|
| 1 | +#' Check if a user is authorized to modify model |
| 2 | +#' directories. This function verifies whether a GitHub |
| 3 | +#' user is authorized to modify specific model directories |
| 4 | +#' in a Hub by checking the designated users in model |
| 5 | +#' metadata. |
| 6 | +#' |
| 7 | +#' @param changed_dirs Character vector. Directory names |
| 8 | +#' that have been changed. |
| 9 | +#' @param gh_actor Character. GitHub username of the person |
| 10 | +#' making changes. |
| 11 | +#' @param base_hub_path Character. Path to the base hub |
| 12 | +#' directory. |
| 13 | +#' @param write_status Logical. Whether to write a status |
| 14 | +#' file on success (default: TRUE). |
| 15 | +#' |
| 16 | +#' @return NULL invisibly. Exits with error if the user is |
| 17 | +#' unauthorized and prints success message if authorized. |
| 18 | +#' |
| 19 | +#' @export |
| 20 | +check_authorized_users <- function( |
| 21 | + changed_dirs, |
| 22 | + gh_actor, |
| 23 | + base_hub_path |
| 24 | +) { |
| 25 | + checkmate::assert_character(changed_dirs, min.len = 1) |
| 26 | + checkmate::assert_scalar(gh_actor) |
| 27 | + checkmate::assert_string(base_hub_path) |
| 28 | + |
| 29 | + model_metadata <- hubData::load_model_metadata(base_hub_path) |
| 30 | + |
| 31 | + if (nrow(model_metadata) == 0) { |
| 32 | + cli::cli_abort( |
| 33 | + "Error: Could not load model metadata from {base_hub_path}!" |
| 34 | + ) |
| 35 | + } |
| 36 | + |
| 37 | + dir_users_map <- model_metadata |> |
| 38 | + dplyr::group_by(.data$model_id) |> |
| 39 | + dplyr::summarize( |
| 40 | + authorized_users = list( |
| 41 | + na.omit(.data$designated_github_users) |
| 42 | + ), |
| 43 | + .groups = "drop" |
| 44 | + ) |
| 45 | + |
| 46 | + for (dir in changed_dirs) { |
| 47 | + if (!(dir %in% dir_users_map$model_id)) { |
| 48 | + cli::cli_abort( |
| 49 | + "Error: {dir} is not authorized for modification!" |
| 50 | + ) |
| 51 | + } |
| 52 | + |
| 53 | + user_list <- dir_users_map |> |
| 54 | + dplyr::filter(.data$model_id == dir) |> |
| 55 | + dplyr::pull(.data$authorized_users) |> |
| 56 | + purrr::pluck(1) |
| 57 | + |
| 58 | + if (length(user_list) == 0) { |
| 59 | + cli::cli_abort( |
| 60 | + "Error: Changes found in '{dir}/', but no authorized users listed!" |
| 61 | + ) |
| 62 | + } |
| 63 | + |
| 64 | + if (!(gh_actor %in% user_list)) { |
| 65 | + cli::cli_abort( |
| 66 | + paste0( |
| 67 | + "Error: Only the following users can modify '{dir}/': ", |
| 68 | + "{paste(user_list, collapse = ', ')}" |
| 69 | + ) |
| 70 | + ) |
| 71 | + } |
| 72 | + } |
| 73 | + |
| 74 | + cli::cli_inform( |
| 75 | + "Success: Changes authorized for user '{gh_actor}'." |
| 76 | + ) |
| 77 | + invisible(NULL) |
| 78 | +} |
0 commit comments