summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorNorwin <noerw@users.noreply.github.com>2020-12-22 03:47:17 +0000
committerGitHub <noreply@github.com>2020-12-22 04:47:17 +0100
commitc2ae432489a9e644d83069e2e3bae20b2f1f06eb (patch)
tree7174f27a4ea359c2afa42f12a07b81c557bba00f /routers
parent6f1dddf5c38e86d8cd89c19f13a924a83a99dea5 (diff)
downloadgitea-c2ae432489a9e644d83069e2e3bae20b2f1f06eb.tar.gz
gitea-c2ae432489a9e644d83069e2e3bae20b2f1f06eb.zip
Add user filter to issueTrackedTimes, enable usage for issue managers (#14081)
* add user filter to issueTrackedTimes fixes #14024 * update swagger * allow user filter for issue writers * improve swagger doc * return 404 on invalid user
Diffstat (limited to 'routers')
-rw-r--r--routers/api/v1/repo/issue_tracked_time.go48
1 files changed, 37 insertions, 11 deletions
diff --git a/routers/api/v1/repo/issue_tracked_time.go b/routers/api/v1/repo/issue_tracked_time.go
index 67c47d858a..70ce420b77 100644
--- a/routers/api/v1/repo/issue_tracked_time.go
+++ b/routers/api/v1/repo/issue_tracked_time.go
@@ -41,6 +41,10 @@ func ListTrackedTimes(ctx *context.APIContext) {
// type: integer
// format: int64
// required: true
+ // - name: user
+ // in: query
+ // description: optional filter by user (available for issue managers)
+ // type: string
// - name: since
// in: query
// description: Only show times updated after the given time. This is a timestamp in RFC 3339 format
@@ -85,13 +89,34 @@ func ListTrackedTimes(ctx *context.APIContext) {
IssueID: issue.ID,
}
+ qUser := strings.Trim(ctx.Query("user"), " ")
+ if qUser != "" {
+ user, err := models.GetUserByName(qUser)
+ if models.IsErrUserNotExist(err) {
+ ctx.Error(http.StatusNotFound, "User does not exist", err)
+ } else if err != nil {
+ ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
+ return
+ }
+ opts.UserID = user.ID
+ }
+
if opts.CreatedBeforeUnix, opts.CreatedAfterUnix, err = utils.GetQueryBeforeSince(ctx); err != nil {
ctx.Error(http.StatusUnprocessableEntity, "GetQueryBeforeSince", err)
return
}
- if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin {
- opts.UserID = ctx.User.ID
+ cantSetUser := !ctx.User.IsAdmin &&
+ opts.UserID != ctx.User.ID &&
+ !ctx.IsUserRepoWriter([]models.UnitType{models.UnitTypeIssues})
+
+ if cantSetUser {
+ if opts.UserID == 0 {
+ opts.UserID = ctx.User.ID
+ } else {
+ ctx.Error(http.StatusForbidden, "", fmt.Errorf("query by user not allowed; not enough rights"))
+ return
+ }
}
trackedTimes, err := models.GetTrackedTimes(opts)
@@ -394,12 +419,7 @@ func ListTrackedTimesByUser(ctx *context.APIContext) {
}
if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin && ctx.User.ID != user.ID {
- ctx.Error(http.StatusForbidden, "", fmt.Errorf("query user not allowed not enouth rights"))
- return
- }
-
- if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin && ctx.User.ID != user.ID {
- ctx.Error(http.StatusForbidden, "", fmt.Errorf("query user not allowed not enouth rights"))
+ ctx.Error(http.StatusForbidden, "", fmt.Errorf("query by user not allowed; not enough rights"))
return
}
@@ -440,7 +460,7 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
// required: true
// - name: user
// in: query
- // description: optional filter by user
+ // description: optional filter by user (available for issue managers)
// type: string
// - name: since
// in: query
@@ -482,7 +502,9 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
qUser := strings.Trim(ctx.Query("user"), " ")
if qUser != "" {
user, err := models.GetUserByName(qUser)
- if err != nil {
+ if models.IsErrUserNotExist(err) {
+ ctx.Error(http.StatusNotFound, "User does not exist", err)
+ } else if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
return
}
@@ -495,7 +517,11 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
return
}
- if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin {
+ cantSetUser := !ctx.User.IsAdmin &&
+ opts.UserID != ctx.User.ID &&
+ !ctx.IsUserRepoWriter([]models.UnitType{models.UnitTypeIssues})
+
+ if cantSetUser {
if opts.UserID == 0 {
opts.UserID = ctx.User.ID
} else {