List rights are now respected
This commit is contained in:
parent
92174aac08
commit
521e7c3bef
5 changed files with 56 additions and 18 deletions
|
@ -10,3 +10,16 @@ Content-Type: application/json
|
||||||
> {% client.global.set("auth_token", response.body.token); %}
|
> {% client.global.set("auth_token", response.body.token); %}
|
||||||
|
|
||||||
###
|
###
|
||||||
|
|
||||||
|
## Register
|
||||||
|
|
||||||
|
POST http://localhost:8080/api/v1/register
|
||||||
|
Content-Type: application/json
|
||||||
|
|
||||||
|
{
|
||||||
|
"username": "user3",
|
||||||
|
"password": "1234",
|
||||||
|
"email": "3@knt.li"
|
||||||
|
}
|
||||||
|
|
||||||
|
###
|
||||||
|
|
|
@ -26,7 +26,7 @@ Authorization: Bearer {{auth_token}}
|
||||||
###
|
###
|
||||||
|
|
||||||
# Get all teams who have access to that list
|
# Get all teams who have access to that list
|
||||||
GET http://localhost:8080/api/v1/lists/10/teams
|
GET http://localhost:8080/api/v1/lists/28/teams
|
||||||
Authorization: Bearer {{auth_token}}
|
Authorization: Bearer {{auth_token}}
|
||||||
|
|
||||||
###
|
###
|
||||||
|
@ -53,22 +53,22 @@ Authorization: Bearer {{auth_token}}
|
||||||
###
|
###
|
||||||
|
|
||||||
# Get all users who have access to that list
|
# Get all users who have access to that list
|
||||||
GET http://localhost:8080/api/v1/lists/10/users
|
GET http://localhost:8080/api/v1/lists/28/users
|
||||||
Authorization: Bearer {{auth_token}}
|
Authorization: Bearer {{auth_token}}
|
||||||
|
|
||||||
###
|
###
|
||||||
|
|
||||||
# Give a user access to that list
|
# Give a user access to that list
|
||||||
PUT http://localhost:8080/api/v1/lists/1/users
|
PUT http://localhost:8080/api/v1/lists/28/users
|
||||||
Authorization: Bearer {{auth_token}}
|
Authorization: Bearer {{auth_token}}
|
||||||
Content-Type: application/json
|
Content-Type: application/json
|
||||||
|
|
||||||
{"user_id":2, "right": 5}
|
{"user_id":3, "right":1}
|
||||||
|
|
||||||
###
|
###
|
||||||
|
|
||||||
# Delete a user from a list
|
# Delete a user from a list
|
||||||
DELETE http://localhost:8080/api/v1/lists/10/users/2
|
DELETE http://localhost:8080/api/v1/lists/28/users/3
|
||||||
Authorization: Bearer {{auth_token}}
|
Authorization: Bearer {{auth_token}}
|
||||||
|
|
||||||
###
|
###
|
|
@ -4,18 +4,24 @@ Authorization: Bearer {{auth_token}}
|
||||||
|
|
||||||
###
|
###
|
||||||
|
|
||||||
|
# Get one namespaces
|
||||||
|
GET http://localhost:8080/api/v1/namespaces/12
|
||||||
|
Authorization: Bearer {{auth_token}}
|
||||||
|
|
||||||
|
###
|
||||||
|
|
||||||
# Get all users who have access to that namespace
|
# Get all users who have access to that namespace
|
||||||
GET http://localhost:8080/api/v1/namespaces/1/users
|
GET http://localhost:8080/api/v1/namespaces/12/users
|
||||||
Authorization: Bearer {{auth_token}}
|
Authorization: Bearer {{auth_token}}
|
||||||
|
|
||||||
###
|
###
|
||||||
|
|
||||||
# Give a user access to that namespace
|
# Give a user access to that namespace
|
||||||
PUT http://localhost:8080/api/v1/namespaces/1/users
|
PUT http://localhost:8080/api/v1/namespaces/12/users
|
||||||
Authorization: Bearer {{auth_token}}
|
Authorization: Bearer {{auth_token}}
|
||||||
Content-Type: application/json
|
Content-Type: application/json
|
||||||
|
|
||||||
{"user_id":2, "right": 0}
|
{"user_id":3, "right": 0}
|
||||||
|
|
||||||
###
|
###
|
||||||
|
|
||||||
|
|
|
@ -66,9 +66,13 @@ func (l *List) ReadAll(user *User) (interface{}, error) {
|
||||||
Join("LEFT", []string{"team_members", "tm"}, "tm.team_id = tn.team_id").
|
Join("LEFT", []string{"team_members", "tm"}, "tm.team_id = tn.team_id").
|
||||||
Join("LEFT", []string{"team_list", "tl"}, "l.id = tl.list_id").
|
Join("LEFT", []string{"team_list", "tl"}, "l.id = tl.list_id").
|
||||||
Join("LEFT", []string{"team_members", "tm2"}, "tm2.team_id = tl.team_id").
|
Join("LEFT", []string{"team_members", "tm2"}, "tm2.team_id = tl.team_id").
|
||||||
|
Join("LEFT", []string{"users_list", "ul"}, "ul.list_id = l.id").
|
||||||
|
Join("LEFT", []string{"users_namespace", "un"}, "un.namespace_id = l.namespace_id").
|
||||||
Where("tm.user_id = ?", fullUser.ID).
|
Where("tm.user_id = ?", fullUser.ID).
|
||||||
Or("tm2.user_id = ?", fullUser.ID).
|
Or("tm2.user_id = ?", fullUser.ID).
|
||||||
Or("l.owner_id = ?", fullUser.ID).
|
Or("l.owner_id = ?", fullUser.ID).
|
||||||
|
Or("ul.user_id = ?", fullUser.ID).
|
||||||
|
Or("un.user_id = ?", fullUser.ID).
|
||||||
GroupBy("l.id").
|
GroupBy("l.id").
|
||||||
Find(&lists)
|
Find(&lists)
|
||||||
|
|
||||||
|
|
|
@ -8,21 +8,22 @@ func (l *List) IsAdmin(user *User) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check individual rights
|
// Check individual rights
|
||||||
|
if l.checkListUserRight(user, UserRightAdmin) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
return l.checkListTeamRight(user, TeamRightAdmin)
|
return l.checkListTeamRight(user, TeamRightAdmin)
|
||||||
}
|
}
|
||||||
|
|
||||||
// CanWrite return whether the user can write on that list or not
|
// CanWrite return whether the user can write on that list or not
|
||||||
func (l *List) CanWrite(user *User) bool {
|
func (l *List) CanWrite(user *User) bool {
|
||||||
// Owners always have write access
|
// Admins always have write access
|
||||||
if l.Owner.ID == user.ID {
|
if l.IsAdmin(user) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check individual rights
|
// Check individual rights
|
||||||
|
if l.checkListUserRight(user, UserRightWrite) {
|
||||||
// Admins always have write access
|
|
||||||
if l.IsAdmin(user) {
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -31,15 +32,13 @@ func (l *List) CanWrite(user *User) bool {
|
||||||
|
|
||||||
// CanRead checks if a user has read access to a list
|
// CanRead checks if a user has read access to a list
|
||||||
func (l *List) CanRead(user *User) bool {
|
func (l *List) CanRead(user *User) bool {
|
||||||
// Owners always have read access
|
// Admins always have read access
|
||||||
if l.Owner.ID == user.ID {
|
if l.IsAdmin(user) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check individual rights
|
// Check individual rights
|
||||||
|
if l.checkListUserRight(user, UserRightRead) {
|
||||||
// Admins always have read access
|
|
||||||
if l.IsAdmin(user) {
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -82,3 +81,19 @@ func (l *List) checkListTeamRight(user *User, r TeamRight) bool {
|
||||||
|
|
||||||
return exists
|
return exists
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (l *List) checkListUserRight(user *User, r UserRight) bool {
|
||||||
|
exists, err := x.Select("l.*").
|
||||||
|
Table("list").
|
||||||
|
Alias("l").
|
||||||
|
Join("LEFT", []string{"users_namespace", "un"}, "un.namespace_id = l.namespace_id").
|
||||||
|
Join("LEFT", []string{"users_list", "ul"}, "ul.list_id = l.id").
|
||||||
|
Where("(ul.user_id = ? AND ul.right = ?) AND l.id = ?",
|
||||||
|
user.ID, r, l.ID).
|
||||||
|
Get(&List{})
|
||||||
|
if err != nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
return exists
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue