From 648389968740b5f9ed557d3bf81c7394931f29ce Mon Sep 17 00:00:00 2001
From: Ayman Bagabas <ayman.bagabas@gmail.com>
Date: Mon, 3 Apr 2023 13:06:39 -0400
Subject: [PATCH] fix(server): reduce perms to collab when creating/deleting
 repos

---
 server/cmd/collab.go | 4 ++--
 server/cmd/create.go | 5 ++++-
 server/cmd/delete.go | 2 +-
 server/cmd/import.go | 2 +-
 server/cmd/list.go   | 9 ++++++++-
 5 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/server/cmd/collab.go b/server/cmd/collab.go
index 9426a975a98b22e10b66b836daf47e489e0dcf9c..08baf5a065cec13748c99cbae5c1a8528b4ba9de 100644
--- a/server/cmd/collab.go
+++ b/server/cmd/collab.go
@@ -25,7 +25,7 @@ func collabAddCommand() *cobra.Command {
 		Use:               "add REPOSITORY USERNAME",
 		Short:             "Add a collaborator to a repo",
 		Args:              cobra.ExactArgs(2),
-		PersistentPreRunE: checkIfAdmin,
+		PersistentPreRunE: checkIfCollab,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cfg, _ := fromContext(cmd)
 			repo := args[0]
@@ -43,7 +43,7 @@ func collabRemoveCommand() *cobra.Command {
 		Use:               "remove REPOSITORY USERNAME",
 		Args:              cobra.ExactArgs(2),
 		Short:             "Remove a collaborator from a repo",
-		PersistentPreRunE: checkIfAdmin,
+		PersistentPreRunE: checkIfCollab,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cfg, _ := fromContext(cmd)
 			repo := args[0]
diff --git a/server/cmd/create.go b/server/cmd/create.go
index 259406d1424078f9d6e9646e509dba3bf989e026..1c3ae6787d63eded8d07d655dde87600db41536a 100644
--- a/server/cmd/create.go
+++ b/server/cmd/create.go
@@ -10,12 +10,13 @@ func createCommand() *cobra.Command {
 	var private bool
 	var description string
 	var projectName string
+	var hidden bool
 
 	cmd := &cobra.Command{
 		Use:               "create REPOSITORY",
 		Short:             "Create a new repository",
 		Args:              cobra.ExactArgs(1),
-		PersistentPreRunE: checkIfAdmin,
+		PersistentPreRunE: checkIfCollab,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cfg, _ := fromContext(cmd)
 			name := args[0]
@@ -23,6 +24,7 @@ func createCommand() *cobra.Command {
 				Private:     private,
 				Description: description,
 				ProjectName: projectName,
+				Hidden:      hidden,
 			}); err != nil {
 				return err
 			}
@@ -33,6 +35,7 @@ func createCommand() *cobra.Command {
 	cmd.Flags().BoolVarP(&private, "private", "p", false, "make the repository private")
 	cmd.Flags().StringVarP(&description, "description", "d", "", "set the repository description")
 	cmd.Flags().StringVarP(&projectName, "name", "n", "", "set the project name")
+	cmd.Flags().BoolVarP(&hidden, "hidden", "H", false, "hide the repository from the list")
 
 	return cmd
 }
diff --git a/server/cmd/delete.go b/server/cmd/delete.go
index 7c335ac6c403e6ec46eedbb9aa6d8177692a6be3..fb3f1dbdf1a8d976133de9c742447d51b9576975 100644
--- a/server/cmd/delete.go
+++ b/server/cmd/delete.go
@@ -8,7 +8,7 @@ func deleteCommand() *cobra.Command {
 		Aliases:           []string{"del", "remove", "rm"},
 		Short:             "Delete a repository",
 		Args:              cobra.ExactArgs(1),
-		PersistentPreRunE: checkIfAdmin,
+		PersistentPreRunE: checkIfCollab,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cfg, _ := fromContext(cmd)
 			name := args[0]
diff --git a/server/cmd/import.go b/server/cmd/import.go
index 7135239f15dac10fc9ab8bf1b24d9c30cb9f2568..8edee1a55420184fe237672d931b63c73631ba8c 100644
--- a/server/cmd/import.go
+++ b/server/cmd/import.go
@@ -16,7 +16,7 @@ func importCommand() *cobra.Command {
 		Use:               "import REPOSITORY REMOTE",
 		Short:             "Import a new repository from remote",
 		Args:              cobra.ExactArgs(2),
-		PersistentPreRunE: checkIfAdmin,
+		PersistentPreRunE: checkIfCollab,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cfg, _ := fromContext(cmd)
 			name := args[0]
diff --git a/server/cmd/list.go b/server/cmd/list.go
index 4b5a2a57cc06024a7a41b07723e21079a00e47e9..9cfb936a5f2428c59259e12110456ee200128390 100644
--- a/server/cmd/list.go
+++ b/server/cmd/list.go
@@ -7,6 +7,8 @@ import (
 
 // listCommand returns a command that list file or directory at path.
 func listCommand() *cobra.Command {
+	var all bool
+
 	listCmd := &cobra.Command{
 		Use:     "list",
 		Aliases: []string{"ls"},
@@ -20,11 +22,16 @@ func listCommand() *cobra.Command {
 			}
 			for _, r := range repos {
 				if cfg.Backend.AccessLevelByPublicKey(r.Name(), s.PublicKey()) >= backend.ReadOnlyAccess {
-					cmd.Println(r.Name())
+					if !r.IsHidden() || all {
+						cmd.Println(r.Name())
+					}
 				}
 			}
 			return nil
 		},
 	}
+
+	listCmd.Flags().BoolVarP(&all, "all", "a", false, "List all repositories")
+
 	return listCmd
 }