Added more checks to not leave an error unpassed when checking for rights

This commit is contained in:
konrad 2018-10-06 13:25:37 +02:00
parent 06638fccc8
commit a4137b3d6f
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
7 changed files with 74 additions and 18 deletions

View file

@ -3,7 +3,11 @@ package models
// CanDelete checks if the user can delete an task // CanDelete checks if the user can delete an task
func (i *ListTask) CanDelete(doer *User) bool { func (i *ListTask) CanDelete(doer *User) bool {
// Get the task // Get the task
lI, _ := GetListTaskByID(i.ID) lI, err := GetListTaskByID(i.ID)
if err != nil {
Log.Error("Error occurred during CanDelete for ListTask: %s", err)
return false
}
// A user can delete an task if he has write acces to its list // A user can delete an task if he has write acces to its list
list := &List{ID: lI.ListID} list := &List{ID: lI.ListID}
@ -14,7 +18,11 @@ func (i *ListTask) CanDelete(doer *User) bool {
// CanUpdate determines if a user has the right to update a list task // CanUpdate determines if a user has the right to update a list task
func (i *ListTask) CanUpdate(doer *User) bool { func (i *ListTask) CanUpdate(doer *User) bool {
// Get the task // Get the task
lI, _ := GetListTaskByID(i.ID) lI, err := GetListTaskByID(i.ID)
if err != nil {
Log.Error("Error occurred during CanDelete for ListTask: %s", err)
return false
}
// A user can update an task if he has write acces to its list // A user can update an task if he has write acces to its list
list := &List{ID: lI.ListID} list := &List{ID: lI.ListID}

View file

@ -82,6 +82,7 @@ func (l *List) checkListTeamRight(user *User, r TeamRight) bool {
user.ID, r, user.ID, r, l.ID). user.ID, r, user.ID, r, l.ID).
Exist(&List{}) Exist(&List{})
if err != nil { if err != nil {
Log.Error("Error occurred during checkListTeamRight for List: %s", err)
return false return false
} }
@ -102,6 +103,7 @@ func (l *List) checkListUserRight(user *User, r UserRight) bool {
user.ID, r, user.ID, r, user.ID, l.ID). user.ID, r, user.ID, r, user.ID, l.ID).
Exist(&List{}) Exist(&List{})
if err != nil { if err != nil {
Log.Error("Error occurred during checkListUserRight for List: %s", err)
return false return false
} }

View file

@ -50,13 +50,21 @@ func (n *Namespace) CanRead(user *User) bool {
// CanUpdate checks if the user can update the namespace // CanUpdate checks if the user can update the namespace
func (n *Namespace) CanUpdate(user *User) bool { func (n *Namespace) CanUpdate(user *User) bool {
nn, _ := GetNamespaceByID(n.ID) nn, err := GetNamespaceByID(n.ID)
if err != nil {
Log.Error("Error occurred during CanUpdate for Namespace: %s", err)
return false
}
return nn.IsAdmin(user) return nn.IsAdmin(user)
} }
// CanDelete checks if the user can delete a namespace // CanDelete checks if the user can delete a namespace
func (n *Namespace) CanDelete(user *User) bool { func (n *Namespace) CanDelete(user *User) bool {
nn, _ := GetNamespaceByID(n.ID) nn, err := GetNamespaceByID(n.ID)
if err != nil {
Log.Error("Error occurred during CanDelete for Namespace: %s", err)
return false
}
return nn.IsAdmin(user) return nn.IsAdmin(user)
} }
@ -75,8 +83,8 @@ func (n *Namespace) checkTeamRights(user *User, r TeamRight) bool {
"AND ((team_members.user_id = ? AND team_namespaces.right = ?) "+ "AND ((team_members.user_id = ? AND team_namespaces.right = ?) "+
"OR namespaces.owner_id = ? ", n.ID, user.ID, r, user.ID). "OR namespaces.owner_id = ? ", n.ID, user.ID, r, user.ID).
Get(&Namespace{}) Get(&Namespace{})
if err != nil { if err != nil {
Log.Error("Error occurred during checkTeamRights for Namespace: %s, TeamRight: %d", err, r)
return false return false
} }
@ -91,8 +99,8 @@ func (n *Namespace) checkUserRights(user *User, r UserRight) bool {
"namespaces.owner_id = ? "+ "namespaces.owner_id = ? "+
"OR (users_namespace.user_id = ? AND users_namespace.right = ?))", n.ID, user.ID, user.ID, r). "OR (users_namespace.user_id = ? AND users_namespace.right = ?))", n.ID, user.ID, user.ID, r).
Get(&Namespace{}) Get(&Namespace{})
if err != nil { if err != nil {
Log.Error("Error occurred during checkUserRights for Namespace: %s, UserRight: %d", err, r)
return false return false
} }

View file

@ -3,20 +3,32 @@ package models
// CanCreate checks if the user can create a new user <-> namespace relation // CanCreate checks if the user can create a new user <-> namespace relation
func (nu *NamespaceUser) CanCreate(doer *User) bool { func (nu *NamespaceUser) CanCreate(doer *User) bool {
// Get the namespace and check if the user has write access on it // Get the namespace and check if the user has write access on it
n, _ := GetNamespaceByID(nu.NamespaceID) n, err := GetNamespaceByID(nu.NamespaceID)
if err != nil {
Log.Error("Error occurred during CanCreate for NamespaceUser: %s", err)
return false
}
return n.CanWrite(doer) return n.CanWrite(doer)
} }
// CanDelete checks if the user can delete a user <-> namespace relation // CanDelete checks if the user can delete a user <-> namespace relation
func (nu *NamespaceUser) CanDelete(doer *User) bool { func (nu *NamespaceUser) CanDelete(doer *User) bool {
// Get the namespace and check if the user has write access on it // Get the namespace and check if the user has write access on it
n, _ := GetNamespaceByID(nu.NamespaceID) n, err := GetNamespaceByID(nu.NamespaceID)
if err != nil {
Log.Error("Error occurred during CanCreate for NamespaceUser: %s", err)
return false
}
return n.CanWrite(doer) return n.CanWrite(doer)
} }
// CanUpdate checks if the user can update a user <-> namespace relation // CanUpdate checks if the user can update a user <-> namespace relation
func (nu *NamespaceUser) CanUpdate(doer *User) bool { func (nu *NamespaceUser) CanUpdate(doer *User) bool {
// Get the namespace and check if the user has write access on it // Get the namespace and check if the user has write access on it
n, _ := GetNamespaceByID(nu.NamespaceID) n, err := GetNamespaceByID(nu.NamespaceID)
if err != nil {
Log.Error("Error occurred during CanCreate for NamespaceUser: %s", err)
return false
}
return n.CanWrite(doer) return n.CanWrite(doer)
} }

View file

@ -12,9 +12,12 @@ func (tm *TeamMember) CanDelete(user *User) bool {
// IsAdmin checks if the user is team admin // IsAdmin checks if the user is team admin
func (tm *TeamMember) IsAdmin(user *User) bool { func (tm *TeamMember) IsAdmin(user *User) bool {
// A user can add a member to a team if he is admin of that team // A user can add a member to a team if he is admin of that team
exists, _ := x.Where("user_id = ? AND team_id = ? AND admin = ?", user.ID, tm.TeamID, true). exists, err := x.Where("user_id = ? AND team_id = ? AND admin = ?", user.ID, tm.TeamID, true).
Get(&TeamMember{}) Get(&TeamMember{})
if err != nil {
Log.Error("Error occurred during IsAdmin for TeamMember: %s", err)
return false
}
return exists return exists
} }

View file

@ -2,18 +2,30 @@ package models
// CanCreate checks if one can create a new team <-> namespace relation // CanCreate checks if one can create a new team <-> namespace relation
func (tn *TeamNamespace) CanCreate(user *User) bool { func (tn *TeamNamespace) CanCreate(user *User) bool {
n, _ := GetNamespaceByID(tn.NamespaceID) n, err := GetNamespaceByID(tn.NamespaceID)
if err != nil {
Log.Error("Error occurred during CanCreate for TeamNamespace: %s", err)
return false
}
return n.IsAdmin(user) return n.IsAdmin(user)
} }
// CanDelete checks if a user can remove a team from a namespace. Only namespace admins can do that. // CanDelete checks if a user can remove a team from a namespace. Only namespace admins can do that.
func (tn *TeamNamespace) CanDelete(user *User) bool { func (tn *TeamNamespace) CanDelete(user *User) bool {
n, _ := GetNamespaceByID(tn.NamespaceID) n, err := GetNamespaceByID(tn.NamespaceID)
if err != nil {
Log.Error("Error occurred during CanDelete for TeamNamespace: %s", err)
return false
}
return n.IsAdmin(user) return n.IsAdmin(user)
} }
// CanUpdate checks if a user can update a team from a namespace. Only namespace admins can do that. // CanUpdate checks if a user can update a team from a namespace. Only namespace admins can do that.
func (tn *TeamNamespace) CanUpdate(user *User) bool { func (tn *TeamNamespace) CanUpdate(user *User) bool {
n, _ := GetNamespaceByID(tn.NamespaceID) n, err := GetNamespaceByID(tn.NamespaceID)
if err != nil {
Log.Error("Error occurred during CanUpdate for TeamNamespace: %s", err)
return false
}
return n.IsAdmin(user) return n.IsAdmin(user)
} }

View file

@ -36,34 +36,45 @@ func (t *Team) CanCreate(user *User) bool {
func (t *Team) CanUpdate(user *User) bool { func (t *Team) CanUpdate(user *User) bool {
// Check if the current user is in the team and has admin rights in it // Check if the current user is in the team and has admin rights in it
exists, _ := x.Where("team_id = ?", t.ID). exists, err := x.Where("team_id = ?", t.ID).
And("user_id = ?", user.ID). And("user_id = ?", user.ID).
And("admin = ?", true). And("admin = ?", true).
Get(&TeamMember{}) Get(&TeamMember{})
if err != nil {
Log.Error("Error occurred during CanUpdate for Team: %s", err)
return false
}
return exists return exists
} }
// CanDelete checks if a user can delete a team // CanDelete checks if a user can delete a team
func (t *Team) CanDelete(user *User) bool { func (t *Team) CanDelete(user *User) bool {
//t.ID = id
return t.IsAdmin(user) return t.IsAdmin(user)
} }
// IsAdmin returns true when the user is admin of a team // IsAdmin returns true when the user is admin of a team
func (t *Team) IsAdmin(user *User) bool { func (t *Team) IsAdmin(user *User) bool {
exists, _ := x.Where("team_id = ?", t.ID). exists, err := x.Where("team_id = ?", t.ID).
And("user_id = ?", user.ID). And("user_id = ?", user.ID).
And("admin = ?", true). And("admin = ?", true).
Get(&TeamMember{}) Get(&TeamMember{})
if err != nil {
Log.Error("Error occurred during CanUpdate for Team: %s", err)
return false
}
return exists return exists
} }
// CanRead returns true if the user has read access to the team // CanRead returns true if the user has read access to the team
func (t *Team) CanRead(user *User) bool { func (t *Team) CanRead(user *User) bool {
// Check if the user is in the team // Check if the user is in the team
exists, _ := x.Where("team_id = ?", t.ID). exists, err := x.Where("team_id = ?", t.ID).
And("user_id = ?", user.ID). And("user_id = ?", user.ID).
Get(&TeamMember{}) Get(&TeamMember{})
if err != nil {
Log.Error("Error occurred during CanUpdate for Team: %s", err)
return false
}
return exists return exists
} }