Use GraphQL API to fetch user type
This commit is contained in:
parent
c32e0052bf
commit
0046f91254
|
@ -8,8 +8,11 @@ import (
|
|||
"io/ioutil"
|
||||
"net/http"
|
||||
|
||||
"git.sr.ht/~sircmpwn/core-go/auth"
|
||||
"git.sr.ht/~sircmpwn/core-go/client"
|
||||
"git.sr.ht/~sircmpwn/core-go/config"
|
||||
"github.com/99designs/gqlgen/graphql"
|
||||
"github.com/vektah/gqlparser/v2/gqlerror"
|
||||
|
||||
"git.sr.ht/~sircmpwn/builds.sr.ht/api/graph/model"
|
||||
)
|
||||
|
@ -140,3 +143,43 @@ func StartJobGroupUnsafe(ctx context.Context, tx *sql.Tx, id, ownerID int) error
|
|||
|
||||
return nil
|
||||
}
|
||||
|
||||
func checkPaymentRequirement(ctx context.Context) error {
|
||||
conf := config.ForContext(ctx)
|
||||
user := auth.ForContext(ctx)
|
||||
|
||||
allowFree, _ := conf.Get("builds.sr.ht", "allow-free")
|
||||
if allowFree == "yes" {
|
||||
return nil
|
||||
}
|
||||
|
||||
query := client.GraphQLQuery{
|
||||
Query: `
|
||||
query {
|
||||
me {
|
||||
userType
|
||||
}
|
||||
}
|
||||
`,
|
||||
}
|
||||
var resp struct {
|
||||
Data struct {
|
||||
Me struct {
|
||||
UserType string `json:"userType"`
|
||||
} `json:"me"`
|
||||
}
|
||||
Errors gqlerror.List `json:"errors"`
|
||||
}
|
||||
if err := client.Execute(ctx, user.Username, "meta.sr.ht", query, &resp); err != nil {
|
||||
return err
|
||||
} else if len(resp.Errors) > 0 {
|
||||
return resp.Errors
|
||||
}
|
||||
|
||||
switch resp.Data.Me.UserType {
|
||||
case "ADMIN", "ACTIVE_PAYING", "ACTIVE_FREE":
|
||||
return nil
|
||||
default:
|
||||
return fmt.Errorf("A paid account is required to submit builds")
|
||||
}
|
||||
}
|
||||
|
|
|
@ -265,27 +265,22 @@ func (r *jobGroupResolver) Triggers(ctx context.Context, obj *model.JobGroup) ([
|
|||
|
||||
// Submit is the resolver for the submit field.
|
||||
func (r *mutationResolver) Submit(ctx context.Context, manifest string, tags []string, note *string, secrets *bool, execute *bool, visibility *model.Visibility) (*model.Job, error) {
|
||||
user := auth.ForContext(ctx)
|
||||
|
||||
if err := checkPaymentRequirement(ctx); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
man, err := LoadManifest(manifest)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
conf := config.ForContext(ctx)
|
||||
user := auth.ForContext(ctx)
|
||||
|
||||
vis := model.VisibilityUnlisted
|
||||
if visibility != nil {
|
||||
vis = *visibility
|
||||
}
|
||||
|
||||
allowFree, _ := conf.Get("builds.sr.ht", "allow-free")
|
||||
if allowFree != "yes" {
|
||||
if user.UserType != "admin" &&
|
||||
user.UserType != "active_free" &&
|
||||
user.UserType != "active_paying" {
|
||||
return nil, fmt.Errorf("A paid account is required to submit builds")
|
||||
}
|
||||
}
|
||||
|
||||
secretsErr := user.Access("SECRETS", auth.RO)
|
||||
|
||||
var sec bool
|
||||
|
|
|
@ -35,10 +35,18 @@ def submit_build(user, manifest, note=None, tags=[], visibility=None):
|
|||
def requires_payment(user):
|
||||
if allow_free:
|
||||
return False
|
||||
return user.user_type not in [
|
||||
UserType.admin,
|
||||
UserType.active_paying,
|
||||
UserType.active_free,
|
||||
|
||||
resp = exec_gql("meta.sr.ht", """
|
||||
query {
|
||||
me {
|
||||
userType
|
||||
}
|
||||
}
|
||||
""")
|
||||
return resp["me"]["userType"] not in [
|
||||
"ADMIN",
|
||||
"ACTIVE_PAYING",
|
||||
"ACTIVE_FREE",
|
||||
]
|
||||
|
||||
@runner.task
|
||||
|
|
Loading…
Reference in New Issue