From 6b854feaefc558d0cab1a85597841503942ea27d Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Mon, 15 Apr 2024 18:33:28 -0400 Subject: [PATCH] add case for when package is new --- src/Database/Queries.hs | 10 +++++++++- src/Handler/Admin.hs | 18 +++++++++++------- src/Handler/Util.hs | 13 +++++++++---- src/Model.hs | 1 + 4 files changed, 30 insertions(+), 12 deletions(-) diff --git a/src/Database/Queries.hs b/src/Database/Queries.hs index f258b2f..61cb5eb 100644 --- a/src/Database/Queries.hs +++ b/src/Database/Queries.hs @@ -336,4 +336,12 @@ getAllowedPkgs pkgId adminId = do where_ $ p ^. AdminPkgsPkgId ==. val pkgId where_ $ p ^. AdminPkgsAdmin ==. val adminId pure p - pure $ entityVal <$> pkgs \ No newline at end of file + pure $ entityVal <$> pkgs + +getPkg:: (Monad m, MonadIO m) => PkgRecordId -> ReaderT SqlBackend m [PkgRecord] +getPkg pkgId = do + pkg <- select $ do + p <- from $ table @PkgRecord + where_ $ p ^. PkgRecordId ==. val pkgId + pure p + pure $ entityVal <$> pkg \ No newline at end of file diff --git a/src/Handler/Admin.hs b/src/Handler/Admin.hs index a71fcfd..ec50027 100644 --- a/src/Handler/Admin.hs +++ b/src/Handler/Admin.hs @@ -79,7 +79,7 @@ import Model ( Unique (UniqueName, UniquePkgCategory), Upload (..), VersionRecord (versionRecordNumber, versionRecordPkgId), - unPkgRecordKey, + unPkgRecordKey, AdminPkgs (AdminPkgs), ) import Network.HTTP.Types ( status400, @@ -162,7 +162,7 @@ postCheckPkgAuthR pkgId = do Just name -> do if ((length whitelist > 0 && (pkgId `elem` whitelist)) || length whitelist <= 0) then do - authorized <- checkAdminAllowedPkgs pkgId name + (authorized, _) <- checkAdminAllowedPkgs pkgId name if authorized then sendResponseText status200 "User authorized to upload this package." else sendResponseText status401 "User not authorized to upload this package." @@ -198,11 +198,15 @@ postPkgUploadR = do "Impossible: an unauthenticated user has managed to upload a pacakge to this registry." pure () Just name -> do - authorized <- checkAdminAllowedPkgs packageManifestId name + (authorized, newPkg) <- checkAdminAllowedPkgs packageManifestId name if authorized then do now <- liftIO getCurrentTime runDB $ insert_ (Upload (AdminKey name) (PkgRecordKey packageManifestId) packageManifestVersion now) + -- if pkg is whitelisted and a new upload, add as authorized for this admin user + if (newPkg) + then runDB $ insert_ (AdminPkgs (AdminKey name) (PkgRecordKey packageManifestId)) + else pure () else sendResponseText status401 "User not authorized to upload this package." else sendResponseText status500 "Package does not belong on this registry." where @@ -257,7 +261,7 @@ postPkgIndexR = do "Impossible: an unauthenticated user has accessed the index endpoint." pure () Just name -> do - authorized <- checkAdminAllowedPkgs indexPkgReqId name + (authorized, _) <- checkAdminAllowedPkgs indexPkgReqId name if authorized then do manifest <- getManifestLocation indexPkgReqId indexPkgReqVersion @@ -280,7 +284,7 @@ postPkgDeindexR = do "Impossible: an unauthenticated user has accessed the deindex endpoint." pure () Just name -> do - authorized <- checkAdminAllowedPkgs indexPkgReqId name + (authorized, _) <- checkAdminAllowedPkgs indexPkgReqId name if authorized then do case indexPkgReqArches of @@ -346,7 +350,7 @@ postPkgCategorizeR cat pkg = do "Impossible: an unauthenticated user has accessed the categorize endpoint." pure () Just name -> do - authorized <- checkAdminAllowedPkgs pkg name + (authorized, _) <- checkAdminAllowedPkgs pkg name if authorized then runDB $ do catEnt <- getBy (UniqueName cat) `orThrow` sendResponseText status404 [i|Category "#{cat}" does not exist|] @@ -368,7 +372,7 @@ deletePkgCategorizeR cat pkg = do "Impossible: an unauthenticated user has accessed the uncategorize endpoint." pure () Just name -> do - authorized <- checkAdminAllowedPkgs pkg name + (authorized, _) <- checkAdminAllowedPkgs pkg name if authorized then runDB $ do catEnt <- getBy (UniqueName cat) `orThrow` sendResponseText status404 [i|Category "#{cat}" does not exist|] diff --git a/src/Handler/Util.hs b/src/Handler/Util.hs index fb9a3fa..4b82816 100644 --- a/src/Handler/Util.hs +++ b/src/Handler/Util.hs @@ -18,7 +18,7 @@ import Data.String.Interpolate.IsString ( import Data.Text qualified as T import Data.Text.Lazy qualified as TL import Data.Text.Lazy.Builder qualified as TB -import Database.Queries (fetchAllPkgVersions, getVersionPlatform, getAllowedPkgs) +import Database.Queries (fetchAllPkgVersions, getVersionPlatform, getAllowedPkgs, getPkg) import Foundation import Lib.PkgRepository ( PkgRepo, @@ -256,7 +256,12 @@ areRegexMatchesEqual textMap (PackageDevice regexMap) = case MM.lookup key textMap of val -> or $ regexMatch regexPattern <$> val -checkAdminAllowedPkgs :: PkgId -> Text -> Handler Bool +checkAdminAllowedPkgs :: PkgId -> Text -> Handler (Bool, Bool) -- (exists, new) checkAdminAllowedPkgs pkgId adminId = do - res <- runDB $ getAllowedPkgs (PkgRecordKey pkgId) (AdminKey adminId) - pure $ if length res > 0 then True else False \ No newline at end of file + -- if pkg does not exist yet, allow, because authorized by whitelist + pkg <- runDB $ getPkg (PkgRecordKey pkgId) + if length pkg > 0 + then do + res <- runDB $ getAllowedPkgs (PkgRecordKey pkgId) (AdminKey adminId) + pure $ if length res > 0 then (True, True) else (False, True) + else pure (True, False) \ No newline at end of file diff --git a/src/Model.hs b/src/Model.hs index e617128..e6ecaa9 100644 --- a/src/Model.hs +++ b/src/Model.hs @@ -156,6 +156,7 @@ Admin AdminPkgs admin AdminId pkgId PkgRecordId + UniqueAdminPkg pkgId admin Upload uploader AdminId