MCPcopy Index your code
hub / github.com/github/github-mcp-server / IsSafeContent

Method IsSafeContent

pkg/lockdown/lockdown.go:110–139  ·  view source on GitHub ↗

IsSafeContent determines if the specified user can safely access the requested repository content. Safe access applies when any of the following is true: - the content was created by a trusted bot; - the author currently has push access to the repository; - the repository is private; - the content w

(ctx context.Context, username, owner, repo string)

Source from the content-addressed store, hash-verified

108// - the repository is private;
109// - the content was created by the viewer.
110func (c *RepoAccessCache) IsSafeContent(ctx context.Context, username, owner, repo string) (bool, error) {
111 if c == nil {
112 return false, fmt.Errorf("nil repo access cache")
113 }
114
115 if c.isTrustedBot(username) {
116 return true, nil
117 }
118
119 repoInfo, err := c.getRepoAccessInfo(ctx, username, owner, repo)
120 if err != nil {
121 return false, err
122 }
123
124 c.logDebug(ctx, fmt.Sprintf("evaluated repo access for user %s to %s/%s for content filtering, result: hasPushAccess=%t, isPrivate=%t",
125 username, owner, repo, repoInfo.HasPushAccess, repoInfo.IsPrivate))
126
127 if repoInfo.IsPrivate {
128 return true, nil
129 }
130 if repoInfo.HasPushAccess {
131 return true, nil
132 }
133
134 viewerLogin, err := c.viewerLoginFor(ctx)
135 if err != nil {
136 return false, err
137 }
138 return viewerLogin == strings.ToLower(username), nil
139}
140
141func (c *RepoAccessCache) viewerLoginFor(ctx context.Context) (string, error) {
142 c.viewerMu.Lock()

Callers 7

GetIssueFunction · 0.80
GetIssueCommentsFunction · 0.80
GetSubIssuesFunction · 0.80
GetPullRequestFunction · 0.80
GetPullRequestReviewsFunction · 0.80

Calls 4

isTrustedBotMethod · 0.95
getRepoAccessInfoMethod · 0.95
logDebugMethod · 0.95
viewerLoginForMethod · 0.95