Only show teams the user has access to
This commit is contained in:
parent
5eafe2b17e
commit
e35791b2b2
6 changed files with 84 additions and 41 deletions
|
@ -350,11 +350,14 @@ func runWeb(ctx *cli.Context) {
|
||||||
m.Get("/members/action/:action", org.MembersAction)
|
m.Get("/members/action/:action", org.MembersAction)
|
||||||
|
|
||||||
m.Get("/teams", org.Teams)
|
m.Get("/teams", org.Teams)
|
||||||
|
}, middleware.OrgAssignment(true))
|
||||||
|
|
||||||
|
m.Group("/:org", func() {
|
||||||
m.Get("/teams/:team", org.TeamMembers)
|
m.Get("/teams/:team", org.TeamMembers)
|
||||||
m.Get("/teams/:team/repositories", org.TeamRepositories)
|
m.Get("/teams/:team/repositories", org.TeamRepositories)
|
||||||
m.Route("/teams/:team/action/:action", "GET,POST", org.TeamsAction)
|
m.Route("/teams/:team/action/:action", "GET,POST", org.TeamsAction)
|
||||||
m.Route("/teams/:team/action/repo/:action", "GET,POST", org.TeamsRepoAction)
|
m.Route("/teams/:team/action/repo/:action", "GET,POST", org.TeamsRepoAction)
|
||||||
}, middleware.OrgAssignment(true))
|
}, middleware.OrgAssignment(true, false, true))
|
||||||
|
|
||||||
m.Group("/:org", func() {
|
m.Group("/:org", func() {
|
||||||
m.Get("/teams/new", org.NewTeam)
|
m.Get("/teams/new", org.NewTeam)
|
||||||
|
|
|
@ -9,7 +9,6 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
"strconv"
|
|
||||||
|
|
||||||
"github.com/go-xorm/xorm"
|
"github.com/go-xorm/xorm"
|
||||||
)
|
)
|
||||||
|
@ -1037,31 +1036,49 @@ func (org *User) getUserRepositories(userID int64) (err error) {
|
||||||
And("`team_user`.uid=?", userID).
|
And("`team_user`.uid=?", userID).
|
||||||
Join("INNER", "`team_user`", "`team_user`.team_id=`team`.id").
|
Join("INNER", "`team_user`", "`team_user`.team_id=`team`.id").
|
||||||
Find(&teams); err != nil {
|
Find(&teams); err != nil {
|
||||||
return fmt.Errorf("get team: %v", err)
|
return fmt.Errorf("getUserRepositories: get teams: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
var teamIDs []string
|
var teamIDs []int64
|
||||||
for _, team := range teams {
|
for _, team := range teams {
|
||||||
s := strconv.FormatInt(team.ID, 32)
|
teamIDs = append(teamIDs, team.ID)
|
||||||
teamIDs = append(teamIDs, s)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// The "in" clause it not vulnerable to SQL injection because we
|
|
||||||
// convert it from int64 a few lines above. Sadly, xorm does not support
|
|
||||||
// "in" clauses as a function, so we have to build our own (for now).
|
|
||||||
if err := x.Cols("`repository`.*").
|
if err := x.Cols("`repository`.*").
|
||||||
Where("`team_repo`.team_id in (" + strings.Join(teamIDs, ",") + ")").
|
In("`team_repo`.team_id", teamIDs).
|
||||||
Join("INNER", "`team_repo`", "`team_repo`.repo_id=`repository`.id").
|
Join("INNER", "`team_repo`", "`team_repo`.repo_id=`repository`.id").
|
||||||
GroupBy("`repository`.id").
|
GroupBy("`repository`.id").
|
||||||
Find(&org.Repos); err != nil {
|
Find(&org.Repos); err != nil {
|
||||||
return fmt.Errorf("get repositories: %v", err)
|
return fmt.Errorf("getUserRepositories: get repositories: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
org.NumRepos = len(org.Repos)
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetUserRepositories gets all repositories of an organization,
|
// GetUserRepositories gets all repositories of an organization,
|
||||||
// that the user with the given userID has access to.
|
// that the user with the given userID has access to.
|
||||||
func (org *User) GetUserRepositories(userID int64) (err error) {
|
func (org *User) GetUserRepositories(userID int64) error {
|
||||||
return org.getUserRepositories(userID)
|
return org.getUserRepositories(userID)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (org *User) getUserTeams(userID int64) (err error) {
|
||||||
|
if err := x.Cols("`team`.*").
|
||||||
|
Where("`team_user`.org_id=?", org.Id).
|
||||||
|
And("`team_user`.uid=?", userID).
|
||||||
|
Join("INNER", "`team_user`", "`team_user`.team_id=`team`.id").
|
||||||
|
Find(&org.Teams); err != nil {
|
||||||
|
return fmt.Errorf("getUserTeams: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
org.NumTeams = len(org.Teams)
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetTeams returns all teams that belong to organization,
|
||||||
|
// and that the user has joined.
|
||||||
|
func (org *User) GetUserTeams(userID int64) error {
|
||||||
|
return org.getUserTeams(userID)
|
||||||
|
}
|
||||||
|
|
|
@ -65,6 +65,7 @@ type Context struct {
|
||||||
Org struct {
|
Org struct {
|
||||||
IsOwner bool
|
IsOwner bool
|
||||||
IsMember bool
|
IsMember bool
|
||||||
|
IsTeamMember bool // Is member of team.
|
||||||
IsAdminTeam bool // In owner team or team that has admin permission level.
|
IsAdminTeam bool // In owner team or team that has admin permission level.
|
||||||
Organization *models.User
|
Organization *models.User
|
||||||
OrgLink string
|
OrgLink string
|
||||||
|
|
|
@ -5,6 +5,8 @@
|
||||||
package middleware
|
package middleware
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"strings"
|
||||||
|
|
||||||
"gopkg.in/macaron.v1"
|
"gopkg.in/macaron.v1"
|
||||||
|
|
||||||
"github.com/gogits/gogs/models"
|
"github.com/gogits/gogs/models"
|
||||||
|
@ -15,6 +17,7 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
|
||||||
var (
|
var (
|
||||||
requireMember bool
|
requireMember bool
|
||||||
requireOwner bool
|
requireOwner bool
|
||||||
|
requireTeamMember bool
|
||||||
requireAdminTeam bool
|
requireAdminTeam bool
|
||||||
)
|
)
|
||||||
if len(args) >= 1 {
|
if len(args) >= 1 {
|
||||||
|
@ -24,7 +27,10 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
|
||||||
requireOwner = args[1]
|
requireOwner = args[1]
|
||||||
}
|
}
|
||||||
if len(args) >= 3 {
|
if len(args) >= 3 {
|
||||||
requireAdminTeam = args[2]
|
requireTeamMember = args[2]
|
||||||
|
}
|
||||||
|
if len(args) >= 4 {
|
||||||
|
requireAdminTeam = args[3]
|
||||||
}
|
}
|
||||||
|
|
||||||
orgName := ctx.Params(":org")
|
orgName := ctx.Params(":org")
|
||||||
|
@ -52,11 +58,13 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
|
||||||
if ctx.IsSigned && ctx.User.IsAdmin {
|
if ctx.IsSigned && ctx.User.IsAdmin {
|
||||||
ctx.Org.IsOwner = true
|
ctx.Org.IsOwner = true
|
||||||
ctx.Org.IsMember = true
|
ctx.Org.IsMember = true
|
||||||
|
ctx.Org.IsTeamMember = true
|
||||||
ctx.Org.IsAdminTeam = true
|
ctx.Org.IsAdminTeam = true
|
||||||
} else if ctx.IsSigned {
|
} else if ctx.IsSigned {
|
||||||
ctx.Org.IsOwner = org.IsOwnedBy(ctx.User.Id)
|
ctx.Org.IsOwner = org.IsOwnedBy(ctx.User.Id)
|
||||||
if ctx.Org.IsOwner {
|
if ctx.Org.IsOwner {
|
||||||
ctx.Org.IsMember = true
|
ctx.Org.IsMember = true
|
||||||
|
ctx.Org.IsTeamMember = true
|
||||||
ctx.Org.IsAdminTeam = true
|
ctx.Org.IsAdminTeam = true
|
||||||
} else {
|
} else {
|
||||||
if org.IsOrgMember(ctx.User.Id) {
|
if org.IsOrgMember(ctx.User.Id) {
|
||||||
|
@ -79,25 +87,45 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
|
||||||
ctx.Data["OrgLink"] = ctx.Org.OrgLink
|
ctx.Data["OrgLink"] = ctx.Org.OrgLink
|
||||||
|
|
||||||
// Team.
|
// Team.
|
||||||
teamName := ctx.Params(":team")
|
if ctx.Org.IsMember {
|
||||||
if len(teamName) > 0 {
|
if err := org.GetUserTeams(ctx.User.Id); err != nil {
|
||||||
ctx.Org.Team, err = org.GetTeam(teamName)
|
ctx.Handle(500, "GetUserTeams", err)
|
||||||
if err != nil {
|
|
||||||
if err == models.ErrTeamNotExist {
|
|
||||||
ctx.Handle(404, "GetTeam", err)
|
|
||||||
} else {
|
|
||||||
ctx.Handle(500, "GetTeam", err)
|
|
||||||
}
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ctx.Data["Team"] = ctx.Org.Team
|
|
||||||
ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.ACCESS_MODE_ADMIN
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
teamName := ctx.Params(":team")
|
||||||
|
if len(teamName) > 0 {
|
||||||
|
teamExists := false
|
||||||
|
for _, team := range org.Teams {
|
||||||
|
if strings.ToLower(team.Name) == strings.ToLower(teamName) {
|
||||||
|
teamExists = true
|
||||||
|
ctx.Org.Team = team
|
||||||
|
ctx.Org.IsTeamMember = true
|
||||||
|
ctx.Data["Team"] = ctx.Org.Team
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !teamExists {
|
||||||
|
ctx.Handle(404, "OrgAssignment", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.Data["IsTeamMember"] = ctx.Org.IsTeamMember
|
||||||
|
if requireTeamMember && !ctx.Org.IsTeamMember {
|
||||||
|
ctx.Handle(404, "OrgAssignment", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.ACCESS_MODE_ADMIN
|
||||||
ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
|
ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
|
||||||
if requireAdminTeam && !ctx.Org.IsAdminTeam {
|
if requireAdminTeam && !ctx.Org.IsAdminTeam {
|
||||||
ctx.Handle(404, "OrgAssignment", err)
|
ctx.Handle(404, "OrgAssignment", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func OrgAssignment(args ...bool) macaron.Handler {
|
func OrgAssignment(args ...bool) macaron.Handler {
|
||||||
|
|
|
@ -28,10 +28,7 @@ func Teams(ctx *middleware.Context) {
|
||||||
ctx.Data["Title"] = org.FullName
|
ctx.Data["Title"] = org.FullName
|
||||||
ctx.Data["PageIsOrgTeams"] = true
|
ctx.Data["PageIsOrgTeams"] = true
|
||||||
|
|
||||||
if err := org.GetTeams(); err != nil {
|
// org.Teams is already loaded by middleware
|
||||||
ctx.Handle(500, "GetTeams", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
for _, t := range org.Teams {
|
for _, t := range org.Teams {
|
||||||
if err := t.GetMembers(); err != nil {
|
if err := t.GetMembers(); err != nil {
|
||||||
ctx.Handle(500, "GetMembers", err)
|
ctx.Handle(500, "GetMembers", err)
|
||||||
|
|
|
@ -312,9 +312,10 @@ func showOrgProfile(ctx *middleware.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
org := ctx.Org.Organization
|
org := ctx.Org.Organization
|
||||||
|
userId := ctx.User.Id
|
||||||
ctx.Data["Title"] = org.FullName
|
ctx.Data["Title"] = org.FullName
|
||||||
|
|
||||||
if err := org.GetUserRepositories(ctx.User.Id); err != nil {
|
if err := org.GetUserRepositories(userId); err != nil {
|
||||||
ctx.Handle(500, "GetUserRepositories", err)
|
ctx.Handle(500, "GetUserRepositories", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -326,11 +327,7 @@ func showOrgProfile(ctx *middleware.Context) {
|
||||||
}
|
}
|
||||||
ctx.Data["Members"] = org.Members
|
ctx.Data["Members"] = org.Members
|
||||||
|
|
||||||
if err := org.GetTeams(); err != nil {
|
ctx.Data["Teams"] = org.Teams // already loaded by middleware
|
||||||
ctx.Handle(500, "GetTeams", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
ctx.Data["Teams"] = org.Teams
|
|
||||||
|
|
||||||
ctx.HTML(200, ORG_HOME)
|
ctx.HTML(200, ORG_HOME)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue