func syncRepositoryApps(user *auth.User, beforeApps []string, roleCache map[string]*permission.Role) error {
err := user.Reload()
if err != nil {
return err
}
afterApps, err := deployableApps(user, roleCache)
if err != nil {
return err
}
afterMap := map[string]struct{}{}
for _, a := range afterApps {
afterMap[a] = struct{}{}
}
manager := repository.Manager()
for _, a := range beforeApps {
var err error
if _, ok := afterMap[a]; !ok {
err = manager.RevokeAccess(a, user.Email)
}
if err != nil {
log.Errorf("error revoking gandalf access for app %s, user %s: %s", a, user.Email, err)
}
}
for _, a := range afterApps {
err := manager.GrantAccess(a, user.Email)
if err != nil {
log.Errorf("error granting gandalf access for app %s, user %s: %s", a, user.Email, err)
}
}
return nil
}