Semaphore/api/projects/users.go

203 lines
5.1 KiB
Go
Raw Normal View History

2016-04-02 14:40:07 +02:00
package projects
import (
2023-09-17 16:15:44 +02:00
"fmt"
"net/http"
"github.com/ansible-semaphore/semaphore/api/helpers"
"github.com/ansible-semaphore/semaphore/db"
2023-09-18 19:46:55 +02:00
"github.com/gorilla/context"
2016-04-02 14:40:07 +02:00
)
// UserMiddleware ensures a user exists and loads it to the context
func UserMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
project := context.Get(r, "project").(db.Project)
userID, err := helpers.GetIntParam("user_id", w, r)
if err != nil {
return
}
2020-12-17 15:00:05 +01:00
_, err = helpers.Store(r).GetProjectUser(project.ID, userID)
2020-12-17 15:00:05 +01:00
if err != nil {
helpers.WriteError(w, err)
return
}
user, err := helpers.Store(r).GetUser(userID)
if err != nil {
helpers.WriteError(w, err)
return
}
context.Set(r, "projectUser", user)
next.ServeHTTP(w, r)
})
2016-04-04 15:44:34 +02:00
}
2023-09-18 19:46:55 +02:00
type projUser struct {
ID int `json:"id"`
Username string `json:"username"`
Name string `json:"name"`
Role db.ProjectUserRole `json:"role"`
}
// GetUsers returns all users in a project
func GetUsers(w http.ResponseWriter, r *http.Request) {
2020-12-04 23:22:05 +01:00
// get single user if user ID specified in the request
2020-11-03 21:56:22 +01:00
if user := context.Get(r, "projectUser"); user != nil {
helpers.WriteJSON(w, http.StatusOK, user.(db.User))
2020-11-03 21:56:22 +01:00
return
}
project := context.Get(r, "project").(db.Project)
2021-10-13 16:33:07 +02:00
users, err := helpers.Store(r).GetProjectUsers(project.ID, helpers.QueryParams(r.URL))
2020-12-17 15:00:05 +01:00
if err != nil {
helpers.WriteError(w, err)
return
}
2023-09-18 22:04:23 +02:00
var result = make([]projUser, 0)
2023-09-18 19:46:55 +02:00
for _, user := range users {
result = append(result, projUser{
ID: user.ID,
Name: user.Name,
Username: user.Username,
Role: user.Role,
})
}
helpers.WriteJSON(w, http.StatusOK, result)
2016-04-02 14:40:07 +02:00
}
// AddUser adds a user to a projects team in the database
func AddUser(w http.ResponseWriter, r *http.Request) {
project := context.Get(r, "project").(db.Project)
2021-08-20 08:28:50 +02:00
var projectUser struct {
UserID int `json:"user_id" binding:"required"`
Role db.ProjectUserRole `json:"role"`
}
2021-08-20 08:28:50 +02:00
if !helpers.Bind(w, r, &projectUser) {
return
}
if !projectUser.Role.IsValid() {
w.WriteHeader(http.StatusBadRequest)
return
}
_, err := helpers.Store(r).CreateProjectUser(db.ProjectUser{
ProjectID: project.ID,
UserID: projectUser.UserID,
Role: projectUser.Role,
})
if err != nil {
w.WriteHeader(http.StatusConflict)
return
}
helpers.EventLog(r, helpers.EventLogCreate, helpers.EventLogItem{
UserID: helpers.UserFromContext(r).ID,
ProjectID: project.ID,
ObjectType: db.EventUser,
ObjectID: projectUser.UserID,
Description: fmt.Sprintf("User ID %d added to team", projectUser.UserID),
})
w.WriteHeader(http.StatusNoContent)
2016-04-02 14:40:07 +02:00
}
2023-09-18 21:43:13 +02:00
// removeUser removes a user from a project team
func removeUser(targetUser db.User, w http.ResponseWriter, r *http.Request) {
project := context.Get(r, "project").(db.Project)
2023-09-18 21:43:13 +02:00
me := context.Get(r, "user").(*db.User) // logged in user
myRole := context.Get(r, "projectUserRole").(db.ProjectUserRole)
2023-09-18 21:43:13 +02:00
if !me.Admin && targetUser.ID == me.ID && myRole == db.ProjectOwner {
2023-09-17 16:15:44 +02:00
helpers.WriteError(w, fmt.Errorf("owner can not left the project"))
return
}
err := helpers.Store(r).DeleteProjectUser(project.ID, targetUser.ID)
if err != nil {
2020-12-17 15:00:05 +01:00
helpers.WriteError(w, err)
return
}
helpers.EventLog(r, helpers.EventLogDelete, helpers.EventLogItem{
UserID: helpers.UserFromContext(r).ID,
ProjectID: project.ID,
ObjectType: db.EventUser,
ObjectID: targetUser.ID,
Description: fmt.Sprintf("User ID %d removed from team", targetUser.ID),
})
w.WriteHeader(http.StatusNoContent)
2016-04-02 14:40:07 +02:00
}
2016-04-04 15:44:34 +02:00
2023-09-18 21:43:13 +02:00
// LeftProject removes a user from a project team
func LeftProject(w http.ResponseWriter, r *http.Request) {
me := context.Get(r, "user").(*db.User) // logged in user
removeUser(*me, w, r)
}
// RemoveUser removes a user from a project team
func RemoveUser(w http.ResponseWriter, r *http.Request) {
targetUser := context.Get(r, "projectUser").(db.User) // target user
removeUser(targetUser, w, r)
}
func UpdateUser(w http.ResponseWriter, r *http.Request) {
project := context.Get(r, "project").(db.Project)
2023-09-17 16:15:44 +02:00
me := context.Get(r, "user").(*db.User) // logged in user
targetUser := context.Get(r, "projectUser").(db.User)
targetUserRole := context.Get(r, "projectUserRole").(db.ProjectUserRole)
if !me.Admin && targetUser.ID == me.ID && targetUserRole == db.ProjectOwner {
helpers.WriteError(w, fmt.Errorf("owner can not change his role in the project"))
return
}
var projectUser struct {
Role db.ProjectUserRole `json:"role"`
}
if !helpers.Bind(w, r, &projectUser) {
return
}
2016-04-04 15:44:34 +02:00
if !projectUser.Role.IsValid() {
w.WriteHeader(http.StatusBadRequest)
return
}
err := helpers.Store(r).UpdateProjectUser(db.ProjectUser{
2023-09-17 16:15:44 +02:00
UserID: targetUser.ID,
ProjectID: project.ID,
Role: projectUser.Role,
})
2020-12-17 15:00:05 +01:00
if err != nil {
helpers.WriteError(w, err)
return
}
helpers.EventLog(r, helpers.EventLogUpdate, helpers.EventLogItem{
UserID: helpers.UserFromContext(r).ID,
ProjectID: project.ID,
ObjectType: db.EventUser,
ObjectID: targetUser.ID,
Description: fmt.Sprintf("Changed role for User ID %d", targetUser.ID),
})
w.WriteHeader(http.StatusNoContent)
2016-04-04 15:44:34 +02:00
}