Merge pull request #6 from quarkusio/adjust-permissions

Adjust permission checks to avoid using teams API
quarkusio · Nov 23, 2023 · bab9e09 · bab9e09
2 parents 58bf9a0 + c5e338e
commit bab9e09
Showing 1 changed file with 7 additions and 16 deletions.
diff --git a/src/main/java/io/quarkus/bot/release/ReleaseAction.java b/src/main/java/io/quarkus/bot/release/ReleaseAction.java
@@ -10,9 +10,7 @@
 import org.kohsuke.github.GHEventPayload;
 import org.kohsuke.github.GHIssue;
 import org.kohsuke.github.GHIssueComment;
-import org.kohsuke.github.GHOrganization;
-import org.kohsuke.github.GHTeam;
-import org.kohsuke.github.GHUser;
+import org.kohsuke.github.GHPermissionType;
 import org.kohsuke.github.Reactable;
 import org.kohsuke.github.ReactionContent;
 
@@ -31,7 +29,6 @@
 import io.quarkus.bot.release.util.Command;
 import io.quarkus.bot.release.util.Issues;
 import io.quarkus.bot.release.util.Processes;
-import io.quarkus.bot.release.util.Teams;
 
 public class ReleaseAction {
 
@@ -51,7 +48,7 @@ void startRelease(Context context, Commands commands, @Issue.Opened GHEventPaylo
             throw new IllegalStateException("No RELEASE_GITHUB_TOKEN around");
         }
 
-        if (!hasReleaserPermission(issuePayload.getOrganization(), issuePayload.getSender())) {
+        if (!issuePayload.getRepository().hasPermission(issuePayload.getSender(), GHPermissionType.WRITE)) {
             react(commands, issue, ReactionContent.MINUS_ONE);
             issue.comment(":rotating_light: You don't have the permission to start a release.");
             issue.close();
@@ -71,6 +68,8 @@ void startRelease(Context context, Commands commands, @Issue.Opened GHEventPaylo
             throw e;
         }
 
+        react(commands, issue, ReactionContent.PLUS_ONE);
+
         handleSteps(context, commands, issuePayload.getIssue(), null, releaseInformation, new ReleaseStatus(Status.STARTED, Step.PREREQUISITES, StepStatus.STARTED, context.getGitHubRunId()));
     }
 
@@ -84,7 +83,7 @@ void onComment(Context context, Commands commands, @IssueComment.Created GHEvent
             return;
         }
 
-        if (!hasReleaserPermission(issueCommentPayload.getOrganization(), issueCommentPayload.getSender())) {
+        if (!issueCommentPayload.getRepository().hasPermission(issueCommentPayload.getSender(), GHPermissionType.WRITE)) {
             react(commands, issueComment, ReactionContent.MINUS_ONE);
             return;
         }
@@ -162,6 +161,8 @@ private void handleSteps(Context context, Commands commands, GHIssue issue, GHIs
                 continue;
             }
 
+            commands.notice("Running step " + currentStep.getDescription());
+
             try {
                 StepHandler stepHandler = getStepHandler(currentStep);
 
@@ -204,16 +205,6 @@ private void handleSteps(Context context, Commands commands, GHIssue issue, GHIs
         }
     }
 
-    private static boolean hasReleaserPermission(GHOrganization organization, GHUser user) {
-        try {
-            GHTeam releasersTeam = organization.getTeamBySlug(Teams.RELEASERS);
-            return releasersTeam.hasMember(user);
-        } catch (IOException e) {
-            LOG.error("Unable to verify permissions", e);
-            return false;
-        }
-    }
-
     private static StepHandler getStepHandler(Step step) {
         InstanceHandle<? extends StepHandler> instanceHandle = Arc.container().instance(step.getStepHandler());