diff options
author | Pietro Albini <pietro@pietroalbini.org> | 2019-03-10 12:51:56 +0100 |
---|---|---|
committer | Pietro Albini <pietro@pietroalbini.org> | 2019-03-10 12:51:56 +0100 |
commit | efeff4703c3c95ed18178d2a9510b69ca44c7277 (patch) | |
tree | f690cf240c88f212e03ef5a3b16ddfcd65c065dc /src | |
parent | 6eb8e78a2a817d662187a32f80aa49ad79e6f00c (diff) |
permissions: split direct and indirect permissions
Diffstat (limited to 'src')
-rw-r--r-- | src/permissions.rs | 13 | ||||
-rw-r--r-- | src/validate.rs | 4 |
2 files changed, 15 insertions, 2 deletions
diff --git a/src/permissions.rs b/src/permissions.rs index d6bafb0..93054e2 100644 --- a/src/permissions.rs +++ b/src/permissions.rs @@ -74,6 +74,10 @@ macro_rules! permissions { ]; pub(crate) fn has(&self, permission: &str) -> bool { + self.has_directly(permission) || self.has_indirectly(permission) + } + + pub(crate) fn has_directly(&self, permission: &str) -> bool { $( if permission == stringify!($boolean) { return self.$boolean; @@ -83,10 +87,17 @@ macro_rules! permissions { if permission == concat!("bors.", stringify!($bors), ".review") { return self.bors.$bors.review; } + if permission == concat!("bors.", stringify!($bors), ".try") { + return self.bors.$bors.try_ + } )* + false + } + + pub fn has_indirectly(&self, permission: &str) -> bool { $( if permission == concat!("bors.", stringify!($bors), ".try") { - return self.bors.$bors.try_ || self.bors.$bors.review; + return self.bors.$bors.review; } )* false diff --git a/src/validate.rs b/src/validate.rs index fab3a76..90881fe 100644 --- a/src/validate.rs +++ b/src/validate.rs @@ -250,7 +250,9 @@ fn validate_duplicate_permissions(data: &Data, errors: &mut Vec<String>) { wrapper(team.members(&data)?.iter(), errors, |member, _| { if let Some(person) = data.person(member) { for permission in Permissions::AVAILABLE { - if team.permissions().has(permission) && person.permissions().has(permission) { + if team.permissions().has(permission) + && person.permissions().has_directly(permission) + { bail!( "user `{}` has the permission `{}` both explicitly and through \ the `{}` team", |