Jonathan Miller
c572fcfe04
Rename the Go module path from code.gitea.io/gitea to git.mokoconsulting.tech/MokoConsulting/MokoGitea across the entire codebase. Scope: - go.mod module declaration - 2,235 Go source files (import paths) - Dockerfile WORKDIR and COPY paths - Swagger API templates - golangci.yml linter config External dependencies (code.gitea.io/gitea-vet, code.gitea.io/sdk/gitea, gitea.com/gitea/act, etc.) are intentionally NOT renamed — they are separate upstream modules. Closes #132 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
75 lines
3.2 KiB
Go
75 lines
3.2 KiB
Go
// Copyright 2026 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package actions
|
|
|
|
import (
|
|
"context"
|
|
|
|
"git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/perm"
|
|
repo_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/repo"
|
|
user_model "git.mokoconsulting.tech/MokoConsulting/MokoGitea/models/user"
|
|
"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/json"
|
|
"git.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/util"
|
|
|
|
"xorm.io/xorm/convert"
|
|
)
|
|
|
|
// OwnerActionsConfig defines the Actions configuration for a user or organization
|
|
type OwnerActionsConfig struct {
|
|
// TokenPermissionMode defines the default permission mode (permissive, restricted)
|
|
TokenPermissionMode repo_model.ActionsTokenPermissionMode `json:"token_permission_mode,omitempty"`
|
|
|
|
// MaxTokenPermissions defines the absolute maximum permissions any token can have in this context.
|
|
MaxTokenPermissions *repo_model.ActionsTokenPermissions `json:"max_token_permissions,omitempty"`
|
|
|
|
// AllowedCrossRepoIDs is a list of specific repo IDs that can be accessed cross-repo
|
|
AllowedCrossRepoIDs []int64 `json:"allowed_cross_repo_ids,omitempty"`
|
|
}
|
|
|
|
var _ convert.ConversionFrom = (*OwnerActionsConfig)(nil)
|
|
|
|
func (cfg *OwnerActionsConfig) FromDB(bytes []byte) error {
|
|
_ = json.Unmarshal(bytes, cfg)
|
|
cfg.TokenPermissionMode, _ = util.EnumValue(cfg.TokenPermissionMode)
|
|
return nil
|
|
}
|
|
|
|
// GetOwnerActionsConfig loads the OwnerActionsConfig for a user or organization from user settings
|
|
// It returns a default config if no setting is found
|
|
func GetOwnerActionsConfig(ctx context.Context, userID int64) (ret OwnerActionsConfig, err error) {
|
|
return user_model.GetUserSettingJSON(ctx, userID, user_model.SettingsKeyActionsConfig, ret)
|
|
}
|
|
|
|
// SetOwnerActionsConfig saves the OwnerActionsConfig for a user or organization to user settings
|
|
func SetOwnerActionsConfig(ctx context.Context, userID int64, cfg OwnerActionsConfig) error {
|
|
return user_model.SetUserSettingJSON(ctx, userID, user_model.SettingsKeyActionsConfig, cfg)
|
|
}
|
|
|
|
// GetDefaultTokenPermissions returns the default token permissions by its TokenPermissionMode.
|
|
func (cfg *OwnerActionsConfig) GetDefaultTokenPermissions() repo_model.ActionsTokenPermissions {
|
|
switch cfg.TokenPermissionMode {
|
|
case repo_model.ActionsTokenPermissionModeRestricted:
|
|
return repo_model.MakeRestrictedPermissions()
|
|
case repo_model.ActionsTokenPermissionModePermissive:
|
|
return repo_model.MakeActionsTokenPermissions(perm.AccessModeWrite)
|
|
default:
|
|
return repo_model.MakeActionsTokenPermissions(perm.AccessModeNone)
|
|
}
|
|
}
|
|
|
|
// GetMaxTokenPermissions returns the maximum allowed permissions
|
|
func (cfg *OwnerActionsConfig) GetMaxTokenPermissions() repo_model.ActionsTokenPermissions {
|
|
if cfg.MaxTokenPermissions != nil {
|
|
return *cfg.MaxTokenPermissions
|
|
}
|
|
// Default max is write for everything
|
|
return repo_model.MakeActionsTokenPermissions(perm.AccessModeWrite)
|
|
}
|
|
|
|
// ClampPermissions ensures that the given permissions don't exceed the maximum
|
|
func (cfg *OwnerActionsConfig) ClampPermissions(perms repo_model.ActionsTokenPermissions) repo_model.ActionsTokenPermissions {
|
|
maxPerms := cfg.GetMaxTokenPermissions()
|
|
return repo_model.ClampActionsTokenPermissions(perms, maxPerms)
|
|
}
|