github/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-09-19 06:38:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use id to access orgs (#1873)

Browse Source 
closes #1743 

fixes: setting secrets for own user namespace

- create org in database
- use orgID for org related APIs

Co-authored-by: 6543 <6543@obermui.de>
This commit is contained in:
Anbraten
2023-07-21 19:45:32 +02:00
committed by GitHub
parent aec2051071
commit e5d5ec8b47
51 changed files with 1261 additions and 392 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/router/api.go
View File

@@ -46,13 +46,15 @@ func apiRoutes(e *gin.Engine) {
users.DELETE("/:login", api.DeleteUser)
}
orgBase := apiBase.Group("/orgs/:owner")
apiBase.GET("/orgs/lookup/*org_full_name", api.LookupOrg)
orgBase := apiBase.Group("/orgs/:org_id")
{
orgBase.GET("/permissions", api.GetOrgPermissions)
org := orgBase.Group("")
{
org.Use(session.MustOrgMember(true))
org.GET("", api.GetOrg)
org.GET("/secrets", api.GetOrgSecretList)
org.POST("/secrets", api.PostOrgSecret)
org.GET("/secrets/:secret", api.GetOrgSecret)

24
server/router/middleware/session/user.go
View File

@@ -16,6 +16,7 @@ package session
import (
"net/http"
"strconv"
"github.com/woodpecker-ci/woodpecker/server"
"github.com/woodpecker-ci/woodpecker/server/model"
@@ -117,36 +118,47 @@ func MustUser() gin.HandlerFunc {
func MustOrgMember(admin bool) gin.HandlerFunc {
return func(c *gin.Context) {
_store := store.FromContext(c)
user := User(c)
owner := c.Param("owner")
if user == nil {
c.String(http.StatusUnauthorized, "User not authorized")
c.Abort()
return
}
if owner == "" {
c.String(http.StatusForbidden, "User not authorized")
c.Abort()
orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
if err != nil {
c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
return
}
org, err := _store.OrgGet(orgID)
if err != nil {
c.String(http.StatusNotFound, "Organization not found")
return
}
// User can access his own, admin can access all
if user.Login == owner || user.Admin {
if (org.Name == user.Login) || user.Admin {
c.Next()
return
}
perm, err := server.Config.Services.Membership.Get(c, user, owner)
perm, err := server.Config.Services.Membership.Get(c, user, org.Name)
if err != nil {
log.Error().Msgf("Failed to check membership: %v", err)
c.String(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
c.Abort()
return
}
if perm == nil || (!admin && !perm.Member) || (admin && !perm.Admin) {
c.String(http.StatusForbidden, "User not authorized")
c.Abort()
return
}
c.Next()
}
}