adjust to changes in git-sec (#450)

Author: Byron

Cargo.lock

@@ -82,7 +82,7 @@ git-discover = { version = "^0.4.2", path = "../git-discover" }
 git-tempfile = { version = "^2.0.0", path = "../git-tempfile" }
 git-lock = { version = "^2.0.0", path = "../git-lock" }
 git-validate = { version = "^0.5.5", path = "../git-validate" }
-git-sec = { version = "^0.3.1", path = "../git-sec", features = ["thiserror"] }
+git-sec = { version = "^0.3.1", path = "../git-sec" }
 git-date = { version = "^0.1.0", path = "../git-date" }
 git-refspec = { version = "^0.1.1", path = "../git-refspec" }
 

git-repository/Cargo.toml

@@ -171,7 +171,7 @@ impl Cache {
     pub fn xdg_config_path(
         &self,
         resource_file_name: &str,
-    ) -> Result<Option<PathBuf>, git_sec::permission::Error<PathBuf, git_sec::Permission>> {
+    ) -> Result<Option<PathBuf>, git_sec::permission::Error<PathBuf>> {
         std::env::var_os("XDG_CONFIG_HOME")
             .map(|path| (path, &self.xdg_config_home_env))
             .or_else(|| std::env::var_os("HOME").map(|path| (path, &self.home_env)))

git-repository/src/config/cache/init.rs

@@ -16,7 +16,7 @@ impl std::fmt::Debug for Cache {
 impl Cache {
     pub(crate) fn personas(&self) -> &identity::Personas {
         self.personas
-            .get_or_init(|| identity::Personas::from_config_and_env(&self.resolved, &self.git_prefix))
+            .get_or_init(|| identity::Personas::from_config_and_env(&self.resolved, self.git_prefix))
     }
 
     pub(crate) fn url_rewrite(&self) -> &remote::url::Rewrite {
@@ -29,7 +29,7 @@ impl Cache {
         &self,
     ) -> Result<&remote::url::SchemePermission, remote::url::scheme_permission::init::Error> {
         self.url_scheme.get_or_try_init(|| {
-            remote::url::SchemePermission::from_config(&self.resolved, &self.git_prefix, self.filter_config_section)
+            remote::url::SchemePermission::from_config(&self.resolved, self.git_prefix, self.filter_config_section)
         })
     }
 }

git-repository/src/config/cache/mod.rs

@@ -1,7 +1,7 @@
 pub use git_config::*;
 use git_features::threading::OnceCell;
 
-use crate::{bstr::BString, permission, remote, repository::identity, revision::spec, Repository};
+use crate::{bstr::BString, remote, repository::identity, revision::spec, Repository};
 
 pub(crate) mod cache;
 mod snapshot;
@@ -84,10 +84,10 @@ pub(crate) struct Cache {
     /// The path to the user-level excludes file to ignore certain files in the worktree.
     pub excludes_file: Option<std::path::PathBuf>,
     /// Define how we can use values obtained with `xdg_config(…)` and its `XDG_CONFIG_HOME` variable.
-    xdg_config_home_env: permission::env_var::Resource,
+    xdg_config_home_env: git_sec::Permission,
     /// Define how we can use values obtained with `xdg_config(…)`. and its `HOME` variable.
-    home_env: permission::env_var::Resource,
+    home_env: git_sec::Permission,
     /// How to use git-prefixed environment variables
-    git_prefix: permission::env_var::Resource,
+    git_prefix: git_sec::Permission,
     // TODO: make core.precomposeUnicode available as well.
 }

git-repository/src/config/mod.rs

@@ -120,8 +120,8 @@ impl Snapshot<'_> {
             }
         }
 
-        let allow_git_env = *self.repo.options.permissions.env.git_prefix == git_sec::Permission::Allow;
-        let allow_ssh_env = *self.repo.options.permissions.env.ssh_prefix == git_sec::Permission::Allow;
+        let allow_git_env = self.repo.options.permissions.env.git_prefix.is_allowed();
+        let allow_ssh_env = self.repo.options.permissions.env.ssh_prefix.is_allowed();
         let prompt_options =
             git_prompt::Options::default().apply_environment(allow_git_env, allow_ssh_env, allow_git_env);
         Ok((

git-repository/src/config/snapshot/credential_helpers.rs

@@ -234,14 +234,10 @@ pub fn open_opts(directory: impl Into<std::path::PathBuf>, options: open::Option
 pub mod permission {
     ///
     pub mod env_var {
-        use git_sec::{permission, Access};
-
-        /// A permission to control access to the resource pointed to an environment variable.
-        pub type Resource = Access<permission::Resource, git_sec::Permission>;
         ///
         pub mod resource {
             ///
-            pub type Error = git_sec::permission::Error<std::path::PathBuf, git_sec::Permission>;
+            pub type Error = git_sec::permission::Error<std::path::PathBuf>;
         }
     }
 }

git-repository/src/lib.rs

@@ -2,10 +2,7 @@
 
 use std::{borrow::Cow, collections::BTreeMap, convert::TryFrom};
 
-use crate::{
-    bstr::{BStr, BString, ByteSlice},
-    permission,
-};
+use crate::bstr::{BStr, BString, ByteSlice};
 
 ///
 pub mod init {
@@ -62,7 +59,7 @@ pub(crate) struct SchemePermission {
 impl SchemePermission {
     pub fn from_config(
         config: &git_config::File<'static>,
-        git_prefix: &permission::env_var::Resource,
+        git_prefix: git_sec::Permission,
         mut filter: fn(&git_config::file::Metadata) -> bool,
     ) -> Result<Self, init::Error> {
         let allow: Option<Allow> = config

git-repository/src/remote/url/scheme_permission.rs

@@ -1,6 +1,6 @@
 use std::{borrow::Cow, time::SystemTime};
 
-use crate::{bstr::BString, permission};
+use crate::bstr::BString;
 
 /// Identity handling.
 impl crate::Repository {
@@ -98,7 +98,7 @@ pub(crate) struct Personas {
 }
 
 impl Personas {
-    pub fn from_config_and_env(config: &git_config::File<'_>, git_env: &permission::env_var::Resource) -> Self {
+    pub fn from_config_and_env(config: &git_config::File<'_>, git_env: git_sec::Permission) -> Self {
         fn env_var(name: &str) -> Option<BString> {
             std::env::var_os(name).map(|value| git_path::into_bstr(Cow::Owned(value.into())).into_owned())
         }

git-repository/src/repository/identity.rs

@@ -1,6 +1,4 @@
-use git_sec::{Access, Trust};
-
-use crate::permission;
+use git_sec::Trust;
 
 /// Permissions associated with various resources of a git repository
 #[derive(Debug, Clone)]
@@ -67,23 +65,23 @@ pub struct Environment {
     /// Control whether resources pointed to by `XDG_CONFIG_HOME` can be used when looking up common configuration values.
     ///
     /// Note that [`git_sec::Permission::Forbid`] will cause the operation to abort if a resource is set via the XDG config environment.
-    pub xdg_config_home: permission::env_var::Resource,
+    pub xdg_config_home: git_sec::Permission,
     /// Control the way resources pointed to by the home directory (similar to `xdg_config_home`) may be used.
-    pub home: permission::env_var::Resource,
+    pub home: git_sec::Permission,
     /// Control if resources pointed to by `GIT_*` prefixed environment variables can be used.
-    pub git_prefix: permission::env_var::Resource,
+    pub git_prefix: git_sec::Permission,
     /// Control if resources pointed to by `SSH_*` prefixed environment variables can be used (like `SSH_ASKPASS`)
-    pub ssh_prefix: permission::env_var::Resource,
+    pub ssh_prefix: git_sec::Permission,
 }
 
 impl Environment {
     /// Allow access to the entire environment.
     pub fn all() -> Self {
         Environment {
-            xdg_config_home: Access::resource(git_sec::Permission::Allow),
-            home: Access::resource(git_sec::Permission::Allow),
-            git_prefix: Access::resource(git_sec::Permission::Allow),
-            ssh_prefix: Access::resource(git_sec::Permission::Allow),
+            xdg_config_home: git_sec::Permission::Allow,
+            home: git_sec::Permission::Allow,
+            git_prefix: git_sec::Permission::Allow,
+            ssh_prefix: git_sec::Permission::Allow,
         }
     }
 }
@@ -122,11 +120,11 @@ impl Permissions {
                 includes: false,
             },
             env: {
-                let deny = permission::env_var::Resource::resource(git_sec::Permission::Deny);
+                let deny = git_sec::Permission::Deny;
                 Environment {
-                    xdg_config_home: deny.clone(),
-                    home: deny.clone(),
-                    ssh_prefix: deny.clone(),
+                    xdg_config_home: deny,
+                    home: deny,
+                    ssh_prefix: deny,
                     git_prefix: deny,
                 }
             },

git-repository/src/repository/permissions.rs

@@ -111,7 +111,7 @@ pub mod excludes {
         #[error("Could not read repository exclude.")]
         Io(#[from] std::io::Error),
         #[error(transparent)]
-        EnvironmentPermission(#[from] git_sec::permission::Error<PathBuf, git_sec::Permission>),
+        EnvironmentPermission(#[from] git_sec::permission::Error<PathBuf>),
     }
 
     impl<'repo> crate::Worktree<'repo> {

git-repository/src/worktree/mod.rs

@@ -32,7 +32,7 @@ mod blocking_io {
                     remote::repo("protocol_file_user").git_dir(),
                     git::open::Options::isolated().permissions(git::Permissions {
                         env: git::permissions::Environment {
-                            git_prefix: git_sec::Access::resource(git_sec::Permission::Allow),
+                            git_prefix: git_sec::Permission::Allow,
                             ..git::permissions::Environment::all()
                         },
                         ..git::Permissions::isolated()

git-repository/tests/remote/connect.rs

@@ -1,7 +1,7 @@
 use std::path::Path;
 
 use git_repository as git;
-use git_sec::{Access, Permission};
+use git_sec::Permission;
 use git_testtools::Env;
 use serial_test::serial;
 
@@ -28,8 +28,8 @@ fn author_and_committer_and_fallback() {
             repo.git_dir(),
             repo.open_options().clone().with(trust).permissions(git::Permissions {
                 env: git::permissions::Environment {
-                    xdg_config_home: Access::resource(Permission::Deny),
-                    home: Access::resource(Permission::Deny),
+                    xdg_config_home: Permission::Deny,
+                    home: Permission::Deny,
                     ..git::permissions::Environment::all()
                 },
                 ..Default::default()