Add user filter to issueTrackedTimes, enable usage for issue managers (#14081)
* add user filter to issueTrackedTimes fixes #14024 * update swagger * allow user filter for issue writers * improve swagger doc * return 404 on invalid user
This commit is contained in:
parent
6f1dddf5c3
commit
c2ae432489
2 changed files with 44 additions and 12 deletions
|
@ -41,6 +41,10 @@ func ListTrackedTimes(ctx *context.APIContext) {
|
||||||
// type: integer
|
// type: integer
|
||||||
// format: int64
|
// format: int64
|
||||||
// required: true
|
// required: true
|
||||||
|
// - name: user
|
||||||
|
// in: query
|
||||||
|
// description: optional filter by user (available for issue managers)
|
||||||
|
// type: string
|
||||||
// - name: since
|
// - name: since
|
||||||
// in: query
|
// in: query
|
||||||
// description: Only show times updated after the given time. This is a timestamp in RFC 3339 format
|
// description: Only show times updated after the given time. This is a timestamp in RFC 3339 format
|
||||||
|
@ -85,13 +89,34 @@ func ListTrackedTimes(ctx *context.APIContext) {
|
||||||
IssueID: issue.ID,
|
IssueID: issue.ID,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
qUser := strings.Trim(ctx.Query("user"), " ")
|
||||||
|
if qUser != "" {
|
||||||
|
user, err := models.GetUserByName(qUser)
|
||||||
|
if models.IsErrUserNotExist(err) {
|
||||||
|
ctx.Error(http.StatusNotFound, "User does not exist", err)
|
||||||
|
} else if err != nil {
|
||||||
|
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
opts.UserID = user.ID
|
||||||
|
}
|
||||||
|
|
||||||
if opts.CreatedBeforeUnix, opts.CreatedAfterUnix, err = utils.GetQueryBeforeSince(ctx); err != nil {
|
if opts.CreatedBeforeUnix, opts.CreatedAfterUnix, err = utils.GetQueryBeforeSince(ctx); err != nil {
|
||||||
ctx.Error(http.StatusUnprocessableEntity, "GetQueryBeforeSince", err)
|
ctx.Error(http.StatusUnprocessableEntity, "GetQueryBeforeSince", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin {
|
cantSetUser := !ctx.User.IsAdmin &&
|
||||||
|
opts.UserID != ctx.User.ID &&
|
||||||
|
!ctx.IsUserRepoWriter([]models.UnitType{models.UnitTypeIssues})
|
||||||
|
|
||||||
|
if cantSetUser {
|
||||||
|
if opts.UserID == 0 {
|
||||||
opts.UserID = ctx.User.ID
|
opts.UserID = ctx.User.ID
|
||||||
|
} else {
|
||||||
|
ctx.Error(http.StatusForbidden, "", fmt.Errorf("query by user not allowed; not enough rights"))
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
trackedTimes, err := models.GetTrackedTimes(opts)
|
trackedTimes, err := models.GetTrackedTimes(opts)
|
||||||
|
@ -394,12 +419,7 @@ func ListTrackedTimesByUser(ctx *context.APIContext) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin && ctx.User.ID != user.ID {
|
if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin && ctx.User.ID != user.ID {
|
||||||
ctx.Error(http.StatusForbidden, "", fmt.Errorf("query user not allowed not enouth rights"))
|
ctx.Error(http.StatusForbidden, "", fmt.Errorf("query by user not allowed; not enough rights"))
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin && ctx.User.ID != user.ID {
|
|
||||||
ctx.Error(http.StatusForbidden, "", fmt.Errorf("query user not allowed not enouth rights"))
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -440,7 +460,7 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
|
||||||
// required: true
|
// required: true
|
||||||
// - name: user
|
// - name: user
|
||||||
// in: query
|
// in: query
|
||||||
// description: optional filter by user
|
// description: optional filter by user (available for issue managers)
|
||||||
// type: string
|
// type: string
|
||||||
// - name: since
|
// - name: since
|
||||||
// in: query
|
// in: query
|
||||||
|
@ -482,7 +502,9 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
|
||||||
qUser := strings.Trim(ctx.Query("user"), " ")
|
qUser := strings.Trim(ctx.Query("user"), " ")
|
||||||
if qUser != "" {
|
if qUser != "" {
|
||||||
user, err := models.GetUserByName(qUser)
|
user, err := models.GetUserByName(qUser)
|
||||||
if err != nil {
|
if models.IsErrUserNotExist(err) {
|
||||||
|
ctx.Error(http.StatusNotFound, "User does not exist", err)
|
||||||
|
} else if err != nil {
|
||||||
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
|
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -495,7 +517,11 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin {
|
cantSetUser := !ctx.User.IsAdmin &&
|
||||||
|
opts.UserID != ctx.User.ID &&
|
||||||
|
!ctx.IsUserRepoWriter([]models.UnitType{models.UnitTypeIssues})
|
||||||
|
|
||||||
|
if cantSetUser {
|
||||||
if opts.UserID == 0 {
|
if opts.UserID == 0 {
|
||||||
opts.UserID = ctx.User.ID
|
opts.UserID = ctx.User.ID
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -5840,6 +5840,12 @@
|
||||||
"in": "path",
|
"in": "path",
|
||||||
"required": true
|
"required": true
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"type": "string",
|
||||||
|
"description": "optional filter by user (available for issue managers)",
|
||||||
|
"name": "user",
|
||||||
|
"in": "query"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"format": "date-time",
|
"format": "date-time",
|
||||||
|
@ -8811,7 +8817,7 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"description": "optional filter by user",
|
"description": "optional filter by user (available for issue managers)",
|
||||||
"name": "user",
|
"name": "user",
|
||||||
"in": "query"
|
"in": "query"
|
||||||
},
|
},
|
||||||
|
|
Reference in a new issue