sx-gitea Phase 2: access — acl-backed permissions, collaborators, teams, auth-gated routes (TDD, 194/194)
lib/gitea/access.sx: repo role groups (admin>write>read) as acl facts saturated by the datalog engine; user-owner => admin; collaborators (per-repo role, upsert); org teams (one role, 'all' or scoped repo list); org-admin?; visible-repos; create-allowed?; bearer tokens in kv. Facts derived from forge state, acl db cached in the forge handle and rebuilt only when facts change. lib/gitea/web.sx: every repo route now requires read (404 hides private repos); repo create needs owner/org-admin, delete + collaborator API need admin (401 no credentials / 403 not allowed); index + /api/repos list only visible repos; PUT/DELETE collab endpoints. tests/access.sx (103) + repo suite updated for gating (91). Fixed a web.sx corruption from the known sx_find_all/sx_replace_node path mismatch by rewriting via sx_write_file; suite timeout 300->600s. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -10,7 +10,7 @@
|
||||
; Requires: lib/persist/{event,backend,log,kv}.sx, lib/artdag/dag.sx,
|
||||
; lib/git/{object,ref,dag,worktree,diff,merge,porcelain}.sx
|
||||
|
||||
(define gitea/forge (fn (db) {:db db}))
|
||||
(define gitea/forge (fn (db) {:cache {} :db db}))
|
||||
(define gitea/forge-db (fn (forge) (get forge :db)))
|
||||
|
||||
; ── names ────────────────────────────────────────────────────────────
|
||||
|
||||
Reference in New Issue
Block a user