From 7a981f2987d13965caec50468e3c94f47e3bbfd5 Mon Sep 17 00:00:00 2001
From: Chris Rebert <code@rebertia.com>
Date: Thu, 20 Nov 2014 19:35:13 -0800
Subject: Fixes #7

---
 src/main/resources/application.conf                |  1 +
 .../rorschach/server/PullRequestEventHandler.scala | 52 +++++++++++++---------
 .../getbootstrap/rorschach/server/Settings.scala   |  1 +
 3 files changed, 32 insertions(+), 22 deletions(-)

diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf
index 97e2839..60e1172 100644
--- a/src/main/resources/application.conf
+++ b/src/main/resources/application.conf
@@ -23,6 +23,7 @@ rorschach {
     default-port = 9090
     close-bad-pull-requests = on
     github-repos-to-watch = ["twbs/bootstrap", "cvrebert/rorschach-test"]
+    trusted-orgs = [ "twbs" ]
     username = throwaway9475947
     password = XXXXXXXX
     web-hook-secret-key = abcdefg
diff --git a/src/main/scala/com/getbootstrap/rorschach/server/PullRequestEventHandler.scala b/src/main/scala/com/getbootstrap/rorschach/server/PullRequestEventHandler.scala
index d5b1fdf..055fb5c 100644
--- a/src/main/scala/com/getbootstrap/rorschach/server/PullRequestEventHandler.scala
+++ b/src/main/scala/com/getbootstrap/rorschach/server/PullRequestEventHandler.scala
@@ -6,13 +6,11 @@ import scala.collection.JavaConverters._
 import scala.util.{Try,Success,Failure}
 import akka.actor.ActorRef
 import org.eclipse.egit.github.core._
-import org.eclipse.egit.github.core.service.CommitService
+import org.eclipse.egit.github.core.service.{CommitService, OrganizationService}
 import com.getbootstrap.rorschach.github._
 import com.getbootstrap.rorschach.github.util._
 
 class PullRequestEventHandler(commenter: ActorRef) extends GitHubActorWithLogging {
-
-
   private def modifiedFilesFor(repoId: RepositoryId, base: CommitSha, head: CommitSha) = {
     val commitService = new CommitService(gitHubClient)
     Try { commitService.compare(repoId, base.sha, head.sha) }.map { comparison =>
@@ -21,34 +19,44 @@ class PullRequestEventHandler(commenter: ActorRef) extends GitHubActorWithLoggin
     }
   }
 
+  def isTrusted(user: User): Boolean = {
+    val orgService = new OrganizationService(gitHubClient)
+    settings.TrustedOrganizations.exists{ org => Try{ orgService.isPublicMember(org, user.getLogin) }.toOption.getOrElse(false) }
+  }
+
   override def receive = {
     case pr: PullRequest => {
       val bsBase = pr.getBase
       val prHead = pr.getHead
       val destinationRepo = bsBase.getRepo.repositoryId
       if (settings.repoIds contains destinationRepo) {
-        log.info(s"Auditing ${destinationRepo} ${pr.number} ...")
-        val base = bsBase.commitSha
-        val head = prHead.commitSha
-        val foreignRepoId = prHead.getRepo.repositoryId
+        if (isTrusted(pr.getUser)) {
+          log.info(s"Skipping audit because user ${pr.getUser.getLogin} is member of trusted org.")
+        }
+        else {
+          log.info(s"Auditing ${destinationRepo} ${pr.number} ...")
+          val base = bsBase.commitSha
+          val head = prHead.commitSha
+          val foreignRepoId = prHead.getRepo.repositoryId
 
-        val fileMessages = modifiedFilesFor(foreignRepoId, base, head) match {
-          case Failure(exc) => {
-            log.error(exc, s"Could not get modified files for commits ${base}...${head} for ${foreignRepoId}")
-            Nil
+          val fileMessages = modifiedFilesFor(foreignRepoId, base, head) match {
+            case Failure(exc) => {
+              log.error(exc, s"Could not get modified files for commits ${base}...${head} for ${foreignRepoId}")
+              Nil
+            }
+            case Success(modifiedFiles) => {
+              ModifiedFilesAuditor.audit(modifiedFiles)
+            }
           }
-          case Success(modifiedFiles) => {
-            ModifiedFilesAuditor.audit(modifiedFiles)
-          }
-        }
-        val branchMessages = BaseAndHeadBranchesAuditor.audit(baseBranch = bsBase.getRef, headBranch = prHead.getRef)
+          val branchMessages = BaseAndHeadBranchesAuditor.audit(baseBranch = bsBase.getRef, headBranch = prHead.getRef)
 
-        val allMessages = fileMessages ++ branchMessages
-        if (allMessages.nonEmpty) {
-          commenter ! PullRequestFeedback(destinationRepo, pr.number, pr.getUser, allMessages)
-        }
-        else {
-          log.info(s"Repo ${destinationRepo} ${pr.number} successfully passed all audits.")
+          val allMessages = fileMessages ++ branchMessages
+          if (allMessages.nonEmpty) {
+            commenter ! PullRequestFeedback(destinationRepo, pr.number, pr.getUser, allMessages)
+          }
+          else {
+            log.info(s"Repo ${destinationRepo} ${pr.number} successfully passed all audits.")
+          }
         }
       }
       else {
diff --git a/src/main/scala/com/getbootstrap/rorschach/server/Settings.scala b/src/main/scala/com/getbootstrap/rorschach/server/Settings.scala
index 37375aa..6db79a1 100644
--- a/src/main/scala/com/getbootstrap/rorschach/server/Settings.scala
+++ b/src/main/scala/com/getbootstrap/rorschach/server/Settings.scala
@@ -18,6 +18,7 @@ class SettingsImpl(config: Config) extends Extension {
   val WebHookSecretKey: ByteString = ByteString(config.getString("rorschach.web-hook-secret-key").utf8Bytes)
   val DefaultPort: Int = config.getInt("rorschach.default-port")
   val CloseBadPullRequests: Boolean = config.getBoolean("rorschach.close-bad-pull-requests")
+  val TrustedOrganizations: Set[String] = config.getStringList("rorschach.trusted-orgs").asScala.toSet
 }
 object Settings extends ExtensionId[SettingsImpl] with ExtensionIdProvider {
   override def lookup() = Settings
-- 
cgit v1.2.3