Fix explicit perms label being missing on repo permissions page (#57583)

pjlast · web-flow · commit fa90531bddf4 · 2023-10-16T12:18:04.000Z
diff --git a/client/web/src/enterprise/repo/settings/RepoSettingsPermissionsPage.tsx b/client/web/src/enterprise/repo/settings/RepoSettingsPermissionsPage.tsx
@@ -260,6 +260,10 @@ const PermissionReasonBadgeProps: { [reason: string]: BadgeProps } = {
     },
     Unrestricted: { variant: 'primary', tooltip: 'The repository is accessible to all the users. ' },
     'Site Admin': { variant: 'secondary', tooltip: 'The user is site admin and has access to all the repositories.' },
+    'Explicit API': {
+        variant: 'success',
+        tooltip: 'The permission was granted through explicit permissions API.',
+    },
 }
 
 interface ScheduleRepositoryPermissionsSyncActionContainerProps {
diff --git a/internal/database/perms_store.go b/internal/database/perms_store.go
@@ -2075,7 +2075,7 @@ func (s *permsStore) ListRepoPermissions(ctx context.Context, repoID api.RepoID,
 
 	perms := make([]*RepoPermission, 0)
 	for rows.Next() {
-		user, updatedAt, err := s.scanUsersPermissionsInfo(rows)
+		user, updatedAt, source, err := scanUsersPermissionsInfo(rows)
 		if err != nil {
 			return nil, err
 		}
@@ -2087,6 +2087,8 @@ func (s *permsStore) ListRepoPermissions(ctx context.Context, repoID api.RepoID,
 		} else if user.SiteAdmin && !authzParams.AuthzEnforceForSiteAdmins {
 			reason = UserRepoPermissionReasonSiteAdmin
 			updatedAt = time.Time{}
+		} else if source == authz.SourceAPI {
+			reason = UserRepoPermissionReasonExplicitPerms
 		}
 
 		perms = append(perms, &RepoPermission{User: user, Reason: reason, UpdatedAt: updatedAt})
@@ -2095,9 +2097,10 @@ func (s *permsStore) ListRepoPermissions(ctx context.Context, repoID api.RepoID,
 	return perms, nil
 }
 
-func (s *permsStore) scanUsersPermissionsInfo(rows dbutil.Scanner) (*types.User, time.Time, error) {
+func scanUsersPermissionsInfo(rows dbutil.Scanner) (*types.User, time.Time, authz.PermsSource, error) {
 	var u types.User
 	var updatedAt time.Time
+	var source *string
 	var displayName, avatarURL sql.NullString
 
 	err := rows.Scan(
@@ -2112,15 +2115,21 @@ func (s *permsStore) scanUsersPermissionsInfo(rows dbutil.Scanner) (*types.User,
 		&u.InvalidatedSessionsAt,
 		&u.TosAccepted,
 		&dbutil.NullTime{Time: &updatedAt},
+		&source,
 	)
 	if err != nil {
-		return nil, time.Time{}, err
+		return nil, time.Time{}, "", err
 	}
 
 	u.DisplayName = displayName.String
 	u.AvatarURL = avatarURL.String
 
-	return &u, updatedAt, nil
+	var permsSource authz.PermsSource
+	if source != nil {
+		permsSource = authz.PermsSource(*source)
+	}
+
+	return &u, updatedAt, permsSource, nil
 }
 
 const usersPermissionsInfoQueryFmt = `
@@ -2135,7 +2144,8 @@ SELECT
 	users.passwd IS NOT NULL,
 	users.invalidated_sessions_at,
 	users.tos_accepted,
-	urp.updated_at AS permissions_updated_at
+	urp.updated_at AS permissions_updated_at,
+	urp.source
 FROM
 	users
 	LEFT JOIN user_repo_permissions urp ON urp.user_id = users.id AND urp.repo_id = %d
diff --git a/internal/database/perms_store_test.go b/internal/database/perms_store_test.go
@@ -4126,7 +4126,7 @@ func TestPermsStore_ListRepoPermissions(t *testing.T) {
 		}
 	}
 
-	q := sqlf.Sprintf(`INSERT INTO user_repo_permissions(user_id, repo_id) VALUES(555, 1), (666, 1), (NULL, 3), (666, 4)`)
+	q := sqlf.Sprintf(`INSERT INTO user_repo_permissions(user_id, repo_id, source) VALUES(555, 1, 'user_sync'), (666, 1, 'api'), (NULL, 3, 'api'), (666, 4, 'user_sync')`)
 	if err := s.execute(ctx, q); err != nil {
 		t.Fatal(err)
 	}
@@ -4145,7 +4145,7 @@ func TestPermsStore_ListRepoPermissions(t *testing.T) {
 				{
 					// have access
 					UserID: 666,
-					Reason: UserRepoPermissionReasonPermissionsSync,
+					Reason: UserRepoPermissionReasonExplicitPerms,
 				},
 				{
 					// have access
@@ -4184,7 +4184,7 @@ func TestPermsStore_ListRepoPermissions(t *testing.T) {
 			WantResults: []*listRepoPermissionsResult{
 				{
 					UserID: 666,
-					Reason: UserRepoPermissionReasonPermissionsSync,
+					Reason: UserRepoPermissionReasonExplicitPerms,
 				},
 			},
 		},
@@ -4197,7 +4197,7 @@ func TestPermsStore_ListRepoPermissions(t *testing.T) {
 			WantResults: []*listRepoPermissionsResult{
 				{
 					UserID: 666,
-					Reason: UserRepoPermissionReasonPermissionsSync,
+					Reason: UserRepoPermissionReasonExplicitPerms,
 				},
 			},
 		},
@@ -4290,7 +4290,7 @@ func TestPermsStore_ListRepoPermissions(t *testing.T) {
 				{
 					// have access
 					UserID: 666,
-					Reason: UserRepoPermissionReasonPermissionsSync,
+					Reason: UserRepoPermissionReasonExplicitPerms,
 				},
 				{
 					// have access

Original file line number	Diff line number	Diff line change
`@@ -4126,7 +4126,7 @@ func TestPermsStore_ListRepoPermissions(t *testing.T) {`
`4126`	`4126`	`}`
`4127`	`4127`	`}`
`4128`	`4128`
`4129`		- q := sqlf.Sprintf(`INSERT INTO user_repo_permissions(user_id, repo_id) VALUES(555, 1), (666, 1), (NULL, 3), (666, 4)`)
	`4129`	+ q := sqlf.Sprintf(`INSERT INTO user_repo_permissions(user_id, repo_id, source) VALUES(555, 1, 'user_sync'), (666, 1, 'api'), (NULL, 3, 'api'), (666, 4, 'user_sync')`)
`4130`	`4130`	`if err := s.execute(ctx, q); err != nil {`
`4131`	`4131`	`t.Fatal(err)`
`4132`	`4132`	`}`
`@@ -4145,7 +4145,7 @@ func TestPermsStore_ListRepoPermissions(t *testing.T) {`
`4145`	`4145`	`{`
`4146`	`4146`	`// have access`
`4147`	`4147`	`UserID: 666,`
`4148`		`- Reason: UserRepoPermissionReasonPermissionsSync,`
	`4148`	`+ Reason: UserRepoPermissionReasonExplicitPerms,`
`4149`	`4149`	`},`
`4150`	`4150`	`{`
`4151`	`4151`	`// have access`
`@@ -4184,7 +4184,7 @@ func TestPermsStore_ListRepoPermissions(t *testing.T) {`
`4184`	`4184`	`WantResults: []*listRepoPermissionsResult{`
`4185`	`4185`	`{`
`4186`	`4186`	`UserID: 666,`
`4187`		`- Reason: UserRepoPermissionReasonPermissionsSync,`
	`4187`	`+ Reason: UserRepoPermissionReasonExplicitPerms,`
`4188`	`4188`	`},`
`4189`	`4189`	`},`
`4190`	`4190`	`},`
`@@ -4197,7 +4197,7 @@ func TestPermsStore_ListRepoPermissions(t *testing.T) {`
`4197`	`4197`	`WantResults: []*listRepoPermissionsResult{`
`4198`	`4198`	`{`
`4199`	`4199`	`UserID: 666,`
`4200`		`- Reason: UserRepoPermissionReasonPermissionsSync,`
	`4200`	`+ Reason: UserRepoPermissionReasonExplicitPerms,`
`4201`	`4201`	`},`
`4202`	`4202`	`},`
`4203`	`4203`	`},`
`@@ -4290,7 +4290,7 @@ func TestPermsStore_ListRepoPermissions(t *testing.T) {`
`4290`	`4290`	`{`
`4291`	`4291`	`// have access`
`4292`	`4292`	`UserID: 666,`
`4293`		`- Reason: UserRepoPermissionReasonPermissionsSync,`
	`4293`	`+ Reason: UserRepoPermissionReasonExplicitPerms,`
`4294`	`4294`	`},`
`4295`	`4295`	`{`
`4296`	`4296`	`// have access`