summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Kaiser <florian.kaiser@fnkr.net>2016-01-31 13:28:42 +0000
committerFlorian Kaiser <florian.kaiser@fnkr.net>2016-01-31 15:30:07 +0000
commite35791b2b2888979ba53b8a9a58e1cb132026914 (patch)
tree128e988ab9d46a56ae0448c068b23ed9a3b05d70
parent5eafe2b17eb9a1cf1068e7a3ed7a57a2730f04b0 (diff)
downloadgitea-e35791b2b2888979ba53b8a9a58e1cb132026914.tar.gz
gitea-e35791b2b2888979ba53b8a9a58e1cb132026914.zip
Only show teams the user has access to
-rw-r--r--cmd/web.go5
-rw-r--r--models/org.go39
-rw-r--r--modules/middleware/context.go1
-rw-r--r--modules/middleware/org.go60
-rw-r--r--routers/org/teams.go5
-rw-r--r--routers/user/home.go9
6 files changed, 81 insertions, 38 deletions
diff --git a/cmd/web.go b/cmd/web.go
index cf47d5c531..3949595465 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -350,11 +350,14 @@ func runWeb(ctx *cli.Context) {
m.Get("/members/action/:action", org.MembersAction)
m.Get("/teams", org.Teams)
+ }, middleware.OrgAssignment(true))
+
+ m.Group("/:org", func() {
m.Get("/teams/:team", org.TeamMembers)
m.Get("/teams/:team/repositories", org.TeamRepositories)
m.Route("/teams/:team/action/:action", "GET,POST", org.TeamsAction)
m.Route("/teams/:team/action/repo/:action", "GET,POST", org.TeamsRepoAction)
- }, middleware.OrgAssignment(true))
+ }, middleware.OrgAssignment(true, false, true))
m.Group("/:org", func() {
m.Get("/teams/new", org.NewTeam)
diff --git a/models/org.go b/models/org.go
index c9d8f11964..839d26742d 100644
--- a/models/org.go
+++ b/models/org.go
@@ -9,7 +9,6 @@ import (
"fmt"
"os"
"strings"
- "strconv"
"github.com/go-xorm/xorm"
)
@@ -1037,31 +1036,49 @@ func (org *User) getUserRepositories(userID int64) (err error) {
And("`team_user`.uid=?", userID).
Join("INNER", "`team_user`", "`team_user`.team_id=`team`.id").
Find(&teams); err != nil {
- return fmt.Errorf("get team: %v", err)
+ return fmt.Errorf("getUserRepositories: get teams: %v", err)
}
- var teamIDs []string
+ var teamIDs []int64
for _, team := range teams {
- s := strconv.FormatInt(team.ID, 32)
- teamIDs = append(teamIDs, s)
+ teamIDs = append(teamIDs, team.ID)
}
- // The "in" clause it not vulnerable to SQL injection because we
- // convert it from int64 a few lines above. Sadly, xorm does not support
- // "in" clauses as a function, so we have to build our own (for now).
if err := x.Cols("`repository`.*").
- Where("`team_repo`.team_id in (" + strings.Join(teamIDs, ",") + ")").
+ In("`team_repo`.team_id", teamIDs).
Join("INNER", "`team_repo`", "`team_repo`.repo_id=`repository`.id").
GroupBy("`repository`.id").
Find(&org.Repos); err != nil {
- return fmt.Errorf("get repositories: %v", err)
+ return fmt.Errorf("getUserRepositories: get repositories: %v", err)
}
+ org.NumRepos = len(org.Repos)
+
return
}
// GetUserRepositories gets all repositories of an organization,
// that the user with the given userID has access to.
-func (org *User) GetUserRepositories(userID int64) (err error) {
+func (org *User) GetUserRepositories(userID int64) error {
return org.getUserRepositories(userID)
}
+
+func (org *User) getUserTeams(userID int64) (err error) {
+ if err := x.Cols("`team`.*").
+ Where("`team_user`.org_id=?", org.Id).
+ And("`team_user`.uid=?", userID).
+ Join("INNER", "`team_user`", "`team_user`.team_id=`team`.id").
+ Find(&org.Teams); err != nil {
+ return fmt.Errorf("getUserTeams: %v", err)
+ }
+
+ org.NumTeams = len(org.Teams)
+
+ return
+}
+
+// GetTeams returns all teams that belong to organization,
+// and that the user has joined.
+func (org *User) GetUserTeams(userID int64) error {
+ return org.getUserTeams(userID)
+}
diff --git a/modules/middleware/context.go b/modules/middleware/context.go
index d58967b891..59e95aada9 100644
--- a/modules/middleware/context.go
+++ b/modules/middleware/context.go
@@ -65,6 +65,7 @@ type Context struct {
Org struct {
IsOwner bool
IsMember bool
+ IsTeamMember bool // Is member of team.
IsAdminTeam bool // In owner team or team that has admin permission level.
Organization *models.User
OrgLink string
diff --git a/modules/middleware/org.go b/modules/middleware/org.go
index 37ba4deb1f..34ec90dc6e 100644
--- a/modules/middleware/org.go
+++ b/modules/middleware/org.go
@@ -5,6 +5,8 @@
package middleware
import (
+ "strings"
+
"gopkg.in/macaron.v1"
"github.com/gogits/gogs/models"
@@ -13,9 +15,10 @@ import (
func HandleOrgAssignment(ctx *Context, args ...bool) {
var (
- requireMember bool
- requireOwner bool
- requireAdminTeam bool
+ requireMember bool
+ requireOwner bool
+ requireTeamMember bool
+ requireAdminTeam bool
)
if len(args) >= 1 {
requireMember = args[0]
@@ -24,7 +27,10 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
requireOwner = args[1]
}
if len(args) >= 3 {
- requireAdminTeam = args[2]
+ requireTeamMember = args[2]
+ }
+ if len(args) >= 4 {
+ requireAdminTeam = args[3]
}
orgName := ctx.Params(":org")
@@ -52,11 +58,13 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
if ctx.IsSigned && ctx.User.IsAdmin {
ctx.Org.IsOwner = true
ctx.Org.IsMember = true
+ ctx.Org.IsTeamMember = true
ctx.Org.IsAdminTeam = true
} else if ctx.IsSigned {
ctx.Org.IsOwner = org.IsOwnedBy(ctx.User.Id)
if ctx.Org.IsOwner {
ctx.Org.IsMember = true
+ ctx.Org.IsTeamMember = true
ctx.Org.IsAdminTeam = true
} else {
if org.IsOrgMember(ctx.User.Id) {
@@ -79,25 +87,45 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
ctx.Data["OrgLink"] = ctx.Org.OrgLink
// Team.
+ if ctx.Org.IsMember {
+ if err := org.GetUserTeams(ctx.User.Id); err != nil {
+ ctx.Handle(500, "GetUserTeams", err)
+ return
+ }
+ }
+
teamName := ctx.Params(":team")
if len(teamName) > 0 {
- ctx.Org.Team, err = org.GetTeam(teamName)
- if err != nil {
- if err == models.ErrTeamNotExist {
- ctx.Handle(404, "GetTeam", err)
- } else {
- ctx.Handle(500, "GetTeam", err)
+ teamExists := false
+ for _, team := range org.Teams {
+ if strings.ToLower(team.Name) == strings.ToLower(teamName) {
+ teamExists = true
+ ctx.Org.Team = team
+ ctx.Org.IsTeamMember = true
+ ctx.Data["Team"] = ctx.Org.Team
+ break
}
+ }
+
+ if !teamExists {
+ ctx.Handle(404, "OrgAssignment", err)
+ return
+ }
+
+ ctx.Data["IsTeamMember"] = ctx.Org.IsTeamMember
+ if requireTeamMember && !ctx.Org.IsTeamMember {
+ ctx.Handle(404, "OrgAssignment", err)
return
}
- ctx.Data["Team"] = ctx.Org.Team
+
ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.ACCESS_MODE_ADMIN
+ ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
+ if requireAdminTeam && !ctx.Org.IsAdminTeam {
+ ctx.Handle(404, "OrgAssignment", err)
+ return
+ }
}
- ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
- if requireAdminTeam && !ctx.Org.IsAdminTeam {
- ctx.Handle(404, "OrgAssignment", err)
- return
- }
+
}
func OrgAssignment(args ...bool) macaron.Handler {
diff --git a/routers/org/teams.go b/routers/org/teams.go
index b2128baab6..63618b9858 100644
--- a/routers/org/teams.go
+++ b/routers/org/teams.go
@@ -28,10 +28,7 @@ func Teams(ctx *middleware.Context) {
ctx.Data["Title"] = org.FullName
ctx.Data["PageIsOrgTeams"] = true
- if err := org.GetTeams(); err != nil {
- ctx.Handle(500, "GetTeams", err)
- return
- }
+ // org.Teams is already loaded by middleware
for _, t := range org.Teams {
if err := t.GetMembers(); err != nil {
ctx.Handle(500, "GetMembers", err)
diff --git a/routers/user/home.go b/routers/user/home.go
index b198e801d2..fabe7b1f31 100644
--- a/routers/user/home.go
+++ b/routers/user/home.go
@@ -312,9 +312,10 @@ func showOrgProfile(ctx *middleware.Context) {
}
org := ctx.Org.Organization
+ userId := ctx.User.Id
ctx.Data["Title"] = org.FullName
- if err := org.GetUserRepositories(ctx.User.Id); err != nil {
+ if err := org.GetUserRepositories(userId); err != nil {
ctx.Handle(500, "GetUserRepositories", err)
return
}
@@ -326,11 +327,7 @@ func showOrgProfile(ctx *middleware.Context) {
}
ctx.Data["Members"] = org.Members
- if err := org.GetTeams(); err != nil {
- ctx.Handle(500, "GetTeams", err)
- return
- }
- ctx.Data["Teams"] = org.Teams
+ ctx.Data["Teams"] = org.Teams // already loaded by middleware
ctx.HTML(200, ORG_HOME)
}