Skip to content

Commit 92df1e1

Browse files
JarLobJarLob
committed
Public repos do not require contents: read 
1 parent 166e5bd commit 92df1e1

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

monitor/mitm_plugin.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -324,6 +324,8 @@ def get_permission(self, path, method, query):
324324
elif path_segments[1] == 'repos' and (path_segments[4] == 'check-runs' or path_segments[4] == 'check-suites'):
325325
return [('checks', 'read' if method == 'GET' else 'write')]
326326
elif path_segments[1] == 'repos' and (path_segments[4] == 'releases' or path_segments[4] == 'git' or path_segments[4] == 'commits'):
327+
if method == 'GET' and self.is_public_repo(f'{path_segments[2]}/{path_segments[3]}'):
328+
return []
327329
return [('contents', 'read' if method == 'GET' else 'write')]
328330
elif path_segments[1] == 'repos' and path_segments[4] == 'deployments':
329331
return [('deployments', 'read' if method == 'GET' else 'write')]
@@ -343,6 +345,8 @@ def get_permission(self, path, method, query):
343345
return [('statuses', 'read' if method == 'GET' else 'write')]
344346
elif path_segments[3] == 'info' and path_segments[4] == 'refs':
345347
if query['service'][0] == 'git-upload-pack':
348+
if self.is_public_repo(f'{path_segments[1]}/{path_segments[2]}'):
349+
return []
346350
return [('contents', 'read')]
347351
elif query['service'][0] == 'git-receive-pack':
348352
return [('contents', 'write')]
@@ -359,6 +363,8 @@ def get_permission(self, path, method, query):
359363
elif path_segments[1] == 'repositories' and (path_segments[3] == 'check-runs' or path_segments[3] == 'check-suites'):
360364
return [('checks', 'read' if method == 'GET' else 'write')]
361365
elif path_segments[1] == 'repositories' and (path_segments[3] == 'releases' or path_segments[3] == 'git' or path_segments[3] == 'commits'):
366+
if method == 'GET' and self.is_public_repo(path_segments[2]):
367+
return []
362368
return [('contents', 'read' if method == 'GET' else 'write')]
363369
elif path_segments[1] == 'repositories' and path_segments[3] == 'deployments':
364370
return [('deployments', 'read' if method == 'GET' else 'write')]
@@ -377,6 +383,8 @@ def get_permission(self, path, method, query):
377383
elif path_segments[1] == 'projects':
378384
return [('repository-projects', 'read' if method == 'GET' else 'write')]
379385
elif path_segments[3] == 'git-upload-pack':
386+
if self.is_public_repo(f'{path_segments[1]}/{path_segments[2]}'):
387+
return []
380388
return [('contents', 'read')]
381389
elif path_segments[3] == 'git-receive-pack':
382390
return [('contents', 'write')]

0 commit comments

Comments
 (0)