diff --git a/server/app/scripts/app.js b/server/app/scripts/app.js index 7ef766a79..6fc2ced3a 100644 --- a/server/app/scripts/app.js +++ b/server/app/scripts/app.js @@ -5,7 +5,7 @@ var app = angular.module('app', [ 'ui.filters' ]); -app.config(['$routeProvider', '$locationProvider', function($routeProvider, $locationProvider) { +app.config(['$routeProvider', '$locationProvider', '$httpProvider', function($routeProvider, $locationProvider, $httpProvider) { $routeProvider.when('/', { templateUrl: '/views/home.html', controller: 'HomeController', @@ -135,6 +135,17 @@ app.config(['$routeProvider', '$locationProvider', function($routeProvider, $loc // use the HTML5 History API $locationProvider.html5Mode(true); + + $httpProvider.interceptors.push(function($q, $location) { + return { + 'responseError': function(rejection) { + if (rejection.status == 401) { + $location.path('/login'); + } + return $q.reject(rejection); + } + }; + }); }]); /* also see https://coderwall.com/p/vcfo4q */ @@ -148,6 +159,7 @@ app.run(['$location', '$rootScope', '$routeParams', 'feed', 'stdout', function($ $rootScope.$on('$routeChangeSuccess', function (event, current, previous) { document.title = current.$$route.title + ' ยท drone.io'; }); + }]); diff --git a/server/handler/branch.go b/server/handler/branch.go deleted file mode 100644 index 190cd2322..000000000 --- a/server/handler/branch.go +++ /dev/null @@ -1,52 +0,0 @@ -package handler - -import ( - "encoding/json" - "net/http" - - "github.com/drone/drone/server/database" - "github.com/drone/drone/server/session" - "github.com/gorilla/pat" -) - -type BranchHandler struct { - perms database.PermManager - repos database.RepoManager - commits database.CommitManager - sess session.Session -} - -func NewBranchHandler(repos database.RepoManager, commits database.CommitManager, perms database.PermManager, sess session.Session) *BranchHandler { - return &BranchHandler{perms, repos, commits, sess} -} - -// GetBranches gets a list of all branches and their most recent commits. -// GET /v1/repos/{host}/{owner}/{name}/branches -func (h *BranchHandler) GetBranches(w http.ResponseWriter, r *http.Request) error { - var host, owner, name = parseRepo(r) - - // get the user form the session. - user := h.sess.User(r) - - // get the repository from the database. - repo, err := h.repos.FindName(host, owner, name) - if err != nil { - return notFound{err} - } - - // user must have read access to the repository. - if ok, _ := h.perms.Read(user, repo); !ok { - return notFound{err} - } - - branches, err := h.commits.ListBranches(repo.ID) - if err != nil { - return notFound{err} - } - - return json.NewEncoder(w).Encode(branches) -} - -func (h *BranchHandler) Register(r *pat.Router) { - r.Get("/v1/repos/{host}/{owner}/{name}/branches", errorHandler(h.GetBranches)) -} diff --git a/server/handler/commit.go b/server/handler/commit.go index 5aa369d46..8be729430 100644 --- a/server/handler/commit.go +++ b/server/handler/commit.go @@ -35,13 +35,20 @@ func (h *CommitHandler) GetFeed(w http.ResponseWriter, r *http.Request) error { // get the repository from the database. repo, err := h.repos.FindName(host, owner, name) - if err != nil { - return notFound{err} + switch { + case err != nil && user == nil: + return notAuthorized{} + case err != nil && user != nil: + return notFound{} } // user must have read access to the repository. - if ok, _ := h.perms.Read(user, repo); !ok { - return notFound{err} + ok, _ := h.perms.Read(user, repo) + switch { + case ok == false && user == nil: + return notAuthorized{} + case ok == false && user != nil: + return notFound{} } commits, err := h.commits.ListBranch(repo.ID, branch) @@ -64,13 +71,20 @@ func (h *CommitHandler) GetCommit(w http.ResponseWriter, r *http.Request) error // get the repository from the database. repo, err := h.repos.FindName(host, owner, name) - if err != nil { - return notFound{err} + switch { + case err != nil && user == nil: + return notAuthorized{} + case err != nil && user != nil: + return notFound{} } // user must have read access to the repository. - if ok, _ := h.perms.Read(user, repo); !ok { - return notFound{err} + ok, _ := h.perms.Read(user, repo) + switch { + case ok == false && user == nil: + return notAuthorized{} + case ok == false && user != nil: + return notFound{} } commit, err := h.commits.FindSha(repo.ID, branch, sha) @@ -93,13 +107,20 @@ func (h *CommitHandler) GetCommitOutput(w http.ResponseWriter, r *http.Request) // get the repository from the database. repo, err := h.repos.FindName(host, owner, name) - if err != nil { - return notFound{err} + switch { + case err != nil && user == nil: + return notAuthorized{} + case err != nil && user != nil: + return notFound{} } // user must have read access to the repository. - if ok, _ := h.perms.Read(user, repo); !ok { - return notFound{err} + ok, _ := h.perms.Read(user, repo) + switch { + case ok == false && user == nil: + return notAuthorized{} + case ok == false && user != nil: + return notFound{} } commit, err := h.commits.FindSha(repo.ID, branch, sha) @@ -131,8 +152,11 @@ func (h *CommitHandler) PostCommit(w http.ResponseWriter, r *http.Request) error // get the repo from the database repo, err := h.repos.FindName(host, owner, name) - if err != nil { - return notFound{err} + switch { + case err != nil && user == nil: + return notAuthorized{} + case err != nil && user != nil: + return notFound{} } // user must have admin access to the repository. diff --git a/server/handler/remote.go b/server/handler/remote.go index 30cea09a4..57280d657 100644 --- a/server/handler/remote.go +++ b/server/handler/remote.go @@ -26,8 +26,11 @@ func NewRemoteHandler(users database.UserManager, remotes database.RemoteManager func (h *RemoteHandler) GetRemotes(w http.ResponseWriter, r *http.Request) error { // get the user form the session user := h.sess.User(r) - if user == nil || !user.Admin { + switch { + case user == nil: return notAuthorized{} + case user.Admin == false: + return forbidden{} } // get all remotes remotes, err := h.remotes.List() @@ -100,8 +103,11 @@ func (h *RemoteHandler) PostRemote(w http.ResponseWriter, r *http.Request) error func (h *RemoteHandler) PutRemote(w http.ResponseWriter, r *http.Request) error { // get the user form the session user := h.sess.User(r) - if user == nil || !user.Admin { + switch { + case user == nil: return notAuthorized{} + case user.Admin == false: + return forbidden{} } // unmarshal the remote from the payload defer r.Body.Close() diff --git a/server/handler/repo.go b/server/handler/repo.go index af9aacd65..37cd07a72 100644 --- a/server/handler/repo.go +++ b/server/handler/repo.go @@ -38,16 +38,21 @@ func (h *RepoHandler) GetRepo(w http.ResponseWriter, r *http.Request) error { // get the repository from the database. repo, err := h.repos.FindName(host, owner, name) - if err != nil { - return notFound{err} + switch { + case err != nil && user == nil: + return notAuthorized{} + case err != nil && user != nil: + return notFound{} } // user must have read access to the repository. role := h.perms.Find(user, repo) - if !role.Read { - return notFound{err} + switch { + case role.Read == false && user == nil: + return notAuthorized{} + case role.Read == false && user != nil: + return notFound{} } - // if the user is not requesting admin data we can // return exactly what we have. if len(admin) == 0 { @@ -85,8 +90,11 @@ func (h *RepoHandler) PostRepo(w http.ResponseWriter, r *http.Request) error { // get the repo from the database repo, err := h.repos.FindName(host, owner, name) - if err != nil { - return notFound{err} + switch { + case err != nil && user == nil: + return notAuthorized{} + case err != nil && user != nil: + return notFound{} } // user must have admin access to the repository. @@ -155,8 +163,11 @@ func (h *RepoHandler) PutRepo(w http.ResponseWriter, r *http.Request) error { // get the repo from the database repo, err := h.repos.FindName(host, owner, name) - if err != nil { - return notFound{err} + switch { + case err != nil && user == nil: + return notAuthorized{} + case err != nil && user != nil: + return notFound{} } // user must have admin access to the repository. @@ -221,8 +232,11 @@ func (h *RepoHandler) DeleteRepo(w http.ResponseWriter, r *http.Request) error { // get the repo from the database repo, err := h.repos.FindName(host, owner, name) - if err != nil { - return notFound{err} + switch { + case err != nil && user == nil: + return notAuthorized{} + case err != nil && user != nil: + return notFound{} } // user must have admin access to the repository. @@ -254,13 +268,20 @@ func (h *RepoHandler) GetFeed(w http.ResponseWriter, r *http.Request) error { // get the repository from the database. repo, err := h.repos.FindName(host, owner, name) - if err != nil { - return notFound{err} + switch { + case err != nil && user == nil: + return notAuthorized{} + case err != nil && user != nil: + return notFound{} } // user must have read access to the repository. - if ok, _ := h.perms.Read(user, repo); !ok { - return notFound{err} + ok, _ := h.perms.Read(user, repo) + switch { + case ok == false && user == nil: + return notAuthorized{} + case ok == false && user != nil: + return notFound{} } // lists the most recent commits across all branches. diff --git a/server/handler/server.go b/server/handler/server.go index d1aae8fa4..4a17a6d5c 100644 --- a/server/handler/server.go +++ b/server/handler/server.go @@ -24,8 +24,11 @@ func NewServerHandler(servers database.ServerManager, sess session.Session) *Ser func (h *ServerHandler) GetServers(w http.ResponseWriter, r *http.Request) error { // get the user form the session user := h.sess.User(r) - if user == nil || !user.Admin { + switch { + case user == nil: return notAuthorized{} + case user.Admin == false: + return forbidden{} } // get all servers servers, err := h.servers.List() @@ -41,8 +44,11 @@ func (h *ServerHandler) GetServers(w http.ResponseWriter, r *http.Request) error func (h *ServerHandler) PostServer(w http.ResponseWriter, r *http.Request) error { // get the user form the session user := h.sess.User(r) - if user == nil || !user.Admin { + switch { + case user == nil: return notAuthorized{} + case user.Admin == false: + return forbidden{} } // unmarshal the server from the payload defer r.Body.Close() @@ -65,8 +71,11 @@ func (h *ServerHandler) DeleteServer(w http.ResponseWriter, r *http.Request) err // get the user form the session user := h.sess.User(r) - if user == nil || !user.Admin { + switch { + case user == nil: return notAuthorized{} + case user.Admin == false: + return forbidden{} } // get the server server, err := h.servers.FindName(name) diff --git a/server/handler/users.go b/server/handler/users.go index daadd57f5..e9c012871 100644 --- a/server/handler/users.go +++ b/server/handler/users.go @@ -24,8 +24,11 @@ func NewUsersHandler(users database.UserManager, sess session.Session) *UsersHan func (h *UsersHandler) GetUsers(w http.ResponseWriter, r *http.Request) error { // get the user form the session user := h.sess.User(r) - if user == nil || !user.Admin { + switch { + case user == nil: return notAuthorized{} + case user.Admin == false: + return forbidden{} } // get all users users, err := h.users.List() @@ -44,8 +47,11 @@ func (h *UsersHandler) GetUser(w http.ResponseWriter, r *http.Request) error { // get the user form the session user := h.sess.User(r) - if user == nil || !user.Admin { + switch { + case user == nil: return notAuthorized{} + case user.Admin == false: + return forbidden{} } user, err := h.users.FindLogin(remote, login) if err != nil { @@ -63,8 +69,11 @@ func (h *UsersHandler) PostUser(w http.ResponseWriter, r *http.Request) error { // get the user form the session user := h.sess.User(r) - if user == nil || !user.Admin { + switch { + case user == nil: return notAuthorized{} + case user.Admin == false: + return forbidden{} } account := model.NewUser(remote, login, "") @@ -85,8 +94,11 @@ func (h *UsersHandler) DeleteUser(w http.ResponseWriter, r *http.Request) error // get the user form the session user := h.sess.User(r) - if user == nil || !user.Admin { + switch { + case user == nil: return notAuthorized{} + case user.Admin == false: + return forbidden{} } account, err := h.users.FindLogin(remote, login) if err != nil {