Merge branch 'origin/main' into 'next-release/main'

2025-03-13 16:02:41 +00:00 · 2024-10-09 10:16:57 +00:00 · 2024-10-09 10:16:57 +00:00 · aa7efbaa9e
commit aa7efbaa9e
parent 9e57972954 98d7b1b500
9 changed files with 151 additions and 163 deletions
--- a/go.mod
+++ b/go.mod
@ -5,7 +5,7 @@ go 1.22.0
 toolchain go1.23.2

 require (
-	al.essio.dev/pkg/shellescape v1.5.0
+	al.essio.dev/pkg/shellescape v1.5.1
 	code.gitea.io/sdk/gitea v0.19.0
 	codeberg.org/6543/go-yaml2json v1.0.0
 	codeberg.org/6543/xyaml v1.1.0
@ -57,7 +57,7 @@ require (
 	github.com/swaggo/swag v1.16.3
 	github.com/urfave/cli-docs/v3 v3.0.0-alpha5.0.20240714105325-1da00919bcb4
 	github.com/urfave/cli/v3 v3.0.0-alpha9.0.20241004184838-20ef97b2155a
-	github.com/xanzy/go-gitlab v0.109.0
+	github.com/xanzy/go-gitlab v0.110.0
 	github.com/xeipuuv/gojsonschema v1.2.0
 	github.com/yaronf/httpsign v0.3.1
 	github.com/zalando/go-keyring v0.2.5
@ -69,7 +69,7 @@ require (
 	golang.org/x/term v0.25.0
 	golang.org/x/text v0.19.0
 	google.golang.org/grpc v1.67.1
-	google.golang.org/protobuf v1.34.2
+	google.golang.org/protobuf v1.35.1
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.31.1
 	k8s.io/apimachinery v0.31.1
--- a/go.sum
+++ b/go.sum
@ -1,5 +1,5 @@
-al.essio.dev/pkg/shellescape v1.5.0 h1:7oTvSsQ5kg9WksA9O58y9wjYnY4jP0CL82/Q8WLUGKk=
-al.essio.dev/pkg/shellescape v1.5.0/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890=
+al.essio.dev/pkg/shellescape v1.5.1 h1:86HrALUujYS/h+GtqoB26SBEdkWfmMI6FubjXlsXyho=
+al.essio.dev/pkg/shellescape v1.5.1/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890=
 code.gitea.io/sdk/gitea v0.19.0 h1:8I6s1s4RHgzxiPHhOQdgim1RWIRcr0LVMbHBjBFXq4Y=
 code.gitea.io/sdk/gitea v0.19.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI=
 codeberg.org/6543/go-yaml2json v1.0.0 h1:heGqo9VEi7gY2yNqjj7X4ADs5nzlFIbGsJtgYDLrnig=
@ -529,8 +529,8 @@ github.com/urfave/cli/v3 v3.0.0-alpha9.0.20241004184838-20ef97b2155a h1:ipFw/N7k
 github.com/urfave/cli/v3 v3.0.0-alpha9.0.20241004184838-20ef97b2155a/go.mod h1:Z1ItyMma7t6I7zHG9OpbExhHQOSkFf/96n+mAZ9MtVI=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
-github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE=
-github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY=
+github.com/xanzy/go-gitlab v0.110.0 h1:hsFIFp01v/0D0sdUXoZfRk6CROzZbHQplk6NzKSFKhc=
+github.com/xanzy/go-gitlab v0.110.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@ -713,8 +713,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
 google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
 google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
--- a/server/api/agent.go
+++ b/server/api/agent.go
@ -292,14 +292,9 @@ func PostOrgAgent(c *gin.Context) {
 //	@Param		perPage			query	int		false	"for response pagination, max items per page"	default(50)
 func GetOrgAgents(c *gin.Context) {
 	_store := store.FromContext(c)
+	org := session.Org(c)

-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}
-
-	agents, err := _store.AgentListForOrg(orgID, session.Pagination(c))
+	agents, err := _store.AgentListForOrg(org.ID, session.Pagination(c))
 	if err != nil {
 		c.String(http.StatusInternalServerError, "Error getting agent list. %s", err)
 		return
@ -321,12 +316,7 @@ func GetOrgAgents(c *gin.Context) {
 //	@Param		agent			body	Agent	true	"the agent's updated data"
 func PatchOrgAgent(c *gin.Context) {
 	_store := store.FromContext(c)
-
-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Invalid organization ID")
-		return
-	}
+	org := session.Org(c)

 	agentID, err := strconv.ParseInt(c.Param("agent_id"), 10, 64)
 	if err != nil {
@ -340,7 +330,7 @@ func PatchOrgAgent(c *gin.Context) {
 		return
 	}

-	if agent.OrgID != orgID {
+	if agent.OrgID != org.ID {
 		c.String(http.StatusBadRequest, "Agent does not belong to this organization")
 		return
 	}
@ -378,12 +368,7 @@ func PatchOrgAgent(c *gin.Context) {
 //	@Param		agent_id		path	int		true	"the agent's id"
 func DeleteOrgAgent(c *gin.Context) {
 	_store := store.FromContext(c)
-
-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Invalid organization ID")
-		return
-	}
+	org := session.Org(c)

 	agentID, err := strconv.ParseInt(c.Param("agent_id"), 10, 64)
 	if err != nil {
@ -397,7 +382,7 @@ func DeleteOrgAgent(c *gin.Context) {
 		return
 	}

-	if agent.OrgID != orgID {
+	if agent.OrgID != org.ID {
 		c.String(http.StatusBadRequest, "Agent does not belong to this organization")
 		return
 	}
--- a/server/api/org.go
+++ b/server/api/org.go
@ -16,7 +16,6 @@ package api

 import (
 	"net/http"
-	"strconv"
 	"strings"

 	"github.com/gin-gonic/gin"
@ -58,20 +57,7 @@ func GetOrgs(c *gin.Context) {
 //	@Param		Authorization	header	string	true	"Insert your personal access token"	default(Bearer <personal access token>)
 //	@Param		org_id			path	string	true	"the organization's id"
 func GetOrg(c *gin.Context) {
-	_store := store.FromContext(c)
-
-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}
-
-	org, err := _store.OrgGet(orgID)
-	if err != nil {
-		handleDBError(c, err)
-		return
-	}
-
+	org := session.Org(c)
 	c.JSON(http.StatusOK, org)
 }

@ -86,7 +72,7 @@ func GetOrg(c *gin.Context) {
 //	@Param		org_id			path	string	true	"the organization's id"
 func GetOrgPermissions(c *gin.Context) {
 	user := session.User(c)
-	_store := store.FromContext(c)
+	org := session.Org(c)

 	_forge, err := server.Config.Services.Manager.ForgeFromUser(user)
 	if err != nil {
@ -95,23 +81,11 @@ func GetOrgPermissions(c *gin.Context) {
 		return
 	}

-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}
-
 	if user == nil {
 		c.JSON(http.StatusOK, &model.OrgPerm{})
 		return
 	}

-	org, err := _store.OrgGet(orgID)
-	if err != nil {
-		c.String(http.StatusInternalServerError, "Error getting org %d. %s", orgID, err)
-		return
-	}
-
 	if (org.IsUser && org.Name == user.Login) || (user.Admin && !org.IsUser) {
 		c.JSON(http.StatusOK, &model.OrgPerm{
 			Member: true,
@ -125,7 +99,7 @@ func GetOrgPermissions(c *gin.Context) {

 	perm, err := server.Config.Services.Membership.Get(c, _forge, user, org.Name)
 	if err != nil {
-		c.String(http.StatusInternalServerError, "Error getting membership for %d. %s", orgID, err)
+		c.String(http.StatusInternalServerError, "Error getting membership for %d. %s", org.ID, err)
 		return
 	}

@ -200,15 +174,9 @@ func LookupOrg(c *gin.Context) {
 //	@Param			id				path	string	true	"the org's id"
 func DeleteOrg(c *gin.Context) {
 	_store := store.FromContext(c)
+	org := session.Org(c)

-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}
-
-	err = _store.OrgDelete(orgID)
-	if err != nil {
+	if err := _store.OrgDelete(org.ID); err != nil {
 		handleDBError(c, err)
 		return
 	}
--- a/server/api/org_registry.go
+++ b/server/api/org_registry.go
@ -16,7 +16,6 @@ package api

 import (
 	"net/http"
-	"strconv"

 	"github.com/gin-gonic/gin"

@ -36,16 +35,11 @@ import (
 //	@Param		org_id			path	string	true	"the org's id"
 //	@Param		registry		path	string	true	"the registry's address"
 func GetOrgRegistry(c *gin.Context) {
+	org := session.Org(c)
 	addr := c.Param("registry")

-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}
-
 	registryService := server.Config.Services.Manager.RegistryService()
-	registry, err := registryService.OrgRegistryFind(orgID, addr)
+	registry, err := registryService.OrgRegistryFind(org.ID, addr)
 	if err != nil {
 		handleDBError(c, err)
 		return
@ -65,16 +59,12 @@ func GetOrgRegistry(c *gin.Context) {
 //	@Param		page				query	int			false	"for response pagination, page offset number"	default(1)
 //	@Param		perPage			query	int			false	"for response pagination, max items per page"	default(50)
 func GetOrgRegistryList(c *gin.Context) {
-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}
+	org := session.Org(c)

 	registryService := server.Config.Services.Manager.RegistryService()
-	list, err := registryService.OrgRegistryList(orgID, session.Pagination(c))
+	list, err := registryService.OrgRegistryList(org.ID, session.Pagination(c))
 	if err != nil {
-		c.String(http.StatusInternalServerError, "Error getting registry list for %q. %s", orgID, err)
+		c.String(http.StatusInternalServerError, "Error getting registry list for %q. %s", org.ID, err)
 		return
 	}
 	// copy the registry detail to remove the sensitive
@ -96,31 +86,27 @@ func GetOrgRegistryList(c *gin.Context) {
 //	@Param		org_id					path	string		true	"the org's id"
 //	@Param		registryData		body	Registry	true	"the new registry"
 func PostOrgRegistry(c *gin.Context) {
-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}
+	org := session.Org(c)

 	in := new(model.Registry)
 	if err := c.Bind(in); err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org %q registry. %s", orgID, err)
+		c.String(http.StatusBadRequest, "Error parsing org %q registry. %s", org.ID, err)
 		return
 	}
 	registry := &model.Registry{
-		OrgID:    orgID,
+		OrgID:    org.ID,
 		Address:  in.Address,
 		Username: in.Username,
 		Password: in.Password,
 	}
 	if err := registry.Validate(); err != nil {
-		c.String(http.StatusUnprocessableEntity, "Error inserting org %q registry. %s", orgID, err)
+		c.String(http.StatusUnprocessableEntity, "Error inserting org %q registry. %s", org.ID, err)
 		return
 	}

 	registryService := server.Config.Services.Manager.RegistryService()
-	if err := registryService.OrgRegistryCreate(orgID, registry); err != nil {
-		c.String(http.StatusInternalServerError, "Error inserting org %q registry %q. %s", orgID, in.Address, err)
+	if err := registryService.OrgRegistryCreate(org.ID, registry); err != nil {
+		c.String(http.StatusInternalServerError, "Error inserting org %q registry %q. %s", org.ID, in.Address, err)
 		return
 	}
 	c.JSON(http.StatusOK, registry.Copy())
@ -138,22 +124,17 @@ func PostOrgRegistry(c *gin.Context) {
 //	@Param		registry			path	string		true	"the registry's name"
 //	@Param		registryData	body	Registry	true	"the update registry data"
 func PatchOrgRegistry(c *gin.Context) {
+	org := session.Org(c)
 	addr := c.Param("registry")
-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}

 	in := new(model.Registry)
-	err = c.Bind(in)
-	if err != nil {
+	if err := c.Bind(in); err != nil {
 		c.String(http.StatusBadRequest, "Error parsing registry. %s", err)
 		return
 	}

 	registryService := server.Config.Services.Manager.RegistryService()
-	registry, err := registryService.OrgRegistryFind(orgID, addr)
+	registry, err := registryService.OrgRegistryFind(org.ID, addr)
 	if err != nil {
 		handleDBError(c, err)
 		return
@ -169,12 +150,12 @@ func PatchOrgRegistry(c *gin.Context) {
 	}

 	if err := registry.Validate(); err != nil {
-		c.String(http.StatusUnprocessableEntity, "Error updating org %q registry. %s", orgID, err)
+		c.String(http.StatusUnprocessableEntity, "Error updating org %q registry. %s", org.ID, err)
 		return
 	}

-	if err := registryService.OrgRegistryUpdate(orgID, registry); err != nil {
-		c.String(http.StatusInternalServerError, "Error updating org %q registry %q. %s", orgID, in.Address, err)
+	if err := registryService.OrgRegistryUpdate(org.ID, registry); err != nil {
+		c.String(http.StatusInternalServerError, "Error updating org %q registry %q. %s", org.ID, in.Address, err)
 		return
 	}
 	c.JSON(http.StatusOK, registry.Copy())
@ -191,15 +172,11 @@ func PatchOrgRegistry(c *gin.Context) {
 //	@Param		org_id			path	string	true	"the org's id"
 //	@Param		registry		path	string	true	"the registry's name"
 func DeleteOrgRegistry(c *gin.Context) {
+	org := session.Org(c)
 	addr := c.Param("registry")
-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}

 	registryService := server.Config.Services.Manager.RegistryService()
-	if err := registryService.OrgRegistryDelete(orgID, addr); err != nil {
+	if err := registryService.OrgRegistryDelete(org.ID, addr); err != nil {
 		handleDBError(c, err)
 		return
 	}
--- a/server/api/org_secret.go
+++ b/server/api/org_secret.go
@ -16,7 +16,6 @@ package api

 import (
 	"net/http"
-	"strconv"

 	"github.com/gin-gonic/gin"

@ -36,16 +35,11 @@ import (
 //	@Param		org_id			path	string	true	"the org's id"
 //	@Param		secret			path	string	true	"the secret's name"
 func GetOrgSecret(c *gin.Context) {
+	org := session.Org(c)
 	name := c.Param("secret")

-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}
-
 	secretService := server.Config.Services.Manager.SecretService()
-	secret, err := secretService.OrgSecretFind(orgID, name)
+	secret, err := secretService.OrgSecretFind(org.ID, name)
 	if err != nil {
 		handleDBError(c, err)
 		return
@ -65,16 +59,12 @@ func GetOrgSecret(c *gin.Context) {
 //	@Param		page			query	int		false	"for response pagination, page offset number"	default(1)
 //	@Param		perPage			query	int		false	"for response pagination, max items per page"	default(50)
 func GetOrgSecretList(c *gin.Context) {
-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}
+	org := session.Org(c)

 	secretService := server.Config.Services.Manager.SecretService()
-	list, err := secretService.OrgSecretList(orgID, session.Pagination(c))
+	list, err := secretService.OrgSecretList(org.ID, session.Pagination(c))
 	if err != nil {
-		c.String(http.StatusInternalServerError, "Error getting secret list for %q. %s", orgID, err)
+		c.String(http.StatusInternalServerError, "Error getting secret list for %q. %s", org.ID, err)
 		return
 	}
 	// copy the secret detail to remove the sensitive
@ -96,32 +86,28 @@ func GetOrgSecretList(c *gin.Context) {
 //	@Param		org_id			path	string	true	"the org's id"
 //	@Param		secretData		body	Secret	true	"the new secret"
 func PostOrgSecret(c *gin.Context) {
-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}
+	org := session.Org(c)

 	in := new(model.Secret)
 	if err := c.Bind(in); err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org %q secret. %s", orgID, err)
+		c.String(http.StatusBadRequest, "Error parsing org %q secret. %s", org.ID, err)
 		return
 	}
 	secret := &model.Secret{
-		OrgID:  orgID,
+		OrgID:  org.ID,
 		Name:   in.Name,
 		Value:  in.Value,
 		Events: in.Events,
 		Images: in.Images,
 	}
 	if err := secret.Validate(); err != nil {
-		c.String(http.StatusUnprocessableEntity, "Error inserting org %q secret. %s", orgID, err)
+		c.String(http.StatusUnprocessableEntity, "Error inserting org %q secret. %s", org.ID, err)
 		return
 	}

 	secretService := server.Config.Services.Manager.SecretService()
-	if err := secretService.OrgSecretCreate(orgID, secret); err != nil {
-		c.String(http.StatusInternalServerError, "Error inserting org %q secret %q. %s", orgID, in.Name, err)
+	if err := secretService.OrgSecretCreate(org.ID, secret); err != nil {
+		c.String(http.StatusInternalServerError, "Error inserting org %q secret %q. %s", org.ID, in.Name, err)
 		return
 	}
 	c.JSON(http.StatusOK, secret.Copy())
@ -139,22 +125,17 @@ func PostOrgSecret(c *gin.Context) {
 //	@Param		secret			path	string	true	"the secret's name"
 //	@Param		secretData		body	Secret	true	"the update secret data"
 func PatchOrgSecret(c *gin.Context) {
+	org := session.Org(c)
 	name := c.Param("secret")
-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}

 	in := new(model.Secret)
-	err = c.Bind(in)
-	if err != nil {
+	if err := c.Bind(in); err != nil {
 		c.String(http.StatusBadRequest, "Error parsing secret. %s", err)
 		return
 	}

 	secretService := server.Config.Services.Manager.SecretService()
-	secret, err := secretService.OrgSecretFind(orgID, name)
+	secret, err := secretService.OrgSecretFind(org.ID, name)
 	if err != nil {
 		handleDBError(c, err)
 		return
@ -170,12 +151,12 @@ func PatchOrgSecret(c *gin.Context) {
 	}

 	if err := secret.Validate(); err != nil {
-		c.String(http.StatusUnprocessableEntity, "Error updating org %q secret. %s", orgID, err)
+		c.String(http.StatusUnprocessableEntity, "Error updating org %q secret. %s", org.ID, err)
 		return
 	}

-	if err := secretService.OrgSecretUpdate(orgID, secret); err != nil {
-		c.String(http.StatusInternalServerError, "Error updating org %q secret %q. %s", orgID, in.Name, err)
+	if err := secretService.OrgSecretUpdate(org.ID, secret); err != nil {
+		c.String(http.StatusInternalServerError, "Error updating org %q secret %q. %s", org.ID, in.Name, err)
 		return
 	}
 	c.JSON(http.StatusOK, secret.Copy())
@ -192,15 +173,11 @@ func PatchOrgSecret(c *gin.Context) {
 //	@Param		org_id			path	string	true	"the org's id"
 //	@Param		secret			path	string	true	"the secret's name"
 func DeleteOrgSecret(c *gin.Context) {
+	org := session.Org(c)
 	name := c.Param("secret")
-	orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-	if err != nil {
-		c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-		return
-	}

 	secretService := server.Config.Services.Manager.SecretService()
-	if err := secretService.OrgSecretDelete(orgID, name); err != nil {
+	if err := secretService.OrgSecretDelete(org.ID, name); err != nil {
 		handleDBError(c, err)
 		return
 	}
--- a/server/router/api.go
+++ b/server/router/api.go
@ -52,13 +52,15 @@ func apiRoutes(e *gin.RouterGroup) {
 			orgs.GET("/lookup/*org_full_name", api.LookupOrg)
 			orgBase := orgs.Group("/:org_id")
 			{
+				orgBase.Use(session.SetOrg())
+				orgBase.Use(session.MustOrg())
 				orgBase.GET("/permissions", api.GetOrgPermissions)
+				orgBase.GET("", session.MustOrgMember(false), api.GetOrg)

 				org := orgBase.Group("")
 				{
 					org.Use(session.MustOrgMember(true))
 					org.DELETE("", session.MustAdmin(), api.DeleteOrg)
-					org.GET("", api.GetOrg)

 					org.GET("/secrets", api.GetOrgSecretList)
 					org.POST("/secrets", api.PostOrgSecret)
--- a/server/router/middleware/session/org.go
+++ b/server/router/middleware/session/org.go
@ -0,0 +1,86 @@
+// Copyright 2024 Woodpecker Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package session
+
+import (
+	"errors"
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+
+	"go.woodpecker-ci.org/woodpecker/v2/server/model"
+	"go.woodpecker-ci.org/woodpecker/v2/server/store"
+	"go.woodpecker-ci.org/woodpecker/v2/server/store/types"
+)
+
+func Org(c *gin.Context) *model.Org {
+	v, ok := c.Get("org")
+	if !ok {
+		return nil
+	}
+	r, ok := v.(*model.Org)
+	if !ok {
+		return nil
+	}
+	return r
+}
+
+func SetOrg() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		var (
+			orgID int64
+			err   error
+		)
+
+		orgParam := c.Param("org_id")
+		if orgParam != "" {
+			orgID, err = strconv.ParseInt(orgParam, 10, 64)
+			if err != nil {
+				c.String(http.StatusBadRequest, "Invalid organization ID")
+				c.Abort()
+				return
+			}
+		}
+
+		org, err := store.FromContext(c).OrgGet(orgID)
+		if err != nil && !errors.Is(err, types.RecordNotExist) {
+			_ = c.AbortWithError(http.StatusInternalServerError, err)
+			return
+		}
+
+		if org == nil {
+			c.String(http.StatusNotFound, "Organization not found")
+			c.Abort()
+			return
+		}
+
+		c.Set("org", org)
+		c.Next()
+	}
+}
+
+func MustOrg() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		org := Org(c)
+		switch {
+		case org == nil:
+			c.String(http.StatusNotFound, "Organization not loaded")
+			c.Abort()
+		default:
+			c.Next()
+		}
+	}
+}
--- a/server/router/middleware/session/user.go
+++ b/server/router/middleware/session/user.go
@ -122,8 +122,6 @@ func MustUser() gin.HandlerFunc {

 func MustOrgMember(admin bool) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		_store := store.FromContext(c)
-
 		user := User(c)
 		if user == nil {
 			c.String(http.StatusUnauthorized, "User not authorized")
@ -131,15 +129,10 @@ func MustOrgMember(admin bool) gin.HandlerFunc {
 			return
 		}

-		orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
-		if err != nil {
-			c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
-			return
-		}
-
-		org, err := _store.OrgGet(orgID)
-		if err != nil {
-			c.String(http.StatusNotFound, "Organization not found")
+		org := Org(c)
+		if org == nil {
+			c.String(http.StatusBadRequest, "Organization not loaded")
+			c.Abort()
 			return
 		}