woodpecker/server/api/org.go

// Copyright 2022 Woodpecker Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package api

import (
	"net/http"
	"strconv"
	"strings"

	"github.com/gin-gonic/gin"
	"github.com/rs/zerolog/log"

	"go.woodpecker-ci.org/woodpecker/v2/server"
	"go.woodpecker-ci.org/woodpecker/v2/server/model"
	"go.woodpecker-ci.org/woodpecker/v2/server/router/middleware/session"
	"go.woodpecker-ci.org/woodpecker/v2/server/store"
)

// GetOrg
//
//	@Summary	Get organization by id
//	@Router		/orgs/{org_id} [get]
//	@Produce	json
//	@Success	200	{array}	Org
//	@Tags		Organization
//	@Param		Authorization	header	string	true	"Insert your personal access token"	default(Bearer <personal access token>)
//	@Param		org_id			path	string	true	"the organziation's id"
func GetOrg(c *gin.Context) {
	_store := store.FromContext(c)

	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
	if err != nil {
		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
		return
	}

	org, err := _store.OrgGet(orgID)
	if err != nil {
		handleDBError(c, err)
		return
	}

	c.JSON(http.StatusOK, org)
}

// GetOrgPermissions
//
//	@Summary	Get the permissions of the current user in the given organization
//	@Router		/orgs/{org_id}/permissions [get]
//	@Produce	json
//	@Success	200	{array}	OrgPerm
//	@Tags		Organization permissions
//	@Param		Authorization	header	string	true	"Insert your personal access token"	default(Bearer <personal access token>)
//	@Param		org_id			path	string	true	"the organziation's id"
func GetOrgPermissions(c *gin.Context) {
	user := session.User(c)
	_store := store.FromContext(c)

	_forge, err := server.Config.Services.Manager.ForgeFromUser(user)
	if err != nil {
		log.Error().Err(err).Msg("Cannot get forge from user")
		c.AbortWithStatus(http.StatusInternalServerError)
		return
	}

	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
	if err != nil {
		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
		return
	}

	if user == nil {
		c.JSON(http.StatusOK, &model.OrgPerm{})
		return
	}

	org, err := _store.OrgGet(orgID)
	if err != nil {
		c.String(http.StatusInternalServerError, "Error getting org %d. %s", orgID, err)
		return
	}

	if (org.IsUser && org.Name == user.Login) || (user.Admin && !org.IsUser) {
		c.JSON(http.StatusOK, &model.OrgPerm{
			Member: true,
			Admin:  true,
		})
		return
	} else if org.IsUser {
		c.JSON(http.StatusOK, &model.OrgPerm{})
		return
	}

	perm, err := server.Config.Services.Membership.Get(c, _forge, user, org.Name)
	if err != nil {
		c.String(http.StatusInternalServerError, "Error getting membership for %d. %s", orgID, err)
		return
	}

	c.JSON(http.StatusOK, perm)
}

// LookupOrg
//
//	@Summary	Lookup organization by full-name
//	@Router		/org/lookup/{org_full_name} [get]
//	@Produce	json
//	@Success	200	{object}	Org
//	@Tags		Organizations
//	@Param		Authorization	header	string	true	"Insert your personal access token"	default(Bearer <personal access token>)
//	@Param		org_full_name	path	string	true	"the organizations full-name / slug"
func LookupOrg(c *gin.Context) {
	_store := store.FromContext(c)
	user := session.User(c)
	_forge, err := server.Config.Services.Manager.ForgeFromUser(user)
	if err != nil {
		log.Error().Err(err).Msg("Cannot get forge from user")
		c.AbortWithStatus(http.StatusInternalServerError)
		return
	}

	orgFullName := strings.TrimLeft(c.Param("org_full_name"), "/")

	org, err := _store.OrgFindByName(orgFullName)
	if err != nil {
		handleDBError(c, err)
		return
	}

	// don't leak private org infos
	if org.Private {
		user := session.User(c)
		if user == nil {
			c.AbortWithStatus(http.StatusNotFound)
			return
		}

		if !user.Admin && org.Name != user.Login {
			c.AbortWithStatus(http.StatusNotFound)
			return
		} else if !user.Admin {
			perm, err := server.Config.Services.Membership.Get(c, _forge, user, org.Name)
			if err != nil {
				log.Error().Err(err).Msg("failed to check membership")
				c.Status(http.StatusInternalServerError)
				return
			}

			if perm == nil || !perm.Member {
				c.AbortWithStatus(http.StatusNotFound)
				return
			}
		}
	}

	c.JSON(http.StatusOK, org)
}
Add global and organization secrets (#1027) * Implement database changes and store methods for global and organization secrets * Add tests for new store methods * Add organization secret API and UI * Add global secrets API and UI * Add suggestions * Update warning style * Apply suggestions from code review Co-authored-by: Anbraten <anton@ju60.de> * Fix lint warning Co-authored-by: Anbraten <anton@ju60.de> 2022-08-14 11:48:53 +00:00			`// Copyright 2022 Woodpecker Authors`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package api`

			`import (`
			`"net/http"`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`"strconv"`
			`"strings"`
Add global and organization secrets (#1027) * Implement database changes and store methods for global and organization secrets * Add tests for new store methods * Add organization secret API and UI * Add global secrets API and UI * Add suggestions * Update warning style * Apply suggestions from code review Co-authored-by: Anbraten <anton@ju60.de> * Fix lint warning Co-authored-by: Anbraten <anton@ju60.de> 2022-08-14 11:48:53 +00:00
Use API error helpers and improve response codes (#2366) 2023-09-02 11:31:10 +00:00			`"github.com/gin-gonic/gin"`
Replace `goimports` with `gci` (#3202) `gci` seems to be much more strict. 2024-01-14 17:22:06 +00:00			`"github.com/rs/zerolog/log"`
Use API error helpers and improve response codes (#2366) 2023-09-02 11:31:10 +00:00
Update go module path for major version 2 (#2905) https://go.dev/doc/modules/release-workflow#breaking Fixes https://github.com/woodpecker-ci/woodpecker/issues/2913 fixes #2654 ``` runephilosof@fedora:~/code/platform-woodpecker/woodpecker-repo-configurator (master)$ go get go.woodpecker-ci.org/woodpecker@v2.0.0 go: go.woodpecker-ci.org/woodpecker@v2.0.0: invalid version: module contains a go.mod file, so module path must match major version ("go.woodpecker-ci.org/woodpecker/v2") ``` --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> 2023-12-08 07:15:08 +00:00			`"go.woodpecker-ci.org/woodpecker/v2/server"`
			`"go.woodpecker-ci.org/woodpecker/v2/server/model"`
			`"go.woodpecker-ci.org/woodpecker/v2/server/router/middleware/session"`
			`"go.woodpecker-ci.org/woodpecker/v2/server/store"`
Add global and organization secrets (#1027) * Implement database changes and store methods for global and organization secrets * Add tests for new store methods * Add organization secret API and UI * Add global secrets API and UI * Add suggestions * Update warning style * Apply suggestions from code review Co-authored-by: Anbraten <anton@ju60.de> * Fix lint warning Co-authored-by: Anbraten <anton@ju60.de> 2022-08-14 11:48:53 +00:00			`)`

Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`// GetOrg`
			`//`
			`// @Summary Get organization by id`
			`// @Router /orgs/{org_id} [get]`
			`// @Produce json`
			`// @Success 200 {array} Org`
			`// @Tags Organization`
			`// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)`
			`// @Param org_id path string true "the organziation's id"`
			`func GetOrg(c *gin.Context) {`
			`_store := store.FromContext(c)`

			`orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)`
			`if err != nil {`
			`c.String(http.StatusBadRequest, "Error parsing org id. %s", err)`
			`return`
			`}`

			`org, err := _store.OrgGet(orgID)`
			`if err != nil {`
Enable golangci linter stylecheck (#3167) This PR only fixes error string formatting, log message strings are still mixed upper/lowercase (see https://github.com/woodpecker-ci/woodpecker/pull/3161#issuecomment-1885140649) and I'm not aware of a linter to enforce it. 2024-01-10 21:56:42 +00:00			`handleDBError(c, err)`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`return`
			`}`

			`c.JSON(http.StatusOK, org)`
			`}`

Update swagger API specification (#1782) # Summary This PR drops the outdated former swagger.yaml/json and introduced automatic API document generation from Go code. The generated code is also used to generate documentation/markdown for the community page, as well as enable the Woodpecker server to serve a Swagger Web UI for manual tinkering. I did opt-in for gin-swagger, a middleware for the Gin framework, to ease implementation and have a sophisticated output. This middleware only produces Swagger v2 specs. AFAIK the newer OpenApi 3x tooling is not yet that mature, so I guess that's fine for now. ## Implemenation notes - former swagger.json files removed - former // swagger godocs removed - introduced new dependency gin-swagger, which uses godoc annotations on top of Gin Handler functions. - reworked Makefile to automatically generate Go code for the server - introduce new dependency go-swagger, to generate Markdown for documentation purposes - add a Swagger Web UI, incl. capabilities for manual API exploration - consider relative root paths in the implementation - write documentation for all exposed API endpoints - incl. API docs in the community website (auto-generated) - provide developer documentation, for the Woodpecker authors - no other existing logic/code was intentionally changed --------- close #292 --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> Co-authored-by: 6543 <6543@obermui.de> 2023-06-03 19:38:36 +00:00			`// GetOrgPermissions`
			`//`
			`// @Summary Get the permissions of the current user in the given organization`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`// @Router /orgs/{org_id}/permissions [get]`
Update swagger API specification (#1782) # Summary This PR drops the outdated former swagger.yaml/json and introduced automatic API document generation from Go code. The generated code is also used to generate documentation/markdown for the community page, as well as enable the Woodpecker server to serve a Swagger Web UI for manual tinkering. I did opt-in for gin-swagger, a middleware for the Gin framework, to ease implementation and have a sophisticated output. This middleware only produces Swagger v2 specs. AFAIK the newer OpenApi 3x tooling is not yet that mature, so I guess that's fine for now. ## Implemenation notes - former swagger.json files removed - former // swagger godocs removed - introduced new dependency gin-swagger, which uses godoc annotations on top of Gin Handler functions. - reworked Makefile to automatically generate Go code for the server - introduce new dependency go-swagger, to generate Markdown for documentation purposes - add a Swagger Web UI, incl. capabilities for manual API exploration - consider relative root paths in the implementation - write documentation for all exposed API endpoints - incl. API docs in the community website (auto-generated) - provide developer documentation, for the Woodpecker authors - no other existing logic/code was intentionally changed --------- close #292 --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> Co-authored-by: 6543 <6543@obermui.de> 2023-06-03 19:38:36 +00:00			`// @Produce json`
			`// @Success 200 {array} OrgPerm`
			`// @Tags Organization permissions`
			`// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`// @Param org_id path string true "the organziation's id"`
Add global and organization secrets (#1027) * Implement database changes and store methods for global and organization secrets * Add tests for new store methods * Add organization secret API and UI * Add global secrets API and UI * Add suggestions * Update warning style * Apply suggestions from code review Co-authored-by: Anbraten <anton@ju60.de> * Fix lint warning Co-authored-by: Anbraten <anton@ju60.de> 2022-08-14 11:48:53 +00:00			`func GetOrgPermissions(c *gin.Context) {`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`user := session.User(c)`
			`_store := store.FromContext(c)`

Use forge from db (#1417) This is the first step towards support for multiple forges (#138). It inserts a forge using the currently existing env varaibles into db and uses this forge from db later on in all places of the code. closes #621 addresses #138 # TODO - [x] add forges table - [x] add id of forge to repo - [x] use forge of repo - [x] add forge from env vars to db if not exists - [x] migrate repo.ForgeID to the newly generated forge - [x] support cache with forge from repo - [x] maybe add forge loading cache? (use LRU cache for forges, I expect users to have less than 10 forges normally) --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> 2024-04-16 06:04:55 +00:00			`_forge, err := server.Config.Services.Manager.ForgeFromUser(user)`
			`if err != nil {`
			`log.Error().Err(err).Msg("Cannot get forge from user")`
			`c.AbortWithStatus(http.StatusInternalServerError)`
			`return`
			`}`

Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)`
			`if err != nil {`
			`c.String(http.StatusBadRequest, "Error parsing org id. %s", err)`
			`return`
			`}`
Add global and organization secrets (#1027) * Implement database changes and store methods for global and organization secrets * Add tests for new store methods * Add organization secret API and UI * Add global secrets API and UI * Add suggestions * Update warning style * Apply suggestions from code review Co-authored-by: Anbraten <anton@ju60.de> * Fix lint warning Co-authored-by: Anbraten <anton@ju60.de> 2022-08-14 11:48:53 +00:00
			`if user == nil {`
			`c.JSON(http.StatusOK, &model.OrgPerm{})`
			`return`
			`}`

Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`org, err := _store.OrgGet(orgID)`
Add global and organization secrets (#1027) * Implement database changes and store methods for global and organization secrets * Add tests for new store methods * Add organization secret API and UI * Add global secrets API and UI * Add suggestions * Update warning style * Apply suggestions from code review Co-authored-by: Anbraten <anton@ju60.de> * Fix lint warning Co-authored-by: Anbraten <anton@ju60.de> 2022-08-14 11:48:53 +00:00			`if err != nil {`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`c.String(http.StatusInternalServerError, "Error getting org %d. %s", orgID, err)`
			`return`
			`}`

Support user secrets (#2126) 2023-08-21 13:04:12 +00:00			`if (org.IsUser && org.Name == user.Login) \|\| (user.Admin && !org.IsUser) {`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`c.JSON(http.StatusOK, &model.OrgPerm{`
			`Member: true,`
			`Admin: true,`
			`})`
			`return`
Support user secrets (#2126) 2023-08-21 13:04:12 +00:00			`} else if org.IsUser {`
			`c.JSON(http.StatusOK, &model.OrgPerm{})`
			`return`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`}`

Use forge from db (#1417) This is the first step towards support for multiple forges (#138). It inserts a forge using the currently existing env varaibles into db and uses this forge from db later on in all places of the code. closes #621 addresses #138 # TODO - [x] add forges table - [x] add id of forge to repo - [x] use forge of repo - [x] add forge from env vars to db if not exists - [x] migrate repo.ForgeID to the newly generated forge - [x] support cache with forge from repo - [x] maybe add forge loading cache? (use LRU cache for forges, I expect users to have less than 10 forges normally) --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> 2024-04-16 06:04:55 +00:00			`perm, err := server.Config.Services.Membership.Get(c, _forge, user, org.Name)`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`if err != nil {`
			`c.String(http.StatusInternalServerError, "Error getting membership for %d. %s", orgID, err)`
Add global and organization secrets (#1027) * Implement database changes and store methods for global and organization secrets * Add tests for new store methods * Add organization secret API and UI * Add global secrets API and UI * Add suggestions * Update warning style * Apply suggestions from code review Co-authored-by: Anbraten <anton@ju60.de> * Fix lint warning Co-authored-by: Anbraten <anton@ju60.de> 2022-08-14 11:48:53 +00:00			`return`
			`}`

			`c.JSON(http.StatusOK, perm)`
			`}`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00
			`// LookupOrg`
			`//`
			`// @Summary Lookup organization by full-name`
			`// @Router /org/lookup/{org_full_name} [get]`
			`// @Produce json`
			`// @Success 200 {object} Org`
			`// @Tags Organizations`
			`// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)`
			`// @Param org_full_name path string true "the organizations full-name / slug"`
			`func LookupOrg(c *gin.Context) {`
			`_store := store.FromContext(c)`
Use forge from db (#1417) This is the first step towards support for multiple forges (#138). It inserts a forge using the currently existing env varaibles into db and uses this forge from db later on in all places of the code. closes #621 addresses #138 # TODO - [x] add forges table - [x] add id of forge to repo - [x] use forge of repo - [x] add forge from env vars to db if not exists - [x] migrate repo.ForgeID to the newly generated forge - [x] support cache with forge from repo - [x] maybe add forge loading cache? (use LRU cache for forges, I expect users to have less than 10 forges normally) --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> 2024-04-16 06:04:55 +00:00			`user := session.User(c)`
			`_forge, err := server.Config.Services.Manager.ForgeFromUser(user)`
			`if err != nil {`
			`log.Error().Err(err).Msg("Cannot get forge from user")`
			`c.AbortWithStatus(http.StatusInternalServerError)`
			`return`
			`}`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00
			`orgFullName := strings.TrimLeft(c.Param("org_full_name"), "/")`

			`org, err := _store.OrgFindByName(orgFullName)`
			`if err != nil {`
Enable golangci linter stylecheck (#3167) This PR only fixes error string formatting, log message strings are still mixed upper/lowercase (see https://github.com/woodpecker-ci/woodpecker/pull/3161#issuecomment-1885140649) and I'm not aware of a linter to enforce it. 2024-01-10 21:56:42 +00:00			`handleDBError(c, err)`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`return`
			`}`

			`// don't leak private org infos`
			`if org.Private {`
			`user := session.User(c)`
			`if user == nil {`
			`c.AbortWithStatus(http.StatusNotFound)`
			`return`
			`}`

			`if !user.Admin && org.Name != user.Login {`
			`c.AbortWithStatus(http.StatusNotFound)`
			`return`
			`} else if !user.Admin {`
Use forge from db (#1417) This is the first step towards support for multiple forges (#138). It inserts a forge using the currently existing env varaibles into db and uses this forge from db later on in all places of the code. closes #621 addresses #138 # TODO - [x] add forges table - [x] add id of forge to repo - [x] use forge of repo - [x] add forge from env vars to db if not exists - [x] migrate repo.ForgeID to the newly generated forge - [x] support cache with forge from repo - [x] maybe add forge loading cache? (use LRU cache for forges, I expect users to have less than 10 forges normally) --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> 2024-04-16 06:04:55 +00:00			`perm, err := server.Config.Services.Membership.Get(c, _forge, user, org.Name)`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`if err != nil {`
Lowercase all log strings (#3173) from #3161 --------- Co-authored-by: 6543 <6543@obermui.de> 2024-01-11 18:17:07 +00:00			`log.Error().Err(err).Msg("failed to check membership")`
Use API error helpers and improve response codes (#2366) 2023-09-02 11:31:10 +00:00			`c.Status(http.StatusInternalServerError)`
Use id to access orgs (#1873) closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de> 2023-07-21 17:45:32 +00:00			`return`
			`}`

			`if perm == nil \|\| !perm.Member {`
			`c.AbortWithStatus(http.StatusNotFound)`
			`return`
			`}`
			`}`
			`}`

			`c.JSON(http.StatusOK, org)`
			`}`