#!/usr/bin/env bash set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" CONFIG="${SCRIPT_DIR}/../config.ini" if [[ $# -lt 1 ]]; then echo "Usage: $0 [config.ini]" echo "Grant read access to a repository for the reader account." exit 1 fi REPO="$1" [[ -n "${2:-}" ]] && CONFIG="$2" if [[ ! -f "$CONFIG" ]]; then echo "ERROR: config file not found: $CONFIG" exit 1 fi # --- Parse INI --- parse_ini() { local file="$1" section="$2" key="$3" sed -n "/^\[$section\]/,/^\[/p" "$file" | grep "^${key}\s*=" | head -1 | sed 's/^[^=]*=\s*//' | sed 's/\s*$//' } GITEA_API=$(parse_ini "$CONFIG" gitea api_url) OWNER_USER=$(parse_ini "$CONFIG" owner username) OWNER_PASS=$(parse_ini "$CONFIG" owner password) READER_USER=$(parse_ini "$CONFIG" reader username) READER_PASS=$(parse_ini "$CONFIG" reader password) TOKEN=$(parse_ini "$CONFIG" reader token) echo "=== Grant Access: $OWNER_USER/$REPO -> $READER_USER ===" # --- Add as collaborator (read permission) --- echo "[1/3] Adding '$READER_USER' as collaborator (read)..." HTTP_CODE=$(curl -s -o /tmp/gitea_grant.json -w "%{http_code}" \ -X PUT "$GITEA_API/repos/$OWNER_USER/$REPO/collaborators/$READER_USER" \ -u "$OWNER_USER:$OWNER_PASS" \ -H "Content-Type: application/json" \ -d '{"permission": "read"}') if [[ "$HTTP_CODE" == "204" || "$HTTP_CODE" == "200" ]]; then echo " -> Collaborator added." else echo " -> ERROR: HTTP $HTTP_CODE" cat /tmp/gitea_grant.json exit 1 fi # --- Accept invitation (if required by Gitea) --- echo "[2/3] Accepting collaboration invite (if any)..." # List pending notifications/invitations and accept PENDING=$(curl -s \ -u "$READER_USER:$READER_PASS" \ "$GITEA_API/user/repos" | grep -c "\"name\":\"$REPO\"" 2>/dev/null || echo "0") if [[ "$PENDING" == "0" ]]; then # Try to accept via notifications — some Gitea versions auto-accept echo " -> Auto-accepted or no invite needed." else echo " -> Already accessible." fi # --- Verify access with token --- echo "[3/3] Verifying access with token..." if [[ -z "$TOKEN" ]]; then echo " -> WARNING: No token in config.ini, skipping verification." echo " -> Run setup-reader.sh first to create a token." else HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \ -H "Authorization: token $TOKEN" \ "$GITEA_API/repos/$OWNER_USER/$REPO") if [[ "$HTTP_CODE" == "200" ]]; then echo " -> Access confirmed (HTTP 200)." else echo " -> WARNING: HTTP $HTTP_CODE — access may not be working yet." fi fi echo "" echo "=== Done ===" echo "Repo '$OWNER_USER/$REPO' is now readable by '$READER_USER'."