(ctx context.Context, req *adminv1.GetGithubUserStatusRequest)
| 50 | ) |
| 51 | |
| 52 | func (s *Server) GetGithubUserStatus(ctx context.Context, req *adminv1.GetGithubUserStatusRequest) (*adminv1.GetGithubUserStatusResponse, error) { |
| 53 | // Check the request is made by an authenticated user |
| 54 | claims := auth.GetClaims(ctx) |
| 55 | if claims.OwnerType() != auth.OwnerTypeUser { |
| 56 | return nil, status.Error(codes.Unauthenticated, "not authenticated") |
| 57 | } |
| 58 | |
| 59 | user, err := s.admin.DB.FindUser(ctx, claims.OwnerID()) |
| 60 | if err != nil { |
| 61 | return nil, err |
| 62 | } |
| 63 | if user.GithubUsername == "" { |
| 64 | // If we don't have user's github username we navigate user to installtion assuming they never installed github app |
| 65 | return &adminv1.GetGithubUserStatusResponse{ |
| 66 | HasAccess: false, |
| 67 | GrantAccessUrl: s.admin.URLs.GithubConnect(""), |
| 68 | }, nil |
| 69 | } |
| 70 | token, err := s.userAccessToken(ctx, user) |
| 71 | if err != nil { |
| 72 | // token not valid or expired, take auth again |
| 73 | return &adminv1.GetGithubUserStatusResponse{ |
| 74 | HasAccess: false, |
| 75 | GrantAccessUrl: s.admin.URLs.GithubAuth(""), |
| 76 | }, nil |
| 77 | } |
| 78 | |
| 79 | userInstallationPermission := adminv1.GithubPermission_GITHUB_PERMISSION_UNSPECIFIED |
| 80 | installation, _, err := s.admin.Github.AppClient().Apps.FindUserInstallation(ctx, user.GithubUsername) |
| 81 | if err != nil { |
| 82 | if !strings.Contains(err.Error(), "404") { |
| 83 | return nil, fmt.Errorf("failed to get user installation: %w", err) |
| 84 | } |
| 85 | } else { |
| 86 | // older git app would ask for Contents=read permission whereas new one asks for Contents=write and && Administration=write |
| 87 | if installation.Permissions != nil && installation.Permissions.Contents != nil && strings.EqualFold(*installation.Permissions.Contents, "read") { |
| 88 | userInstallationPermission = adminv1.GithubPermission_GITHUB_PERMISSION_READ |
| 89 | } |
| 90 | |
| 91 | if installation.Permissions != nil && installation.Permissions.Contents != nil && installation.Permissions.Administration != nil && strings.EqualFold(*installation.Permissions.Administration, "write") && strings.EqualFold(*installation.Permissions.Contents, "write") { |
| 92 | userInstallationPermission = adminv1.GithubPermission_GITHUB_PERMISSION_WRITE |
| 93 | } |
| 94 | } |
| 95 | |
| 96 | client := github.NewTokenClient(ctx, token) |
| 97 | // List all the private organizations for the authenticated user |
| 98 | orgs, _, err := client.Organizations.List(ctx, "", nil) |
| 99 | if err != nil { |
| 100 | return nil, fmt.Errorf("failed to get user organizations: %w", err) |
| 101 | } |
| 102 | // List all the public organizations for the authenticated user |
| 103 | publicOrgs, _, err := client.Organizations.List(ctx, user.GithubUsername, nil) |
| 104 | if err != nil { |
| 105 | return nil, fmt.Errorf("failed to get user organizations: %w", err) |
| 106 | } |
| 107 | |
| 108 | orgs = append(orgs, publicOrgs...) |
| 109 | allOrgs := make([]string, 0) |
no test coverage detected