From efeff4703c3c95ed18178d2a9510b69ca44c7277 Mon Sep 17 00:00:00 2001 From: Pietro Albini Date: Sun, 10 Mar 2019 12:51:56 +0100 Subject: permissions: split direct and indirect permissions --- src/permissions.rs | 13 ++++++++++++- src/validate.rs | 4 +++- 2 files changed, 15 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/permissions.rs b/src/permissions.rs index d6bafb0..93054e2 100644 --- a/src/permissions.rs +++ b/src/permissions.rs @@ -74,6 +74,10 @@ macro_rules! permissions { ]; pub(crate) fn has(&self, permission: &str) -> bool { + self.has_directly(permission) || self.has_indirectly(permission) + } + + pub(crate) fn has_directly(&self, permission: &str) -> bool { $( if permission == stringify!($boolean) { return self.$boolean; @@ -83,10 +87,17 @@ macro_rules! permissions { if permission == concat!("bors.", stringify!($bors), ".review") { return self.bors.$bors.review; } + if permission == concat!("bors.", stringify!($bors), ".try") { + return self.bors.$bors.try_ + } )* + false + } + + pub fn has_indirectly(&self, permission: &str) -> bool { $( if permission == concat!("bors.", stringify!($bors), ".try") { - return self.bors.$bors.try_ || self.bors.$bors.review; + return self.bors.$bors.review; } )* false diff --git a/src/validate.rs b/src/validate.rs index fab3a76..90881fe 100644 --- a/src/validate.rs +++ b/src/validate.rs @@ -250,7 +250,9 @@ fn validate_duplicate_permissions(data: &Data, errors: &mut Vec) { wrapper(team.members(&data)?.iter(), errors, |member, _| { if let Some(person) = data.person(member) { for permission in Permissions::AVAILABLE { - if team.permissions().has(permission) && person.permissions().has(permission) { + if team.permissions().has(permission) + && person.permissions().has_directly(permission) + { bail!( "user `{}` has the permission `{}` both explicitly and through \ the `{}` team", -- cgit v1.2.3