diff --git a/RNS/Utilities/rngit/server.py b/RNS/Utilities/rngit/server.py index b9fb97be..953e6610 100644 --- a/RNS/Utilities/rngit/server.py +++ b/RNS/Utilities/rngit/server.py @@ -102,9 +102,11 @@ class ReticulumGitNode(): PERM_READ = 0x01 PERM_WRITE = 0x02 PERM_READWRITE = 0x03 + PERM_CREATE = 0x04 PERM_R_SMPHR = ["r", "read"] PERM_W_SMPHR = ["w", "write"] PERM_RW_SMPHR = ["f", "full", "rw", "readwrite"] + PERM_C_SMPHR = ["c", "create"] TGT_NONE = 0x01 TGT_ALL = 0x02 @@ -244,12 +246,14 @@ class ReticulumGitNode(): perm, target = self.parse_permission(entry) if not perm or not target: continue else: - read = False; write = False + read = False; write = False; create = False if perm == self.PERM_READ or perm == self.PERM_READWRITE: read = True if perm == self.PERM_WRITE or perm == self.PERM_READWRITE: write = True + if perm == self.PERM_CREATE: create = True - if read and not target in self.groups[group_name]["read"]: self.groups[group_name]["read"].append(target) - if write and not target in self.groups[group_name]["write"]: self.groups[group_name]["write"].append(target) + if read and not target in self.groups[group_name]["read"]: self.groups[group_name]["read"].append(target) + if write and not target in self.groups[group_name]["write"]: self.groups[group_name]["write"].append(target) + if create and not target in self.groups[group_name]["create"]: self.groups[group_name]["create"].append(target) def parse_permission(self, permission_string): comps = permission_string.split(":") @@ -259,6 +263,7 @@ class ReticulumGitNode(): if perm in self.PERM_R_SMPHR: perm = self.PERM_READ elif perm in self.PERM_W_SMPHR: perm = self.PERM_WRITE elif perm in self.PERM_RW_SMPHR: perm = self.PERM_READWRITE + elif perm in self.PERM_C_SMPHR: perm = self.PERM_CREATE else: perm = None if target in self.TGT_NONE_SMPHR: target = self.TGT_NONE @@ -296,6 +301,10 @@ class ReticulumGitNode(): repository_permissions = self.groups[group_name]["repositories"][repository_name]["write"] group_permissions = self.groups[group_name]["write"] + elif permission == self.PERM_CREATE: + repository_permissions = self.groups[group_name]["repositories"][repository_name]["create"] + group_permissions = self.groups[group_name]["create"] + else: return False if self.TGT_NONE in repository_permissions: return False @@ -313,7 +322,7 @@ class ReticulumGitNode(): def load_repository_group(self, group_name, group_path): # TODO: Implement group.allowed file - if not group_name in self.groups: self.groups[group_name] = { "path": group_path, "repositories": {}, "read": [], "write": [] } + if not group_name in self.groups: self.groups[group_name] = { "path": group_path, "repositories": {}, "read": [], "write": [], "create": [] } if group_name in self.groups and self.groups[group_name]["path"] != group_path: RNS.log(f"Repository group path did not match existing entry while loading {group_name}, aborting load", RNS.LOG_ERROR) return @@ -334,6 +343,7 @@ class ReticulumGitNode(): allowed_path = f"{path}.allowed" read_allowed = [] write_allowed = [] + create_allowed = [] if os.path.isfile(allowed_path): if os.access(allowed_path, os.X_OK): @@ -351,14 +361,17 @@ class ReticulumGitNode(): perm, target = self.parse_permission(perm_input) if not perm or not target: continue else: - read = False; write = False - if perm == self.PERM_READ or perm == self.PERM_READWRITE: read = True - if perm == self.PERM_WRITE or perm == self.PERM_READWRITE: write = True + read = False; write = False; create = False + if perm == self.PERM_READ or perm == self.PERM_READWRITE: read = True + if perm == self.PERM_WRITE or perm == self.PERM_READWRITE: write = True + if perm == self.PERM_CREATE: create = True - if read and not target in read_allowed: read_allowed.append(target) - if write and not target in write_allowed: write_allowed.append(target) + if read and not target in read_allowed: read_allowed.append(target) + if write and not target in write_allowed: write_allowed.append(target) + if create and not target in create_allowed: create_allowed.append(target) - group["repositories"][repository_name] = {"name": repository_name, "group": group_name, "path": path, "read": read_allowed, "write": write_allowed } + group["repositories"][repository_name] = {"name": repository_name, "group": group_name, "path": path, + "read": read_allowed, "write": write_allowed, "create": create_allowed } loaded += 1 ms = "y" if loaded == 1 else "ies"