360 lines
6.6 KiB
Go
360 lines
6.6 KiB
Go
// Copyright 2019 Drone IO, Inc.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package batch
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/drone/drone/core"
|
|
"github.com/drone/drone/store/repos"
|
|
"github.com/drone/drone/store/shared/db"
|
|
)
|
|
|
|
// New returns a new Batcher.
|
|
func New(db *db.DB) core.Batcher {
|
|
return &batchUpdater{db}
|
|
}
|
|
|
|
type batchUpdater struct {
|
|
db *db.DB
|
|
}
|
|
|
|
func (b *batchUpdater) Batch(ctx context.Context, user *core.User, batch *core.Batch) error {
|
|
return b.db.Update(func(execer db.Execer, binder db.Binder) error {
|
|
now := time.Now().Unix()
|
|
|
|
//
|
|
// the repository list API does not return permissions, which means we have
|
|
// no way of knowing if permissions are current or not. We therefore mark all
|
|
// permissions stale in the database, so that each one must be individually
|
|
// verified at runtime.
|
|
//
|
|
|
|
stmt := permResetStmt
|
|
switch b.db.Driver() {
|
|
case db.Postgres:
|
|
stmt = permResetStmtPostgres
|
|
}
|
|
|
|
_, err := execer.Exec(stmt, now, user.ID)
|
|
if err != nil {
|
|
return fmt.Errorf("Error resetting permissions: %s", err)
|
|
}
|
|
|
|
for _, repo := range batch.Insert {
|
|
|
|
//
|
|
// insert repository
|
|
// TODO: group inserts in batches of N
|
|
//
|
|
|
|
stmt := repoInsertIgnoreStmt
|
|
switch b.db.Driver() {
|
|
case db.Mysql:
|
|
stmt = repoInsertIgnoreStmtMysql
|
|
case db.Postgres:
|
|
stmt = repoInsertIgnoreStmtPostgres
|
|
}
|
|
|
|
params := repos.ToParams(repo)
|
|
stmt, args, err := binder.BindNamed(stmt, params)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = execer.Exec(stmt, args...)
|
|
if err != nil {
|
|
return fmt.Errorf("Error inserting repository: %s: %s: %s", repo.Slug, repo.UID, err)
|
|
}
|
|
|
|
//
|
|
// insert permissions
|
|
// TODO: group inserts in batches of N
|
|
//
|
|
|
|
stmt = permInsertIgnoreStmt
|
|
switch b.db.Driver() {
|
|
case db.Mysql:
|
|
stmt = permInsertIgnoreStmtMysql
|
|
case db.Postgres:
|
|
stmt = permInsertIgnoreStmtPostgres
|
|
}
|
|
|
|
_, err = execer.Exec(stmt,
|
|
user.ID,
|
|
repo.UID,
|
|
now,
|
|
now,
|
|
)
|
|
if err != nil {
|
|
return fmt.Errorf("Error inserting permissions: %s: %s: %s", repo.Slug, repo.UID, err)
|
|
}
|
|
}
|
|
|
|
//
|
|
// update existing repositories
|
|
// TODO: group updates in batches of N
|
|
//
|
|
|
|
for _, repo := range batch.Update {
|
|
params := repos.ToParams(repo)
|
|
stmt, args, err := binder.BindNamed(repoUpdateRemoteStmt, params)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = execer.Exec(stmt, args...)
|
|
if err != nil {
|
|
return fmt.Errorf("Error updating repository: %s: %s: %s", repo.Slug, repo.UID, err)
|
|
}
|
|
|
|
stmt = permInsertIgnoreStmt
|
|
switch b.db.Driver() {
|
|
case db.Mysql:
|
|
stmt = permInsertIgnoreStmtMysql
|
|
case db.Postgres:
|
|
stmt = permInsertIgnoreStmtPostgres
|
|
}
|
|
|
|
_, err = execer.Exec(stmt,
|
|
user.ID,
|
|
repo.UID,
|
|
now,
|
|
now,
|
|
)
|
|
if err != nil {
|
|
return fmt.Errorf("Error inserting permissions: %s: %s: %s", repo.Slug, repo.UID, err)
|
|
}
|
|
}
|
|
|
|
//
|
|
// revoke permissions
|
|
// TODO: group deletes in batches of N
|
|
//
|
|
|
|
for _, repo := range batch.Revoke {
|
|
stmt := permRevokeStmt
|
|
switch b.db.Driver() {
|
|
case db.Postgres:
|
|
stmt = permRevokeStmtPostgres
|
|
}
|
|
|
|
_, err = execer.Exec(stmt, user.ID, repo.UID)
|
|
if err != nil {
|
|
return fmt.Errorf("Error revoking permissions: %s: %s: %s", repo.Slug, repo.UID, err)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
})
|
|
}
|
|
|
|
const stmtInsertBase = `
|
|
(
|
|
repo_uid
|
|
,repo_user_id
|
|
,repo_namespace
|
|
,repo_name
|
|
,repo_slug
|
|
,repo_scm
|
|
,repo_clone_url
|
|
,repo_ssh_url
|
|
,repo_html_url
|
|
,repo_active
|
|
,repo_private
|
|
,repo_visibility
|
|
,repo_branch
|
|
,repo_counter
|
|
,repo_config
|
|
,repo_timeout
|
|
,repo_throttle
|
|
,repo_trusted
|
|
,repo_protected
|
|
,repo_no_forks
|
|
,repo_no_pulls
|
|
,repo_cancel_pulls
|
|
,repo_cancel_push
|
|
,repo_cancel_running
|
|
,repo_synced
|
|
,repo_created
|
|
,repo_updated
|
|
,repo_version
|
|
,repo_signer
|
|
,repo_secret
|
|
) VALUES (
|
|
:repo_uid
|
|
,:repo_user_id
|
|
,:repo_namespace
|
|
,:repo_name
|
|
,:repo_slug
|
|
,:repo_scm
|
|
,:repo_clone_url
|
|
,:repo_ssh_url
|
|
,:repo_html_url
|
|
,:repo_active
|
|
,:repo_private
|
|
,:repo_visibility
|
|
,:repo_branch
|
|
,:repo_counter
|
|
,:repo_config
|
|
,:repo_timeout
|
|
,:repo_throttle
|
|
,:repo_trusted
|
|
,:repo_protected
|
|
,:repo_no_forks
|
|
,:repo_no_pulls
|
|
,:repo_cancel_pulls
|
|
,:repo_cancel_push
|
|
,:repo_cancel_running
|
|
,:repo_synced
|
|
,:repo_created
|
|
,:repo_updated
|
|
,:repo_version
|
|
,:repo_signer
|
|
,:repo_secret
|
|
)
|
|
`
|
|
|
|
const repoInsertIgnoreStmt = `
|
|
INSERT OR IGNORE INTO repos ` + stmtInsertBase
|
|
|
|
const repoInsertIgnoreStmtMysql = `
|
|
INSERT IGNORE INTO repos ` + stmtInsertBase
|
|
|
|
const repoInsertIgnoreStmtPostgres = `
|
|
INSERT INTO repos ` + stmtInsertBase + ` ON CONFLICT DO NOTHING`
|
|
|
|
const repoUpdateRemoteStmt = `
|
|
UPDATE repos SET
|
|
repo_namespace=:repo_namespace
|
|
,repo_name=:repo_name
|
|
,repo_slug=:repo_slug
|
|
,repo_clone_url=:repo_clone_url
|
|
,repo_ssh_url=:repo_ssh_url
|
|
,repo_html_url=:repo_html_url
|
|
,repo_private=:repo_private
|
|
,repo_branch=:repo_branch
|
|
,repo_updated=:repo_updated
|
|
WHERE repo_id=:repo_id
|
|
`
|
|
|
|
const repoUpdateRemoteStmtPostgres = `
|
|
UPDATE repos SET
|
|
repo_namespace=$1
|
|
,repo_name=$2
|
|
,repo_slug=$3
|
|
,repo_clone_url=$4
|
|
,repo_ssh_url=$5
|
|
,repo_html_url=$6
|
|
,repo_private=$7
|
|
,repo_branch=$8
|
|
,repo_updated=$9
|
|
WHERE repo_id=$10
|
|
`
|
|
|
|
const permInsertIgnoreStmt = `
|
|
INSERT OR IGNORE INTO perms (
|
|
perm_user_id
|
|
,perm_repo_uid
|
|
,perm_read
|
|
,perm_write
|
|
,perm_admin
|
|
,perm_synced
|
|
,perm_created
|
|
,perm_updated
|
|
) values (
|
|
?
|
|
,?
|
|
,1
|
|
,0
|
|
,0
|
|
,0
|
|
,?
|
|
,?
|
|
)
|
|
`
|
|
|
|
const permInsertIgnoreStmtMysql = `
|
|
INSERT IGNORE INTO perms (
|
|
perm_user_id
|
|
,perm_repo_uid
|
|
,perm_read
|
|
,perm_write
|
|
,perm_admin
|
|
,perm_synced
|
|
,perm_created
|
|
,perm_updated
|
|
) values (
|
|
?
|
|
,?
|
|
,1
|
|
,0
|
|
,0
|
|
,0
|
|
,?
|
|
,?
|
|
)
|
|
`
|
|
|
|
const permInsertIgnoreStmtPostgres = `
|
|
INSERT INTO perms (
|
|
perm_user_id
|
|
,perm_repo_uid
|
|
,perm_read
|
|
,perm_write
|
|
,perm_admin
|
|
,perm_synced
|
|
,perm_created
|
|
,perm_updated
|
|
) values (
|
|
$1
|
|
,$2
|
|
,true
|
|
,false
|
|
,false
|
|
,0
|
|
,$3
|
|
,$4
|
|
) ON CONFLICT DO NOTHING
|
|
`
|
|
|
|
// this resets the synced date indicating that
|
|
// the system should refresh the permissions next
|
|
// time the user attempts to access the resource
|
|
const permResetStmt = `
|
|
UPDATE perms SET
|
|
perm_updated = ?
|
|
,perm_synced = 0
|
|
WHERE perm_user_id = ?
|
|
`
|
|
|
|
const permResetStmtPostgres = `
|
|
UPDATE perms SET
|
|
perm_updated = $1
|
|
,perm_synced = 0
|
|
WHERE perm_user_id = $2
|
|
`
|
|
|
|
const permRevokeStmt = `
|
|
DELETE FROM perms
|
|
WHERE perm_user_id = ?
|
|
AND perm_repo_uid = ?
|
|
`
|
|
|
|
const permRevokeStmtPostgres = `
|
|
DELETE FROM perms
|
|
WHERE perm_user_id = $1
|
|
AND perm_repo_uid = $2
|
|
`
|