local-it/vikunja-api
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Namespaces now respect user rights

Browse source
This commit is contained in:
kolaente 2018-09-06 08:46:34 +02:00
parent 521e7c3bef
commit c43db9929b
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
2 changed files with 32 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
models/namespace_rights.go
View file

@ -2,25 +2,29 @@ package models
// IsAdmin returns true or false if the user is admin on that namespace or not // IsAdmin returns true or false if the user is admin on that namespace or not
func (n *Namespace) IsAdmin(user *User) bool { func (n *Namespace) IsAdmin(user *User) bool {
// Owners always have admin rights // Owners always have admin rights
if user.ID == n.Owner.ID { if user.ID == n.Owner.ID {
return true return true
} }
// Check user rights
if n.checkUserRights(user, UserRightAdmin){
return true
}
// Check if that user is in a team which has admin rights to that namespace // Check if that user is in a team which has admin rights to that namespace
return n.checkTeamRights(user, TeamRightAdmin) return n.checkTeamRights(user, TeamRightAdmin)
} }
// CanWrite checks if a user has write access to a namespace // CanWrite checks if a user has write access to a namespace
func (n *Namespace) CanWrite(user *User) bool { func (n *Namespace) CanWrite(user *User) bool {
// Owners always have access // Admins always have write access
if user.ID == n.Owner.ID { if n.IsAdmin(user) {
return true return true
} }
// Admins always have write access // Check user rights
if n.IsAdmin(user) { if n.checkUserRights(user, UserRightWrite){
return true return true
} }
@ -30,13 +34,13 @@ func (n *Namespace) CanWrite(user *User) bool {
// CanRead checks if a user has read access to that namespace // CanRead checks if a user has read access to that namespace
func (n *Namespace) CanRead(user *User) bool { func (n *Namespace) CanRead(user *User) bool {
// Owners always have access // Admins always have read access
if user.ID == n.Owner.ID { if n.IsAdmin(user) {
return true return true
} }
// Admins always have read access // Check user rights
if n.IsAdmin(user) { if n.checkUserRights(user, UserRightRead){
return true return true
} }
@ -69,7 +73,23 @@ func (n *Namespace) checkTeamRights(user *User, r TeamRight) bool {
Join("LEFT", "team_members", "team_members.team_id = team_namespaces.team_id"). Join("LEFT", "team_members", "team_members.team_id = team_namespaces.team_id").
Where("namespaces.id = ? " + Where("namespaces.id = ? " +
"AND ((team_members.user_id = ? AND team_namespaces.right = ?) " + "AND ((team_members.user_id = ? AND team_namespaces.right = ?) " +
"OR namespaces.owner_id = ?)", n.ID, user.ID, r, user.ID). "OR namespaces.owner_id = ? ", n.ID, user.ID, r, user.ID).
Get(&Namespace{})
if err != nil {
return false
}
return exists
}
func (n *Namespace) checkUserRights(user *User, r UserRight) bool {
exists, err := x.Select("namespaces.*").
Table("namespaces").
Join("LEFT", "users_namespace", "users_namespace.namespace_id = namespaces.id").
Where("namespaces.id = ? " +
"OR namespaces.owner_id = ? " +
"OR (users_namespace.user_id = ? AND users_namespace.right = ?))", n.ID, user.ID, user.ID, r).
Get(&Namespace{}) Get(&Namespace{})
if err != nil { if err != nil {

2
models/namespaces.go
View file

@ -74,8 +74,10 @@ func (n *Namespace) ReadAll(doer *User) (interface{}, error) {
Table("namespaces"). Table("namespaces").
Join("LEFT", "team_namespaces", "namespaces.id = team_namespaces.namespace_id"). Join("LEFT", "team_namespaces", "namespaces.id = team_namespaces.namespace_id").
Join("LEFT", "team_members", "team_members.team_id = team_namespaces.team_id"). Join("LEFT", "team_members", "team_members.team_id = team_namespaces.team_id").
Join("LEFT", "users_namespace", "users_namespace.namespace_id = namespaces.id").
Where("team_members.user_id = ?", doer.ID). Where("team_members.user_id = ?", doer.ID).
Or("namespaces.owner_id = ?", doer.ID). Or("namespaces.owner_id = ?", doer.ID).
Or("users_namespace.user_id = ?", doer.ID).
GroupBy("namespaces.id"). GroupBy("namespaces.id").
Find(&all) Find(&all)