2024-11-23 10:21:00 +00:00 · 2016-02-14 03:38:31 +03:00 · 2016-02-14 03:38:31 +03:00 · b8b120afcc
commit b8b120afcc
parent 19a7ae53e6
3 changed files with 77 additions and 20 deletions
--- a/remote/gitlab/client/groups.go
+++ b/remote/gitlab/client/groups.go
@ -0,0 +1,53 @@
+package client
+
+import (
+	"encoding/json"
+	"strconv"
+)
+
+const (
+	groupsUrl = "/groups"
+)
+
+// Get a list of all projects owned by the authenticated user.
+func (g *Client) AllGroups() ([]*Namespace, error) {
+	var perPage = 100
+	var groups []*Namespace
+
+	for i := 1; true; i++ {
+		contents, err := g.Groups(i, perPage)
+		if err != nil {
+			return groups, err
+		}
+
+		for _, value := range contents {
+			groups = append(groups, value)
+		}
+
+		if len(groups) == 0 {
+			break
+		}
+
+		if len(groups)/i < perPage {
+			break
+		}
+	}
+
+	return groups, nil
+}
+
+func (g *Client) Groups(page, perPage int) ([]*Namespace, error) {
+	url, opaque := g.ResourceUrl(groupsUrl, nil, QMap{
+		"page":     strconv.Itoa(page),
+		"per_page": strconv.Itoa(perPage),
+	})
+
+	var groups []*Namespace
+
+	contents, err := g.Do("GET", url, opaque, nil)
+	if err == nil {
+		err = json.Unmarshal(contents, &groups)
+	}
+
+	return groups, err
+}
--- a/remote/gitlab/client/types.go
+++ b/remote/gitlab/client/types.go
@ -55,6 +55,7 @@ type Project struct {
 type Namespace struct {
 	Id   int    `json:"id,omitempty"`
 	Name string `json:"name,omitempty"`
+	Path string `json:"path,omitempty"`
 }

 type Person struct {
--- a/remote/gitlab/gitlab.go
+++ b/remote/gitlab/gitlab.go
@ -101,6 +101,28 @@ func (g *Gitlab) Login(res http.ResponseWriter, req *http.Request) (*model.User,
 	if err != nil {
 		return nil, false, err
 	}
+
+	if len(g.AllowedOrgs) != 0 {
+		groups, err := client.AllGroups()
+		if err != nil {
+			return nil, false, fmt.Errorf("Could not check org membership. %s", err)
+		}
+
+		var member bool
+		for _, group := range groups {
+			for _, allowedOrg := range g.AllowedOrgs {
+				if group.Path == allowedOrg {
+					member = true
+					break
+				}
+			}
+		}
+
+		if !member {
+			return nil, false, fmt.Errorf("User does not belong to correct group. Must belong to %v", g.AllowedOrgs)
+		}
+	}
+
 	user := &model.User{}
 	user.Login = login.Username
 	user.Email = login.Email
@ -113,7 +135,7 @@ func (g *Gitlab) Login(res http.ResponseWriter, req *http.Request) (*model.User,
 		user.Avatar = g.URL + "/" + login.AvatarUrl
 	}

-	return user, true, nil
+	return user, g.Open, nil
 }

 func (g *Gitlab) Auth(token, secret string) (string, error) {
@ -454,25 +476,6 @@ func (g *Gitlab) Oauth2Transport(r *http.Request) *oauth2.Transport {
 	}
 }

-// Accessor method, to allowed remote organizations field.
-func (g *Gitlab) GetOrgs() []string {
-	return g.AllowedOrgs
-}
-
-// Accessor method, to open field.
-func (g *Gitlab) GetOpen() bool {
-	return g.Open
-}
-
-// return default scope for GitHub
-func (g *Gitlab) Scope() string {
-	return DefaultScope
-}
-
-func (g *Gitlab) String() string {
-	return "gitlab"
-}
-
 const (
 	StatusPending  = "pending"
 	StatusRunning  = "running"