From 5c0786e222656d1f47cdd1474e9965cdeb3b5436 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Mar 27 2019 15:50:58 +0000
Subject: Support deployments where git hook have a read-only access to the db


As the update to the documentation in this commit explain, some pagure
deployment are not using the standard gitolite deployment method and
thus for security reasons, the git hook are only given a read-only
access to the database.
This new configuration allows for pagure to behave differently if the
database access is read-only or read-write.

In this case, the default hook which clears the cache status of all
the open PRs of a project upon push to its git repo requires read-
write access (otherwise it can't clear the cache status). So if the
hook as read-only access to the DB, this action is proceed by a
worker, asynchronously instead of being done in the same process as
the push.
This could lead to some race conditions but there isn't much we can
do with these constraints.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>

---

diff --git a/doc/configuration.rst b/doc/configuration.rst
index 5544444..4e0b00f 100644
--- a/doc/configuration.rst
+++ b/doc/configuration.rst
@@ -1069,6 +1069,21 @@ the user interface of this pagure instance.
 Defaults to: ``ENABLE_DEL_PROJECTS``
 
 
+GIT_HOOK_DB_RO
+~~~~~~~~~~~~~~
+
+This configuration key specifies if the git hook have a read-only (RO) access
+to the database or not.
+Some pagure deployment provide an actual shell account on the host and thus the
+git hook called upon git push are executed under that account. If the user
+manages to by-pass git and is able to access the configuration file, they could
+have access to "private" information. So in those deployments the git hooks
+have a specific configuration file with a database access that is read-only,
+making pagure behave differently in those situations.
+
+Defaults to: ``False``
+
+
 EMAIL_SEND
 ~~~~~~~~~~
 
diff --git a/pagure/hooks/default.py b/pagure/hooks/default.py
index cc62020..770ea6c 100644
--- a/pagure/hooks/default.py
+++ b/pagure/hooks/default.py
@@ -330,12 +330,20 @@ class DefaultRunner(BaseRunner):
 
         # Refresh of all opened PRs
         parent = project.parent or project
-        pagure.lib.tasks.refresh_pr_cache(
-            parent.name,
-            parent.namespace,
-            parent.user.user if parent.is_fork else None,
-            but_uids=pr_uids,
-        )
+        if _config.get("GIT_HOOK_DB_RO", False):
+            pagure.lib.tasks.refresh_pr_cache(
+                parent.name,
+                parent.namespace,
+                parent.user.user if parent.is_fork else None,
+                but_uids=pr_uids,
+            )
+        else:
+            pagure.lib.tasks.refresh_pr_cache.delay(
+                parent.name,
+                parent.namespace,
+                parent.user.user if parent.is_fork else None,
+                but_uids=pr_uids,
+            )
 
         if not project.is_on_repospanner and _config.get(
             "GIT_GARBAGE_COLLECT", False