@@ -22,8 +22,9 @@ pub(crate) mod query;
2222mod v1;
2323
2424use crate :: api:: error:: Error ;
25+ use crate :: auth:: HttpClientInfo ;
2526use crate :: cache:: Cache ;
26- use crate :: Options ;
27+ use crate :: { AccessPolicy , Options } ;
2728
2829pub const RADICLE_VERSION : & str = env ! ( "RADICLE_VERSION" ) ;
2930// This version has to be updated on every breaking change to the radicle-httpd API.
@@ -69,6 +70,7 @@ pub struct Context {
6970 profile : Arc < Profile > ,
7071 cache : Option < Cache > ,
7172 web_config : WebConfig ,
73+ access_policy : Arc < AccessPolicy > ,
7274}
7375
7476impl Context {
@@ -77,6 +79,7 @@ impl Context {
7779 profile : profile. clone ( ) ,
7880 cache : options. cache . map ( Cache :: new) ,
7981 web_config,
82+ access_policy : Arc :: clone ( & options. access_policy ) ,
8083 }
8184 }
8285
@@ -139,14 +142,17 @@ impl Context {
139142
140143 /// Get a repository by RID, checking to make sure we're allowed to view it.
141144 #[ allow( clippy:: result_large_err) ]
142- pub fn repo ( & self , rid : RepoId ) -> Result < ( Repository , DocAt ) , error:: Error > {
145+ pub fn repo (
146+ & self ,
147+ rid : RepoId ,
148+ client_info : & HttpClientInfo ,
149+ ) -> Result < ( Repository , DocAt ) , error:: Error > {
143150 let repo = self . profile . storage . repository ( rid) ?;
144151 let doc = repo. identity_doc ( ) ?;
145- // Don't allow accessing private repos.
146- if doc. visibility ( ) . is_private ( ) {
147- return Err ( Error :: NotFound ) ;
148- }
149- Ok ( ( repo, doc) )
152+ self . access_policy
153+ . check ( client_info. with_repo ( rid, & doc) )
154+ . then_some ( ( repo, doc) )
155+ . ok_or ( Error :: NotFound )
150156 }
151157
152158 /// Returns a reference to the thread-safe web configuration.
@@ -332,9 +338,6 @@ mod search {
332338 db : & Database ,
333339 aliases : & Aliases ,
334340 ) -> Option < Self > {
335- if info. doc . visibility ( ) . is_private ( ) {
336- return None ;
337- }
338341 let Ok ( Some ( index) ) = info. doc . project ( ) . map ( |p| p. name ( ) . find ( q) ) else {
339342 return None ;
340343 } ;
@@ -584,6 +587,7 @@ mod tests {
584587 use radicle:: identity:: RepoId ;
585588 use radicle:: storage:: { ReadRepository , ReadStorage } ;
586589
590+ use crate :: auth:: HttpClientInfo ;
587591 use crate :: test;
588592
589593 fn r ( s : & str ) -> & RefStr {
@@ -610,7 +614,7 @@ mod tests {
610614 let ctx = test:: seed ( tmp. path ( ) ) ;
611615 let rid = RepoId :: from_str ( test:: RID ) . unwrap ( ) ;
612616
613- let ( repo, doc) = ctx. repo ( rid) . unwrap ( ) ;
617+ let ( repo, doc) = ctx. repo ( rid, & HttpClientInfo :: default ( ) ) . unwrap ( ) ;
614618 let info = ctx. repo_info ( & repo, doc) . unwrap ( ) ;
615619
616620 assert ! ( info. refs. tags. is_empty( ) ) ;
0 commit comments