Added rngit create permission

2026-06-09 06:31:54 -07:00 · 2026-05-01 17:33:12 +02:00
parent d7c3859f61
commit f4aa7dc389
1 changed files with 23 additions and 10 deletions
@@ -102,9 +102,11 @@ class ReticulumGitNode():
    PERM_READ       = 0x01
    PERM_WRITE      = 0x02
    PERM_READWRITE  = 0x03
+    PERM_CREATE     = 0x04
    PERM_R_SMPHR    = ["r", "read"]
    PERM_W_SMPHR    = ["w", "write"]
    PERM_RW_SMPHR   = ["f", "full", "rw", "readwrite"]
+    PERM_C_SMPHR    = ["c", "create"]

    TGT_NONE        = 0x01
    TGT_ALL         = 0x02
@@ -244,12 +246,14 @@ class ReticulumGitNode():
                        perm, target = self.parse_permission(entry)
                        if not perm or not target: continue
                        else:
-                            read = False; write = False
+                            read = False; write = False; create = False
                            if perm == self.PERM_READ  or perm == self.PERM_READWRITE: read  = True
                            if perm == self.PERM_WRITE or perm == self.PERM_READWRITE: write = True
+                            if perm == self.PERM_CREATE:                               create = True

-                            if read  and not target in self.groups[group_name]["read"]:  self.groups[group_name]["read"].append(target)
-                            if write and not target in self.groups[group_name]["write"]: self.groups[group_name]["write"].append(target)
+                            if read  and not  target in self.groups[group_name]["read"]:   self.groups[group_name]["read"].append(target)
+                            if write and not  target in self.groups[group_name]["write"]:  self.groups[group_name]["write"].append(target)
+                            if create and not target in self.groups[group_name]["create"]: self.groups[group_name]["create"].append(target)

    def parse_permission(self, permission_string):
        comps = permission_string.split(":")
@@ -259,6 +263,7 @@ class ReticulumGitNode():
            if   perm in self.PERM_R_SMPHR:  perm = self.PERM_READ
            elif perm in self.PERM_W_SMPHR:  perm = self.PERM_WRITE
            elif perm in self.PERM_RW_SMPHR: perm = self.PERM_READWRITE
+            elif perm in self.PERM_C_SMPHR:  perm = self.PERM_CREATE
            else:                            perm = None

            if   target in self.TGT_NONE_SMPHR: target = self.TGT_NONE
@@ -296,6 +301,10 @@ class ReticulumGitNode():
                repository_permissions = self.groups[group_name]["repositories"][repository_name]["write"]
                group_permissions      = self.groups[group_name]["write"]

+            elif permission == self.PERM_CREATE:
+                repository_permissions = self.groups[group_name]["repositories"][repository_name]["create"]
+                group_permissions      = self.groups[group_name]["create"]
+
            else: return False

            if   self.TGT_NONE in repository_permissions: return False
@@ -313,7 +322,7 @@ class ReticulumGitNode():

    def load_repository_group(self, group_name, group_path):
        # TODO: Implement group.allowed file
-        if not group_name in self.groups: self.groups[group_name] = { "path": group_path, "repositories": {}, "read": [], "write": [] }
+        if not group_name in self.groups: self.groups[group_name] = { "path": group_path, "repositories": {}, "read": [], "write": [], "create": [] }
        if group_name in self.groups and self.groups[group_name]["path"] != group_path:
            RNS.log(f"Repository group path did not match existing entry while loading {group_name}, aborting load", RNS.LOG_ERROR)
            return
@@ -334,6 +343,7 @@ class ReticulumGitNode():
                        allowed_path    = f"{path}.allowed"
                        read_allowed    = []
                        write_allowed   = []
+                        create_allowed  = []

                        if os.path.isfile(allowed_path):
                            if os.access(allowed_path, os.X_OK):
@@ -351,14 +361,17 @@ class ReticulumGitNode():
                                    perm, target = self.parse_permission(perm_input)
                                    if not perm or not target: continue
                                    else:
-                                        read = False; write = False
-                                        if perm == self.PERM_READ  or perm == self.PERM_READWRITE: read  = True
-                                        if perm == self.PERM_WRITE or perm == self.PERM_READWRITE: write = True
+                                        read = False; write = False; create = False
+                                        if perm == self.PERM_READ  or perm == self.PERM_READWRITE: read   = True
+                                        if perm == self.PERM_WRITE or perm == self.PERM_READWRITE: write  = True
+                                        if perm == self.PERM_CREATE:                               create = True

-                                        if read  and not target in read_allowed:  read_allowed.append(target)
-                                        if write and not target in write_allowed: write_allowed.append(target)
+                                        if read   and not target in read_allowed:   read_allowed.append(target)
+                                        if write  and not target in write_allowed:  write_allowed.append(target)
+                                        if create and not target in create_allowed: create_allowed.append(target)

-                        group["repositories"][repository_name] = {"name": repository_name, "group": group_name, "path": path, "read": read_allowed, "write": write_allowed }
+                        group["repositories"][repository_name] = {"name": repository_name, "group": group_name, "path": path,
+                                                                  "read": read_allowed, "write": write_allowed, "create": create_allowed }
                        loaded += 1

        ms = "y" if loaded == 1 else "ies"