Implemented proper check for team rights on lists

This commit is contained in:
kolaente 2018-07-25 00:40:24 +02:00 committed by konrad
parent 7dc8699cbd
commit f36eeb662a
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
3 changed files with 24 additions and 45 deletions

View file

@ -120,9 +120,9 @@ Teams sind global, d.h. Ein Team kann mehrere Namespaces verwalten.
#### v0.2
* [ ] Listen teilbar
* [x] Listen teilbar
* [ ] Mit anderen Nutzern
* [ ] Teams
* [x] Teams
* [ ] Mit Link
* [ ] Offen
* [ ] Passwortgeschützt

View file

@ -69,6 +69,7 @@ func (l *List) ReadAll(user *User) (interface{}, error) {
Where("tm.user_id = ?", fullUser.ID).
Or("tm2.user_id = ?", fullUser.ID).
Or("l.owner_id = ?", fullUser.ID).
GroupBy("l.id").
Find(&lists)
return lists, err

View file

@ -7,17 +7,7 @@ func (l *List) IsAdmin(user *User) bool {
return true
}
// Check Team rights
// aka "is the user in a team which has admin rights?"
// TODO
// Check Namespace rights
// TODO
// Check individual rights
// TODO
return false
return l.checkListTeamRight(user, TeamRightAdmin)
}
// CanWrite return whether the user can write on that list or not
@ -32,17 +22,7 @@ func (l *List) CanWrite(user *User) bool {
return true
}
// Check Namespace rights
// TODO
// TODO find a way to prioritize: what happens if a user has namespace write access but is not in that list?
// Check Team rights
// TODO
// Check individual rights
// TODO
return false
return l.checkListTeamRight(user, TeamRightWrite)
}
// CanRead checks if a user has read access to a list
@ -57,27 +37,7 @@ func (l *List) CanRead(user *User) bool {
return true
}
// Check Namespace rights
exists, _ := x.Select("list.*").
Table("namespaces").
Join("INNER", "list", "list.namespace_id = namespaces.id").
Join("INNER", "team_namespaces", "team_namespaces.namespace_id = namespaces.id").
Join("INNER", "team_members", "team_members.team_id = team_namespaces.team_id").
Where("team_members.user_id = ?", user.ID).
And("list.id = ?", l.ID).
Get(&List{})
if exists {
return true
}
// Check Team rights
// TODO
// Check individual rights
// TODO
return false
return l.checkListTeamRight(user, TeamRightRead)
}
// CanDelete checks if the user can delete a list
@ -98,3 +58,21 @@ func (l *List) CanCreate(doer *User) bool {
n, _ := GetNamespaceByID(l.NamespaceID)
return n.CanWrite(doer)
}
func (l *List) checkListTeamRight(user *User, r TeamRight) bool {
exists, err := x.Select("l.*").
Table("list").
Alias("l").
Join("LEFT", []string{"team_namespaces", "tn"}, "tn.namespace_id = tn.id").
Join("LEFT", []string{"team_members", "tm"}, "tm.team_id = tn.team_id").
Join("LEFT", []string{"team_list", "tl"}, "l.id = tl.list_id").
Join("LEFT", []string{"team_members", "tm2"}, "tm2.team_id = tl.team_id").
Where("((tm.user_id = ? AND tn.right = ?) OR (tm2.user_id = ? AND tl.rights = ?)) AND l.id = ?",
user.ID, r, user.ID, r, l.ID).
Get(&List{})
if err != nil {
return false
}
return exists
}