[API] Add endpount to get user org permissions (#17232)

* Add endpoint

* Add swagger response + generate swagger

* Stop execution if user / org is not found

* Add tests


Co-authored-by: 6543 <6543@obermui.de>

3 files changed, 82 insertions, 1 deletions

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 0a967e3c5a..d11bbf3c06 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -973,7 +973,10 @@ func Routes(sessioner func(http.Handler) http.Handler) *web.Route {
 
 		// Organizations
 		m.Get("/user/orgs", reqToken(), org.ListMyOrgs)
-		m.Get("/users/{username}/orgs", org.ListUserOrgs)
+		m.Group("/users/{username}/orgs", func() {
+			m.Get("", org.ListUserOrgs)
+			m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
+		})
 		m.Post("/orgs", reqToken(), bind(api.CreateOrgOption{}), org.Create)
 		m.Get("/orgs", org.GetAll)
 		m.Group("/orgs/{org}", func() {
diff --git a/routers/api/v1/org/org.go b/routers/api/v1/org/org.go
index cf4c328ebb..d3aa92f46d 100644
--- a/routers/api/v1/org/org.go
+++ b/routers/api/v1/org/org.go
@@ -97,6 +97,77 @@ func ListUserOrgs(ctx *context.APIContext) {
 	listUserOrgs(ctx, u)
 }
 
+// GetUserOrgsPermissions get user permissions in organization
+func GetUserOrgsPermissions(ctx *context.APIContext) {
+	// swagger:operation GET /users/{username}/orgs/{org}/permissions organization orgGetUserPermissions
+	// ---
+	// summary: Get user permissions in organization
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: username
+	//   in: path
+	//   description: username of user
+	//   type: string
+	//   required: true
+	// - name: org
+	//   in: path
+	//   description: name of the organization
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/OrganizationPermissions"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	var u *models.User
+	if u = user.GetUserByParams(ctx); u == nil {
+		return
+	}
+
+	var o *models.User
+	if o = user.GetUserByParamsName(ctx, ":org"); o == nil {
+		return
+	}
+
+	op := api.OrganizationPermissions{}
+
+	if !models.HasOrgOrUserVisible(o, u) {
+		ctx.NotFound("HasOrgOrUserVisible", nil)
+		return
+	}
+
+	authorizeLevel, err := o.GetOrgUserMaxAuthorizeLevel(u.ID)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "GetOrgUserAuthorizeLevel", err)
+		return
+	}
+
+	if authorizeLevel > models.AccessModeNone {
+		op.CanRead = true
+	}
+	if authorizeLevel > models.AccessModeRead {
+		op.CanWrite = true
+	}
+	if authorizeLevel > models.AccessModeWrite {
+		op.IsAdmin = true
+	}
+	if authorizeLevel > models.AccessModeAdmin {
+		op.IsOwner = true
+	}
+
+	op.CanCreateRepository, err = o.CanCreateOrgRepo(u.ID)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "CanCreateOrgRepo", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, op)
+}
+
 // GetAll return list of all public organizations
 func GetAll(ctx *context.APIContext) {
 	// swagger:operation Get /orgs organization orgGetAll
diff --git a/routers/api/v1/swagger/org.go b/routers/api/v1/swagger/org.go
index c962e7b188..d98e821ba7 100644
--- a/routers/api/v1/swagger/org.go
+++ b/routers/api/v1/swagger/org.go
@@ -35,3 +35,10 @@ type swaggerResponseTeamList struct {
 	// in:body
 	Body []api.Team `json:"body"`
 }
+
+// OrganizationPermissions
+// swagger:response OrganizationPermissions
+type swaggerResponseOrganizationPermissions struct {
+	// in:body
+	Body api.OrganizationPermissions `json:"body"`
+}