|
23 | 23 | from federatedcode.settings import FEDERATED_CODE_DOMAIN |
24 | 24 | from federatedcode.settings import FEDERATED_CODE_GIT_PATH |
25 | 25 |
|
26 | | -from .models import Follow, FederateRequest |
| 26 | +from .models import Follow, FederateRequest, SyncRequest |
27 | 27 | from .models import Note |
28 | 28 | from .models import Person |
29 | 29 | from .models import Package |
|
72 | 72 | URL_MAPPER = { |
73 | 73 | "user-ap-profile": "username", |
74 | 74 | "purl-ap-profile": "purl_string", |
75 | | - "review-page": "uuid", |
76 | | - "repository-page": "uuid", |
77 | | - "note-page": "uuid", |
78 | | - "vulnerability-page": "str", |
| 75 | + "review-page": "review_id", |
| 76 | + "repository-page": 'repository_id', |
| 77 | + "note-page": "note_id", |
| 78 | + "vulnerability-page": "vulnerability_id", |
79 | 79 | } |
80 | 80 |
|
81 | 81 | logger = logging.getLogger(__name__) |
@@ -107,7 +107,7 @@ def add_ap_target(response): |
107 | 107 |
|
108 | 108 | def has_valid_header(view): |
109 | 109 | """ |
110 | | - check if the request header in the AP_VALID_HEADERS if yes return view else return HttpResponseForbidden |
| 110 | + check if the request header in the AP_VALID_HEADERS if yes return view else return |
111 | 111 | """ |
112 | 112 |
|
113 | 113 | def wrapper(request, *args, **kwargs): |
@@ -153,6 +153,43 @@ def federate(cls, targets, body, key_id): |
153 | 153 | except Exception as e: |
154 | 154 | logger.error(f"{e}") |
155 | 155 |
|
| 156 | + @classmethod |
| 157 | + def get_actor_permissions(cls, actor, object): |
| 158 | + """get the actor permission to do some activity on the object""" |
| 159 | + permissions = { |
| 160 | + Person: { |
| 161 | + Note: lambda: { |
| 162 | + CreateActivity, |
| 163 | + UpdateActivity if object.acct == actor.acct else None, |
| 164 | + DeleteActivity if object.acct == actor.acct else None |
| 165 | + }, |
| 166 | + |
| 167 | + Review: lambda: { |
| 168 | + CreateActivity, |
| 169 | + UpdateActivity if object.author == actor else None, |
| 170 | + DeleteActivity if object.author == actor else None |
| 171 | + }, |
| 172 | + }, |
| 173 | + Service: { |
| 174 | + Repository: lambda: { |
| 175 | + CreateActivity, |
| 176 | + SyncActivity if object.admin == actor else None, |
| 177 | + UpdateActivity if object.admin == actor else None, |
| 178 | + DeleteActivity if object.admin == actor else None |
| 179 | + } |
| 180 | + }, |
| 181 | + Package: { |
| 182 | + Note: lambda: { |
| 183 | + CreateActivity, |
| 184 | + UpdateActivity if object.acct == actor.acct else None, |
| 185 | + DeleteActivity if object.acct == actor.acct else None |
| 186 | + }, |
| 187 | + } |
| 188 | + } |
| 189 | + |
| 190 | + # Return the permissions for the specific actor and object type |
| 191 | + return permissions.get(type(actor), {}).get(type(object), lambda: {}) |
| 192 | + |
156 | 193 |
|
157 | 194 | @dataclass |
158 | 195 | class ApActor: |
@@ -430,13 +467,13 @@ def save(self): |
430 | 467 | (isinstance(actor, Person) and self.object.type in ["Note", "Review"]) |
431 | 468 | or (isinstance(actor, Service) and self.object.type == "Repository") |
432 | 469 | or (isinstance(actor, Package) and self.object.type == "Note") |
433 | | - ): |
| 470 | + ) and UpdateActivity in Activity.get_actor_permissions(actor, old_obj)(): |
434 | 471 | for key, value in updated_param[self.object.type].items(): |
435 | 472 | if value: |
436 | 473 | setattr(old_obj, key, value) |
437 | 474 | old_obj.save() |
438 | 475 |
|
439 | | - Activity.federate(targets=self.to, body=self.to_ap(), key_id=actor.key_id) |
| 476 | + Activity.federate(targets=self.to, body=self.to_ap(), key_id=actor.key_id) |
440 | 477 | return self.succeeded_ap_rs(old_obj.to_ap) |
441 | 478 |
|
442 | 479 | def succeeded_ap_rs(self, update_obj): |
@@ -480,11 +517,12 @@ def save(self): |
480 | 517 | or (type(actor) is Service and self.object.type == ["Repository", "Package"]) |
481 | 518 | ): |
482 | 519 | instance = self.object.get() |
483 | | - instance.delete() |
484 | | - Activity.federate(targets=self.to, body=self.to_ap(), key_id=actor.key_id) |
485 | | - return self.succeeded_ap_rs() |
486 | | - else: |
487 | | - return self.failed_ap_rs() |
| 520 | + if DeleteActivity in Activity.get_actor_permissions(actor, instance)(): |
| 521 | + instance.delete() |
| 522 | + Activity.federate(targets=self.to, body=self.to_ap(), key_id=actor.key_id) |
| 523 | + return self.succeeded_ap_rs() |
| 524 | + |
| 525 | + return self.failed_ap_rs() |
488 | 526 |
|
489 | 527 | def ap_rq(self): |
490 | 528 | """Request for deleting object in activitypub format""" |
@@ -571,9 +609,13 @@ def save(self): |
571 | 609 | actor = self.actor.get() |
572 | 610 | if not actor: |
573 | 611 | return self.failed_ap_rs() |
574 | | - repo = self.object.get().git_repo_obj |
575 | | - repo.remotes.origin.pull() |
576 | | - return self.succeeded_ap_rs() |
| 612 | + repo = self.object.get() |
| 613 | + |
| 614 | + if SyncActivity in Activity.get_actor_permissions(actor, repo)(): |
| 615 | + SyncRequest.objects.create(repo=repo) |
| 616 | + return self.succeeded_ap_rs() |
| 617 | + |
| 618 | + return self.failed_ap_rs() |
577 | 619 |
|
578 | 620 | def succeeded_ap_rs(self): |
579 | 621 | """Response for successfully deleting the object""" |
@@ -607,3 +649,4 @@ def check_remote_actor(key_id): |
607 | 649 | obj_id, page_name = resolver.kwargs, resolver.url_name |
608 | 650 | identity = URL_MAPPER[page_name] |
609 | 651 | return webfinger_actor(parser.netloc, resolver.kwargs[identity]) |
| 652 | + |
0 commit comments