100 lines
2.2 KiB
Go
100 lines
2.2 KiB
Go
package models
|
|
|
|
// IsAdmin returns whether the user has admin rights on the list or not
|
|
func (l *List) IsAdmin(user *User) bool {
|
|
// Owners are always admins
|
|
if l.Owner.ID == user.ID {
|
|
return true
|
|
}
|
|
|
|
// Check Team rights
|
|
// aka "is the user in a team which has admin rights?"
|
|
// TODO
|
|
|
|
// Check Namespace rights
|
|
// TODO
|
|
|
|
// Check individual rights
|
|
// TODO
|
|
|
|
return false
|
|
}
|
|
|
|
// CanWrite return whether the user can write on that list or not
|
|
func (l *List) CanWrite(user *User) bool {
|
|
// Owners always have write access
|
|
if l.Owner.ID == user.ID {
|
|
return true
|
|
}
|
|
|
|
// Admins always have write access
|
|
if l.IsAdmin(user) {
|
|
return true
|
|
}
|
|
|
|
// Check Namespace rights
|
|
// TODO
|
|
// TODO find a way to prioritize: what happens if a user has namespace write access but is not in that list?
|
|
|
|
// Check Team rights
|
|
// TODO
|
|
|
|
// Check individual rights
|
|
// TODO
|
|
|
|
return false
|
|
}
|
|
|
|
// CanRead checks if a user has read access to a list
|
|
func (l *List) CanRead(user *User) bool {
|
|
// Owners always have read access
|
|
if l.Owner.ID == user.ID {
|
|
return true
|
|
}
|
|
|
|
// Admins always have read access
|
|
if l.IsAdmin(user) {
|
|
return true
|
|
}
|
|
|
|
// Check Namespace rights
|
|
exists, _ := x.Select("list.*").
|
|
Table("namespaces").
|
|
Join("INNER", "list", "list.namespace_id = namespaces.id").
|
|
Join("INNER", "team_namespaces", "team_namespaces.namespace_id = namespaces.id").
|
|
Join("INNER", "team_members", "team_members.team_id = team_namespaces.team_id").
|
|
Where("team_members.user_id = ?", user.ID).
|
|
And("list.id = ?", l.ID).
|
|
Get(&List{})
|
|
|
|
if exists {
|
|
return true
|
|
}
|
|
|
|
// Check Team rights
|
|
// TODO
|
|
|
|
// Check individual rights
|
|
// TODO
|
|
|
|
return false
|
|
}
|
|
|
|
// CanDelete checks if the user can delete a list
|
|
func (l *List) CanDelete(doer *User, id int64) bool {
|
|
list, _ := GetListByID(id)
|
|
return list.IsAdmin(doer)
|
|
}
|
|
|
|
// CanUpdate checks if the user can update a list
|
|
func (l *List) CanUpdate(doer *User, id int64) bool {
|
|
list, _ := GetListByID(id)
|
|
return list.CanWrite(doer)
|
|
}
|
|
|
|
// CanCreate checks if the user can update a list
|
|
func (l *List) CanCreate(doer *User, nID int64) bool {
|
|
// A user can create a list if he has write access to the namespace
|
|
n, _ := GetNamespaceByID(nID)
|
|
return n.CanWrite(doer)
|
|
}
|