Fix ignored errors when checking if organization, team member (#3177)
This commit is contained in:
parent
529482135c
commit
515cdaa85d
16 changed files with 281 additions and 144 deletions
|
@ -21,13 +21,13 @@ var (
|
||||||
)
|
)
|
||||||
|
|
||||||
// IsOwnedBy returns true if given user is in the owner team.
|
// IsOwnedBy returns true if given user is in the owner team.
|
||||||
func (org *User) IsOwnedBy(uid int64) bool {
|
func (org *User) IsOwnedBy(uid int64) (bool, error) {
|
||||||
return IsOrganizationOwner(org.ID, uid)
|
return IsOrganizationOwner(org.ID, uid)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsOrgMember returns true if given user is member of organization.
|
// IsOrgMember returns true if given user is member of organization.
|
||||||
func (org *User) IsOrgMember(uid int64) bool {
|
func (org *User) IsOrgMember(uid int64) (bool, error) {
|
||||||
return org.IsOrganization() && IsOrganizationMember(org.ID, uid)
|
return IsOrganizationMember(org.ID, uid)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (org *User) getTeam(e Engine, name string) (*Team, error) {
|
func (org *User) getTeam(e Engine, name string) (*Team, error) {
|
||||||
|
@ -285,32 +285,32 @@ type OrgUser struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsOrganizationOwner returns true if given user is in the owner team.
|
// IsOrganizationOwner returns true if given user is in the owner team.
|
||||||
func IsOrganizationOwner(orgID, uid int64) bool {
|
func IsOrganizationOwner(orgID, uid int64) (bool, error) {
|
||||||
has, _ := x.
|
return x.
|
||||||
Where("is_owner=?", true).
|
Where("is_owner=?", true).
|
||||||
And("uid=?", uid).
|
And("uid=?", uid).
|
||||||
And("org_id=?", orgID).
|
And("org_id=?", orgID).
|
||||||
Get(new(OrgUser))
|
Table("org_user").
|
||||||
return has
|
Exist()
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsOrganizationMember returns true if given user is member of organization.
|
// IsOrganizationMember returns true if given user is member of organization.
|
||||||
func IsOrganizationMember(orgID, uid int64) bool {
|
func IsOrganizationMember(orgID, uid int64) (bool, error) {
|
||||||
has, _ := x.
|
return x.
|
||||||
Where("uid=?", uid).
|
Where("uid=?", uid).
|
||||||
And("org_id=?", orgID).
|
And("org_id=?", orgID).
|
||||||
Get(new(OrgUser))
|
Table("org_user").
|
||||||
return has
|
Exist()
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsPublicMembership returns true if given user public his/her membership.
|
// IsPublicMembership returns true if given user public his/her membership.
|
||||||
func IsPublicMembership(orgID, uid int64) bool {
|
func IsPublicMembership(orgID, uid int64) (bool, error) {
|
||||||
has, _ := x.
|
return x.
|
||||||
Where("uid=?", uid).
|
Where("uid=?", uid).
|
||||||
And("org_id=?", orgID).
|
And("org_id=?", orgID).
|
||||||
And("is_public=?", true).
|
And("is_public=?", true).
|
||||||
Get(new(OrgUser))
|
Table("org_user").
|
||||||
return has
|
Exist()
|
||||||
}
|
}
|
||||||
|
|
||||||
func getOrgsByUserID(sess *xorm.Session, userID int64, showAll bool) ([]*User, error) {
|
func getOrgsByUserID(sess *xorm.Session, userID int64, showAll bool) ([]*User, error) {
|
||||||
|
@ -401,8 +401,9 @@ func ChangeOrgUserStatus(orgID, uid int64, public bool) error {
|
||||||
|
|
||||||
// AddOrgUser adds new user to given organization.
|
// AddOrgUser adds new user to given organization.
|
||||||
func AddOrgUser(orgID, uid int64) error {
|
func AddOrgUser(orgID, uid int64) error {
|
||||||
if IsOrganizationMember(orgID, uid) {
|
isAlreadyMember, err := IsOrganizationMember(orgID, uid)
|
||||||
return nil
|
if err != nil || isAlreadyMember {
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
sess := x.NewSession()
|
sess := x.NewSession()
|
||||||
|
@ -447,7 +448,9 @@ func RemoveOrgUser(orgID, userID int64) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the user to delete is the last member in owner team.
|
// Check if the user to delete is the last member in owner team.
|
||||||
if IsOrganizationOwner(orgID, userID) {
|
if isOwner, err := IsOrganizationOwner(orgID, userID); err != nil {
|
||||||
|
return err
|
||||||
|
} else if isOwner {
|
||||||
t, err := org.GetOwnerTeam()
|
t, err := org.GetOwnerTeam()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -8,6 +8,8 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/log"
|
||||||
)
|
)
|
||||||
|
|
||||||
const ownerTeamName = "Owners"
|
const ownerTeamName = "Owners"
|
||||||
|
@ -47,7 +49,12 @@ func (t *Team) IsOwnerTeam() bool {
|
||||||
|
|
||||||
// IsMember returns true if given user is a member of team.
|
// IsMember returns true if given user is a member of team.
|
||||||
func (t *Team) IsMember(userID int64) bool {
|
func (t *Team) IsMember(userID int64) bool {
|
||||||
return IsTeamMember(t.OrgID, t.ID, userID)
|
isMember, err := IsTeamMember(t.OrgID, t.ID, userID)
|
||||||
|
if err != nil {
|
||||||
|
log.Error(4, "IsMember: %v", err)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return isMember
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *Team) getRepositories(e Engine) error {
|
func (t *Team) getRepositories(e Engine) error {
|
||||||
|
@ -413,17 +420,17 @@ type TeamUser struct {
|
||||||
UID int64 `xorm:"UNIQUE(s)"`
|
UID int64 `xorm:"UNIQUE(s)"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func isTeamMember(e Engine, orgID, teamID, userID int64) bool {
|
func isTeamMember(e Engine, orgID, teamID, userID int64) (bool, error) {
|
||||||
has, _ := e.
|
return e.
|
||||||
Where("org_id=?", orgID).
|
Where("org_id=?", orgID).
|
||||||
And("team_id=?", teamID).
|
And("team_id=?", teamID).
|
||||||
And("uid=?", userID).
|
And("uid=?", userID).
|
||||||
Get(new(TeamUser))
|
Table("team_user").
|
||||||
return has
|
Exist()
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsTeamMember returns true if given user is a member of team.
|
// IsTeamMember returns true if given user is a member of team.
|
||||||
func IsTeamMember(orgID, teamID, userID int64) bool {
|
func IsTeamMember(orgID, teamID, userID int64) (bool, error) {
|
||||||
return isTeamMember(x, orgID, teamID, userID)
|
return isTeamMember(x, orgID, teamID, userID)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -471,8 +478,9 @@ func GetUserTeams(orgID, userID int64) ([]*Team, error) {
|
||||||
// AddTeamMember adds new membership of given team to given organization,
|
// AddTeamMember adds new membership of given team to given organization,
|
||||||
// the user will have membership to given organization automatically when needed.
|
// the user will have membership to given organization automatically when needed.
|
||||||
func AddTeamMember(team *Team, userID int64) error {
|
func AddTeamMember(team *Team, userID int64) error {
|
||||||
if IsTeamMember(team.OrgID, team.ID, userID) {
|
isAlreadyMember, err := IsTeamMember(team.OrgID, team.ID, userID)
|
||||||
return nil
|
if err != nil || isAlreadyMember {
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := AddOrgUser(team.OrgID, userID); err != nil {
|
if err := AddOrgUser(team.OrgID, userID); err != nil {
|
||||||
|
@ -529,8 +537,9 @@ func AddTeamMember(team *Team, userID int64) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func removeTeamMember(e Engine, team *Team, userID int64) error {
|
func removeTeamMember(e Engine, team *Team, userID int64) error {
|
||||||
if !isTeamMember(e, team.OrgID, team.ID, userID) {
|
isMember, err := isTeamMember(e, team.OrgID, team.ID, userID)
|
||||||
return nil
|
if err != nil || !isMember {
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the user to delete is the last member in owner team.
|
// Check if the user to delete is the last member in owner team.
|
||||||
|
@ -566,7 +575,7 @@ func removeTeamMember(e Engine, team *Team, userID int64) error {
|
||||||
|
|
||||||
// This must exist.
|
// This must exist.
|
||||||
ou := new(OrgUser)
|
ou := new(OrgUser)
|
||||||
_, err := e.
|
_, err = e.
|
||||||
Where("uid = ?", userID).
|
Where("uid = ?", userID).
|
||||||
And("org_id = ?", team.OrgID).
|
And("org_id = ?", team.OrgID).
|
||||||
Get(ou)
|
Get(ou)
|
||||||
|
|
|
@ -250,16 +250,21 @@ func TestDeleteTeam(t *testing.T) {
|
||||||
|
|
||||||
func TestIsTeamMember(t *testing.T) {
|
func TestIsTeamMember(t *testing.T) {
|
||||||
assert.NoError(t, PrepareTestDatabase())
|
assert.NoError(t, PrepareTestDatabase())
|
||||||
|
test := func(orgID, teamID, userID int64, expected bool) {
|
||||||
|
isMember, err := IsTeamMember(orgID, teamID, userID)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Equal(t, expected, isMember)
|
||||||
|
}
|
||||||
|
|
||||||
assert.True(t, IsTeamMember(3, 1, 2))
|
test(3, 1, 2, true)
|
||||||
assert.False(t, IsTeamMember(3, 1, 4))
|
test(3, 1, 4, false)
|
||||||
assert.False(t, IsTeamMember(3, 1, NonexistentID))
|
test(3, 1, NonexistentID, false)
|
||||||
|
|
||||||
assert.True(t, IsTeamMember(3, 2, 2))
|
test(3, 2, 2, true)
|
||||||
assert.True(t, IsTeamMember(3, 2, 4))
|
test(3, 2, 4, true)
|
||||||
|
|
||||||
assert.False(t, IsTeamMember(3, NonexistentID, NonexistentID))
|
test(3, NonexistentID, NonexistentID, false)
|
||||||
assert.False(t, IsTeamMember(NonexistentID, NonexistentID, NonexistentID))
|
test(NonexistentID, NonexistentID, NonexistentID, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestGetTeamMembers(t *testing.T) {
|
func TestGetTeamMembers(t *testing.T) {
|
||||||
|
|
|
@ -12,28 +12,44 @@ import (
|
||||||
|
|
||||||
func TestUser_IsOwnedBy(t *testing.T) {
|
func TestUser_IsOwnedBy(t *testing.T) {
|
||||||
assert.NoError(t, PrepareTestDatabase())
|
assert.NoError(t, PrepareTestDatabase())
|
||||||
org := AssertExistsAndLoadBean(t, &User{ID: 3}).(*User)
|
for _, testCase := range []struct {
|
||||||
assert.True(t, org.IsOwnedBy(2))
|
OrgID int64
|
||||||
assert.False(t, org.IsOwnedBy(1))
|
UserID int64
|
||||||
assert.False(t, org.IsOwnedBy(3))
|
ExpectedOwner bool
|
||||||
assert.False(t, org.IsOwnedBy(4))
|
}{
|
||||||
|
{3, 2, true},
|
||||||
nonOrg := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
|
{3, 1, false},
|
||||||
assert.False(t, nonOrg.IsOwnedBy(2))
|
{3, 3, false},
|
||||||
assert.False(t, nonOrg.IsOwnedBy(3))
|
{3, 4, false},
|
||||||
|
{2, 2, false}, // user2 is not an organization
|
||||||
|
{2, 3, false},
|
||||||
|
} {
|
||||||
|
org := AssertExistsAndLoadBean(t, &User{ID: testCase.OrgID}).(*User)
|
||||||
|
isOwner, err := org.IsOwnedBy(testCase.UserID)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Equal(t, testCase.ExpectedOwner, isOwner)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestUser_IsOrgMember(t *testing.T) {
|
func TestUser_IsOrgMember(t *testing.T) {
|
||||||
assert.NoError(t, PrepareTestDatabase())
|
assert.NoError(t, PrepareTestDatabase())
|
||||||
org := AssertExistsAndLoadBean(t, &User{ID: 3}).(*User)
|
for _, testCase := range []struct {
|
||||||
assert.True(t, org.IsOrgMember(2))
|
OrgID int64
|
||||||
assert.True(t, org.IsOrgMember(4))
|
UserID int64
|
||||||
assert.False(t, org.IsOrgMember(1))
|
ExpectedMember bool
|
||||||
assert.False(t, org.IsOrgMember(3))
|
}{
|
||||||
|
{3, 2, true},
|
||||||
nonOrg := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
|
{3, 4, true},
|
||||||
assert.False(t, nonOrg.IsOrgMember(2))
|
{3, 1, false},
|
||||||
assert.False(t, nonOrg.IsOrgMember(3))
|
{3, 3, false},
|
||||||
|
{2, 2, false}, // user2 is not an organization
|
||||||
|
{2, 3, false},
|
||||||
|
} {
|
||||||
|
org := AssertExistsAndLoadBean(t, &User{ID: testCase.OrgID}).(*User)
|
||||||
|
isMember, err := org.IsOrgMember(testCase.UserID)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Equal(t, testCase.ExpectedMember, isMember)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestUser_GetTeam(t *testing.T) {
|
func TestUser_GetTeam(t *testing.T) {
|
||||||
|
@ -257,31 +273,46 @@ func TestDeleteOrganization(t *testing.T) {
|
||||||
|
|
||||||
func TestIsOrganizationOwner(t *testing.T) {
|
func TestIsOrganizationOwner(t *testing.T) {
|
||||||
assert.NoError(t, PrepareTestDatabase())
|
assert.NoError(t, PrepareTestDatabase())
|
||||||
assert.True(t, IsOrganizationOwner(3, 2))
|
test := func(orgID, userID int64, expected bool) {
|
||||||
assert.False(t, IsOrganizationOwner(3, 3))
|
isOwner, err := IsOrganizationOwner(orgID, userID)
|
||||||
assert.True(t, IsOrganizationOwner(6, 5))
|
assert.NoError(t, err)
|
||||||
assert.False(t, IsOrganizationOwner(6, 4))
|
assert.EqualValues(t, expected, isOwner)
|
||||||
assert.False(t, IsOrganizationOwner(NonexistentID, NonexistentID))
|
}
|
||||||
|
test(3, 2, true)
|
||||||
|
test(3, 3, false)
|
||||||
|
test(6, 5, true)
|
||||||
|
test(6, 4, false)
|
||||||
|
test(NonexistentID, NonexistentID, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestIsOrganizationMember(t *testing.T) {
|
func TestIsOrganizationMember(t *testing.T) {
|
||||||
assert.NoError(t, PrepareTestDatabase())
|
assert.NoError(t, PrepareTestDatabase())
|
||||||
assert.True(t, IsOrganizationMember(3, 2))
|
test := func(orgID, userID int64, expected bool) {
|
||||||
assert.False(t, IsOrganizationMember(3, 3))
|
isMember, err := IsOrganizationMember(orgID, userID)
|
||||||
assert.True(t, IsOrganizationMember(3, 4))
|
assert.NoError(t, err)
|
||||||
assert.True(t, IsOrganizationMember(6, 5))
|
assert.EqualValues(t, expected, isMember)
|
||||||
assert.False(t, IsOrganizationMember(6, 4))
|
}
|
||||||
assert.False(t, IsOrganizationMember(NonexistentID, NonexistentID))
|
test(3, 2, true)
|
||||||
|
test(3, 3, false)
|
||||||
|
test(3, 4, true)
|
||||||
|
test(6, 5, true)
|
||||||
|
test(6, 4, false)
|
||||||
|
test(NonexistentID, NonexistentID, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestIsPublicMembership(t *testing.T) {
|
func TestIsPublicMembership(t *testing.T) {
|
||||||
assert.NoError(t, PrepareTestDatabase())
|
assert.NoError(t, PrepareTestDatabase())
|
||||||
assert.True(t, IsPublicMembership(3, 2))
|
test := func(orgID, userID int64, expected bool) {
|
||||||
assert.False(t, IsPublicMembership(3, 3))
|
isMember, err := IsPublicMembership(orgID, userID)
|
||||||
assert.False(t, IsPublicMembership(3, 4))
|
assert.NoError(t, err)
|
||||||
assert.True(t, IsPublicMembership(6, 5))
|
assert.EqualValues(t, expected, isMember)
|
||||||
assert.False(t, IsPublicMembership(6, 4))
|
}
|
||||||
assert.False(t, IsPublicMembership(NonexistentID, NonexistentID))
|
test(3, 2, true)
|
||||||
|
test(3, 3, false)
|
||||||
|
test(3, 4, false)
|
||||||
|
test(6, 5, true)
|
||||||
|
test(6, 4, false)
|
||||||
|
test(NonexistentID, NonexistentID, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestGetOrgsByUserID(t *testing.T) {
|
func TestGetOrgsByUserID(t *testing.T) {
|
||||||
|
|
|
@ -1493,12 +1493,18 @@ func TransferOwnership(doer *User, newOwnerName string, repo *Repository) error
|
||||||
// Dummy object.
|
// Dummy object.
|
||||||
collaboration := &Collaboration{RepoID: repo.ID}
|
collaboration := &Collaboration{RepoID: repo.ID}
|
||||||
for _, c := range collaborators {
|
for _, c := range collaborators {
|
||||||
collaboration.UserID = c.ID
|
if c.ID != newOwner.ID {
|
||||||
if c.ID == newOwner.ID || newOwner.IsOrgMember(c.ID) {
|
isMember, err := newOwner.IsOrgMember(c.ID)
|
||||||
if _, err = sess.Delete(collaboration); err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("remove collaborator '%d': %v", c.ID, err)
|
return fmt.Errorf("IsOrgMember: %v", err)
|
||||||
|
} else if !isMember {
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
collaboration.UserID = c.ID
|
||||||
|
if _, err = sess.Delete(collaboration); err != nil {
|
||||||
|
return fmt.Errorf("remove collaborator '%d': %v", c.ID, err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Remove old team-repository relations.
|
// Remove old team-repository relations.
|
||||||
|
|
|
@ -487,12 +487,22 @@ func (u *User) IsOrganization() bool {
|
||||||
|
|
||||||
// IsUserOrgOwner returns true if user is in the owner team of given organization.
|
// IsUserOrgOwner returns true if user is in the owner team of given organization.
|
||||||
func (u *User) IsUserOrgOwner(orgID int64) bool {
|
func (u *User) IsUserOrgOwner(orgID int64) bool {
|
||||||
return IsOrganizationOwner(orgID, u.ID)
|
isOwner, err := IsOrganizationOwner(orgID, u.ID)
|
||||||
|
if err != nil {
|
||||||
|
log.Error(4, "IsOrganizationOwner: %v", err)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return isOwner
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsPublicMember returns true if user public his/her membership in given organization.
|
// IsPublicMember returns true if user public his/her membership in given organization.
|
||||||
func (u *User) IsPublicMember(orgID int64) bool {
|
func (u *User) IsPublicMember(orgID int64) bool {
|
||||||
return IsPublicMembership(orgID, u.ID)
|
isMember, err := IsPublicMembership(orgID, u.ID)
|
||||||
|
if err != nil {
|
||||||
|
log.Error(4, "IsPublicMembership: %v", err)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return isMember
|
||||||
}
|
}
|
||||||
|
|
||||||
func (u *User) getOrganizationCount(e Engine) (int64, error) {
|
func (u *User) getOrganizationCount(e Engine) (int64, error) {
|
||||||
|
|
|
@ -73,14 +73,21 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
|
||||||
ctx.Org.IsTeamMember = true
|
ctx.Org.IsTeamMember = true
|
||||||
ctx.Org.IsTeamAdmin = true
|
ctx.Org.IsTeamAdmin = true
|
||||||
} else if ctx.IsSigned {
|
} else if ctx.IsSigned {
|
||||||
ctx.Org.IsOwner = org.IsOwnedBy(ctx.User.ID)
|
ctx.Org.IsOwner, err = org.IsOwnedBy(ctx.User.ID)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Handle(500, "IsOwnedBy", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if ctx.Org.IsOwner {
|
if ctx.Org.IsOwner {
|
||||||
ctx.Org.IsMember = true
|
ctx.Org.IsMember = true
|
||||||
ctx.Org.IsTeamMember = true
|
ctx.Org.IsTeamMember = true
|
||||||
ctx.Org.IsTeamAdmin = true
|
ctx.Org.IsTeamAdmin = true
|
||||||
} else {
|
} else {
|
||||||
if org.IsOrgMember(ctx.User.ID) {
|
ctx.Org.IsMember, err = org.IsOrgMember(ctx.User.ID)
|
||||||
ctx.Org.IsMember = true
|
if err != nil {
|
||||||
|
ctx.Handle(500, "IsOrgMember", err)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -177,7 +177,10 @@ func reqOrgMembership() macaron.Handler {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !models.IsOrganizationMember(orgID, ctx.User.ID) {
|
if isMember, err := models.IsOrganizationMember(orgID, ctx.User.ID); err != nil {
|
||||||
|
ctx.Error(500, "IsOrganizationMember", err)
|
||||||
|
return
|
||||||
|
} else if !isMember {
|
||||||
if ctx.Org.Organization != nil {
|
if ctx.Org.Organization != nil {
|
||||||
ctx.Error(403, "", "Must be an organization member")
|
ctx.Error(403, "", "Must be an organization member")
|
||||||
} else {
|
} else {
|
||||||
|
@ -200,7 +203,10 @@ func reqOrgOwnership() macaron.Handler {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !models.IsOrganizationOwner(orgID, ctx.User.ID) {
|
isOwner, err := models.IsOrganizationOwner(orgID, ctx.User.ID)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Error(500, "IsOrganizationOwner", err)
|
||||||
|
} else if !isOwner {
|
||||||
if ctx.Org.Organization != nil {
|
if ctx.Org.Organization != nil {
|
||||||
ctx.Error(403, "", "Must be an organization owner")
|
ctx.Error(403, "", "Must be an organization owner")
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -67,7 +67,15 @@ func ListMembers(ctx *context.APIContext) {
|
||||||
// responses:
|
// responses:
|
||||||
// "200":
|
// "200":
|
||||||
// "$ref": "#/responses/UserList"
|
// "$ref": "#/responses/UserList"
|
||||||
publicOnly := ctx.User == nil || !ctx.Org.Organization.IsOrgMember(ctx.User.ID)
|
publicOnly := true
|
||||||
|
if ctx.User != nil {
|
||||||
|
isMember, err := ctx.Org.Organization.IsOrgMember(ctx.User.ID)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Error(500, "IsOrgMember", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
publicOnly = !isMember
|
||||||
|
}
|
||||||
listMembers(ctx, publicOnly)
|
listMembers(ctx, publicOnly)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -119,19 +127,30 @@ func IsMember(ctx *context.APIContext) {
|
||||||
if ctx.Written() {
|
if ctx.Written() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if ctx.User != nil && ctx.Org.Organization.IsOrgMember(ctx.User.ID) {
|
if ctx.User != nil {
|
||||||
if ctx.Org.Organization.IsOrgMember(userToCheck.ID) {
|
userIsMember, err := ctx.Org.Organization.IsOrgMember(ctx.User.ID)
|
||||||
ctx.Status(204)
|
if err != nil {
|
||||||
} else {
|
ctx.Error(500, "IsOrgMember", err)
|
||||||
|
return
|
||||||
|
} else if userIsMember {
|
||||||
|
userToCheckIsMember, err := ctx.Org.Organization.IsOrgMember(ctx.User.ID)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Error(500, "IsOrgMember", err)
|
||||||
|
} else if userToCheckIsMember {
|
||||||
|
ctx.Status(204)
|
||||||
|
} else {
|
||||||
|
ctx.Status(404)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
} else if ctx.User.ID == userToCheck.ID {
|
||||||
ctx.Status(404)
|
ctx.Status(404)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
} else if ctx.User != nil && ctx.User.ID == userToCheck.ID {
|
|
||||||
ctx.Status(404)
|
|
||||||
} else {
|
|
||||||
redirectURL := fmt.Sprintf("%sapi/v1/orgs/%s/public_members/%s",
|
|
||||||
setting.AppURL, ctx.Org.Organization.Name, userToCheck.Name)
|
|
||||||
ctx.Redirect(redirectURL, 302)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
redirectURL := fmt.Sprintf("%sapi/v1/orgs/%s/public_members/%s",
|
||||||
|
setting.AppURL, ctx.Org.Organization.Name, userToCheck.Name)
|
||||||
|
ctx.Redirect(redirectURL, 302)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsPublicMember check if a user is a public member of an organization
|
// IsPublicMember check if a user is a public member of an organization
|
||||||
|
|
|
@ -176,7 +176,11 @@ func GetTeamMembers(ctx *context.APIContext) {
|
||||||
// responses:
|
// responses:
|
||||||
// "200":
|
// "200":
|
||||||
// "$ref": "#/responses/UserList"
|
// "$ref": "#/responses/UserList"
|
||||||
if !models.IsOrganizationMember(ctx.Org.Team.OrgID, ctx.User.ID) {
|
isMember, err := models.IsOrganizationMember(ctx.Org.Team.OrgID, ctx.User.ID)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Error(500, "IsOrganizationMember", err)
|
||||||
|
return
|
||||||
|
} else if !isMember {
|
||||||
ctx.Status(404)
|
ctx.Status(404)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -89,7 +89,11 @@ func CreateFork(ctx *context.APIContext, form api.CreateForkOption) {
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !org.IsOrgMember(ctx.User.ID) {
|
isMember, err := org.IsOrgMember(ctx.User.ID)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Handle(500, "IsOrgMember", err)
|
||||||
|
return
|
||||||
|
} else if !isMember {
|
||||||
ctx.Status(403)
|
ctx.Status(403)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -108,8 +108,19 @@ func Search(ctx *context.APIContext) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check visibility.
|
// Check visibility.
|
||||||
if ctx.IsSigned && (ctx.User.ID == repoOwner.ID || (repoOwner.IsOrganization() && repoOwner.IsOwnedBy(ctx.User.ID))) {
|
if ctx.IsSigned {
|
||||||
opts.Private = true
|
if ctx.User.ID == repoOwner.ID {
|
||||||
|
opts.Private = true
|
||||||
|
} else if repoOwner.IsOrganization() {
|
||||||
|
opts.Private, err = repoOwner.IsOwnedBy(ctx.User.ID)
|
||||||
|
if err != nil {
|
||||||
|
ctx.JSON(500, api.SearchError{
|
||||||
|
OK: false,
|
||||||
|
Error: err.Error(),
|
||||||
|
})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -245,7 +256,11 @@ func CreateOrgRepo(ctx *context.APIContext, opt api.CreateRepoOption) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !org.IsOwnedBy(ctx.User.ID) {
|
isOwner, err := org.IsOwnedBy(ctx.User.ID)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Handle(500, "IsOwnedBy", err)
|
||||||
|
return
|
||||||
|
} else if !isOwner {
|
||||||
ctx.Error(403, "", "Given user is not owner of organization.")
|
ctx.Error(403, "", "Given user is not owner of organization.")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -292,7 +307,11 @@ func Migrate(ctx *context.APIContext, form auth.MigrateRepoForm) {
|
||||||
|
|
||||||
if ctxUser.IsOrganization() && !ctx.User.IsAdmin {
|
if ctxUser.IsOrganization() && !ctx.User.IsAdmin {
|
||||||
// Check ownership of organization.
|
// Check ownership of organization.
|
||||||
if !ctxUser.IsOwnedBy(ctx.User.ID) {
|
isOwner, err := ctxUser.IsOwnedBy(ctx.User.ID)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Error(500, "IsOwnedBy", err)
|
||||||
|
return
|
||||||
|
} else if !isOwner {
|
||||||
ctx.Error(403, "", "Given user is not owner of organization.")
|
ctx.Error(403, "", "Given user is not owner of organization.")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -431,9 +450,15 @@ func Delete(ctx *context.APIContext) {
|
||||||
owner := ctx.Repo.Owner
|
owner := ctx.Repo.Owner
|
||||||
repo := ctx.Repo.Repository
|
repo := ctx.Repo.Repository
|
||||||
|
|
||||||
if owner.IsOrganization() && !owner.IsOwnedBy(ctx.User.ID) {
|
if owner.IsOrganization() {
|
||||||
ctx.Error(403, "", "Given user is not owner of organization.")
|
isOwner, err := owner.IsOwnedBy(ctx.User.ID)
|
||||||
return
|
if err != nil {
|
||||||
|
ctx.Error(500, "IsOwnedBy", err)
|
||||||
|
return
|
||||||
|
} else if !isOwner {
|
||||||
|
ctx.Error(403, "", "Given user is not owner of organization.")
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := models.DeleteRepository(ctx.User, owner.ID, repo.ID); err != nil {
|
if err := models.DeleteRepository(ctx.User, owner.ID, repo.ID); err != nil {
|
||||||
|
|
|
@ -475,6 +475,26 @@ func NewIssuePost(ctx *context.Context, form auth.CreateIssueForm) {
|
||||||
ctx.Redirect(ctx.Repo.RepoLink + "/issues/" + com.ToStr(issue.Index))
|
ctx.Redirect(ctx.Repo.RepoLink + "/issues/" + com.ToStr(issue.Index))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// commentTag returns the CommentTag for a comment in/with the given repo, poster and issue
|
||||||
|
func commentTag(repo *models.Repository, poster *models.User, issue *models.Issue) (models.CommentTag, error) {
|
||||||
|
if repo.IsOwnedBy(poster.ID) {
|
||||||
|
return models.CommentTagOwner, nil
|
||||||
|
} else if repo.Owner.IsOrganization() {
|
||||||
|
isOwner, err := repo.Owner.IsOwnedBy(poster.ID)
|
||||||
|
if err != nil {
|
||||||
|
return models.CommentTagNone, err
|
||||||
|
} else if isOwner {
|
||||||
|
return models.CommentTagOwner, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if poster.IsWriterOfRepo(repo) {
|
||||||
|
return models.CommentTagWriter, nil
|
||||||
|
} else if poster.ID == issue.PosterID {
|
||||||
|
return models.CommentTagPoster, nil
|
||||||
|
}
|
||||||
|
return models.CommentTagNone, nil
|
||||||
|
}
|
||||||
|
|
||||||
// ViewIssue render issue view page
|
// ViewIssue render issue view page
|
||||||
func ViewIssue(ctx *context.Context) {
|
func ViewIssue(ctx *context.Context) {
|
||||||
ctx.Data["RequireHighlightJS"] = true
|
ctx.Data["RequireHighlightJS"] = true
|
||||||
|
@ -644,15 +664,11 @@ func ViewIssue(ctx *context.Context) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if repo.IsOwnedBy(comment.PosterID) ||
|
comment.ShowTag, err = commentTag(repo, comment.Poster, issue)
|
||||||
(repo.Owner.IsOrganization() && repo.Owner.IsOwnedBy(comment.PosterID)) {
|
if err != nil {
|
||||||
comment.ShowTag = models.CommentTagOwner
|
ctx.Handle(500, "commentTag", err)
|
||||||
} else if comment.Poster.IsWriterOfRepo(repo) {
|
return
|
||||||
comment.ShowTag = models.CommentTagWriter
|
|
||||||
} else if comment.PosterID == issue.PosterID {
|
|
||||||
comment.ShowTag = models.CommentTagPoster
|
|
||||||
}
|
}
|
||||||
|
|
||||||
marked[comment.PosterID] = comment.ShowTag
|
marked[comment.PosterID] = comment.ShowTag
|
||||||
|
|
||||||
isAdded := false
|
isAdded := false
|
||||||
|
|
|
@ -173,7 +173,11 @@ func ForkPost(ctx *context.Context, form auth.CreateRepoForm) {
|
||||||
|
|
||||||
// Check ownership of organization.
|
// Check ownership of organization.
|
||||||
if ctxUser.IsOrganization() {
|
if ctxUser.IsOrganization() {
|
||||||
if !ctxUser.IsOwnedBy(ctx.User.ID) {
|
isOwner, err := ctxUser.IsOwnedBy(ctx.User.ID)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Handle(500, "IsOwnedBy", err)
|
||||||
|
return
|
||||||
|
} else if !isOwner {
|
||||||
ctx.Error(403)
|
ctx.Error(403)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -74,10 +74,20 @@ func checkContextUser(ctx *context.Context, uid int64) *models.User {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check ownership of organization.
|
// Check ownership of organization.
|
||||||
if !org.IsOrganization() || !(ctx.User.IsAdmin || org.IsOwnedBy(ctx.User.ID)) {
|
if !org.IsOrganization() {
|
||||||
ctx.Error(403)
|
ctx.Error(403)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
if !ctx.User.IsAdmin {
|
||||||
|
isOwner, err := org.IsOwnedBy(ctx.User.ID)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Handle(500, "IsOwnedBy", err)
|
||||||
|
return nil
|
||||||
|
} else if !isOwner {
|
||||||
|
ctx.Error(403)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
return org
|
return org
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -234,13 +234,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if ctx.Repo.Owner.IsOrganization() {
|
|
||||||
if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) {
|
|
||||||
ctx.Error(404)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if !repo.IsMirror {
|
if !repo.IsMirror {
|
||||||
ctx.Error(404)
|
ctx.Error(404)
|
||||||
return
|
return
|
||||||
|
@ -268,13 +261,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if ctx.Repo.Owner.IsOrganization() {
|
|
||||||
if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) {
|
|
||||||
ctx.Error(404)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
newOwner := ctx.Query("new_owner_name")
|
newOwner := ctx.Query("new_owner_name")
|
||||||
isExist, err := models.IsUserExist(0, newOwner)
|
isExist, err := models.IsUserExist(0, newOwner)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -307,13 +293,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if ctx.Repo.Owner.IsOrganization() {
|
|
||||||
if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) {
|
|
||||||
ctx.Error(404)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := models.DeleteRepository(ctx.User, ctx.Repo.Owner.ID, repo.ID); err != nil {
|
if err := models.DeleteRepository(ctx.User, ctx.Repo.Owner.ID, repo.ID); err != nil {
|
||||||
ctx.Handle(500, "DeleteRepository", err)
|
ctx.Handle(500, "DeleteRepository", err)
|
||||||
return
|
return
|
||||||
|
@ -333,13 +312,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if ctx.Repo.Owner.IsOrganization() {
|
|
||||||
if !ctx.Repo.Owner.IsOwnedBy(ctx.User.ID) {
|
|
||||||
ctx.Error(404)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
repo.DeleteWiki()
|
repo.DeleteWiki()
|
||||||
log.Trace("Repository wiki deleted: %s/%s", ctx.Repo.Owner.Name, repo.Name)
|
log.Trace("Repository wiki deleted: %s/%s", ctx.Repo.Owner.Name, repo.Name)
|
||||||
|
|
||||||
|
@ -393,10 +365,16 @@ func CollaborationPost(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if user is organization member.
|
// Check if user is organization member.
|
||||||
if ctx.Repo.Owner.IsOrganization() && ctx.Repo.Owner.IsOrgMember(u.ID) {
|
if ctx.Repo.Owner.IsOrganization() {
|
||||||
ctx.Flash.Info(ctx.Tr("repo.settings.user_is_org_member"))
|
isMember, err := ctx.Repo.Owner.IsOrgMember(u.ID)
|
||||||
ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
|
if err != nil {
|
||||||
return
|
ctx.Handle(500, "IsOrgMember", err)
|
||||||
|
return
|
||||||
|
} else if isMember {
|
||||||
|
ctx.Flash.Info(ctx.Tr("repo.settings.user_is_org_member"))
|
||||||
|
ctx.Redirect(ctx.Repo.RepoLink + "/settings/collaboration")
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = ctx.Repo.Repository.AddCollaborator(u); err != nil {
|
if err = ctx.Repo.Repository.AddCollaborator(u); err != nil {
|
||||||
|
|
Reference in a new issue