diff options
author | Lunny Xiao <xiaolunwen@gmail.com> | 2022-01-05 11:37:00 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-05 11:37:00 +0800 |
commit | 8760af752abd94f050c6014c8cfa3cb6a6c854b7 (patch) | |
tree | 2b2afeebc46348eec296a6cd9d086f84a94cf664 /routers/api/v1/org | |
parent | 12ad6dd0e385fea277f5344d52865c9599232c22 (diff) | |
download | gitea-8760af752abd94f050c6014c8cfa3cb6a6c854b7.tar.gz gitea-8760af752abd94f050c6014c8cfa3cb6a6c854b7.zip |
Team permission allow different unit has different permission (#17811)
* Team permission allow different unit has different permission
* Finish the interface and the logic
* Fix lint
* Fix translation
* align center for table cell content
* Fix fixture
* merge
* Fix test
* Add deprecated
* Improve code
* Add tooltip
* Fix swagger
* Fix newline
* Fix tests
* Fix tests
* Fix test
* Fix test
* Max permission of external wiki and issues should be read
* Move team units with limited max level below units table
* Update label and column names
* Some improvements
* Fix lint
* Some improvements
* Fix template variables
* Add permission docs
* improve doc
* Fix fixture
* Fix bug
* Fix some bug
* fix
* gofumpt
* Integration test for migration (#18124)
integrations: basic test for Gitea {dump,restore}-repo
This is a first step for integration testing of DumpRepository and
RestoreRepository. It:
runs a Gitea server,
dumps a repo via DumpRepository to the filesystem,
restores the repo via RestoreRepository from the filesystem,
dumps the restored repository to the filesystem,
compares the first and second dump and expects them to be identical
The verification is trivial and the goal is to add more tests for each
topic of the dump.
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Team permission allow different unit has different permission
* Finish the interface and the logic
* Fix lint
* Fix translation
* align center for table cell content
* Fix fixture
* merge
* Fix test
* Add deprecated
* Improve code
* Add tooltip
* Fix swagger
* Fix newline
* Fix tests
* Fix tests
* Fix test
* Fix test
* Max permission of external wiki and issues should be read
* Move team units with limited max level below units table
* Update label and column names
* Some improvements
* Fix lint
* Some improvements
* Fix template variables
* Add permission docs
* improve doc
* Fix fixture
* Fix bug
* Fix some bug
* Fix bug
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Diffstat (limited to 'routers/api/v1/org')
-rw-r--r-- | routers/api/v1/org/team.go | 93 |
1 files changed, 65 insertions, 28 deletions
diff --git a/routers/api/v1/org/team.go b/routers/api/v1/org/team.go index d39125b050..cc7a63af33 100644 --- a/routers/api/v1/org/team.go +++ b/routers/api/v1/org/team.go @@ -6,6 +6,7 @@ package org import ( + "errors" "net/http" "code.gitea.io/gitea/models" @@ -50,7 +51,6 @@ func ListTeams(ctx *context.APIContext) { ListOptions: utils.GetListOptions(ctx), OrgID: ctx.Org.Organization.ID, }) - if err != nil { ctx.Error(http.StatusInternalServerError, "LoadTeams", err) return @@ -112,6 +112,10 @@ func ListUserTeams(ctx *context.APIContext) { apiOrg = convert.ToOrganization(org) cache[teams[i].OrgID] = apiOrg } + if err := teams[i].GetUnits(); err != nil { + ctx.Error(http.StatusInternalServerError, "teams[i].GetUnits()", err) + return + } apiTeams[i] = convert.ToTeam(teams[i]) apiTeams[i].Organization = apiOrg } @@ -138,9 +142,45 @@ func GetTeam(ctx *context.APIContext) { // "200": // "$ref": "#/responses/Team" + if err := ctx.Org.Team.GetUnits(); err != nil { + ctx.Error(http.StatusInternalServerError, "team.GetUnits", err) + return + } + ctx.JSON(http.StatusOK, convert.ToTeam(ctx.Org.Team)) } +func attachTeamUnits(team *models.Team, units []string) { + unitTypes := unit_model.FindUnitTypes(units...) + team.Units = make([]*models.TeamUnit, 0, len(units)) + for _, tp := range unitTypes { + team.Units = append(team.Units, &models.TeamUnit{ + OrgID: team.OrgID, + Type: tp, + AccessMode: team.AccessMode, + }) + } +} + +func convertUnitsMap(unitsMap map[string]string) map[unit_model.Type]perm.AccessMode { + res := make(map[unit_model.Type]perm.AccessMode, len(unitsMap)) + for unitKey, p := range unitsMap { + res[unit_model.TypeFromKey(unitKey)] = perm.ParseAccessMode(p) + } + return res +} + +func attachTeamUnitsMap(team *models.Team, unitsMap map[string]string) { + team.Units = make([]*models.TeamUnit, 0, len(unitsMap)) + for unitKey, p := range unitsMap { + team.Units = append(team.Units, &models.TeamUnit{ + OrgID: team.OrgID, + Type: unit_model.TypeFromKey(unitKey), + AccessMode: perm.ParseAccessMode(p), + }) + } +} + // CreateTeam api for create a team func CreateTeam(ctx *context.APIContext) { // swagger:operation POST /orgs/{org}/teams organization orgCreateTeam @@ -166,26 +206,28 @@ func CreateTeam(ctx *context.APIContext) { // "422": // "$ref": "#/responses/validationError" form := web.GetForm(ctx).(*api.CreateTeamOption) + p := perm.ParseAccessMode(form.Permission) + if p < perm.AccessModeAdmin && len(form.UnitsMap) > 0 { + p = unit_model.MinUnitAccessMode(convertUnitsMap(form.UnitsMap)) + } team := &models.Team{ OrgID: ctx.Org.Organization.ID, Name: form.Name, Description: form.Description, IncludesAllRepositories: form.IncludesAllRepositories, CanCreateOrgRepo: form.CanCreateOrgRepo, - Authorize: perm.ParseAccessMode(form.Permission), + AccessMode: p, } - unitTypes := unit_model.FindUnitTypes(form.Units...) - - if team.Authorize < perm.AccessModeOwner { - var units = make([]*models.TeamUnit, 0, len(form.Units)) - for _, tp := range unitTypes { - units = append(units, &models.TeamUnit{ - OrgID: ctx.Org.Organization.ID, - Type: tp, - }) + if team.AccessMode < perm.AccessModeAdmin { + if len(form.UnitsMap) > 0 { + attachTeamUnitsMap(team, form.UnitsMap) + } else if len(form.Units) > 0 { + attachTeamUnits(team, form.Units) + } else { + ctx.Error(http.StatusInternalServerError, "getTeamUnits", errors.New("units permission should not be empty")) + return } - team.Units = units } if err := models.NewTeam(team); err != nil { @@ -224,7 +266,6 @@ func EditTeam(ctx *context.APIContext) { // "$ref": "#/responses/Team" form := web.GetForm(ctx).(*api.EditTeamOption) - team := ctx.Org.Team if err := team.GetUnits(); err != nil { ctx.InternalServerError(err) @@ -247,11 +288,14 @@ func EditTeam(ctx *context.APIContext) { isIncludeAllChanged := false if !team.IsOwnerTeam() && len(form.Permission) != 0 { // Validate permission level. - auth := perm.ParseAccessMode(form.Permission) + p := perm.ParseAccessMode(form.Permission) + if p < perm.AccessModeAdmin && len(form.UnitsMap) > 0 { + p = unit_model.MinUnitAccessMode(convertUnitsMap(form.UnitsMap)) + } - if team.Authorize != auth { + if team.AccessMode != p { isAuthChanged = true - team.Authorize = auth + team.AccessMode = p } if form.IncludesAllRepositories != nil { @@ -260,17 +304,11 @@ func EditTeam(ctx *context.APIContext) { } } - if team.Authorize < perm.AccessModeOwner { - if len(form.Units) > 0 { - var units = make([]*models.TeamUnit, 0, len(form.Units)) - unitTypes := unit_model.FindUnitTypes(form.Units...) - for _, tp := range unitTypes { - units = append(units, &models.TeamUnit{ - OrgID: ctx.Org.Team.OrgID, - Type: tp, - }) - } - team.Units = units + if team.AccessMode < perm.AccessModeAdmin { + if len(form.UnitsMap) > 0 { + attachTeamUnitsMap(team, form.UnitsMap) + } else if len(form.Units) > 0 { + attachTeamUnits(team, form.Units) } } @@ -706,5 +744,4 @@ func SearchTeam(ctx *context.APIContext) { "ok": true, "data": apiTeams, }) - } |