/** * @param Project $project * * @return boolean */ protected function doAccess(Project $project) { if (null === $this->initialProjectAccess) { # no initial project access means the project is public return true; } if (!$project->getIsPrivate()) { # public projects don't have access management return true; } # this is one special ip that cannot be revoked # it is used to keep the access list "existing" # thus activating auth on the staging areas # yes, it's a bit hacky. $this->grantProjectAccess($project, new ProjectAccess('0.0.0.0')); # this, however, is perfectly legit. $this->grantProjectAccess($project, $this->initialProjectAccess); return true; }
/** * @param Project $project */ public function installHooks(Project $project) { $user = $project->getUsers()->first(); $neededScope = $project->getIsPrivate() ? Scope::SCOPE_PRIVATE : Scope::SCOPE_PUBLIC; if (!$this->hasScope($user, $neededScope)) { throw new InsufficientScopeException($neededScope, $user->getProviderScopes($this->getName())); } $githubHookUrl = $this->router->generate('app_core_hooks_provider', ['providerName' => $this->getName()], true); /** When generating hooks from the VM, we'd rather have it pointing to a real URL */ $githubHookUrl = str_replace('http://localhost', 'http://stage1.io', $githubHookUrl); $hooksUrl = $project->getProviderData('hooks_url'); $client = $this->configureClientForProject($project); $events = []; if ($this->countPushHooks($project) === 0) { $events[] = 'push'; } if ($this->countPullRequestHooks($project) === 0) { $events[] = 'pull_request'; } if (count($events) === 0) { return true; } $request = $client->post($hooksUrl); $request->setBody(json_encode(['name' => 'web', 'active' => true, 'events' => ['push', 'pull_request'], 'config' => ['url' => $githubHookUrl, 'content_type' => 'json']]), 'application/json'); $response = $request->send(); $installedHook = $response->json(); $providerData = $project->setProviderData('hook_id', $installedHook['id']); }