diff options
| author | Florin Hillebrand <flozzone@gmail.com> | 2022-04-29 14:24:38 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-29 14:24:38 +0200 |
| commit | ad6d08d155c67d6d3833d2961ed0fd5a2ba1ff88 (patch) | |
| tree | 4b951ae25ad9118d31a5077f7f3d24b19efcfc5c /routers | |
| parent | e5c6c001c5f5299a63b4ccbd7aaeea486d6b5c53 (diff) | |
| download | gitea-ad6d08d155c67d6d3833d2961ed0fd5a2ba1ff88.tar.gz gitea-ad6d08d155c67d6d3833d2961ed0fd5a2ba1ff88.zip | |
Add API to query collaborators permission for a repository (#18761)
Targeting #14936, #15332
Adds a collaborator permissions API endpoint according to GitHub API: https://docs.github.com/en/rest/collaborators/collaborators#get-repository-permissions-for-a-user to retrieve a collaborators permissions for a specific repository.
### Checks the repository permissions of a collaborator.
`GET` `/repos/{owner}/{repo}/collaborators/{collaborator}/permission`
Possible `permission` values are `admin`, `write`, `read`, `owner`, `none`.
```json
{
"permission": "admin",
"role_name": "admin",
"user": {}
}
```
Where `permission` and `role_name` hold the same `permission` value and `user` is filled with the user API object. Only admins are allowed to use this API endpoint.
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/api/v1/api.go | 9 | ||||
| -rw-r--r-- | routers/api/v1/repo/collaborators.go | 55 | ||||
| -rw-r--r-- | routers/api/v1/swagger/repo.go | 7 |
3 files changed, 68 insertions, 3 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 782500e6c8..9351cc1510 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -810,9 +810,12 @@ func Routes() *web.Route { }, reqToken(), reqAdmin(), reqWebhooksEnabled()) m.Group("/collaborators", func() { m.Get("", reqAnyRepoReader(), repo.ListCollaborators) - m.Combo("/{collaborator}").Get(reqAnyRepoReader(), repo.IsCollaborator). - Put(reqAdmin(), bind(api.AddCollaboratorOption{}), repo.AddCollaborator). - Delete(reqAdmin(), repo.DeleteCollaborator) + m.Group("/{collaborator}", func() { + m.Combo("").Get(reqAnyRepoReader(), repo.IsCollaborator). + Put(reqAdmin(), bind(api.AddCollaboratorOption{}), repo.AddCollaborator). + Delete(reqAdmin(), repo.DeleteCollaborator) + m.Get("/permission", repo.GetRepoPermissions) + }, reqToken()) }, reqToken()) m.Get("/assignees", reqToken(), reqAnyRepoReader(), repo.GetAssignees) m.Get("/reviewers", reqToken(), reqAnyRepoReader(), repo.GetReviewers) diff --git a/routers/api/v1/repo/collaborators.go b/routers/api/v1/repo/collaborators.go index 3bb6113d77..2db1724b2a 100644 --- a/routers/api/v1/repo/collaborators.go +++ b/routers/api/v1/repo/collaborators.go @@ -233,6 +233,61 @@ func DeleteCollaborator(ctx *context.APIContext) { ctx.Status(http.StatusNoContent) } +// GetRepoPermissions gets repository permissions for a user +func GetRepoPermissions(ctx *context.APIContext) { + // swagger:operation GET /repos/{owner}/{repo}/collaborators/{collaborator}/permission repository repoGetRepoPermissions + // --- + // summary: Get repository permissions for a user + // produces: + // - application/json + // parameters: + // - name: owner + // in: path + // description: owner of the repo + // type: string + // required: true + // - name: repo + // in: path + // description: name of the repo + // type: string + // required: true + // - name: collaborator + // in: path + // description: username of the collaborator + // type: string + // required: true + // responses: + // "200": + // "$ref": "#/responses/RepoCollaboratorPermission" + // "404": + // "$ref": "#/responses/notFound" + // "403": + // "$ref": "#/responses/forbidden" + + if !ctx.Doer.IsAdmin && ctx.Doer.LoginName != ctx.Params(":collaborator") && !ctx.IsUserRepoAdmin() { + ctx.Error(http.StatusForbidden, "User", "Only admins can query all permissions, repo admins can query all repo permissions, collaborators can query only their own") + return + } + + collaborator, err := user_model.GetUserByName(ctx.Params(":collaborator")) + if err != nil { + if user_model.IsErrUserNotExist(err) { + ctx.Error(http.StatusNotFound, "GetUserByName", err) + } else { + ctx.Error(http.StatusInternalServerError, "GetUserByName", err) + } + return + } + + permission, err := models.GetUserRepoPermission(ctx, ctx.Repo.Repository, collaborator) + if err != nil { + ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err) + return + } + + ctx.JSON(http.StatusOK, convert.ToUserAndPermission(collaborator, ctx.ContextUser, permission.AccessMode)) +} + // GetReviewers return all users that can be requested to review in this repo func GetReviewers(ctx *context.APIContext) { // swagger:operation GET /repos/{owner}/{repo}/reviewers repository repoGetReviewers diff --git a/routers/api/v1/swagger/repo.go b/routers/api/v1/swagger/repo.go index 40aeca677d..ab802db781 100644 --- a/routers/api/v1/swagger/repo.go +++ b/routers/api/v1/swagger/repo.go @@ -344,3 +344,10 @@ type swaggerWikiCommitList struct { // in:body Body api.WikiCommitList `json:"body"` } + +// RepoCollaboratorPermission +// swagger:response RepoCollaboratorPermission +type swaggerRepoCollaboratorPermission struct { + // in:body + Body api.RepoCollaboratorPermission `json:"body"` +} |