plugin-git-manager 1.2.2 → 1.2.3

package/dist/server/actions/poller.js

@@ -1,3 +1,12 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/server/actions/review.js

@@ -1,3 +1,12 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/server/actions/role-permissions.js

@@ -0,0 +1,145 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var role_permissions_exports = {};
+__export(role_permissions_exports, {
+  rolePermissions: () => rolePermissions,
+  updateRolePermissions: () => updateRolePermissions
+});
+module.exports = __toCommonJS(role_permissions_exports);
+function getRecordValue(record, key) {
+  return (record == null ? void 0 : record.get) ? record.get(key) : record == null ? void 0 : record[key];
+}
+async function rolePermissions(ctx, _next) {
+  var _a;
+  const currentRoles = Array.isArray((_a = ctx.state) == null ? void 0 : _a.currentRoles) ? ctx.state.currentRoles : [];
+  if (!currentRoles.includes("root")) {
+    const canAccessRoles = await ctx.app.acl.can({ roles: currentRoles, resource: "roles", action: "update" });
+    if (!canAccessRoles) return ctx.throw(403, "Permission denied");
+  }
+  const roleName = ctx.action.params.roleName;
+  if (!roleName) return ctx.throw(400, "roleName is required");
+  const resource = await ctx.db.getRepository("rolesResources").findOne({
+    filter: { roleName, name: "gitRepositories" }
+  });
+  if (!resource) {
+    ctx.body = { data: { read: [], write: [] } };
+    return;
+  }
+  const actions = await ctx.db.getRepository("rolesResourcesActions").find({
+    filter: { rolesResourceId: getRecordValue(resource, "id") },
+    appends: ["scope"]
+  });
+  const result = { read: [], write: [] };
+  for (const action of actions) {
+    const actionData = action.toJSON ? action.toJSON() : action;
+    const actionName = actionData.name;
+    if (result[actionName]) {
+      const scopeRow = actionData.scope;
+      const scope = (scopeRow == null ? void 0 : scopeRow.scope) || scopeRow;
+      try {
+        if (scope && scope.$and && scope.$and[0] && scope.$and[0].id) {
+          if (scope.$and[0].id.$in) {
+            result[actionName] = scope.$and[0].id.$in;
+          } else if (typeof scope.$and[0].id === "number" || typeof scope.$and[0].id === "string") {
+            result[actionName] = [scope.$and[0].id];
+          }
+        }
+      } catch (e) {
+      }
+    }
+  }
+  ctx.body = result;
+}
+async function updateRolePermissions(ctx, _next) {
+  var _a, _b, _c;
+  const currentRoles = Array.isArray((_a = ctx.state) == null ? void 0 : _a.currentRoles) ? ctx.state.currentRoles : [];
+  if (!currentRoles.includes("root")) {
+    const canAccessRoles = await ctx.app.acl.can({ roles: currentRoles, resource: "roles", action: "update" });
+    if (!canAccessRoles) return ctx.throw(403, "Permission denied");
+  }
+  const payload = ctx.action.params.values || ctx.request.body || {};
+  const roleName = payload.roleName || ctx.action.params.roleName;
+  const permissions = payload.values || {};
+  if (!roleName) return ctx.throw(400, "roleName is required");
+  const resourceRepo = ctx.db.getRepository("rolesResources");
+  let resource = await resourceRepo.findOne({ filter: { roleName, name: "gitRepositories" } });
+  if (!resource) {
+    resource = await resourceRepo.create({
+      values: { roleName, name: "gitRepositories", usingActionsConfig: true }
+    });
+  } else if (!getRecordValue(resource, "usingActionsConfig")) {
+    await resource.update({ usingActionsConfig: true });
+  }
+  const rolesResourceId = getRecordValue(resource, "id");
+  const actionsRepo = ctx.db.getRepository("rolesResourcesActions");
+  for (const actionName of ["read", "write"]) {
+    const ids = permissions[actionName] || [];
+    const action = await actionsRepo.findOne({
+      filter: { rolesResourceId, name: actionName },
+      appends: ["scope"]
+    });
+    if (ids.length === 0) {
+      if (action) await action.destroy();
+    } else {
+      const scopeJson = { $and: [{ id: { $in: ids } }] };
+      if (action) {
+        const actionData = action.toJSON ? action.toJSON() : action;
+        const actionScope = actionData.scope;
+        const actionScopeId = getRecordValue(actionScope, "id") || actionData.scopeId || getRecordValue(action, "scopeId");
+        if (actionScopeId) {
+          await ctx.db.getRepository("rolesResourcesScopes").update({
+            filterByTk: actionScopeId,
+            values: { scope: scopeJson }
+          });
+        } else {
+          const newScope = await ctx.db.getRepository("rolesResourcesScopes").create({
+            values: { scope: scopeJson }
+          });
+          await action.update({ scopeId: getRecordValue(newScope, "id") });
+        }
+      } else {
+        const newScope = await ctx.db.getRepository("rolesResourcesScopes").create({
+          values: { scope: scopeJson }
+        });
+        await actionsRepo.create({
+          values: { rolesResourceId, name: actionName, scopeId: getRecordValue(newScope, "id") }
+        });
+      }
+    }
+  }
+  try {
+    await resource.writeToACL({ acl: ctx.app.acl });
+  } catch (e) {
+    (_c = (_b = ctx.logger) == null ? void 0 : _b.warn) == null ? void 0 : _c.call(_b, "[git-manager] Failed to write resource to ACL memory cache:", e);
+  }
+  ctx.body = { data: "ok" };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  rolePermissions,
+  updateRolePermissions
+});

package/dist/server/ai-tools.js

@@ -1,3 +1,12 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;

package/dist/server/collections/gitCodeReviews.js

@@ -1,3 +1,12 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/server/collections/gitRepositories.js

@@ -1,3 +1,12 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/server/collections/gitReviewFlows.js

@@ -1,3 +1,12 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/server/index.js

@@ -1,3 +1,12 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;

package/dist/server/migrations/20260508000000-add-auto-review-flow-id.js

@@ -1,3 +1,12 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/server/plugin.js

@@ -1,3 +1,12 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
@@ -39,6 +48,7 @@ var gitActions = __toESM(require("./actions/git-actions"));
 var gitlabApi = __toESM(require("./actions/gitlab-api"));
 var reviewActions = __toESM(require("./actions/review"));
 var pollerActions = __toESM(require("./actions/poller"));
+var rolePermissionsActions = __toESM(require("./actions/role-permissions"));
 var import_review = require("./actions/review");
 var import_ai_tools = require("./ai-tools");
 var import_poller = require("./poller");
@@ -81,7 +91,9 @@ class PluginGitManagerServer extends import_server.Plugin {
         reviewApprovePost: reviewActions.reviewApprovePost,
         reviewReject: reviewActions.reviewReject,
         pollNow: pollerActions.pollNow,
-        pollerStatus: pollerActions.pollerStatus
+        pollerStatus: pollerActions.pollerStatus,
+        rolePermissions: rolePermissionsActions.rolePermissions,
+        updateRolePermissions: rolePermissionsActions.updateRolePermissions
       }
     });
     this.app.use(async (ctx, next) => {
@@ -166,6 +178,20 @@ class PluginGitManagerServer extends import_server.Plugin {
         "gitManager:pollNow"
       ]
     });
+    this.app.acl.registerSnippet({
+      name: `pm.${this.name}.repositories`,
+      actions: [
+        "gitRepositories:*"
+      ]
+    });
+    this.app.acl.registerSnippet({
+      name: `pm.${this.name}.manage`,
+      actions: [
+        `pm.${this.name}.repositories`,
+        `pm.${this.name}.read`,
+        `pm.${this.name}.write`
+      ]
+    });
     this.app.resourceManager.use(async (ctx, next) => {
       var _a, _b, _c, _d, _e;
       if (((_a = ctx.action) == null ? void 0 : _a.resourceName) === "gitRepositories" && ["create", "update"].includes((_b = ctx.action) == null ? void 0 : _b.actionName)) {

package/dist/server/poller.js

@@ -1,3 +1,12 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/server/utils/gitlab-url.js

@@ -1,3 +1,12 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/dist/server/utils/redact.js

@@ -1,3 +1,12 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/package.json

@@ -1,37 +1,37 @@
-{
-  "name": "plugin-git-manager",
-  "displayName": "Git Manager",
-  "displayName.zh-CN": "Git 管理器",
-  "description": "Manage Git repositories with PAT authentication - pull, push, fetch, diff, file browsing",
-  "version": "1.2.2",
-  "license": "Apache-2.0",
-  "main": "dist/server/index.js",
-  "files": [
-    "dist",
-    "src",
-    "client.js",
-    "server.js",
-    "client.d.ts",
-    "server.d.ts"
-  ],
-  "nocobase": {
-    "supportedVersions": [
-      "2.x"
-    ],
-    "editionLevel": 0
-  },
-  "peerDependencies": {
-    "@nocobase/client": "2.x",
-    "@nocobase/server": "2.x",
-    "@nocobase/database": "2.x",
-    "@nocobase/test": "2.x"
-  },
-  "optionalPeerDependencies": {
-    "@nocobase/ai": "2.x",
-    "@nocobase/plugin-ai": "2.x",
-    "@nocobase/plugin-field-markdown-vditor": "2.x"
-  },
-  "dependencies": {
-    "simple-git": "^3.27.0"
-  }
+{
+  "name": "plugin-git-manager",
+  "displayName": "Git Manager",
+  "displayName.zh-CN": "Git 管理器",
+  "description": "Manage Git repositories with PAT authentication - pull, push, fetch, diff, file browsing",
+  "version": "1.2.3",
+  "license": "Apache-2.0",
+  "main": "dist/server/index.js",
+  "files": [
+    "dist",
+    "src",
+    "client.js",
+    "server.js",
+    "client.d.ts",
+    "server.d.ts"
+  ],
+  "nocobase": {
+    "supportedVersions": [
+      "2.x"
+    ],
+    "editionLevel": 0
+  },
+  "peerDependencies": {
+    "@nocobase/client": "2.x",
+    "@nocobase/server": "2.x",
+    "@nocobase/database": "2.x",
+    "@nocobase/test": "2.x"
+  },
+  "optionalPeerDependencies": {
+    "@nocobase/ai": "2.x",
+    "@nocobase/plugin-ai": "2.x",
+    "@nocobase/plugin-field-markdown-vditor": "2.x"
+  },
+  "dependencies": {
+    "simple-git": "^3.27.0"
+  }
 }

package/src/client/components/GitManagerSettings.tsx

@@ -5,7 +5,6 @@ import {
   RobotOutlined, AuditOutlined, ClockCircleOutlined,
 } from '@ant-design/icons';
 import { GitManagerProvider, useGitManager } from '../context/GitManagerContext';
-import { RepositoryConfig } from './RepositoryConfig';
 import { FileExplorer } from './FileExplorer';
 import { CommitHistory } from './CommitHistory';
 import { MergeRequests } from './MergeRequests';
@@ -76,18 +75,9 @@ const GitManagerContent: React.FC = () => {
 
       <Tabs
         type="card"
-        defaultActiveKey="repos"
+        defaultActiveKey="explorer"
         destroyInactiveTabPane
         items={[
-          {
-            key: 'repos',
-            label: (
-              <span>
-                <DatabaseOutlined /> {t('Repositories')}
-              </span>
-            ),
-            children: <RepositoryConfig />,
-          },
           {
             key: 'explorer',
             label: (

package/src/client/components/RepositoryPermissions.tsx

@@ -0,0 +1,130 @@
+import React, { useEffect, useState } from 'react';
+import { useAPIClient } from '@nocobase/client';
+import { Table, Checkbox, Spin, Typography, message } from 'antd';
+
+export const RepositoryPermissions = ({ activeRole }) => {
+  const api = useAPIClient();
+  const [loading, setLoading] = useState(false);
+  const [repositories, setRepositories] = useState([]);
+  const [permissions, setPermissions] = useState({ read: [], write: [] });
+
+  useEffect(() => {
+    if (activeRole?.name) {
+      loadData();
+    }
+  }, [activeRole?.name]);
+
+  const loadData = async () => {
+    setLoading(true);
+    try {
+      const [repoRes, permRes] = await Promise.all([
+        api.request({
+          resource: 'gitRepositories',
+          action: 'list',
+          params: { paginate: false, sort: ['name'] },
+        }),
+        api.request({
+          url: 'gitManager:rolePermissions',
+          method: 'get',
+          params: { roleName: activeRole.name },
+        }),
+      ]);
+      const fetchedPerms = permRes?.data?.data || permRes?.data || { read: [], write: [] };
+      setRepositories(repoRes?.data?.data || []);
+      setPermissions({
+        read: fetchedPerms.read || [],
+        write: fetchedPerms.write || [],
+      });
+    } catch (e) {
+      console.error(e);
+      message.error('Failed to load repository permissions');
+    }
+    setLoading(false);
+  };
+
+  const handleToggle = async (repositoryId: number, actionName: string, checked: boolean) => {
+    const currentList = permissions[actionName] || [];
+    const newList = checked
+      ? [...new Set([...currentList, repositoryId])]
+      : currentList.filter((id: number) => id !== repositoryId);
+
+    const newPermissions = { ...permissions, [actionName]: newList };
+    const prevPermissions = permissions;
+    setPermissions(newPermissions);
+
+    try {
+      await api.request({
+        url: 'gitManager:updateRolePermissions',
+        method: 'post',
+        data: {
+          roleName: activeRole.name,
+          values: newPermissions,
+        },
+      });
+    } catch {
+      message.error('Failed to update permissions');
+      setPermissions(prevPermissions);
+    }
+  };
+
+  const columns = [
+    {
+      title: 'Repository Name',
+      dataIndex: 'name',
+      key: 'name',
+      render: (text: string) => <Typography.Text strong>{text}</Typography.Text>,
+    },
+    {
+      title: 'Repository URL',
+      dataIndex: 'repoUrl',
+      key: 'repoUrl',
+      ellipsis: true,
+      render: (text: string) => <Typography.Text type="secondary">{text}</Typography.Text>,
+    },
+    {
+      title: 'Read (List, Browse Files, View History)',
+      key: 'read',
+      width: 100,
+      render: (_: any, record: any) => (
+        <Checkbox
+          checked={(permissions.read || []).includes(record.id)}
+          onChange={(e) => handleToggle(record.id, 'read', e.target.checked)}
+        />
+      ),
+    },
+    {
+      title: 'Write (Clone, Pull, Push, Review)',
+      key: 'write',
+      width: 100,
+      render: (_: any, record: any) => (
+        <Checkbox
+          checked={(permissions.write || []).includes(record.id)}
+          onChange={(e) => handleToggle(record.id, 'write', e.target.checked)}
+        />
+      ),
+    },
+  ];
+
+  if (loading && !repositories.length) {
+    return <Spin style={{ display: 'block', margin: '40px auto' }} />;
+  }
+
+  return (
+    <div style={{ padding: 16 }}>
+      <div style={{ marginBottom: 16 }}>
+        <Typography.Text type="secondary">
+          Configure access permissions for each repository for the role{' '}
+          <Typography.Text strong>{activeRole?.title || activeRole?.name}</Typography.Text>.
+        </Typography.Text>
+      </div>
+      <Table
+        dataSource={repositories}
+        columns={columns}
+        rowKey="id"
+        pagination={false}
+        size="small"
+        bordered
+      />
+    </div>
+  );
+};

package/src/client/index.tsx

@@ -10,13 +10,33 @@ const GitManagerSettings = React.lazy(() =>
   import('./components/GitManagerSettings').then((m) => ({ default: m.GitManagerSettings })),
 );
 
+const RepositoryConfig = React.lazy(() =>
+  import('./components/RepositoryConfig').then((m) => ({ default: m.RepositoryConfig })),
+);
+
+import PluginACLClient from '@nocobase/plugin-acl/client';
+import { RepositoryPermissions } from './components/RepositoryPermissions';
+
 export class PluginGitManagerClient extends Plugin {
   async load() {
-    (this as any).app.pluginSettingsManager.add('git-manager', {
+    // Parent group with no direct component — acts as a category in settings
+    this.app.pluginSettingsManager.add('git-manager', {
       title: (this as any).t('Git Manager'),
       icon: 'BranchesOutlined',
+    });
+
+    // Repositories config — separate group for ACL-granular access
+    this.app.pluginSettingsManager.add('git-manager.repositories', {
+      title: (this as any).t('Repositories'),
+      Component: RepositoryConfig,
+      aclSnippet: `pm.plugin-git-manager.repositories`,
+    });
+
+    // Full management — requires full plugin permission
+    this.app.pluginSettingsManager.add('git-manager.manage', {
+      title: (this as any).t('Manage'),
       Component: GitManagerSettings,
-      aclSnippet: 'pm.plugin-git-manager',
+      aclSnippet: `pm.plugin-git-manager.manage`,
     });
 
     const aiManager = ((this as any).app as any).aiManager;
@@ -25,6 +45,20 @@ export class PluginGitManagerClient extends Plugin {
       aiManager.registerWorkContext('git-merge-request', GitMergeRequestWorkContext);
       aiManager.registerWorkContext('git-commit', GitCommitWorkContext);
     }
+
+    const aclPlugin = this.app.pm.get(PluginACLClient);
+    if (aclPlugin) {
+      aclPlugin.settingsUI.addPermissionsTab(({ t, TabLayout, activeRole }) => ({
+        key: 'git-manager',
+        label: 'Git Manager',
+        sort: 25,
+        children: (
+          <TabLayout>
+            <RepositoryPermissions activeRole={activeRole} />
+          </TabLayout>
+        ),
+      }));
+    }
   }
 }
 

package/src/locale/en-US.json

@@ -186,5 +186,12 @@
   "Only flows with automatic trigger modes are shown": "Only flows with automatic trigger modes are shown",
   "Fallback": "Fallback",
   "AI employee not found": "AI employee not found",
-  "Failed to open AI chat": "Failed to open AI chat"
+  "Failed to open AI chat": "Failed to open AI chat",
+  "Manage": "Manage",
+  "Repository Permissions": "Repository Permissions",
+  "Read (List, Browse Files, View History)": "Read (List, Browse Files, View History)",
+  "Write (Clone, Pull, Push, Review)": "Write (Clone, Pull, Push, Review)",
+  "Configure access permissions for each repository for the role {{roleName}}": "Configure access permissions for each repository for the role {{roleName}}",
+  "Failed to load repository permissions": "Failed to load repository permissions",
+  "Failed to update permissions": "Failed to update permissions"
 }

package/src/locale/vi-VN.json

@@ -179,5 +179,12 @@
   "new": "mới",
   "Reviewed SHA": "SHA đã đánh giá",
   "Latest SHA": "SHA mới nhất",
-  "All triggers": "Tất cả nguồn"
+  "All triggers": "Tất cả nguồn",
+  "Manage": "Quản lý",
+  "Repository Permissions": "Phân quyền kho mã nguồn",
+  "Read (List, Browse Files, View History)": "Đọc (Xem danh sách, Duyệt tệp, Xem lịch sử)",
+  "Write (Clone, Pull, Push, Review)": "Ghi (Sao chép, Kéo về, Đẩy lên, Đánh giá)",
+  "Configure access permissions for each repository for the role {{roleName}}": "Cấu hình quyền truy cập cho từng kho mã nguồn đối với vai trò {{roleName}}",
+  "Failed to load repository permissions": "Không thể tải phân quyền kho mã nguồn",
+  "Failed to update permissions": "Cập nhật phân quyền thất bại"
 }