Allow public repos to have public queues

apps/bors_frontend/test/controllers/project_controller_test.exs

@@ -81,7 +81,7 @@ defmodule BorsNG.ProjectControllerTest do
   test "do not show an unlinked project", %{conn: conn, project: project} do
     conn = login conn
     assert_raise RuntimeError, ~r/Permission denied/, fn ->
-     get conn, project_path(conn, :show, project)
+     get conn, project_path(conn, :settings, project)
    end
   end
 

apps/bors_frontend/web/controllers/project_controller.ex

@@ -28,13 +28,17 @@ defmodule BorsNG.ProjectController do
   end
 
   defp do_action(conn, action, %{"id" => id} = params) do
+    allow_private_repos = Application.get_env(
+      :bors_frontend, BorsNG)[:allow_private_repos]
     project = Project
     |> from(preload: [:installation])
     |> Repo.get!(id)
-    unless User.has_perm(Repo, conn.assigns.user, project.id) do
-      raise "Permission denied"
+    mode = cond do
+      User.has_perm(Repo, conn.assigns.user, project.id) -> :rw
+      !allow_private_repos -> :ro
+      true -> raise RuntimeError, "Permission denied"
     end
-    apply(__MODULE__, action, [conn, project, params])
+    apply(__MODULE__, action, [conn, mode, project, params])
   end
   defp do_action(conn, action, params) do
     apply(__MODULE__, action, [conn, params])
@@ -56,7 +60,7 @@ defmodule BorsNG.ProjectController do
       state: batch.state}
   end
 
-  def show(conn, project, _params) do
+  def show(conn, mode, project, _params) do
     batches = project.id
     |> Batch.all_for_project(:incomplete)
     |> Repo.all()
@@ -71,10 +75,12 @@ defmodule BorsNG.ProjectController do
       project: project,
       batches: batches,
       is_synchronizing: is_synchronizing,
-      unbatched_patches: unbatched_patches
+      unbatched_patches: unbatched_patches,
+      mode: mode
   end
 
-  def settings(conn, project, _params) do
+  def settings(_, :ro, _, _), do: raise RuntimeError, "Permission denied"
+  def settings(conn, :rw, project, _params) do
     reviewers = Repo.all(User.by_project(project.id))
     render conn, "settings.html",
       project: project,
@@ -83,7 +89,8 @@ defmodule BorsNG.ProjectController do
       update_branches: Project.changeset_branches(project)
   end
 
-  def cancel_all(conn, project, _params) do
+  def cancel_all(_, :ro, _, _), do: raise RuntimeError, "Permission denied"
+  def cancel_all(conn, :rw, project, _params) do
     project.id
     |> Batcher.Registry.get()
     |> Batcher.cancel_all()
@@ -92,7 +99,8 @@ defmodule BorsNG.ProjectController do
     |> redirect(to: project_path(conn, :show, project))
   end
 
-  def update_branches(conn, project, %{"project" => pdef}) do
+  def update_branches(_, :ro, _, _), do: raise RuntimeError, "Permission denied"
+  def update_branches(conn, :rw, project, %{"project" => pdef}) do
     result = project
     |> Project.changeset_branches(pdef)
     |> Repo.update()
@@ -113,13 +121,13 @@ defmodule BorsNG.ProjectController do
     end
   end
 
-  def add_reviewer(conn, project, %{"reviewer" => %{"login" => ""}}) do
+  def add_reviewer(_, :ro, _, _), do: raise RuntimeError, "Permission denied"
+  def add_reviewer(conn, :rw, project, %{"reviewer" => %{"login" => ""}}) do
     conn
     |> put_flash(:error, "Please enter a GitHub user's nickname")
     |> redirect(to: project_path(conn, :settings, project))
   end
-
-  def add_reviewer(conn, project, %{"reviewer" => %{"login" => login}}) do
+  def add_reviewer(conn, :rw, project, %{"reviewer" => %{"login" => login}}) do
     user = case Repo.get_by(User, login: login) do
       nil ->
         {:installation, project.installation.installation_xref}
@@ -153,7 +161,8 @@ defmodule BorsNG.ProjectController do
     |> redirect(to: project_path(conn, :settings, project))
   end
 
-  def remove_reviewer(conn, project, %{"user_id" => user_id}) do
+  def remove_reviewer(_, :ro, _, _), do: raise RuntimeError, "Permission denied"
+  def remove_reviewer(conn, :rw, project, %{"user_id" => user_id}) do
     link = Repo.get_by!(
       LinkUserProject,
       project_id: project.id,
@@ -164,7 +173,8 @@ defmodule BorsNG.ProjectController do
     |> redirect(to: project_path(conn, :settings, project))
   end
 
-  def synchronize(conn, project, _params) do
+  def synchronize(_, :ro, _, _), do: raise RuntimeError, "Permission denied"
+  def synchronize(conn, :rw, project, _params) do
     Syncer.start_synchronize_project(project.id)
     conn
     |> put_flash(:ok, "Started synchronizing")

apps/bors_frontend/web/templates/project/show.html.eex

@@ -14,13 +14,16 @@
 
 <div class=tabs role=tabs>
   <span class="tab tab--active">Pull requests</span>
+  <%= if @mode == :rw do %>
   <%= link "Settings", to: project_path(@conn, :settings, @project), class: "tab" %>
+  <% end %>
 </div>
 
 </nav>
 
 <main role=main><div class=wrapper>
 
+<%= if @mode == :rw do %>
 <div class=toolbar aria-role=toolbar>
 <%= if @batches != [] do %>
   <%= link "Cancel all", to: project_path(@conn, :cancel_all, @project), method: :delete, class: "toolbar-item toolbar-item--remove", data: [confirm: "Commenting `bors r-` on a PR will cancel just the one. You asked to cancel all of them, which is a PITA to undo.\n\nAre you sure you want to cancel all running and waiting pull requests?"] %>
@@ -31,6 +34,7 @@
   <%= link "Sync pull requests", to: project_path(@conn, :synchronize, @project), method: :put, class: "toolbar-item" %>
 <% end %>
 </div>
+<% end %>
 
 <%= if not is_nil get_flash(@conn, :ok) do %>
 <div role="alert" class="alert alert--ok">