From 17db094d611c6500d7bd81dc3aadb422340a2674 Mon Sep 17 00:00:00 2001 From: Philip Monk Date: Mon, 2 Dec 2019 22:29:12 -0800 Subject: [PATCH] publish: set permissions on %serve --- bin/solid.pill | 4 +- pkg/arvo/app/publish.hoon | 127 +++++++++++++++++----------- pkg/arvo/gen/publish/subscribe.hoon | 1 - 3 files changed, 78 insertions(+), 54 deletions(-) diff --git a/bin/solid.pill b/bin/solid.pill index 027949100..f35305bdb 100644 --- a/bin/solid.pill +++ b/bin/solid.pill @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:58e864f36ebeef35e5000bf55a06953fb054a66a94932b248c01324508e0c250 -size 10238857 +oid sha256:a31c322a1fef4ce52d8efbdc31d09bc4c72b9be772d807e5f2c6cbc288ee3666 +size 10119668 diff --git a/pkg/arvo/app/publish.hoon b/pkg/arvo/app/publish.hoon index 619254c59..51369cc42 100644 --- a/pkg/arvo/app/publish.hoon +++ b/pkg/arvo/app/publish.hoon @@ -1290,60 +1290,85 @@ .^((list path) %ct (weld our-beak /web/publish/[coll.act])) ?> ?=(^ (find [/web/publish/[coll.act]/publish-info]~ files)) =/ all=[moves=(list card) builds=(set wire)] - %+ roll files - |= [pax=path out=[moves=(list card) builds=(set wire)]] - ?+ pax - out - :: - [%web %publish @tas %publish-info ~] - ?> =(coll.act i.t.t.pax) - =/ wir=wire /collection/[coll.act] - =/ schema=schematic:ford - :* %bake - %publish-info - *coin - [[our.bol q.byk.bol] /[coll.act]/publish/web] - == - %= out - builds (~(put in builds.out) wir) + %+ roll files + |= [pax=path out=[moves=(list card) builds=(set wire)]] + ?+ pax + out :: - moves - :* [%pass wir %arvo %f %build %.y schema] - moves.out + [%web %publish @tas %publish-info ~] + ?> =(coll.act i.t.t.pax) + =/ wir=wire /collection/[coll.act] + =/ schema=schematic:ford + :* %bake + %publish-info + *coin + [[our.bol q.byk.bol] /[coll.act]/publish/web] + == + %= out + builds (~(put in builds.out) wir) + :: + moves + :* [%pass wir %arvo %f %build %.y schema] + moves.out + == == + :: + [%web %publish @tas @tas %udon ~] + ?> =(coll.act i.t.t.pax) + =/ post i.t.t.t.pax + =/ post-wir=wire /post/[coll.act]/[post] + =/ post-schema=schematic:ford + :* %bake + %publish-post + *coin + [[our.bol q.byk.bol] /[post]/[coll.act]/publish/web] + == + :: + =/ comments-wir=wire /comments/[coll.act]/[post] + =/ comments-schema=schematic:ford + :* %bake + %publish-comments + *coin + [[our.bol q.byk.bol] /[post]/[coll.act]/publish/web] + == + =/ post-perms=task:able:clay + :* %perm q.byk.bol + /web/publish/[coll.act]/[post]/udon + %w `[%white (ships-to-whom (sy src.bol ~))] + == + =/ comment-perms=task:able:clay + :* %perm q.byk.bol + /web/publish/[coll.act]/[post] + %w `[%black ~] + == + %= out + moves + :* [%pass post-wir %arvo %f %build %.y post-schema] + [%pass comments-wir %arvo %f %build %.y comments-schema] + [%pass /perms %arvo %c post-perms] + [%pass /perms %arvo %c comment-perms] + moves.out + == + :: + builds + (~(uni in builds.out) (sy post-wir comments-wir ~)) + == + :: == - :: - [%web %publish @tas @tas %udon ~] - ?> =(coll.act i.t.t.pax) - =/ post i.t.t.t.pax - =/ post-wir=wire /post/[coll.act]/[post] - =/ post-schema=schematic:ford - :* %bake - %publish-post - *coin - [[our.bol q.byk.bol] /[post]/[coll.act]/publish/web] - == - :: - =/ comments-wir=wire /comments/[coll.act]/[post] - =/ comments-schema=schematic:ford - :* %bake - %publish-comments - *coin - [[our.bol q.byk.bol] /[post]/[coll.act]/publish/web] - == - %= out - moves - :* [%pass post-wir %arvo %f %build %.y post-schema] - [%pass comments-wir %arvo %f %build %.y comments-schema] - moves.out - == - :: - builds - (~(uni in builds.out) (sy post-wir comments-wir ~)) + =/ blog-perms=task:able:clay + :* %perm q.byk.bol + /web/publish/[coll.act] + %rw `[%black ~] `[%white ~] == - :: - == - :- moves.all + =/ info-perms=task:able:clay + :* %perm q.byk.bol + /web/publish/[coll.act]/publish-info + %rw `*rule:clay `*rule:clay + == + :- :* [%pass /perms %arvo %c blog-perms] + [%pass /perms %arvo %c info-perms] + moves.all + == %= state awaiting (~(put by awaiting) coll.act builds.all ~) == @@ -1729,7 +1754,7 @@ [~ state] ?> ?=([%collection @tas ~] wir) =/ col=@tas i.t.wir - %- (slog [leaf+"failed to subscribe to blog: {}"]~) + %- (slog [leaf+"failed to subscribe to blog: {}"] u.err) [~ state] :: -- diff --git a/pkg/arvo/gen/publish/subscribe.hoon b/pkg/arvo/gen/publish/subscribe.hoon index e954b6933..43acf7a48 100644 --- a/pkg/arvo/gen/publish/subscribe.hoon +++ b/pkg/arvo/gen/publish/subscribe.hoon @@ -6,4 +6,3 @@ == :- %publish-action [%subscribe ship name] -