Skip to content

Commit 14a5e00

Browse files
author
Nate Smith
authored
Merge pull request cli#2034 from cristiand391/check-gist-ownership
Check gist ownership before editing
2 parents d63b5a9 + c6b9e84 commit 14a5e00

File tree

3 files changed

+45
-4
lines changed

3 files changed

+45
-4
lines changed

pkg/cmd/gist/edit/edit.go

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -81,11 +81,22 @@ func editRun(opts *EditOptions) error {
8181
return err
8282
}
8383

84+
apiClient := api.NewClientFromHTTP(client)
85+
8486
gist, err := shared.GetGist(client, ghinstance.OverridableDefault(), gistID)
8587
if err != nil {
8688
return err
8789
}
8890

91+
username, err := api.CurrentLoginName(apiClient, ghinstance.OverridableDefault())
92+
if err != nil {
93+
return err
94+
}
95+
96+
if username != gist.Owner.Login {
97+
return fmt.Errorf("You do not own this gist.")
98+
}
99+
89100
filesToUpdate := map[string]string{}
90101

91102
for {
@@ -178,15 +189,15 @@ func editRun(opts *EditOptions) error {
178189
return nil
179190
}
180191

181-
err = updateGist(client, ghinstance.OverridableDefault(), gist)
192+
err = updateGist(apiClient, ghinstance.OverridableDefault(), gist)
182193
if err != nil {
183194
return err
184195
}
185196

186197
return nil
187198
}
188199

189-
func updateGist(client *http.Client, hostname string, gist *shared.Gist) error {
200+
func updateGist(apiClient *api.Client, hostname string, gist *shared.Gist) error {
190201
body := shared.Gist{
191202
Description: gist.Description,
192203
Files: gist.Files,
@@ -203,7 +214,6 @@ func updateGist(client *http.Client, hostname string, gist *shared.Gist) error {
203214

204215
result := shared.Gist{}
205216

206-
apiClient := api.NewClientFromHTTP(client)
207217
err = apiClient.REST(hostname, "POST", path, requestBody, &result)
208218

209219
if err != nil {

pkg/cmd/gist/edit/edit_test.go

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,7 @@ func Test_editRun(t *testing.T) {
7575
askStubs func(*prompt.AskStubber)
7676
nontty bool
7777
wantErr bool
78+
wantStderr string
7879
wantParams map[string]interface{}
7980
}{
8081
{
@@ -92,6 +93,7 @@ func Test_editRun(t *testing.T) {
9293
Type: "text/plain",
9394
},
9495
},
96+
Owner: &shared.GistOwner{Login: "octocat"},
9597
},
9698
httpStubs: func(reg *httpmock.Registry) {
9799
reg.Register(httpmock.REST("POST", "gists/1234"),
@@ -131,6 +133,7 @@ func Test_editRun(t *testing.T) {
131133
Type: "application/markdown",
132134
},
133135
},
136+
Owner: &shared.GistOwner{Login: "octocat"},
134137
},
135138
httpStubs: func(reg *httpmock.Registry) {
136139
reg.Register(httpmock.REST("POST", "gists/1234"),
@@ -175,6 +178,7 @@ func Test_editRun(t *testing.T) {
175178
Type: "application/markdown",
176179
},
177180
},
181+
Owner: &shared.GistOwner{Login: "octocat"},
178182
},
179183
},
180184
{
@@ -188,8 +192,25 @@ func Test_editRun(t *testing.T) {
188192
Type: "text/plain",
189193
},
190194
},
195+
Owner: &shared.GistOwner{Login: "octocat"},
191196
},
192197
},
198+
{
199+
name: "another user's gist",
200+
gist: &shared.Gist{
201+
ID: "1234",
202+
Files: map[string]*shared.GistFile{
203+
"cicada.txt": {
204+
Filename: "cicada.txt",
205+
Content: "bwhiizzzbwhuiiizzzz",
206+
Type: "text/plain",
207+
},
208+
},
209+
Owner: &shared.GistOwner{Login: "octocat2"},
210+
},
211+
wantErr: true,
212+
wantStderr: "You do not own this gist.",
213+
},
193214
}
194215

195216
for _, tt := range tests {
@@ -200,6 +221,8 @@ func Test_editRun(t *testing.T) {
200221
} else {
201222
reg.Register(httpmock.REST("GET", "gists/1234"),
202223
httpmock.JSONResponse(tt.gist))
224+
reg.Register(httpmock.GraphQL(`query UserCurrent\b`),
225+
httpmock.StringResponse(`{"data":{"viewer":{"login":"octocat"}}}`))
203226
}
204227

205228
if tt.httpStubs != nil {
@@ -239,12 +262,15 @@ func Test_editRun(t *testing.T) {
239262
reg.Verify(t)
240263
if tt.wantErr {
241264
assert.Error(t, err)
265+
if tt.wantStderr != "" {
266+
assert.EqualError(t, err, tt.wantStderr)
267+
}
242268
return
243269
}
244270
assert.NoError(t, err)
245271

246272
if tt.wantParams != nil {
247-
bodyBytes, _ := ioutil.ReadAll(reg.Requests[1].Body)
273+
bodyBytes, _ := ioutil.ReadAll(reg.Requests[2].Body)
248274
reqBody := make(map[string]interface{})
249275
err = json.Unmarshal(bodyBytes, &reqBody)
250276
if err != nil {

pkg/cmd/gist/shared/shared.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,13 +17,18 @@ type GistFile struct {
1717
Content string `json:"content,omitempty"`
1818
}
1919

20+
type GistOwner struct {
21+
Login string `json:"login,omitempty"`
22+
}
23+
2024
type Gist struct {
2125
ID string `json:"id,omitempty"`
2226
Description string `json:"description"`
2327
Files map[string]*GistFile `json:"files"`
2428
UpdatedAt time.Time `json:"updated_at"`
2529
Public bool `json:"public"`
2630
HTMLURL string `json:"html_url,omitempty"`
31+
Owner *GistOwner `json:"owner,omitempty"`
2732
}
2833

2934
func GetGist(client *http.Client, hostname, gistID string) (*Gist, error) {

0 commit comments

Comments
 (0)