Skip to content

Commit c504141

Browse files
JoannaaKLJoannaaKL
committed
Add logs and comments
1 parent 881dc82 commit c504141

File tree

1 file changed

+13
-4
lines changed

1 file changed

+13
-4
lines changed

pkg/lockdown/lockdown.go

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -113,13 +113,19 @@ type CacheStats struct {
113113
Evictions int64
114114
}
115115

116+
// IsSafeContent determines if the specified user can safely access the requested repository content.
117+
// Safe access applies when any of the following is true:
118+
// - the content was created by a trusted bot;
119+
// - the author currently has push access to the repository;
120+
// - the repository is private;
121+
// - the content was created by the viewer.
116122
func (c *RepoAccessCache) IsSafeContent(ctx context.Context, username, owner, repo string) (bool, error) {
117123
repoInfo, err := c.getRepoAccessInfo(ctx, username, owner, repo)
118124
if err != nil {
119125
return false, err
120126
}
121127

122-
c.logDebug(ctx, fmt.Sprintf("evaluated repo access fur user %s to %s/%s for content filtering, result: hasPushAccess=%t, isPrivate=%t",
128+
c.logDebug(ctx, fmt.Sprintf("evaluated repo access for user %s to %s/%s for content filtering, result: hasPushAccess=%t, isPrivate=%t",
123129
username, owner, repo, repoInfo.HasPushAccess, repoInfo.IsPrivate))
124130

125131
if c.isTrustedBot(username) || repoInfo.IsPrivate || repoInfo.ViewerLogin == strings.ToLower(username) {
@@ -143,15 +149,15 @@ func (c *RepoAccessCache) getRepoAccessInfo(ctx context.Context, username, owner
143149
if err == nil {
144150
entry := cacheItem.Data().(*repoAccessCacheEntry)
145151
if cachedHasPush, known := entry.knownUsers[userKey]; known {
146-
c.logDebug(ctx, "repo access cache hit")
152+
c.logDebug(ctx, fmt.Sprintf("repo access cache hit for user %s to %s/%s", username, owner, repo))
147153
return RepoAccessInfo{
148154
IsPrivate: entry.isPrivate,
149155
HasPushAccess: cachedHasPush,
150156
ViewerLogin: entry.viewerLogin,
151157
}, nil
152158
}
153159

154-
c.logDebug(ctx, "known users cache miss")
160+
c.logDebug(ctx, "known users cache miss, fetching from graphql API")
155161

156162
info, queryErr := c.queryRepoAccessInfo(ctx, username, owner, repo)
157163
if queryErr != nil {
@@ -170,7 +176,7 @@ func (c *RepoAccessCache) getRepoAccessInfo(ctx context.Context, username, owner
170176
}, nil
171177
}
172178

173-
c.logDebug(ctx, "repo access cache miss")
179+
c.logDebug(ctx, fmt.Sprintf("repo access cache miss for user %s to %s/%s", username, owner, repo))
174180

175181
info, queryErr := c.queryRepoAccessInfo(ctx, username, owner, repo)
176182
if queryErr != nil {
@@ -234,6 +240,9 @@ func (c *RepoAccessCache) queryRepoAccessInfo(ctx context.Context, username, own
234240
}
235241
}
236242

243+
c.logDebug(ctx, fmt.Sprintf("queried repo access info for user %s to %s/%s: isPrivate=%t, hasPushAccess=%t, viewerLogin=%s",
244+
username, owner, repo, bool(query.Repository.IsPrivate), hasPush, query.Viewer.Login))
245+
237246
return RepoAccessInfo{
238247
IsPrivate: bool(query.Repository.IsPrivate),
239248
HasPushAccess: hasPush,

0 commit comments

Comments
 (0)