2016-08-01 23:58:13 +02:00
|
|
|
package session
|
|
|
|
|
|
|
|
import (
|
2016-11-11 20:56:48 +02:00
|
|
|
"github.com/drone/drone/cache"
|
|
|
|
"github.com/drone/drone/model"
|
|
|
|
|
|
|
|
log "github.com/Sirupsen/logrus"
|
2016-08-01 23:58:13 +02:00
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
)
|
|
|
|
|
2016-11-11 20:56:48 +02:00
|
|
|
func TeamPerm(c *gin.Context) *model.Perm {
|
|
|
|
user := User(c)
|
|
|
|
team := c.Param("team")
|
|
|
|
perm := &model.Perm{}
|
|
|
|
|
|
|
|
switch {
|
|
|
|
// if the user is not authenticated
|
2016-08-01 23:58:13 +02:00
|
|
|
case user == nil:
|
2016-11-11 20:56:48 +02:00
|
|
|
perm.Admin = false
|
|
|
|
perm.Pull = false
|
|
|
|
perm.Push = false
|
|
|
|
|
|
|
|
// if the user is a DRONE_ADMIN
|
|
|
|
case user.Admin:
|
|
|
|
perm.Admin = true
|
|
|
|
perm.Pull = true
|
|
|
|
perm.Push = true
|
|
|
|
|
|
|
|
// otherwise if the user is authenticated we should
|
|
|
|
// check the remote system to get the users permissiosn.
|
2016-08-01 23:58:13 +02:00
|
|
|
default:
|
2016-11-11 20:56:48 +02:00
|
|
|
log.Debugf("Fetching team permission for %s %s",
|
|
|
|
user.Login, team)
|
|
|
|
|
|
|
|
var err error
|
|
|
|
perm, err = cache.GetTeamPerms(c, user, team)
|
|
|
|
if err != nil {
|
|
|
|
// debug
|
|
|
|
log.Errorf("Error fetching team permission for %s %s",
|
|
|
|
user.Login, team)
|
|
|
|
|
|
|
|
perm.Admin = false
|
|
|
|
perm.Pull = false
|
|
|
|
perm.Push = false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if user != nil {
|
|
|
|
log.Debugf("%s granted %+v team permission to %s",
|
|
|
|
user.Login, perm, team)
|
|
|
|
} else {
|
|
|
|
log.Debugf("Guest granted %+v to %s", perm, team)
|
|
|
|
|
|
|
|
perm.Admin = false
|
|
|
|
perm.Pull = false
|
|
|
|
perm.Push = false
|
|
|
|
}
|
|
|
|
|
|
|
|
return perm
|
|
|
|
}
|
|
|
|
|
|
|
|
func MustTeamAdmin() gin.HandlerFunc {
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
perm := TeamPerm(c)
|
|
|
|
|
|
|
|
if perm.Admin {
|
2016-08-01 23:58:13 +02:00
|
|
|
c.Next()
|
2016-11-21 17:17:42 +02:00
|
|
|
} else {
|
|
|
|
c.String(401, "User not authorized")
|
|
|
|
c.Abort()
|
2016-08-01 23:58:13 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|