Fix worker permissions bug

schema.sql

@@ -22,7 +22,7 @@ CREATE TABLE project
   paused            boolean            NOT NULL,
   name              TEXT UNIQUE        NOT NULL,
   clone_url         TEXT               NOT NULL,
-  git_repo          TEXT UNIQUE        NOT NULL,
+  git_repo          TEXT               NOT NULL,
   version           TEXT               NOT NULL,
   motd              TEXT               NOT NULL,
   secret            TEXT               NOT NULL DEFAULT '{}'

storage/task.go

@@ -44,7 +44,7 @@ func (database *Database) SaveTask(task *Task, project int64, hash64 int64, wid
 	res, err := db.Exec(fmt.Sprintf(`
 	INSERT INTO task (project, max_retries, recipe, priority, max_assign_time, hash64,verification_count) 
 	SELECT $1,$2,$3,$4,$5,NULLIF(%d, 0),$6 FROM worker_access 
-	WHERE role_submit AND worker=$7 AND project=$1`, hash64),
+	WHERE role_submit AND NOT request AND worker=$7 AND project=$1`, hash64),
 		project, task.MaxRetries, task.Recipe, task.Priority, task.MaxAssignTime, task.VerificationCount,
 		wid)
 	if err != nil {
@@ -84,7 +84,7 @@ func (database *Database) GetTask(worker *Worker) *Task {
 	LEFT JOIN worker_verifies_task wvt on task.id = wvt.task AND wvt.worker=$1
 	WHERE NOT project.paused AND assignee IS NULL AND task.status=1
 		AND (project.public OR (
-		  SELECT a.role_assign FROM worker_access a WHERE a.worker=$1 AND a.project=project.id
+		  SELECT a.role_assign AND not a.request FROM worker_access a WHERE a.worker=$1 AND a.project=project.id
 		))
 		AND wvt.task IS NULL
 	ORDER BY project.priority DESC, task.priority DESC
@@ -188,7 +188,7 @@ func (database *Database) GetTaskFromProject(worker *Worker, projectId int64) *T
 	LEFT JOIN worker_verifies_task wvt on task.id = wvt.task AND wvt.worker=$1
 	WHERE NOT project.paused AND assignee IS NULL AND project.id=$2 AND status=1
 		AND (project.public OR (
-		  SELECT a.role_assign FROM worker_access a WHERE a.worker=$1 AND a.project=$2
+		  SELECT a.role_assign and not a.request FROM worker_access a WHERE a.worker=$1 AND a.project=$2
 		))
 		AND wvt.task IS NULL
 	ORDER BY task.priority DESC

test/api_project_test.go

@@ -90,25 +90,6 @@ func TestCreateDuplicateProjectName(t *testing.T) {
 	}
 }
 
-func TestCreateDuplicateProjectRepo(t *testing.T) {
-	createProjectAsAdmin(api.CreateProjectRequest{
-		Name:    "different name",
-		GitRepo: "user/same",
-	})
-	resp := createProjectAsAdmin(api.CreateProjectRequest{
-		Name:    "but same repo",
-		GitRepo: "user/same",
-	})
-
-	if resp.Ok != false {
-		t.Error()
-	}
-
-	if len(resp.Message) <= 0 {
-		t.Error()
-	}
-}
-
 func TestGetProjectNotFound(t *testing.T) {
 
 	getResp := getProjectAsAdmin(12345)

test/api_task_test.go

@@ -328,7 +328,7 @@ func TestTaskNoAccess(t *testing.T) {
 		Assign:  true,
 		Submit:  true,
 	}, worker)
-	acceptAccessRequest(worker.Id, pid, testAdminCtx)
+	acceptAccessRequest(pid, worker.Id, testAdminCtx)
 
 	createResp := createTask(api.SubmitTaskRequest{
 		Project:       pid,
@@ -376,7 +376,7 @@ func TestTaskHasAccess(t *testing.T) {
 		Assign:  true,
 		Project: pid,
 	}, worker)
-	acceptAccessRequest(worker.Id, pid, testAdminCtx)
+	acceptAccessRequest(pid, worker.Id, testAdminCtx)
 
 	createResp := createTask(api.SubmitTaskRequest{
 		Project:       pid,
@@ -817,6 +817,70 @@ func TestTaskReleaseBigInt(t *testing.T) {
 	}
 }
 
+func TestTaskSubmitUnauthorized(t *testing.T) {
+
+	pid := createProjectAsAdmin(api.CreateProjectRequest{
+		Name:     "testtasksubmitunauthorized",
+		GitRepo:  "testtasksubmitunauthorized",
+		CloneUrl: "testtasksubmitunauthorized",
+	}).Content.Id
+
+	w := genWid()
+
+	requestAccess(api.CreateWorkerAccessRequest{
+		Project: pid,
+		Submit:  true,
+		Assign:  true,
+	}, w)
+
+	resp := createTask(api.SubmitTaskRequest{
+		Project: pid,
+		Recipe:  "ssss",
+	}, w)
+
+	if resp.Ok != false {
+		t.Error()
+	}
+}
+
+func TestTaskGetUnauthorized(t *testing.T) {
+
+	pid := createProjectAsAdmin(api.CreateProjectRequest{
+		Name:     "testtaskgetunauthorized",
+		GitRepo:  "testtaskgetunauthorized",
+		CloneUrl: "testtaskgettunauthorized",
+		Hidden:   true,
+	}).Content.Id
+
+	w := genWid()
+	wWithAccess := genWid()
+
+	requestAccess(api.CreateWorkerAccessRequest{
+		Project: pid,
+		Submit:  true,
+		Assign:  true,
+	}, wWithAccess)
+	acceptAccessRequest(pid, wWithAccess.Id, testAdminCtx)
+
+	createTask(api.SubmitTaskRequest{
+		Project: pid,
+		Recipe:  "ssss",
+	}, wWithAccess)
+
+	requestAccess(api.CreateWorkerAccessRequest{
+		Project: pid,
+		Submit:  true,
+		Assign:  true,
+	}, w)
+
+	resp := getTaskFromProject(pid, w)
+
+	fmt.Println(resp.Message)
+	if resp.Ok != false {
+		t.Error()
+	}
+}
+
 func createTask(request api.SubmitTaskRequest, worker *storage.Worker) (ar api.JsonResponse) {
 	r := Post("/task/submit", request, worker, nil)
 	UnmarshalResponse(r, &ar)

test/schema.sql

@@ -22,7 +22,7 @@ CREATE TABLE project
   paused            boolean            NOT NULL,
   name              TEXT UNIQUE        NOT NULL,
   clone_url         TEXT               NOT NULL,
-  git_repo          TEXT UNIQUE        NOT NULL,
+  git_repo          TEXT               NOT NULL,
   version           TEXT               NOT NULL,
   motd              TEXT               NOT NULL,
   secret            TEXT               NOT NULL DEFAULT '{}'

web/angular/src/app/api.service.ts

@@ -6,7 +6,7 @@ import {Credentials} from "./models/credentials";
 @Injectable()
 export class ApiService {
 
-    public url: string = "https://tt.simon987.net/api";
+    public url: string = "http://localhost/api";
     private options: {
         withCredentials: true,
         responseType: "json"