docs: fix typo / minor rewording in readme

Logs

erock created pr with ps-8 on 2024-07-19T16:47:38Z

erock changed status on 2024-07-19T17:47:15Z {"status":"accepted"}

Patchsets

ps-8 by erock on 2024-07-19T16:47:38Z

Patchset `ps-8`

fix(cli): access control for removing patchsets

Eric Bower

2024-07-19T16:20:18Z

cli.go

+30 -6

pr.go

+11 -0

fix(cli): access control for removing patchsets

I also fixed some other access control issues for changing PR status.

cli.go link

+30 -6

 1diff --git a/cli.go b/cli.go
 2index fcd2543..16c696d 100644
 3--- a/cli.go
 4+++ b/cli.go
 5@@ -213,7 +213,30 @@ Here's how it works:
 6 							if err != nil {
 7 								return err
 8 							}
 9-							return pr.DeletePatchsetByID(patchsetID)
10+
11+							patchset, err := pr.GetPatchsetByID(patchsetID)
12+							if err != nil {
13+								return err
14+							}
15+
16+							user, err := pr.GetUserByID(patchset.UserID)
17+							if err != nil {
18+								return err
19+							}
20+
21+							pk := sesh.PublicKey()
22+							isAdmin := be.IsAdmin(pk)
23+							isContrib := pubkey == user.Pubkey
24+							if !isAdmin && !isContrib {
25+								return fmt.Errorf("you are not authorized to delete a patchset")
26+							}
27+
28+							err = pr.DeletePatchsetByID(patchsetID)
29+							if err != nil {
30+								return err
31+							}
32+							wish.Printf(sesh, "successfully removed patchset: %d\n", patchsetID)
33+							return nil
34 						},
35 					},
36 				},
37@@ -597,17 +620,18 @@ Here's how it works:
38 								return err
39 							}
40 
41-							user, err := pr.UpsertUser(pubkey, userName)
42+							patchReq, err := pr.GetPatchRequestByID(prID)
43 							if err != nil {
44 								return err
45 							}
46 
47-							patchReq, err := pr.GetPatchRequestByID(prID)
48+							user, err := pr.GetUserByID(patchReq.UserID)
49 							if err != nil {
50 								return err
51 							}
52+
53 							pk := sesh.PublicKey()
54-							isContrib := be.Pubkey(pk) == user.Pubkey
55+							isContrib := pubkey == user.Pubkey
56 							isAdmin := be.IsAdmin(pk)
57 							if !isAdmin && !isContrib {
58 								return fmt.Errorf("you are not authorized to change PR status")
59@@ -645,13 +669,13 @@ Here's how it works:
60 								return err
61 							}
62 
63-							user, err := pr.UpsertUser(pubkey, userName)
64+							user, err := pr.GetUserByID(patchReq.UserID)
65 							if err != nil {
66 								return err
67 							}
68 
69 							pk := sesh.PublicKey()
70-							isContrib := be.Pubkey(pk) == user.Pubkey
71+							isContrib := pubkey == user.Pubkey
72 							isAdmin := be.IsAdmin(pk)
73 							if !isAdmin && !isContrib {
74 								return fmt.Errorf("you are not authorized to change PR status")

pr.go link

+11 -0

 1diff --git a/pr.go b/pr.go
 2index 95c0b11..e4b3389 100644
 3--- a/pr.go
 4+++ b/pr.go
 5@@ -34,6 +34,7 @@ type GitPatchRequest interface {
 6 	GetPatchRequests() ([]*PatchRequest, error)
 7 	GetPatchRequestsByRepoID(repoID string) ([]*PatchRequest, error)
 8 	GetPatchsetsByPrID(prID int64) ([]*Patchset, error)
 9+	GetPatchsetByID(patchsetID int64) (*Patchset, error)
10 	GetLatestPatchsetByPrID(prID int64) (*Patchset, error)
11 	GetPatchesByPatchsetID(prID int64) ([]*Patch, error)
12 	UpdatePatchRequestStatus(prID, userID int64, status string) error
13@@ -234,6 +235,16 @@ func (pr PrCmd) GetPatchsetsByPrID(prID int64) ([]*Patchset, error) {
14 	return patchsets, nil
15 }
16 
17+func (pr PrCmd) GetPatchsetByID(patchsetID int64) (*Patchset, error) {
18+	var patchset Patchset
19+	err := pr.Backend.DB.Get(
20+		&patchset,
21+		"SELECT * FROM patchsets WHERE id=?",
22+		patchsetID,
23+	)
24+	return &patchset, err
25+}
26+
27 func (pr PrCmd) GetLatestPatchsetByPrID(prID int64) (*Patchset, error) {
28 	patchsets, err := pr.GetPatchsetsByPrID(prID)
29 	if err != nil {

Logs

Patchsets

Patchset ps-8

fix(cli): access control for removing patchsets

fix(cli): access control for removing patchsets

Patchset `ps-8`