GitRoot

 1// SPDX-FileCopyrightText: 2025 Romain Maneschi <romain@gitroot.dev>
 2//
 3// SPDX-License-Identifier: EUPL-1.2
 4
 5package plugin
 6
 7import (
 8	"errors"
 9	"io/fs"
10	"os"
11	"slices"
12	"strings"
13
14	"github.com/go-git/go-git/v5/plumbing"
15	pluginLib "gitroot.dev/libs/golang/plugin"
16)
17
18func checkBranch(pluginRun PluginRun, branch plumbing.ReferenceName) bool {
19	if len(pluginRun.Branch) == 0 {
20		return false
21	}
22
23	isAuthorized := true
24	for _, b := range pluginRun.Branch {
25		if b == "*" {
26			isAuthorized = true
27			break
28		}
29		if branch.Short() != b {
30			isAuthorized = false
31		}
32	}
33
34	//negate check
35	for _, b := range pluginRun.Branch {
36		if strings.HasPrefix(b, "!") && strings.TrimPrefix(b, "!") == branch.Short() {
37			isAuthorized = false
38		}
39	}
40
41	return isAuthorized
42}
43
44var ErrCantAdd = errors.New("plugin try to add new file but can't")
45var ErrCantMod = errors.New("plugin try to mod file but can't")
46
47func checkWrite(pluginWriteRight []PluginWriteRight, f fs.FS, path string) (bool, error) {
48	canAdd := slices.ContainsFunc(pluginWriteRight, func(pwr PluginWriteRight) bool {
49		return slices.Contains(pwr.Can, pluginLib.PluginWriteRightCanAdd) && pwr.glob.Match(path)
50	})
51	canMod := slices.ContainsFunc(pluginWriteRight, func(pwr PluginWriteRight) bool {
52		return slices.Contains(pwr.Can, pluginLib.PluginWriteRightCanMod) && pwr.glob.Match(path)
53	})
54	if !canAdd && !canMod {
55		return false, nil
56	}
57	if !canAdd || !canMod {
58		_, err := fs.Stat(f, path)
59		if errors.Is(err, os.ErrNotExist) && !canAdd {
60			return false, ErrCantAdd
61		} else if err == nil && !canMod {
62			return false, ErrCantMod
63		} else if err != nil && !errors.Is(err, os.ErrNotExist) {
64			return false, err
65		}
66	}
67	return true, nil
68}