[incubator-devlake] branch main updated: fix: add token permission check (#4759)

[ab...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

abeizn pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-devlake.git


The following commit(s) were added to refs/heads/main by this push:
     new 5665982f7 fix: add token permission check (#4759)
5665982f7 is described below

commit 5665982f7fb95274714e398c1ade76ec794e8193
Author: mappjzc <zh...@merico.dev>
AuthorDate: Fri Mar 24 19:02:17 2023 +0800

    fix: add token permission check (#4759)
    
    Add token permissionn check on connection test.
    
    Nddtfjiang <zh...@merico.dev>
---
 backend/plugins/gitlab/api/connection.go | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/backend/plugins/gitlab/api/connection.go b/backend/plugins/gitlab/api/connection.go
index 65867ec8a..e9cc6265c 100644
--- a/backend/plugins/gitlab/api/connection.go
+++ b/backend/plugins/gitlab/api/connection.go
@@ -19,7 +19,9 @@ package api
 
 import (
 	"context"
+	"fmt"
 	"net/http"
+	"net/url"
 
 	"github.com/apache/incubator-devlake/core/errors"
 	"github.com/apache/incubator-devlake/core/plugin"
@@ -49,11 +51,24 @@ func TestConnection(input *plugin.ApiResourceInput) (*plugin.ApiResourceOutput,
 		return nil, err
 	}
 
-	_, err = api.NewApiClientFromConnection(context.TODO(), basicRes, &connection)
+	apiClient, err := api.NewApiClientFromConnection(context.TODO(), basicRes, &connection)
 	if err != nil {
 		return nil, err
 	}
 
+	// check API/read_api permissions
+	query := url.Values{}
+	query.Set("page", fmt.Sprintf("%v", 1))
+	query.Set("per_page", fmt.Sprintf("%v", 1))
+	res, err := apiClient.Get("projects", query, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if res.StatusCode == http.StatusForbidden {
+		return nil, errors.BadInput.New("token need api or read_api permissions scope")
+	}
+
 	body := GitlabTestConnResponse{}
 	body.Success = true
 	body.Message = "success"