Implemented proper check for team rights on lists
This commit is contained in:
parent
7dc8699cbd
commit
f36eeb662a
3 changed files with 24 additions and 45 deletions
|
@ -120,9 +120,9 @@ Teams sind global, d.h. Ein Team kann mehrere Namespaces verwalten.
|
|||
|
||||
#### v0.2
|
||||
|
||||
* [ ] Listen teilbar
|
||||
* [x] Listen teilbar
|
||||
* [ ] Mit anderen Nutzern
|
||||
* [ ] Teams
|
||||
* [x] Teams
|
||||
* [ ] Mit Link
|
||||
* [ ] Offen
|
||||
* [ ] Passwortgeschützt
|
||||
|
|
|
@ -69,6 +69,7 @@ func (l *List) ReadAll(user *User) (interface{}, error) {
|
|||
Where("tm.user_id = ?", fullUser.ID).
|
||||
Or("tm2.user_id = ?", fullUser.ID).
|
||||
Or("l.owner_id = ?", fullUser.ID).
|
||||
GroupBy("l.id").
|
||||
Find(&lists)
|
||||
|
||||
return lists, err
|
||||
|
|
|
@ -7,17 +7,7 @@ func (l *List) IsAdmin(user *User) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
// Check Team rights
|
||||
// aka "is the user in a team which has admin rights?"
|
||||
// TODO
|
||||
|
||||
// Check Namespace rights
|
||||
// TODO
|
||||
|
||||
// Check individual rights
|
||||
// TODO
|
||||
|
||||
return false
|
||||
return l.checkListTeamRight(user, TeamRightAdmin)
|
||||
}
|
||||
|
||||
// CanWrite return whether the user can write on that list or not
|
||||
|
@ -32,17 +22,7 @@ func (l *List) CanWrite(user *User) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
// Check Namespace rights
|
||||
// TODO
|
||||
// TODO find a way to prioritize: what happens if a user has namespace write access but is not in that list?
|
||||
|
||||
// Check Team rights
|
||||
// TODO
|
||||
|
||||
// Check individual rights
|
||||
// TODO
|
||||
|
||||
return false
|
||||
return l.checkListTeamRight(user, TeamRightWrite)
|
||||
}
|
||||
|
||||
// CanRead checks if a user has read access to a list
|
||||
|
@ -57,27 +37,7 @@ func (l *List) CanRead(user *User) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
// Check Namespace rights
|
||||
exists, _ := x.Select("list.*").
|
||||
Table("namespaces").
|
||||
Join("INNER", "list", "list.namespace_id = namespaces.id").
|
||||
Join("INNER", "team_namespaces", "team_namespaces.namespace_id = namespaces.id").
|
||||
Join("INNER", "team_members", "team_members.team_id = team_namespaces.team_id").
|
||||
Where("team_members.user_id = ?", user.ID).
|
||||
And("list.id = ?", l.ID).
|
||||
Get(&List{})
|
||||
|
||||
if exists {
|
||||
return true
|
||||
}
|
||||
|
||||
// Check Team rights
|
||||
// TODO
|
||||
|
||||
// Check individual rights
|
||||
// TODO
|
||||
|
||||
return false
|
||||
return l.checkListTeamRight(user, TeamRightRead)
|
||||
}
|
||||
|
||||
// CanDelete checks if the user can delete a list
|
||||
|
@ -98,3 +58,21 @@ func (l *List) CanCreate(doer *User) bool {
|
|||
n, _ := GetNamespaceByID(l.NamespaceID)
|
||||
return n.CanWrite(doer)
|
||||
}
|
||||
|
||||
func (l *List) checkListTeamRight(user *User, r TeamRight) bool {
|
||||
exists, err := x.Select("l.*").
|
||||
Table("list").
|
||||
Alias("l").
|
||||
Join("LEFT", []string{"team_namespaces", "tn"}, "tn.namespace_id = tn.id").
|
||||
Join("LEFT", []string{"team_members", "tm"}, "tm.team_id = tn.team_id").
|
||||
Join("LEFT", []string{"team_list", "tl"}, "l.id = tl.list_id").
|
||||
Join("LEFT", []string{"team_members", "tm2"}, "tm2.team_id = tl.team_id").
|
||||
Where("((tm.user_id = ? AND tn.right = ?) OR (tm2.user_id = ? AND tl.rights = ?)) AND l.id = ?",
|
||||
user.ID, r, user.ID, r, l.ID).
|
||||
Get(&List{})
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
return exists
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue