diff --git a/model/perm.go b/model/perm.go index bd8199ffda..f0aa5e1842 100644 --- a/model/perm.go +++ b/model/perm.go @@ -6,7 +6,7 @@ type PermStore interface { PermUpsert(perm *Perm) error PermBatch(perms []*Perm) error PermDelete(perm *Perm) error - // PermFlush(user *User) error + PermFlush(user *User, before int64) error } // Perm defines a repository permission for an individual user. diff --git a/server/sync.go b/server/sync.go index f6e07641c8..adac83a7a6 100644 --- a/server/sync.go +++ b/server/sync.go @@ -20,7 +20,7 @@ type syncer struct { } func (s *syncer) Sync(user *model.User) error { - unix := time.Now().Unix() + unix := time.Now().Unix() - 1 // force immediate expiration repos, err := s.remote.Repos(user) if err != nil { return err @@ -51,5 +51,16 @@ func (s *syncer) Sync(user *model.User) error { return err } - return nil + // this is here as a precaution. I want to make sure that if an api + // call to the version control system fails and (for some reason) returns + // an empty list, we don't wipe out the user repository permissions. + // + // the side-effect of this code is that a user with 1 repository whose + // access is removed will still display in the feed, but they will not + // be able to access the actual repository data. + if len(repos) == 0 { + return nil + } + + return s.perms.PermFlush(user, unix) } diff --git a/store/datastore/perms.go b/store/datastore/perms.go index 876622b501..ffa4f77e12 100644 --- a/store/datastore/perms.go +++ b/store/datastore/perms.go @@ -42,3 +42,9 @@ func (db *datastore) PermDelete(perm *model.Perm) error { _, err := db.Exec(stmt, perm.UserID, perm.RepoID) return err } + +func (db *datastore) PermFlush(user *model.User, before int64) error { + stmt := sql.Lookup(db.driver, "perms-delete-user-date") + _, err := db.Exec(stmt, user.ID, before) + return err +} diff --git a/store/store.go b/store/store.go index 6e4c23a07c..4fcfece499 100644 --- a/store/store.go +++ b/store/store.go @@ -92,6 +92,7 @@ type Store interface { PermUpsert(perm *model.Perm) error PermBatch(perms []*model.Perm) error PermDelete(perm *model.Perm) error + PermFlush(user *model.User, before int64) error ConfigLoad(int64) (*model.Config, error) ConfigFind(*model.Repo, string) (*model.Config, error)