github/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-09-20 07:30:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add method to check organization membership (#1037)

Browse Source 
* Add remote method to check organization membership
* Use named return parameters in interface
* Add membership check service
* Update Gitea SDK
This commit is contained in:
Lauris BH
2022-07-25 04:09:35 +03:00
committed by GitHub
parent 1e8d4cc455
commit 19dfc331f4
19 changed files with 342 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
server/router/middleware/session/user.go
View File

@@ -17,11 +17,13 @@ package session
import (
"net/http"
"github.com/gin-gonic/gin"
"github.com/woodpecker-ci/woodpecker/server"
"github.com/woodpecker-ci/woodpecker/server/model"
"github.com/woodpecker-ci/woodpecker/server/store"
"github.com/woodpecker-ci/woodpecker/shared/token"
"github.com/gin-gonic/gin"
"github.com/rs/zerolog/log"
)
func User(c *gin.Context) *model.User {
@@ -116,3 +118,39 @@ func MustUser() gin.HandlerFunc {
}
}
}
func MustOrgMember(admin bool) gin.HandlerFunc {
return func(c *gin.Context) {
user := User(c)
owner := c.Param("owner")
if user == nil {
c.String(http.StatusUnauthorized, "User not authorized")
c.Abort()
return
}
if owner == "" {
c.String(http.StatusForbidden, "User not authorized")
c.Abort()
return
}
// User can access his own, admin can access all
if user.Login == owner || user.Admin {
c.Next()
return
}
perm, err := server.Config.Services.Membership.Get(c, user, owner)
if err != nil {
log.Error().Msgf("Failed to check membership: %v", err)
c.String(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
c.Abort()
return
}
if perm == nil || (!admin && !perm.Member) || (admin && !perm.Admin) {
c.String(http.StatusForbidden, "User not authorized")
c.Abort()
return
}
c.Next()
}
}