Added namespace user rights

2018-09-04 20:15:24 +02:00
parent 422662e3e1
commit f2758e239c
12 changed files with 179 additions and 4 deletions
--- a/models/error.go
+++ b/models/error.go
@ -415,6 +415,22 @@ func (err ErrTeamDoesNotHaveAccessToNamespace) Error() string {
 	return fmt.Sprintf("You need to have access to this namespace to do that [NamespaceID: %d, TeamID: %d]", err.NamespaceID, err.TeamID)
 }

+// ErrUserAlreadyHasNamespaceAccess represents an error where a user already has access to a namespace
+type ErrUserAlreadyHasNamespaceAccess struct {
+	UserID      int64
+	NamespaceID int64
+}
+
+// IsErrUserAlreadyHasNamespaceAccess checks if an error is ErrUserAlreadyHasNamespaceAccess.
+func IsErrUserAlreadyHasNamespaceAccess(err error) bool {
+	_, ok := err.(ErrUserAlreadyHasNamespaceAccess)
+	return ok
+}
+
+func (err ErrUserAlreadyHasNamespaceAccess) Error() string {
+	return fmt.Sprintf("This user already has access to that namespace. [User ID: %d, Namespace ID: %d]", err.UserID, err.NamespaceID)
+}
+
 // ============
 // Team errors
 // ============
--- a/models/list_users.go
+++ b/models/list_users.go
@ -5,7 +5,7 @@ type ListUser struct {
 	ID     int64     `xorm:"int(11) autoincr not null unique pk" json:"id" param:"namespace"`
 	UserID int64     `xorm:"int(11) not null" json:"user_id" param:"user"`
 	ListID int64     `xorm:"int(11) not null" json:"list_id" param:"list"`
-	Right  TeamRight `xorm:"int(11)" json:"right"`
+	Right  UserRight `xorm:"int(11)" json:"right"`

 	Created int64 `xorm:"created" json:"created"`
 	Updated int64 `xorm:"updated" json:"updated"`
--- a/models/models.go
+++ b/models/models.go
@ -41,6 +41,7 @@ func init() {
 		new(TeamNamespace),
 		new(Namespace),
 		new(ListUser),
+		new(NamespaceUser),
 	)
 }

--- a/models/namespace_users.go
+++ b/models/namespace_users.go
@ -0,0 +1,20 @@
+package models
+
+// NamespaceUser represents a namespace <-> user relation
+type NamespaceUser struct {
+	ID          int64     `xorm:"int(11) autoincr not null unique pk" json:"id" param:"namespace"`
+	UserID      int64     `xorm:"int(11) not null" json:"user_id" param:"user"`
+	NamespaceID int64     `xorm:"int(11) not null" json:"namespace_id" param:"namespace"`
+	Right       UserRight `xorm:"int(11)" json:"right"`
+
+	Created int64 `xorm:"created" json:"created"`
+	Updated int64 `xorm:"updated" json:"updated"`
+
+	CRUDable `xorm:"-" json:"-"`
+	Rights   `xorm:"-" json:"-"`
+}
+
+// TableName is the table name for NamespaceUser
+func (NamespaceUser) TableName() string {
+	return "users_namespace"
+}
--- a/models/namespace_users_create.go
+++ b/models/namespace_users_create.go
@ -0,0 +1,40 @@
+package models
+
+// Create creates a new namespace <-> user relation
+func (un *NamespaceUser) Create(user *User) (err error) {
+
+	// Check if the right is valid
+	if err := un.Right.isValid(); err != nil {
+		return err
+	}
+
+	// Check if the namespace exists
+	l, err := GetNamespaceByID(un.NamespaceID)
+	if err != nil {
+		return
+	}
+
+	// Check if the user exists
+	if _, err = GetUserByID(un.UserID); err != nil {
+		return err
+	}
+
+	// Check if the user already has access or is owner of that namespace
+	// We explicitly DO NOT check for teams here
+	if l.OwnerID == un.UserID {
+		return ErrUserAlreadyHasNamespaceAccess{UserID: un.UserID, NamespaceID: un.NamespaceID}
+	}
+
+	exist, err := x.Where("namespace_id = ? AND user_id = ?", un.NamespaceID, un.UserID).Get(&NamespaceUser{})
+	if err != nil {
+		return
+	}
+	if exist {
+		return ErrUserAlreadyHasNamespaceAccess{UserID: un.UserID, NamespaceID: un.NamespaceID}
+	}
+
+	// Insert user <-> namespace relation
+	_, err = x.Insert(un)
+
+	return
+}
--- a/models/namespace_users_delete.go
+++ b/models/namespace_users_delete.go
@ -0,0 +1,25 @@
+package models
+
+// Delete deletes a namespace <-> user relation
+func (nu *NamespaceUser) Delete() (err error) {
+
+	// Check if the user exists
+	_, err = GetUserByID(nu.UserID)
+	if err != nil {
+		return
+	}
+
+	// Check if the user has access to the namespace
+	has, err := x.Where("user_id = ? AND namespace_id = ?", nu.UserID, nu.NamespaceID).
+		Get(&NamespaceUser{})
+	if err != nil {
+		return
+	}
+	if !has {
+		return ErrUserDoesNotHaveAccessToNamespace{NamespaceID: nu.NamespaceID, UserID: nu.UserID}
+	}
+
+	_, err = x.Where("user_id = ? AND namespace_id = ?", nu.UserID, nu.NamespaceID).
+		Delete(&NamespaceUser{})
+	return
+}
--- a/models/namespace_users_readall.go
+++ b/models/namespace_users_readall.go
@ -0,0 +1,23 @@
+package models
+
+// ReadAll gets all users who have access to a namespace
+func (un *NamespaceUser) ReadAll(user *User) (interface{}, error) {
+	// Check if the user has access to the namespace
+	l, err := GetNamespaceByID(un.NamespaceID)
+	if err != nil {
+		return nil, err
+	}
+	if !l.CanRead(user) {
+		return nil, ErrNeedToHaveNamespaceReadAccess{}
+	}
+
+	// Get all users
+	all := []*User{}
+	err = x.
+		Select("users.*").
+		Join("INNER", "users_namespace", "user_id = users.id").
+		Where("users_namespace.namespace_id = ?", un.NamespaceID).
+		Find(&all)
+
+	return all, err
+}
--- a/models/namespace_users_rights.go
+++ b/models/namespace_users_rights.go
@ -0,0 +1,15 @@
+package models
+
+// CanCreate checks if the user can create a new user <-> namespace relation
+func (nu *NamespaceUser) CanCreate(doer *User) bool {
+	// Get the namespace and check if the user has write access on it
+	n, _ := GetNamespaceByID(nu.NamespaceID)
+	return n.CanWrite(doer)
+}
+
+// CanDelete checks if the user can delete a user <-> namespace relation
+func (nu *NamespaceUser) CanDelete(doer *User) bool {
+	// Get the namespace and check if the user has write access on it
+	n, _ := GetNamespaceByID(nu.NamespaceID)
+	return n.CanWrite(doer)
+}