bd8c1c3bb7
Fix lint Update docs Fix loading all rights (list & namespace) Add tests Update web framework Make tests run again Update all calls to CanRead methods Update task attachment & task comment & task rights to return the max right Update team rights to return the max right Update namespace rights to return the max right Update list rights to return the max right Update link share rights to return the max right Update label rights to return the max right Update web dependency Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/626
246 lines
8 KiB
Go
246 lines
8 KiB
Go
// Copyright 2018-2020 Vikunja and contriubtors. All rights reserved.
|
|
//
|
|
// This file is part of Vikunja.
|
|
//
|
|
// Vikunja is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// Vikunja is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with Vikunja. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
package models
|
|
|
|
import (
|
|
"code.vikunja.io/api/pkg/user"
|
|
"code.vikunja.io/api/pkg/utils"
|
|
"code.vikunja.io/web"
|
|
"github.com/dgrijalva/jwt-go"
|
|
"time"
|
|
)
|
|
|
|
// SharingType holds the sharing type
|
|
type SharingType int
|
|
|
|
// These consts represent all valid link sharing types
|
|
const (
|
|
SharingTypeUnknown SharingType = iota
|
|
SharingTypeWithoutPassword
|
|
SharingTypeWithPassword
|
|
)
|
|
|
|
// LinkSharing represents a shared list
|
|
type LinkSharing struct {
|
|
// The ID of the shared thing
|
|
ID int64 `xorm:"int(11) autoincr not null unique pk" json:"id" param:"share"`
|
|
// The public id to get this shared list
|
|
Hash string `xorm:"varchar(40) not null unique" json:"hash" param:"hash"`
|
|
// The ID of the shared list
|
|
ListID int64 `xorm:"int(11) not null" json:"-" param:"list"`
|
|
// The right this list is shared with. 0 = Read only, 1 = Read & Write, 2 = Admin. See the docs for more details.
|
|
Right Right `xorm:"int(11) INDEX not null default 0" json:"right" valid:"length(0|2)" maximum:"2" default:"0"`
|
|
|
|
// The kind of this link. 0 = undefined, 1 = without password, 2 = with password (currently not implemented).
|
|
SharingType SharingType `xorm:"int(11) INDEX not null default 0" json:"sharing_type" valid:"length(0|2)" maximum:"2" default:"0"`
|
|
|
|
// The user who shared this list
|
|
SharedBy *user.User `xorm:"-" json:"shared_by"`
|
|
SharedByID int64 `xorm:"int(11) INDEX not null" json:"-"`
|
|
|
|
// A timestamp when this list was shared. You cannot change this value.
|
|
Created time.Time `xorm:"created not null" json:"created"`
|
|
// A timestamp when this share was last updated. You cannot change this value.
|
|
Updated time.Time `xorm:"updated not null" json:"updated"`
|
|
|
|
web.CRUDable `xorm:"-" json:"-"`
|
|
web.Rights `xorm:"-" json:"-"`
|
|
}
|
|
|
|
// TableName holds the table name
|
|
func (LinkSharing) TableName() string {
|
|
return "link_sharing"
|
|
}
|
|
|
|
// GetID returns the ID of the links sharing object
|
|
func (share *LinkSharing) GetID() int64 {
|
|
return share.ID
|
|
}
|
|
|
|
// GetLinkShareFromClaims builds a link sharing object from jwt claims
|
|
func GetLinkShareFromClaims(claims jwt.MapClaims) (share *LinkSharing, err error) {
|
|
share = &LinkSharing{}
|
|
share.ID = int64(claims["id"].(float64))
|
|
share.Hash = claims["hash"].(string)
|
|
share.ListID = int64(claims["list_id"].(float64))
|
|
share.Right = Right(claims["right"].(float64))
|
|
share.SharedByID = int64(claims["sharedByID"].(float64))
|
|
return
|
|
}
|
|
|
|
// Create creates a new link share for a given list
|
|
// @Summary Share a list via link
|
|
// @Description Share a list via link. The user needs to have write-access to the list to be able do this.
|
|
// @tags sharing
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Security JWTKeyAuth
|
|
// @Param list path int true "List ID"
|
|
// @Param label body models.LinkSharing true "The new link share object"
|
|
// @Success 200 {object} models.LinkSharing "The created link share object."
|
|
// @Failure 400 {object} web.HTTPError "Invalid link share object provided."
|
|
// @Failure 403 {object} web.HTTPError "Not allowed to add the list share."
|
|
// @Failure 404 {object} web.HTTPError "The list does not exist."
|
|
// @Failure 500 {object} models.Message "Internal error"
|
|
// @Router /lists/{list}/shares [put]
|
|
func (share *LinkSharing) Create(a web.Auth) (err error) {
|
|
|
|
err = share.Right.isValid()
|
|
if err != nil {
|
|
return
|
|
}
|
|
|
|
share.SharedByID = a.GetID()
|
|
share.Hash = utils.MakeRandomString(40)
|
|
_, err = x.Insert(share)
|
|
share.SharedBy, _ = user.GetFromAuth(a)
|
|
return
|
|
}
|
|
|
|
// ReadOne returns one share
|
|
// @Summary Get one link shares for a list
|
|
// @Description Returns one link share by its ID.
|
|
// @tags sharing
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param list path int true "List ID"
|
|
// @Param share path int true "Share ID"
|
|
// @Security JWTKeyAuth
|
|
// @Success 200 {object} models.LinkSharing "The share links"
|
|
// @Failure 403 {object} web.HTTPError "No access to the list"
|
|
// @Failure 404 {object} web.HTTPError "Share Link not found."
|
|
// @Failure 500 {object} models.Message "Internal error"
|
|
// @Router /lists/{list}/shares/{share} [get]
|
|
func (share *LinkSharing) ReadOne() (err error) {
|
|
exists, err := x.Where("id = ?", share.ID).Get(share)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if !exists {
|
|
return ErrListShareDoesNotExist{ID: share.ID, Hash: share.Hash}
|
|
}
|
|
return
|
|
}
|
|
|
|
// ReadAll returns all shares for a given list
|
|
// @Summary Get all link shares for a list
|
|
// @Description Returns all link shares which exist for a given list
|
|
// @tags sharing
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param list path int true "List ID"
|
|
// @Param page query int false "The page number. Used for pagination. If not provided, the first page of results is returned."
|
|
// @Param per_page query int false "The maximum number of items per page. Note this parameter is limited by the configured maximum of items per page."
|
|
// @Param s query string false "Search shares by hash."
|
|
// @Security JWTKeyAuth
|
|
// @Success 200 {array} models.LinkSharing "The share links"
|
|
// @Failure 500 {object} models.Message "Internal error"
|
|
// @Router /lists/{list}/shares [get]
|
|
func (share *LinkSharing) ReadAll(a web.Auth, search string, page int, perPage int) (result interface{}, resultCount int, totalItems int64, err error) {
|
|
list := &List{ID: share.ListID}
|
|
can, _, err := list.CanRead(a)
|
|
if err != nil {
|
|
return nil, 0, 0, err
|
|
}
|
|
if !can {
|
|
return nil, 0, 0, ErrGenericForbidden{}
|
|
}
|
|
|
|
limit, start := getLimitFromPageIndex(page, perPage)
|
|
|
|
var shares []*LinkSharing
|
|
query := x.
|
|
Where("list_id = ? AND hash LIKE ?", share.ListID, "%"+search+"%")
|
|
if limit > 0 {
|
|
query = query.Limit(limit, start)
|
|
}
|
|
err = query.Find(&shares)
|
|
if err != nil {
|
|
return nil, 0, 0, err
|
|
}
|
|
|
|
// Find all users and add them
|
|
var userIDs []int64
|
|
for _, s := range shares {
|
|
userIDs = append(userIDs, s.SharedByID)
|
|
}
|
|
|
|
users := make(map[int64]*user.User)
|
|
err = x.In("id", userIDs).Find(&users)
|
|
if err != nil {
|
|
return nil, 0, 0, err
|
|
}
|
|
|
|
for _, s := range shares {
|
|
s.SharedBy = users[s.SharedByID]
|
|
}
|
|
|
|
// Total count
|
|
totalItems, err = x.
|
|
Where("list_id = ? AND hash LIKE ?", share.ListID, "%"+search+"%").
|
|
Count(&LinkSharing{})
|
|
if err != nil {
|
|
return nil, 0, 0, err
|
|
}
|
|
|
|
return shares, len(shares), totalItems, err
|
|
}
|
|
|
|
// Delete removes a link share
|
|
// @Summary Remove a link share
|
|
// @Description Remove a link share. The user needs to have write-access to the list to be able do this.
|
|
// @tags sharing
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Security JWTKeyAuth
|
|
// @Param list path int true "List ID"
|
|
// @Param share path int true "Share Link ID"
|
|
// @Success 200 {object} models.Message "The link was successfully removed."
|
|
// @Failure 403 {object} web.HTTPError "Not allowed to remove the link."
|
|
// @Failure 404 {object} web.HTTPError "Share Link not found."
|
|
// @Failure 500 {object} models.Message "Internal error"
|
|
// @Router /lists/{list}/shares/{share} [delete]
|
|
func (share *LinkSharing) Delete() (err error) {
|
|
_, err = x.Where("id = ?", share.ID).Delete(share)
|
|
return
|
|
}
|
|
|
|
// GetLinkShareByHash returns a link share by hash
|
|
func GetLinkShareByHash(hash string) (share *LinkSharing, err error) {
|
|
share = &LinkSharing{}
|
|
has, err := x.Where("hash = ?", hash).Get(share)
|
|
if err != nil {
|
|
return
|
|
}
|
|
if !has {
|
|
return share, ErrListShareDoesNotExist{Hash: hash}
|
|
}
|
|
return
|
|
}
|
|
|
|
// GetListByShareHash returns a link share by its hash
|
|
func GetListByShareHash(hash string) (list *List, err error) {
|
|
share, err := GetLinkShareByHash(hash)
|
|
if err != nil {
|
|
return
|
|
}
|
|
|
|
list = &List{ID: share.ListID}
|
|
err = list.GetSimpleByID()
|
|
return
|
|
}
|