permissions: split direct and indirect permissions

author: Pietro Albini <pietro@pietroalbini.org> 2019-03-10 12:51:56 +0100
committer: Pietro Albini <pietro@pietroalbini.org> 2019-03-10 12:51:56 +0100
commit: efeff4703c3c95ed18178d2a9510b69ca44c7277 (patch)
tree: f690cf240c88f212e03ef5a3b16ddfcd65c065dc /src
parent: 6eb8e78a2a817d662187a32f80aa49ad79e6f00c (diff)
2 files changed, 15 insertions, 2 deletions
diff --git a/src/permissions.rs b/src/permissions.rs
index d6bafb0..93054e2 100644
--- a/src/permissions.rs
+++ b/src/permissions.rs
@@ -74,6 +74,10 @@ macro_rules! permissions {
             ];
 
             pub(crate) fn has(&self, permission: &str) -> bool {
+                self.has_directly(permission) || self.has_indirectly(permission)
+            }
+
+            pub(crate) fn has_directly(&self, permission: &str) -> bool {
                 $(
                     if permission == stringify!($boolean) {
                         return self.$boolean;
@@ -83,10 +87,17 @@ macro_rules! permissions {
                     if permission == concat!("bors.", stringify!($bors), ".review") {
                         return self.bors.$bors.review;
                     }
+                    if permission == concat!("bors.", stringify!($bors), ".try") {
+                        return self.bors.$bors.try_
+                    }
                 )*
+                false
+            }
+
+            pub fn has_indirectly(&self, permission: &str) -> bool {
                 $(
                     if permission == concat!("bors.", stringify!($bors), ".try") {
-                        return self.bors.$bors.try_ || self.bors.$bors.review;
+                        return self.bors.$bors.review;
                     }
                 )*
                 false
diff --git a/src/validate.rs b/src/validate.rs
index fab3a76..90881fe 100644
--- a/src/validate.rs
+++ b/src/validate.rs
@@ -250,7 +250,9 @@ fn validate_duplicate_permissions(data: &Data, errors: &mut Vec<String>) {
         wrapper(team.members(&data)?.iter(), errors, |member, _| {
             if let Some(person) = data.person(member) {
                 for permission in Permissions::AVAILABLE {
-                    if team.permissions().has(permission) && person.permissions().has(permission) {
+                    if team.permissions().has(permission)
+                        && person.permissions().has_directly(permission)
+                    {
                         bail!(
                             "user `{}` has the permission `{}` both explicitly and through \
                              the `{}` team",
author	Pietro Albini <pietro@pietroalbini.org>	2019-03-10 12:51:56 +0100
committer	Pietro Albini <pietro@pietroalbini.org>	2019-03-10 12:51:56 +0100
commit	efeff4703c3c95ed18178d2a9510b69ca44c7277 (patch)
tree	f690cf240c88f212e03ef5a3b16ddfcd65c065dc /src
parent	6eb8e78a2a817d662187a32f80aa49ad79e6f00c (diff)