List rights are now respected
This commit is contained in:
konrad
kolaente
parent
92174aac08
commit
521e7c3bef
5 changed files with 56 additions and 18 deletions
|
|
@ -10,3 +10,16 @@ Content-Type: application/json
|
|||
> {% client.global.set("auth_token", response.body.token); %}
|
||||
|
||||
###
|
||||
|
||||
## Register
|
||||
|
||||
POST http://localhost:8080/api/v1/register
|
||||
Content-Type: application/json
|
||||
|
||||
{
|
||||
"username": "user3",
|
||||
"password": "1234",
|
||||
"email": "3@knt.li"
|
||||
}
|
||||
|
||||
###
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ Authorization: Bearer {{auth_token}}
|
|||
###
|
||||
|
||||
# Get all teams who have access to that list
|
||||
GET http://localhost:8080/api/v1/lists/10/teams
|
||||
GET http://localhost:8080/api/v1/lists/28/teams
|
||||
Authorization: Bearer {{auth_token}}
|
||||
|
||||
###
|
||||
|
|
@ -53,22 +53,22 @@ Authorization: Bearer {{auth_token}}
|
|||
###
|
||||
|
||||
# Get all users who have access to that list
|
||||
GET http://localhost:8080/api/v1/lists/10/users
|
||||
GET http://localhost:8080/api/v1/lists/28/users
|
||||
Authorization: Bearer {{auth_token}}
|
||||
|
||||
###
|
||||
|
||||
# Give a user access to that list
|
||||
PUT http://localhost:8080/api/v1/lists/1/users
|
||||
PUT http://localhost:8080/api/v1/lists/28/users
|
||||
Authorization: Bearer {{auth_token}}
|
||||
Content-Type: application/json
|
||||
|
||||
{"user_id":2, "right": 5}
|
||||
{"user_id":3, "right":1}
|
||||
|
||||
###
|
||||
|
||||
# Delete a user from a list
|
||||
DELETE http://localhost:8080/api/v1/lists/10/users/2
|
||||
DELETE http://localhost:8080/api/v1/lists/28/users/3
|
||||
Authorization: Bearer {{auth_token}}
|
||||
|
||||
###
|
||||
|
|
@ -4,18 +4,24 @@ Authorization: Bearer {{auth_token}}
|
|||
|
||||
###
|
||||
|
||||
# Get one namespaces
|
||||
GET http://localhost:8080/api/v1/namespaces/12
|
||||
Authorization: Bearer {{auth_token}}
|
||||
|
||||
###
|
||||
|
||||
# Get all users who have access to that namespace
|
||||
GET http://localhost:8080/api/v1/namespaces/1/users
|
||||
GET http://localhost:8080/api/v1/namespaces/12/users
|
||||
Authorization: Bearer {{auth_token}}
|
||||
|
||||
###
|
||||
|
||||
# Give a user access to that namespace
|
||||
PUT http://localhost:8080/api/v1/namespaces/1/users
|
||||
PUT http://localhost:8080/api/v1/namespaces/12/users
|
||||
Authorization: Bearer {{auth_token}}
|
||||
Content-Type: application/json
|
||||
|
||||
{"user_id":2, "right": 0}
|
||||
{"user_id":3, "right": 0}
|
||||
|
||||
###
|
||||
|
||||
|
|
|
|||
|
|
@ -66,9 +66,13 @@ func (l *List) ReadAll(user *User) (interface{}, error) {
|
|||
Join("LEFT", []string{"team_members", "tm"}, "tm.team_id = tn.team_id").
|
||||
Join("LEFT", []string{"team_list", "tl"}, "l.id = tl.list_id").
|
||||
Join("LEFT", []string{"team_members", "tm2"}, "tm2.team_id = tl.team_id").
|
||||
Join("LEFT", []string{"users_list", "ul"}, "ul.list_id = l.id").
|
||||
Join("LEFT", []string{"users_namespace", "un"}, "un.namespace_id = l.namespace_id").
|
||||
Where("tm.user_id = ?", fullUser.ID).
|
||||
Or("tm2.user_id = ?", fullUser.ID).
|
||||
Or("l.owner_id = ?", fullUser.ID).
|
||||
Or("ul.user_id = ?", fullUser.ID).
|
||||
Or("un.user_id = ?", fullUser.ID).
|
||||
GroupBy("l.id").
|
||||
Find(&lists)
|
||||
|
||||
|
|
|
|||
|
|
@ -8,21 +8,22 @@ func (l *List) IsAdmin(user *User) bool {
|
|||
}
|
||||
|
||||
// Check individual rights
|
||||
if l.checkListUserRight(user, UserRightAdmin) {
|
||||
return true
|
||||
}
|
||||
|
||||
return l.checkListTeamRight(user, TeamRightAdmin)
|
||||
}
|
||||
|
||||
// CanWrite return whether the user can write on that list or not
|
||||
func (l *List) CanWrite(user *User) bool {
|
||||
// Owners always have write access
|
||||
if l.Owner.ID == user.ID {
|
||||
// Admins always have write access
|
||||
if l.IsAdmin(user) {
|
||||
return true
|
||||
}
|
||||
|
||||
// Check individual rights
|
||||
|
||||
// Admins always have write access
|
||||
if l.IsAdmin(user) {
|
||||
if l.checkListUserRight(user, UserRightWrite) {
|
||||
return true
|
||||
}
|
||||
|
||||
|
|
@ -31,15 +32,13 @@ func (l *List) CanWrite(user *User) bool {
|
|||
|
||||
// CanRead checks if a user has read access to a list
|
||||
func (l *List) CanRead(user *User) bool {
|
||||
// Owners always have read access
|
||||
if l.Owner.ID == user.ID {
|
||||
// Admins always have read access
|
||||
if l.IsAdmin(user) {
|
||||
return true
|
||||
}
|
||||
|
||||
// Check individual rights
|
||||
|
||||
// Admins always have read access
|
||||
if l.IsAdmin(user) {
|
||||
if l.checkListUserRight(user, UserRightRead) {
|
||||
return true
|
||||
}
|
||||
|
||||
|
|
@ -82,3 +81,19 @@ func (l *List) checkListTeamRight(user *User, r TeamRight) bool {
|
|||
|
||||
return exists
|
||||
}
|
||||
|
||||
func (l *List) checkListUserRight(user *User, r UserRight) bool {
|
||||
exists, err := x.Select("l.*").
|
||||
Table("list").
|
||||
Alias("l").
|
||||
Join("LEFT", []string{"users_namespace", "un"}, "un.namespace_id = l.namespace_id").
|
||||
Join("LEFT", []string{"users_list", "ul"}, "ul.list_id = l.id").
|
||||
Where("(ul.user_id = ? AND ul.right = ?) AND l.id = ?",
|
||||
user.ID, r, l.ID).
|
||||
Get(&List{})
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
return exists
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue