Skip to content
Permalink
Browse files Browse the repository at this point in the history
search: use exclude filters when resolving global private repos (#27501)
Zoekt is not aware of user permissions, so we calculate the set of
private repos a user can see and pass that on to zoekt. This is only
done in "global mode", otherwise we just use the repo resolver. We
recently added support to exclude repos in global searches. However,
that was only done for the public repositories and we didn't update the
logic which calculated the set of private repositories to take that into
account. This commit adds in the ExcludePattern similiar to how the
repository resolver works.

Note: we should just use the repository resolver. However, we use
slightly different logic for setting "UserID" in the search than the
repo resolver. This commit does the simplest fix, instead of the more
general fix.
  • Loading branch information
keegancsmith authored and caugustus-sourcegraph committed Nov 17, 2021
1 parent 0fcbade commit a88d90a
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 9 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Expand Up @@ -24,6 +24,14 @@ All notable changes to Sourcegraph are documented in this file.
### Fixed

-
- An issue that causes the server to panic when performing a structural search via the GQL API for a query that also
matches missing repos (affected versions 3.33.0 and 3.32.0)
. [#26630](https://github.com/sourcegraph/sourcegraph/pull/26630)
- Improve detection for Docker running in non-linux
environments. [#23477](https://github.com/sourcegraph/sourcegraph/issues/23477)
- Fixed the cache size calculation used for Kubernetes deployments. Previously, the calculated value was too high and would exceed the ephemeral storage request limit. #[26283](https://github.com/sourcegraph/sourcegraph/issues/26283)
- Fixed a regression that was introduced in 3.27 and broke SSH-based authentication for managing Batch Changes changesets on code hosts. SSH keys generated by Sourcegraph were not used for authentication and authenticating with the code host would fail if no SSH key with write-access had been added to `gitserver`. [#27491](https://github.com/sourcegraph/sourcegraph/pull/27491)
- Private repositories matching `-repo:` expressions are now excluded. This was a regression introduced in 3.33.0. [#27044](https://github.com/sourcegraph/sourcegraph/issues/27044)

### Removed

Expand Down
16 changes: 9 additions & 7 deletions cmd/frontend/graphqlbackend/search_results.go
Expand Up @@ -37,6 +37,7 @@ import (
"github.com/sourcegraph/sourcegraph/internal/search/commit"
"github.com/sourcegraph/sourcegraph/internal/search/filter"
"github.com/sourcegraph/sourcegraph/internal/search/query"
"github.com/sourcegraph/sourcegraph/internal/search/repos"
searchrepos "github.com/sourcegraph/sourcegraph/internal/search/repos"
"github.com/sourcegraph/sourcegraph/internal/search/result"
"github.com/sourcegraph/sourcegraph/internal/search/run"
Expand Down Expand Up @@ -1506,13 +1507,14 @@ func (r *searchResolver) doResults(ctx context.Context, args *search.TextParamet
// only the repos directly added by the user. Otherwise it's all repos the user has
// access to on all connected code hosts / external services.
userPrivateRepos, err := database.Repos(r.db).ListRepoNames(ctx, database.ReposListOptions{
UserID: userID, // Zero valued when not in sourcegraph.com mode
OnlyPrivate: true,
LimitOffset: &database.LimitOffset{Limit: search.SearchLimits(conf.Get()).MaxRepos + 1},
OnlyForks: args.RepoOptions.OnlyForks,
NoForks: args.RepoOptions.NoForks,
OnlyArchived: args.RepoOptions.OnlyArchived,
NoArchived: args.RepoOptions.NoArchived,
UserID: userID, // Zero valued when not in sourcegraph.com mode
OnlyPrivate: true,
LimitOffset: &database.LimitOffset{Limit: search.SearchLimits(conf.Get()).MaxRepos + 1},
OnlyForks: args.RepoOptions.OnlyForks,
NoForks: args.RepoOptions.NoForks,
OnlyArchived: args.RepoOptions.OnlyArchived,
NoArchived: args.RepoOptions.NoArchived,
ExcludePattern: repos.UnionRegExps(args.RepoOptions.MinusRepoFilters),
})

if err != nil {
Expand Down
4 changes: 2 additions & 2 deletions dev/gqltest/README.md
Expand Up @@ -30,9 +30,9 @@ Alternatively you can use the 1password CLI tool:

```sh
# dev-private token for ghe.sgdev.org
op get item bw4nttlfqve3rc6xqzbqq7l7pm | jq -r '.. | select(.t? == "token name: dev-private") | @sh "export GITHUB_TOKEN=\(.v)"'
op get item bw4nttlfqve3rc6xqzbqq7l7pm | jq -r '.. | select(.t? == "k8s.sgdev.org") | @sh "export GITHUB_TOKEN=\(.v)"'
# AWS and Bitbucket tokens
op get item 5q5lnpirajegt7uifngeabrak4 | jq -r '.details.sections[] | .fields[] | @sh "export \(.t)=\(.v)"
op get item 5q5lnpirajegt7uifngeabrak4 | jq -r '.details.sections[] | .fields[] | @sh "export \(.t)=\(.v)"'
```

## How to run tests
Expand Down
6 changes: 6 additions & 0 deletions dev/gqltest/search_test.go
Expand Up @@ -535,6 +535,12 @@ func testSearchClient(t *testing.T, client searchClient) {
name: `regexp, filename, nonzero result`,
query: `file:doc.go patterntype:regexp`,
},
// Ensure repo resolution is correct in global. https://github.com/sourcegraph/sourcegraph/issues/27044
{
name: `-repo excludes private repos`,
query: `-repo:private // this is a change`,
zeroResult: true,
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
Expand Down

0 comments on commit a88d90a

Please sign in to comment.