diff --git a/api-docs.yml b/api-docs.yml index b4c8b1fb..1c182f24 100644 --- a/api-docs.yml +++ b/api-docs.yml @@ -928,6 +928,26 @@ paths: 204: description: Project deleted + + /project/{project_id}/permissions: + parameters: + - $ref: "#/parameters/project_id" + get: + tags: + - project + summary: Fetch permissions of the current user for project + responses: + 200: + description: Permissions + schema: + type: object + properties: + role: + type: string + permissions: + type: number + + /project/{project_id}/events: parameters: - $ref: '#/parameters/project_id' diff --git a/api/projects/project.go b/api/projects/project.go index 866a14af..6dcadede 100644 --- a/api/projects/project.go +++ b/api/projects/project.go @@ -44,8 +44,8 @@ func ProjectMiddleware(next http.Handler) http.Handler { }) } -// GetMustCanMiddlewareFor ensures that the user has administrator rights -func GetMustCanMiddlewareFor(permissions db.ProjectUserPermission) mux.MiddlewareFunc { +// GetMustCanMiddleware ensures that the user has administrator rights +func GetMustCanMiddleware(permissions db.ProjectUserPermission) mux.MiddlewareFunc { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { user := context.Get(r, "user").(*db.User) @@ -63,13 +63,17 @@ func GetMustCanMiddlewareFor(permissions db.ProjectUserPermission) mux.Middlewar // GetProject returns a project details func GetProject(w http.ResponseWriter, r *http.Request) { - var project struct { - db.Project - UserPermissions db.ProjectUserPermission `json:"userPermissions"` + helpers.WriteJSON(w, http.StatusOK, context.Get(r, "project")) +} + +func GetUserRole(w http.ResponseWriter, r *http.Request) { + var permissions struct { + Role db.ProjectUserRole `json:"role"` + Permissions db.ProjectUserPermission `json:"permissions"` } - project.Project = context.Get(r, "project").(db.Project) - project.UserPermissions = context.Get(r, "projectUserRole").(db.ProjectUserRole).GetPermissions() - helpers.WriteJSON(w, http.StatusOK, project) + permissions.Role = context.Get(r, "projectUserRole").(db.ProjectUserRole) + permissions.Permissions = permissions.Role.GetPermissions() + helpers.WriteJSON(w, http.StatusOK, permissions) } // UpdateProject saves updated project details to the database diff --git a/api/router.go b/api/router.go index 5c63a86f..3a055882 100644 --- a/api/router.go +++ b/api/router.go @@ -128,17 +128,19 @@ func Route() *mux.Router { // // Start and Stop tasks projectTaskStart := authenticatedAPI.PathPrefix("/project/{project_id}").Subrouter() - projectTaskStart.Use(projects.ProjectMiddleware, projects.GetMustCanMiddlewareFor(db.CanRunProjectTasks)) + projectTaskStart.Use(projects.ProjectMiddleware, projects.GetMustCanMiddleware(db.CanRunProjectTasks)) projectTaskStart.Path("/tasks").HandlerFunc(projects.AddTask).Methods("POST") projectTaskStop := authenticatedAPI.PathPrefix("/tasks").Subrouter() - projectTaskStop.Use(projects.ProjectMiddleware, projects.GetTaskMiddleware, projects.GetMustCanMiddlewareFor(db.CanRunProjectTasks)) + projectTaskStop.Use(projects.ProjectMiddleware, projects.GetTaskMiddleware, projects.GetMustCanMiddleware(db.CanRunProjectTasks)) projectTaskStop.HandleFunc("/{task_id}/stop", projects.StopTask).Methods("POST") // // Project resources CRUD projectUserAPI := authenticatedAPI.PathPrefix("/project/{project_id}").Subrouter() - projectUserAPI.Use(projects.ProjectMiddleware, projects.GetMustCanMiddlewareFor(db.CanManageProjectResources)) + projectUserAPI.Use(projects.ProjectMiddleware, projects.GetMustCanMiddleware(db.CanManageProjectResources)) + + projectUserAPI.Path("/role").HandlerFunc(projects.GetUserRole).Methods("GET", "HEAD") projectUserAPI.Path("/events").HandlerFunc(getAllEvents).Methods("GET", "HEAD") projectUserAPI.HandleFunc("/events/last", getLastEvents).Methods("GET", "HEAD") @@ -173,14 +175,14 @@ func Route() *mux.Router { // // Updating and deleting project projectAdminAPI := authenticatedAPI.Path("/project/{project_id}").Subrouter() - projectAdminAPI.Use(projects.ProjectMiddleware, projects.GetMustCanMiddlewareFor(db.CanUpdateProject)) + projectAdminAPI.Use(projects.ProjectMiddleware, projects.GetMustCanMiddleware(db.CanUpdateProject)) projectAdminAPI.Methods("PUT").HandlerFunc(projects.UpdateProject) projectAdminAPI.Methods("DELETE").HandlerFunc(projects.DeleteProject) // // Manage project users projectAdminUsersAPI := authenticatedAPI.PathPrefix("/project/{project_id}").Subrouter() - projectAdminUsersAPI.Use(projects.ProjectMiddleware, projects.GetMustCanMiddlewareFor(db.CanManageProjectUsers)) + projectAdminUsersAPI.Use(projects.ProjectMiddleware, projects.GetMustCanMiddleware(db.CanManageProjectUsers)) projectAdminUsersAPI.Path("/users").HandlerFunc(projects.AddUser).Methods("POST") projectUserManagement := projectAdminUsersAPI.PathPrefix("/users").Subrouter() diff --git a/api/user.go b/api/user.go index 41e8fa4d..dc9e7222 100644 --- a/api/user.go +++ b/api/user.go @@ -5,6 +5,7 @@ import ( "encoding/base64" "github.com/ansible-semaphore/semaphore/api/helpers" "github.com/ansible-semaphore/semaphore/db" + "github.com/ansible-semaphore/semaphore/util" "github.com/gorilla/context" "github.com/gorilla/mux" "io" @@ -18,7 +19,15 @@ func getUser(w http.ResponseWriter, r *http.Request) { return } - helpers.WriteJSON(w, http.StatusOK, context.Get(r, "user")) + var user struct { + db.User + CanCreateProject bool `json:"can_create_project"` + } + + user.User = *context.Get(r, "user").(*db.User) + user.CanCreateProject = user.Admin || util.Config.NonAdminCanCreateProject + + helpers.WriteJSON(w, http.StatusOK, user) } func getAPITokens(w http.ResponseWriter, r *http.Request) { diff --git a/web/src/App.vue b/web/src/App.vue index 98a5b4b4..a4b23904 100644 --- a/web/src/App.vue +++ b/web/src/App.vue @@ -1,56 +1,56 @@