feat(repo): hide write UI for users without push access
Fetch the viewer's push permission via GET /repos/{owner}/{repo} when
entering a repo and gate every write affordance behind it: edit and
image-upload buttons in StackedNote, new-fleeting-note and YouTube
buttons in FleetingNotes, and interactive checkboxes in TodoNotes
(rendered disabled when read-only). Anonymous viewers get the same
treatment because the permissions field is absent without auth, which
collapses to canPush = false.
Previously every write button was visible regardless of role, so
read-role collaborators and anonymous viewers could enter edit mode and
type before the save failed with 401/403.
This commit is contained in:
@@ -4,6 +4,18 @@ import { RepoFile } from "@/modules/repo/interfaces/RepoFile"
|
||||
import { UserSettings } from "@/modules/repo/interfaces/UserSettings"
|
||||
import { getOctokit, runWithAuthRetry } from "@/modules/repo/services/octo"
|
||||
|
||||
export const getRepoPermission = async (
|
||||
owner: string,
|
||||
repo: string
|
||||
): Promise<boolean> => {
|
||||
if (!owner || !repo) {
|
||||
return false
|
||||
}
|
||||
const octokit = await getOctokit()
|
||||
const { data } = await octokit.repos.get({ owner, repo })
|
||||
return data.permissions?.push ?? false
|
||||
}
|
||||
|
||||
export const getFiles = async (
|
||||
owner: string,
|
||||
repo: string
|
||||
|
||||
Reference in New Issue
Block a user