artin/sourcegraph
1
0
Fork 0
mirror of https://github.com/sourcegraph/sourcegraph.git synced 2026-02-06 19:21:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

search: use exclude filters when resolving global private repos (#27501)

Browse Source 
Zoekt is not aware of user permissions, so we calculate the set of
private repos a user can see and pass that on to zoekt. This is only
done in "global mode", otherwise we just use the repo resolver. We
recently added support to exclude repos in global searches. However,
that was only done for the public repositories and we didn't update the
logic which calculated the set of private repositories to take that into
account. This commit adds in the ExcludePattern similiar to how the
repository resolver works.

Note: we should just use the repository resolver. However, we use
slightly different logic for setting "UserID" in the search than the
repo resolver. This commit does the simplest fix, instead of the more
general fix.
This commit is contained in:
Keegan Carruthers-Smith 2021-11-16 15:37:06 +02:00 committed by GitHub
parent 6cfc9781f1
commit 3749dedce6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -38,6 +38,7 @@ All notable changes to Sourcegraph are documented in this file.
environments. [#23477](https://github.com/sourcegraph/sourcegraph/issues/23477)
- Fixed the cache size calculation used for Kubernetes deployments. Previously, the calculated value was too high and would exceed the ephemeral storage request limit. #[26283](https://github.com/sourcegraph/sourcegraph/issues/26283)
- Fixed a regression that was introduced in 3.27 and broke SSH-based authentication for managing Batch Changes changesets on code hosts. SSH keys generated by Sourcegraph were not used for authentication and authenticating with the code host would fail if no SSH key with write-access had been added to `gitserver`. [#27491](https://github.com/sourcegraph/sourcegraph/pull/27491)
- Private repositories matching `-repo:` expressions are now excluded. This was a regression introduced in 3.33.0. [#27044](https://github.com/sourcegraph/sourcegraph/issues/27044)
### Removed

20
cmd/frontend/graphqlbackend/search_results.go
View File

@ -38,6 +38,7 @@ import (
"github.com/sourcegraph/sourcegraph/internal/search/commit"
"github.com/sourcegraph/sourcegraph/internal/search/filter"
"github.com/sourcegraph/sourcegraph/internal/search/query"
"github.com/sourcegraph/sourcegraph/internal/search/repos"
searchrepos "github.com/sourcegraph/sourcegraph/internal/search/repos"
"github.com/sourcegraph/sourcegraph/internal/search/result"
"github.com/sourcegraph/sourcegraph/internal/search/run"
@ -1607,14 +1608,19 @@ func (r *searchResolver) doResults(ctx context.Context, args *search.TextParamet
// Get all private repos for the the current actor. On sourcegraph.com, those are
// only the repos directly added by the user. Otherwise it's all repos the user has
// access to on all connected code hosts / external services.
//
// TODO: We should use repos.Resolve here. However, the logic for
// UserID is different to repos.Resolve, so we need to work out how
// best to address that first.
userPrivateRepos, err := r.db.Repos().ListMinimalRepos(ctx, database.ReposListOptions{
UserID: userID, // Zero valued when not in sourcegraph.com mode
OnlyPrivate: true,
LimitOffset: &database.LimitOffset{Limit: search.SearchLimits(conf.Get()).MaxRepos + 1},
OnlyForks: args.RepoOptions.OnlyForks,
NoForks: args.RepoOptions.NoForks,
OnlyArchived: args.RepoOptions.OnlyArchived,
NoArchived: args.RepoOptions.NoArchived,
UserID: userID, // Zero valued when not in sourcegraph.com mode
OnlyPrivate: true,
LimitOffset: &database.LimitOffset{Limit: search.SearchLimits(conf.Get()).MaxRepos + 1},
OnlyForks: args.RepoOptions.OnlyForks,
NoForks: args.RepoOptions.NoForks,
OnlyArchived: args.RepoOptions.OnlyArchived,
NoArchived: args.RepoOptions.NoArchived,
ExcludePattern: repos.UnionRegExps(args.RepoOptions.MinusRepoFilters),
})
if err != nil {

4
dev/gqltest/README.md
View File

@ -30,9 +30,9 @@ Alternatively you can use the 1password CLI tool:
```sh
# dev-private token for ghe.sgdev.org
op get item bw4nttlfqve3rc6xqzbqq7l7pm | jq -r '.. | select(.t? == "token name: dev-private") | @sh "export GITHUB_TOKEN=\(.v)"'
op get item bw4nttlfqve3rc6xqzbqq7l7pm | jq -r '.. | select(.t? == "k8s.sgdev.org") | @sh "export GITHUB_TOKEN=\(.v)"'
# AWS and Bitbucket tokens
op get item 5q5lnpirajegt7uifngeabrak4 | jq -r '.details.sections[] | .fields[] | @sh "export \(.t)=\(.v)"
op get item 5q5lnpirajegt7uifngeabrak4 | jq -r '.details.sections[] | .fields[] | @sh "export \(.t)=\(.v)"'
```
## How to run tests

6
dev/gqltest/search_test.go
View File

@ -580,6 +580,12 @@ func testSearchClient(t *testing.T, client searchClient) {
name: `regexp, filename, nonzero result`,
query: `file:doc.go patterntype:regexp`,
},
// Ensure repo resolution is correct in global. https://github.com/sourcegraph/sourcegraph/issues/27044
{
name: `-repo excludes private repos`,
query: `-repo:private // this is a change`,
zeroResult: true,
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {