bench-forgejo/routers/api/v1/repo/collaborators.go
Lanre Adelowo 59b10e66f7 An inactive user shouldn't be able to be added as a collaborator (#4535)
* an inactive user shouldn't be able to be a collaborator

* use translated error message

* add active user check when adding a new collaborator via the api

* fix translation text

* added collaborator test

* improvee testcases
2018-08-07 13:01:06 +03:00

216 lines
5.4 KiB
Go

// Copyright 2016 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package repo
import (
"errors"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/context"
api "code.gitea.io/sdk/gitea"
)
// ListCollaborators list a repository's collaborators
func ListCollaborators(ctx *context.APIContext) {
// swagger:operation GET /repos/{owner}/{repo}/collaborators repository repoListCollaborators
// ---
// summary: List a repository's collaborators
// produces:
// - application/json
// parameters:
// - name: owner
// in: path
// description: owner of the repo
// type: string
// required: true
// - name: repo
// in: path
// description: name of the repo
// type: string
// required: true
// responses:
// "200":
// "$ref": "#/responses/UserList"
if !ctx.Repo.IsWriter() {
ctx.Error(403, "", "User does not have push access")
return
}
collaborators, err := ctx.Repo.Repository.GetCollaborators()
if err != nil {
ctx.Error(500, "ListCollaborators", err)
return
}
users := make([]*api.User, len(collaborators))
for i, collaborator := range collaborators {
users[i] = collaborator.APIFormat()
}
ctx.JSON(200, users)
}
// IsCollaborator check if a user is a collaborator of a repository
func IsCollaborator(ctx *context.APIContext) {
// swagger:operation GET /repos/{owner}/{repo}/collaborators/{collaborator} repository repoCheckCollaborator
// ---
// summary: Check if a user is a collaborator of a repository
// produces:
// - application/json
// parameters:
// - name: owner
// in: path
// description: owner of the repo
// type: string
// required: true
// - name: repo
// in: path
// description: name of the repo
// type: string
// required: true
// - name: collaborator
// in: path
// description: username of the collaborator
// type: string
// required: true
// responses:
// "204":
// "$ref": "#/responses/empty"
// "404":
// "$ref": "#/responses/empty"
if !ctx.Repo.IsWriter() {
ctx.Error(403, "", "User does not have push access")
return
}
user, err := models.GetUserByName(ctx.Params(":collaborator"))
if err != nil {
if models.IsErrUserNotExist(err) {
ctx.Error(422, "", err)
} else {
ctx.Error(500, "GetUserByName", err)
}
return
}
isColab, err := ctx.Repo.Repository.IsCollaborator(user.ID)
if err != nil {
ctx.Error(500, "IsCollaborator", err)
return
}
if isColab {
ctx.Status(204)
} else {
ctx.Status(404)
}
}
// AddCollaborator add a collaborator to a repository
func AddCollaborator(ctx *context.APIContext, form api.AddCollaboratorOption) {
// swagger:operation PUT /repos/{owner}/{repo}/collaborators/{collaborator} repository repoAddCollaborator
// ---
// summary: Add a collaborator to a repository
// produces:
// - application/json
// parameters:
// - name: owner
// in: path
// description: owner of the repo
// type: string
// required: true
// - name: repo
// in: path
// description: name of the repo
// type: string
// required: true
// - name: collaborator
// in: path
// description: username of the collaborator to add
// type: string
// required: true
// - name: body
// in: body
// schema:
// "$ref": "#/definitions/AddCollaboratorOption"
// responses:
// "204":
// "$ref": "#/responses/empty"
if !ctx.Repo.IsWriter() {
ctx.Error(403, "", "User does not have push access")
return
}
collaborator, err := models.GetUserByName(ctx.Params(":collaborator"))
if err != nil {
if models.IsErrUserNotExist(err) {
ctx.Error(422, "", err)
} else {
ctx.Error(500, "GetUserByName", err)
}
return
}
if !collaborator.IsActive {
ctx.Error(500, "InactiveCollaborator", errors.New("collaborator's account is inactive"))
return
}
if err := ctx.Repo.Repository.AddCollaborator(collaborator); err != nil {
ctx.Error(500, "AddCollaborator", err)
return
}
if form.Permission != nil {
if err := ctx.Repo.Repository.ChangeCollaborationAccessMode(collaborator.ID, models.ParseAccessMode(*form.Permission)); err != nil {
ctx.Error(500, "ChangeCollaborationAccessMode", err)
return
}
}
ctx.Status(204)
}
// DeleteCollaborator delete a collaborator from a repository
func DeleteCollaborator(ctx *context.APIContext) {
// swagger:operation DELETE /repos/{owner}/{repo}/collaborators/{collaborator} repository repoDeleteCollaborator
// ---
// summary: Delete a collaborator from a repository
// produces:
// - application/json
// parameters:
// - name: owner
// in: path
// description: owner of the repo
// type: string
// required: true
// - name: repo
// in: path
// description: name of the repo
// type: string
// required: true
// - name: collaborator
// in: path
// description: username of the collaborator to delete
// type: string
// required: true
// responses:
// "204":
// "$ref": "#/responses/empty"
if !ctx.Repo.IsWriter() {
ctx.Error(403, "", "User does not have push access")
return
}
collaborator, err := models.GetUserByName(ctx.Params(":collaborator"))
if err != nil {
if models.IsErrUserNotExist(err) {
ctx.Error(422, "", err)
} else {
ctx.Error(500, "GetUserByName", err)
}
return
}
if err := ctx.Repo.Repository.DeleteCollaboration(collaborator.ID); err != nil {
ctx.Error(500, "DeleteCollaboration", err)
return
}
ctx.Status(204)
}