Skip to content

authz: add new `Store` type to manage permissions

Warren Gifford requested to merge jc/rfc40-explicit-repo-permissions into master

Created by: unknwon

This PR adds a new Store type to the enterprise/cmd/frontend/internal/authz, is part of the RFC 40: Explicit Repository Permissions Model (AKA "The Sourcegraph Authz Provider") (#6086 (closed)).

This Store provides a unified interface (a set of methods) for DB operations over permissions tables:

  • user_permissions
  • repo_permssions
  • user_pending_permissions
  • repo_pending_permissions

Review Tips

  • Encouraged to review by commits, in particular:
    1. Update site config schema
    2. Add DB migration scripts
    3. Add site alert about conflicts between code host authz provider(s) and this new Sourcegraph Authz Provider (no real action is taken here, will do that in later PRs)
    4. Initial implementation of Store type

Notes

Compatibility with existing authz/bitbucketserver.store

The design of this package has taken this into account, here is the PoC PR that shows how we could reuse this Store type in Bitbucket Server Authz Provider (it's outdated with refactoring of internal/authz package, but it's a PoC anyway).

Test plan

  • Unit tests
  • Site alert

Merge request reports

Loading