git-proxy/src/proxy/processors/push-action/checkUserPushPermission.js at 5d24d9dbd0ea22ac81b3b4288391cb7aee978c5d · finos/git-proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
const Step = require('../../actions').Step;
const db = require('../../../db');

// Execute if the repo is approved
const exec = async (req, action) => {
  const step = new Step('checkUserPushPermission');

  const repoName = action.repo.split('/')[1].replace('.git', '');
  let isUserAllowed = false;
  let user = action.user;

  // Find the user associated with this Git Account
  const list = await db.getUsers({ gitAccount: action.user });

  console.log(JSON.stringify(list));

  if (list.length == 1) {
    user = list[0].username;
    isUserAllowed = await db.isUserPushAllowed(repoName, user);
  }

  console.log(`User ${user} permission on Repo ${repoName} : ${isUserAllowed}`);

  if (!isUserAllowed) {
    console.log('User not allowed to Push');
    step.error = true;
    step.log(`User ${user} is not allowed to push on repo ${action.repo}, ending`);

    console.log('setting error');

    step.setError(
      `Rejecting push as user ${action.user} ` +
        `is not allowed to push on repo ` +
        `${action.repo}`,
    );
    action.addStep(step);
    return action;
  }

  step.log(`User ${user} is allowed to push on repo ${action.repo}`);
  action.addStep(step);
  return action;
};

exec.displayName = 'checkUserPushPermission.exec';
exports.exec = exec;