From fd069b6ed6a806360251a61a85221c343def8dd1 Mon Sep 17 00:00:00 2001
From: viniciusdc <vinivdc2009@hotmail.com>
Date: Fri, 16 Feb 2024 14:37:15 -0300
Subject: [PATCH 1/3] validate and apply user permissions to progam. added
 repos/dirs

---
 .../files/extras/git_clone_update.sh          | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/files/extras/git_clone_update.sh b/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/files/extras/git_clone_update.sh
index 5c012c01c..255579fd1 100644
--- a/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/files/extras/git_clone_update.sh
+++ b/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/files/extras/git_clone_update.sh
@@ -31,6 +31,22 @@ if [ "$#" -lt 1 ] || [ "$1" = "--help" ]; then
   [ "$1" = "--help" ] && exit 0 || exit 1
 fi
 
+fix_parent_dir_permissions() {
+  # Fix parent directory permissions to allow the JupyterLab user to access the cloned repository
+
+  local folder_path="$1"
+
+  # Retrieve the very first parent directory
+  local parent_dir=$(echo "$folder_path" | cut -d '/' -f1)
+
+  # Check if the parent directory has the correct permissions
+  if [ "$(stat -c "%u:%g" "$parent_dir")" != "1000:100" ]; then
+    echo "Fixing permissions for parent directory: $parent_dir"
+    chown -R 1000:100 "$parent_dir" || { echo "Error: Unable to set ownership for $parent_dir"; return 1; }
+    chmod -R 755 "$parent_dir" || { echo "Error: Unable to set permissions for $parent_dir"; return 1; }
+  fi
+}
+
 clone_update_repository() {
   # Clone or update a Git repository into a specified folder,
   # and create a `.firstrun` file to mark the script's execution.
@@ -47,6 +63,9 @@ clone_update_repository() {
       mkdir -p "$folder_path"
     fi
 
+    # Fix parent directory permissions
+    fix_parent_dir_permissions "$folder_path" || return 1
+
     if [ -d "$folder_path/.git" ]; then
       echo -e "Updating Git repository in ${folder_path}..."
       (cd "$folder_path" && git pull)
@@ -72,7 +91,7 @@ for pair in "$@"; do
     echo -e "${RED}Invalid argument format: \"${pair}\". Please provide folder path and Git repository URL in the correct order.${NC}" >> "$ERROR_LOG"
   else
     clone_update_repository "$folder_path" "$git_repo_url" || echo -e "${RED}Error executing for ${folder_path}.${NC}" >> "$ERROR_LOG"
-    chown -R 1000:100 "$folder_path" # User permissions for JupyterLab user
+    # chown -R 1000:100 "$folder_path" # User permissions for JupyterLab user
   fi
 done
 

From 81616687c8465670f112f096d75b4675a41e3585 Mon Sep 17 00:00:00 2001
From: viniciusdc <vinivdc2009@hotmail.com>
Date: Fri, 16 Feb 2024 15:13:14 -0300
Subject: [PATCH 2/3] mistakenly removed the permission check for cloned files

---
 .../services/jupyterhub/files/extras/git_clone_update.sh   | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/files/extras/git_clone_update.sh b/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/files/extras/git_clone_update.sh
index 255579fd1..5c2f6d2d4 100644
--- a/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/files/extras/git_clone_update.sh
+++ b/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/files/extras/git_clone_update.sh
@@ -74,7 +74,13 @@ clone_update_repository() {
       (git clone "$git_repo_url" "$folder_path")
     fi
 
+    echo -e "Creating .firstrun file in ${folder_path}..."
     touch "$firstrun_file"
+
+    # User permissions for JupyterLab user to newly created git folders
+    echo -e "Setting permissions for ${folder_path}..."
+    chown -R 1000:100 "$folder_path" || { echo "Error: Unable to set ownership for $folder_path"; return 1; }
+
     echo -e "Execution for ${folder_path} completed. ${GREEN}✅${NC}"
   fi
 }
@@ -91,7 +97,6 @@ for pair in "$@"; do
     echo -e "${RED}Invalid argument format: \"${pair}\". Please provide folder path and Git repository URL in the correct order.${NC}" >> "$ERROR_LOG"
   else
     clone_update_repository "$folder_path" "$git_repo_url" || echo -e "${RED}Error executing for ${folder_path}.${NC}" >> "$ERROR_LOG"
-    # chown -R 1000:100 "$folder_path" # User permissions for JupyterLab user
   fi
 done
 

From c3dce6171177fb4bdcb2b4d32eba21fed49bfc94 Mon Sep 17 00:00:00 2001
From: "Vinicius D. Cerutti" <51954708+viniciusdc@users.noreply.github.com>
Date: Fri, 16 Feb 2024 15:22:17 -0300
Subject: [PATCH 3/3] rm redundant comment

---
 .../services/jupyterhub/files/extras/git_clone_update.sh         | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/files/extras/git_clone_update.sh b/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/files/extras/git_clone_update.sh
index 5c2f6d2d4..bca1734ea 100644
--- a/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/files/extras/git_clone_update.sh
+++ b/src/_nebari/stages/kubernetes_services/template/modules/kubernetes/services/jupyterhub/files/extras/git_clone_update.sh
@@ -63,7 +63,6 @@ clone_update_repository() {
       mkdir -p "$folder_path"
     fi
 
-    # Fix parent directory permissions
     fix_parent_dir_permissions "$folder_path" || return 1
 
     if [ -d "$folder_path/.git" ]; then