package main import ( "time" ) import "log" func (auth *Auth) HasReadWriteAccess(fingerprint string, repo *GitRepository) bool { auth.mux.Lock() defer auth.mux.Unlock() // the owner always has access for _, login := range auth.logins[fingerprint] { if login == "~" + repo.Owner { return true } } // TODO make uncategorized repositories unavailable // TODO notify of doubly categorized repositories // the 'private' trumps everything if auth.repositoryPrivate[repo.ID()] { return false } if auth.repositoryShared[repo.ID()] != nil { for _, login := range auth.logins[fingerprint] { for _, sharedWith := range auth.repositoryShared[repo.ID()] { if login == sharedWith { return true } } } return false } return false } func (auth *Auth) HasReadAccess(authtoken string, repo *GitRepository) bool { auth.mux.Lock() defer auth.mux.Unlock() // 'private' trumps everything if auth.repositoryPrivate[repo.ID()] { return false } // TODO (potentially!) add the feature to semipublic shared repositories // (is it currently possible to give authtoken access to an unowned machine?) if auth.repositorySemipublic[repo.ID()] != nil { if time.Now().After(auth.authtokenExpiry[authtoken]) { log.Printf("expired: authtoken %q", authtoken) delete(auth.authtokenExpiry, authtoken) delete(auth.authtokenFingerprint, authtoken) return false } fingerprint := auth.authtokenFingerprint[authtoken] log.Printf("associated fingerprint: authtoken %q, fingerprint %q", authtoken, fingerprint) for _, login := range auth.logins[fingerprint] { for _, semipublicked := range auth.repositorySemipublic[repo.ID()] { if login == semipublicked { return true } } } log.Printf("access failed: authtoken %q, repository %s", authtoken, repo.ID()) // 'semipublic' makes 'public' impossible return false } return auth.repositoryPublic[repo.ID()] }