diff --git a/remote/gitlab/client/groups.go b/remote/gitlab/client/groups.go new file mode 100644 index 000000000..0e8f30d28 --- /dev/null +++ b/remote/gitlab/client/groups.go @@ -0,0 +1,53 @@ +package client + +import ( + "encoding/json" + "strconv" +) + +const ( + groupsUrl = "/groups" +) + +// Get a list of all projects owned by the authenticated user. +func (g *Client) AllGroups() ([]*Namespace, error) { + var perPage = 100 + var groups []*Namespace + + for i := 1; true; i++ { + contents, err := g.Groups(i, perPage) + if err != nil { + return groups, err + } + + for _, value := range contents { + groups = append(groups, value) + } + + if len(groups) == 0 { + break + } + + if len(groups)/i < perPage { + break + } + } + + return groups, nil +} + +func (g *Client) Groups(page, perPage int) ([]*Namespace, error) { + url, opaque := g.ResourceUrl(groupsUrl, nil, QMap{ + "page": strconv.Itoa(page), + "per_page": strconv.Itoa(perPage), + }) + + var groups []*Namespace + + contents, err := g.Do("GET", url, opaque, nil) + if err == nil { + err = json.Unmarshal(contents, &groups) + } + + return groups, err +} diff --git a/remote/gitlab/client/types.go b/remote/gitlab/client/types.go index dbd3db977..4c4e79c3e 100644 --- a/remote/gitlab/client/types.go +++ b/remote/gitlab/client/types.go @@ -55,6 +55,7 @@ type Project struct { type Namespace struct { Id int `json:"id,omitempty"` Name string `json:"name,omitempty"` + Path string `json:"path,omitempty"` } type Person struct { diff --git a/remote/gitlab/gitlab.go b/remote/gitlab/gitlab.go index 01b86e482..5087d1804 100644 --- a/remote/gitlab/gitlab.go +++ b/remote/gitlab/gitlab.go @@ -101,6 +101,28 @@ func (g *Gitlab) Login(res http.ResponseWriter, req *http.Request) (*model.User, if err != nil { return nil, false, err } + + if len(g.AllowedOrgs) != 0 { + groups, err := client.AllGroups() + if err != nil { + return nil, false, fmt.Errorf("Could not check org membership. %s", err) + } + + var member bool + for _, group := range groups { + for _, allowedOrg := range g.AllowedOrgs { + if group.Path == allowedOrg { + member = true + break + } + } + } + + if !member { + return nil, false, fmt.Errorf("User does not belong to correct group. Must belong to %v", g.AllowedOrgs) + } + } + user := &model.User{} user.Login = login.Username user.Email = login.Email @@ -113,7 +135,7 @@ func (g *Gitlab) Login(res http.ResponseWriter, req *http.Request) (*model.User, user.Avatar = g.URL + "/" + login.AvatarUrl } - return user, true, nil + return user, g.Open, nil } func (g *Gitlab) Auth(token, secret string) (string, error) { @@ -454,25 +476,6 @@ func (g *Gitlab) Oauth2Transport(r *http.Request) *oauth2.Transport { } } -// Accessor method, to allowed remote organizations field. -func (g *Gitlab) GetOrgs() []string { - return g.AllowedOrgs -} - -// Accessor method, to open field. -func (g *Gitlab) GetOpen() bool { - return g.Open -} - -// return default scope for GitHub -func (g *Gitlab) Scope() string { - return DefaultScope -} - -func (g *Gitlab) String() string { - return "gitlab" -} - const ( StatusPending = "pending" StatusRunning = "running"