aboutsummaryrefslogtreecommitdiffstats
path: root/routers/api/v1/org
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2022-01-05 11:37:00 +0800
committerGitHub <noreply@github.com>2022-01-05 11:37:00 +0800
commit8760af752abd94f050c6014c8cfa3cb6a6c854b7 (patch)
tree2b2afeebc46348eec296a6cd9d086f84a94cf664 /routers/api/v1/org
parent12ad6dd0e385fea277f5344d52865c9599232c22 (diff)
downloadgitea-8760af752abd94f050c6014c8cfa3cb6a6c854b7.tar.gz
gitea-8760af752abd94f050c6014c8cfa3cb6a6c854b7.zip
Team permission allow different unit has different permission (#17811)
* Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * fix * gofumpt * Integration test for migration (#18124) integrations: basic test for Gitea {dump,restore}-repo This is a first step for integration testing of DumpRepository and RestoreRepository. It: runs a Gitea server, dumps a repo via DumpRepository to the filesystem, restores the repo via RestoreRepository from the filesystem, dumps the restored repository to the filesystem, compares the first and second dump and expects them to be identical The verification is trivial and the goal is to add more tests for each topic of the dump. Signed-off-by: Loïc Dachary <loic@dachary.org> * Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * Fix bug Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Diffstat (limited to 'routers/api/v1/org')
-rw-r--r--routers/api/v1/org/team.go93
1 files changed, 65 insertions, 28 deletions
diff --git a/routers/api/v1/org/team.go b/routers/api/v1/org/team.go
index d39125b050..cc7a63af33 100644
--- a/routers/api/v1/org/team.go
+++ b/routers/api/v1/org/team.go
@@ -6,6 +6,7 @@
package org
import (
+ "errors"
"net/http"
"code.gitea.io/gitea/models"
@@ -50,7 +51,6 @@ func ListTeams(ctx *context.APIContext) {
ListOptions: utils.GetListOptions(ctx),
OrgID: ctx.Org.Organization.ID,
})
-
if err != nil {
ctx.Error(http.StatusInternalServerError, "LoadTeams", err)
return
@@ -112,6 +112,10 @@ func ListUserTeams(ctx *context.APIContext) {
apiOrg = convert.ToOrganization(org)
cache[teams[i].OrgID] = apiOrg
}
+ if err := teams[i].GetUnits(); err != nil {
+ ctx.Error(http.StatusInternalServerError, "teams[i].GetUnits()", err)
+ return
+ }
apiTeams[i] = convert.ToTeam(teams[i])
apiTeams[i].Organization = apiOrg
}
@@ -138,9 +142,45 @@ func GetTeam(ctx *context.APIContext) {
// "200":
// "$ref": "#/responses/Team"
+ if err := ctx.Org.Team.GetUnits(); err != nil {
+ ctx.Error(http.StatusInternalServerError, "team.GetUnits", err)
+ return
+ }
+
ctx.JSON(http.StatusOK, convert.ToTeam(ctx.Org.Team))
}
+func attachTeamUnits(team *models.Team, units []string) {
+ unitTypes := unit_model.FindUnitTypes(units...)
+ team.Units = make([]*models.TeamUnit, 0, len(units))
+ for _, tp := range unitTypes {
+ team.Units = append(team.Units, &models.TeamUnit{
+ OrgID: team.OrgID,
+ Type: tp,
+ AccessMode: team.AccessMode,
+ })
+ }
+}
+
+func convertUnitsMap(unitsMap map[string]string) map[unit_model.Type]perm.AccessMode {
+ res := make(map[unit_model.Type]perm.AccessMode, len(unitsMap))
+ for unitKey, p := range unitsMap {
+ res[unit_model.TypeFromKey(unitKey)] = perm.ParseAccessMode(p)
+ }
+ return res
+}
+
+func attachTeamUnitsMap(team *models.Team, unitsMap map[string]string) {
+ team.Units = make([]*models.TeamUnit, 0, len(unitsMap))
+ for unitKey, p := range unitsMap {
+ team.Units = append(team.Units, &models.TeamUnit{
+ OrgID: team.OrgID,
+ Type: unit_model.TypeFromKey(unitKey),
+ AccessMode: perm.ParseAccessMode(p),
+ })
+ }
+}
+
// CreateTeam api for create a team
func CreateTeam(ctx *context.APIContext) {
// swagger:operation POST /orgs/{org}/teams organization orgCreateTeam
@@ -166,26 +206,28 @@ func CreateTeam(ctx *context.APIContext) {
// "422":
// "$ref": "#/responses/validationError"
form := web.GetForm(ctx).(*api.CreateTeamOption)
+ p := perm.ParseAccessMode(form.Permission)
+ if p < perm.AccessModeAdmin && len(form.UnitsMap) > 0 {
+ p = unit_model.MinUnitAccessMode(convertUnitsMap(form.UnitsMap))
+ }
team := &models.Team{
OrgID: ctx.Org.Organization.ID,
Name: form.Name,
Description: form.Description,
IncludesAllRepositories: form.IncludesAllRepositories,
CanCreateOrgRepo: form.CanCreateOrgRepo,
- Authorize: perm.ParseAccessMode(form.Permission),
+ AccessMode: p,
}
- unitTypes := unit_model.FindUnitTypes(form.Units...)
-
- if team.Authorize < perm.AccessModeOwner {
- var units = make([]*models.TeamUnit, 0, len(form.Units))
- for _, tp := range unitTypes {
- units = append(units, &models.TeamUnit{
- OrgID: ctx.Org.Organization.ID,
- Type: tp,
- })
+ if team.AccessMode < perm.AccessModeAdmin {
+ if len(form.UnitsMap) > 0 {
+ attachTeamUnitsMap(team, form.UnitsMap)
+ } else if len(form.Units) > 0 {
+ attachTeamUnits(team, form.Units)
+ } else {
+ ctx.Error(http.StatusInternalServerError, "getTeamUnits", errors.New("units permission should not be empty"))
+ return
}
- team.Units = units
}
if err := models.NewTeam(team); err != nil {
@@ -224,7 +266,6 @@ func EditTeam(ctx *context.APIContext) {
// "$ref": "#/responses/Team"
form := web.GetForm(ctx).(*api.EditTeamOption)
-
team := ctx.Org.Team
if err := team.GetUnits(); err != nil {
ctx.InternalServerError(err)
@@ -247,11 +288,14 @@ func EditTeam(ctx *context.APIContext) {
isIncludeAllChanged := false
if !team.IsOwnerTeam() && len(form.Permission) != 0 {
// Validate permission level.
- auth := perm.ParseAccessMode(form.Permission)
+ p := perm.ParseAccessMode(form.Permission)
+ if p < perm.AccessModeAdmin && len(form.UnitsMap) > 0 {
+ p = unit_model.MinUnitAccessMode(convertUnitsMap(form.UnitsMap))
+ }
- if team.Authorize != auth {
+ if team.AccessMode != p {
isAuthChanged = true
- team.Authorize = auth
+ team.AccessMode = p
}
if form.IncludesAllRepositories != nil {
@@ -260,17 +304,11 @@ func EditTeam(ctx *context.APIContext) {
}
}
- if team.Authorize < perm.AccessModeOwner {
- if len(form.Units) > 0 {
- var units = make([]*models.TeamUnit, 0, len(form.Units))
- unitTypes := unit_model.FindUnitTypes(form.Units...)
- for _, tp := range unitTypes {
- units = append(units, &models.TeamUnit{
- OrgID: ctx.Org.Team.OrgID,
- Type: tp,
- })
- }
- team.Units = units
+ if team.AccessMode < perm.AccessModeAdmin {
+ if len(form.UnitsMap) > 0 {
+ attachTeamUnitsMap(team, form.UnitsMap)
+ } else if len(form.Units) > 0 {
+ attachTeamUnits(team, form.Units)
}
}
@@ -706,5 +744,4 @@ func SearchTeam(ctx *context.APIContext) {
"ok": true,
"data": apiTeams,
})
-
}