authz/perforce: sync sub-repo permissions (!26745) · Merge requests · Warren Gifford / sourcegraph

Warren Gifford requested to merge 503/perforce-subrepo-sync into main Oct 27, 2021

Created by: bobheadxi

Adds an authorization.subRepoPermissions option that sets up a Perforce provider that is aware of the configured depots and parses p4 protects -u to populate:

Exacts with depots that have inclusion permissions
- if there are none, the depot is not included
SubRepoPermissions.PathIncludes and SubRepoPermissions.PathExcludes with glob patterns for approved and denied file access
- currently is the full path as provided in p4 protects, i.e. may include the depot name in the match itself
- handles ACL conflicts hopefully accurately

The result is a client like https://github.com/sourcegraph/sourcegraph/pull/26842 can take PathIncludes and PathExcludes and check for the exclusions and inclusions to determine whether a user has access to a file.

Closes #26644 (closed)

authz/perforce: sync sub-repo permissions

Merge request reports