down Expand Up @@ -94,3 +97,29 @@ func (c *Client) OrgRepositories() gitprovider.OrgRepositoriesClient {
func (c *Client) UserRepositories() gitprovider.UserRepositoriesClient {
return c.userRepos
}

//nolint:gochecknoglobals
var permissionsToScopes = map[gitprovider.TokenPermission]string{
gitprovider.TokenPermissionFullRepo: "repo",
}

func (c *Client) HasTokenPermission(ctx context.Context, permission gitprovider.TokenPermission) (bool, error) {
// The X-OAuth-Scopes header is returned for any API calls, using Meta here to keep things simple.
_, res, err := c.c.Client().APIMeta(ctx)
if err != nil {
return false, err
}

scopes := res.Header.Get("X-OAuth-Scopes")
if scopes == "" {
return false, gitprovider.ErrMissingHeader
}

for _, scope := range strings.Split(scopes, ",") {
if permissionsToScopes[permission] == scope {
return true, nil
}
}

return false, nil
}
4 changes: 4 additions & 0 deletions gitprovider/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ type Client interface {
// This field is set at client creation time, and can't be changed.
ProviderID() ProviderID

// HasTokenPermission returns a boolean indicating whether the supplied token has the requested
// permission. Permissions should be coarse-grained and applicable to *all* providers.
HasTokenPermission(ctx context.Context, permission TokenPermission) (bool, error)

// Raw returns the Go client used under the hood to access the Git provider.
Raw() interface{}
}
Expand Down
6 changes: 6 additions & 0 deletions gitprovider/enums.go
Original file line number Diff line number Diff line change
Expand Up @@ -161,3 +161,9 @@ func ValidateLicenseTemplate(t LicenseTemplate) error {
func LicenseTemplateVar(t LicenseTemplate) *LicenseTemplate {
return &t
}

type TokenPermission string

const (
TokenPermissionFullRepo = TokenPermission("full_repo")
)
2 changes: 2 additions & 0 deletions gitprovider/errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ var (
ErrDestructiveCallDisallowed = errors.New("destructive call was blocked, disallowed by client")
// ErrInvalidTransportChainReturn is returned if a ChainableRoundTripperFunc returns nil, which is invalid.
ErrInvalidTransportChainReturn = errors.New("the return value of a ChainableRoundTripperFunc must not be nil")
// ErrMissingHeader is returned when an expected header is missing from the HTTP response.
ErrMissingHeader = errors.New("header is missing")
)

// HTTPError is an error that contains context about the HTTP request/response that failed.
Expand Down

0 comments on commit d323caf

Please sign in to comment.