Hiddenden/AegisGitea-MCP
3
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add opt-in write access for all token-visible repos

Browse Source
This commit is contained in:
Latte
2026-02-14 16:35:03 +01:00
parent e22a8d37e4
commit 8504a95a11
10 changed files with 74 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
tests/test_policy.py
View File

@@ -125,3 +125,20 @@ def test_write_mode_repository_whitelist(monkeypatch: pytest.MonkeyPatch, tmp_pa
assert allowed.allowed
assert denied.allowed is False
def test_write_mode_allow_all_token_repos(monkeypatch: pytest.MonkeyPatch, tmp_path: Path) -> None:
"""Write mode can be configured to allow all repos accessible to token."""
_set_base_env(monkeypatch)
monkeypatch.setenv("WRITE_MODE", "true")
monkeypatch.setenv("WRITE_ALLOW_ALL_TOKEN_REPOS", "true")
policy_path = tmp_path / "policy.yaml"
policy_path.write_text("defaults:\n write: allow\n", encoding="utf-8")
reset_settings()
_ = get_settings()
engine = PolicyEngine.from_yaml_file(policy_path)
decision = engine.authorize("create_issue", is_write=True, repository="acme/any-repo")
assert decision.allowed