diff options
author | Norwin <noerw@users.noreply.github.com> | 2020-12-22 03:47:17 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-22 04:47:17 +0100 |
commit | c2ae432489a9e644d83069e2e3bae20b2f1f06eb (patch) | |
tree | 7174f27a4ea359c2afa42f12a07b81c557bba00f /routers | |
parent | 6f1dddf5c38e86d8cd89c19f13a924a83a99dea5 (diff) | |
download | gitea-c2ae432489a9e644d83069e2e3bae20b2f1f06eb.tar.gz gitea-c2ae432489a9e644d83069e2e3bae20b2f1f06eb.zip |
Add user filter to issueTrackedTimes, enable usage for issue managers (#14081)
* add user filter to issueTrackedTimes
fixes #14024
* update swagger
* allow user filter for issue writers
* improve swagger doc
* return 404 on invalid user
Diffstat (limited to 'routers')
-rw-r--r-- | routers/api/v1/repo/issue_tracked_time.go | 48 |
1 files changed, 37 insertions, 11 deletions
diff --git a/routers/api/v1/repo/issue_tracked_time.go b/routers/api/v1/repo/issue_tracked_time.go index 67c47d858a..70ce420b77 100644 --- a/routers/api/v1/repo/issue_tracked_time.go +++ b/routers/api/v1/repo/issue_tracked_time.go @@ -41,6 +41,10 @@ func ListTrackedTimes(ctx *context.APIContext) { // type: integer // format: int64 // required: true + // - name: user + // in: query + // description: optional filter by user (available for issue managers) + // type: string // - name: since // in: query // description: Only show times updated after the given time. This is a timestamp in RFC 3339 format @@ -85,13 +89,34 @@ func ListTrackedTimes(ctx *context.APIContext) { IssueID: issue.ID, } + qUser := strings.Trim(ctx.Query("user"), " ") + if qUser != "" { + user, err := models.GetUserByName(qUser) + if models.IsErrUserNotExist(err) { + ctx.Error(http.StatusNotFound, "User does not exist", err) + } else if err != nil { + ctx.Error(http.StatusInternalServerError, "GetUserByName", err) + return + } + opts.UserID = user.ID + } + if opts.CreatedBeforeUnix, opts.CreatedAfterUnix, err = utils.GetQueryBeforeSince(ctx); err != nil { ctx.Error(http.StatusUnprocessableEntity, "GetQueryBeforeSince", err) return } - if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin { - opts.UserID = ctx.User.ID + cantSetUser := !ctx.User.IsAdmin && + opts.UserID != ctx.User.ID && + !ctx.IsUserRepoWriter([]models.UnitType{models.UnitTypeIssues}) + + if cantSetUser { + if opts.UserID == 0 { + opts.UserID = ctx.User.ID + } else { + ctx.Error(http.StatusForbidden, "", fmt.Errorf("query by user not allowed; not enough rights")) + return + } } trackedTimes, err := models.GetTrackedTimes(opts) @@ -394,12 +419,7 @@ func ListTrackedTimesByUser(ctx *context.APIContext) { } if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin && ctx.User.ID != user.ID { - ctx.Error(http.StatusForbidden, "", fmt.Errorf("query user not allowed not enouth rights")) - return - } - - if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin && ctx.User.ID != user.ID { - ctx.Error(http.StatusForbidden, "", fmt.Errorf("query user not allowed not enouth rights")) + ctx.Error(http.StatusForbidden, "", fmt.Errorf("query by user not allowed; not enough rights")) return } @@ -440,7 +460,7 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) { // required: true // - name: user // in: query - // description: optional filter by user + // description: optional filter by user (available for issue managers) // type: string // - name: since // in: query @@ -482,7 +502,9 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) { qUser := strings.Trim(ctx.Query("user"), " ") if qUser != "" { user, err := models.GetUserByName(qUser) - if err != nil { + if models.IsErrUserNotExist(err) { + ctx.Error(http.StatusNotFound, "User does not exist", err) + } else if err != nil { ctx.Error(http.StatusInternalServerError, "GetUserByName", err) return } @@ -495,7 +517,11 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) { return } - if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin { + cantSetUser := !ctx.User.IsAdmin && + opts.UserID != ctx.User.ID && + !ctx.IsUserRepoWriter([]models.UnitType{models.UnitTypeIssues}) + + if cantSetUser { if opts.UserID == 0 { opts.UserID = ctx.User.ID } else { |