GitLab allowed groups for login

This commit is contained in:
Kirill Zaitsev 2016-02-14 03:38:31 +03:00
parent 19a7ae53e6
commit b8b120afcc
3 changed files with 77 additions and 20 deletions

View file

@ -0,0 +1,53 @@
package client
import (
"encoding/json"
"strconv"
)
const (
groupsUrl = "/groups"
)
// Get a list of all projects owned by the authenticated user.
func (g *Client) AllGroups() ([]*Namespace, error) {
var perPage = 100
var groups []*Namespace
for i := 1; true; i++ {
contents, err := g.Groups(i, perPage)
if err != nil {
return groups, err
}
for _, value := range contents {
groups = append(groups, value)
}
if len(groups) == 0 {
break
}
if len(groups)/i < perPage {
break
}
}
return groups, nil
}
func (g *Client) Groups(page, perPage int) ([]*Namespace, error) {
url, opaque := g.ResourceUrl(groupsUrl, nil, QMap{
"page": strconv.Itoa(page),
"per_page": strconv.Itoa(perPage),
})
var groups []*Namespace
contents, err := g.Do("GET", url, opaque, nil)
if err == nil {
err = json.Unmarshal(contents, &groups)
}
return groups, err
}

View file

@ -55,6 +55,7 @@ type Project struct {
type Namespace struct { type Namespace struct {
Id int `json:"id,omitempty"` Id int `json:"id,omitempty"`
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
Path string `json:"path,omitempty"`
} }
type Person struct { type Person struct {

View file

@ -101,6 +101,28 @@ func (g *Gitlab) Login(res http.ResponseWriter, req *http.Request) (*model.User,
if err != nil { if err != nil {
return nil, false, err return nil, false, err
} }
if len(g.AllowedOrgs) != 0 {
groups, err := client.AllGroups()
if err != nil {
return nil, false, fmt.Errorf("Could not check org membership. %s", err)
}
var member bool
for _, group := range groups {
for _, allowedOrg := range g.AllowedOrgs {
if group.Path == allowedOrg {
member = true
break
}
}
}
if !member {
return nil, false, fmt.Errorf("User does not belong to correct group. Must belong to %v", g.AllowedOrgs)
}
}
user := &model.User{} user := &model.User{}
user.Login = login.Username user.Login = login.Username
user.Email = login.Email user.Email = login.Email
@ -113,7 +135,7 @@ func (g *Gitlab) Login(res http.ResponseWriter, req *http.Request) (*model.User,
user.Avatar = g.URL + "/" + login.AvatarUrl user.Avatar = g.URL + "/" + login.AvatarUrl
} }
return user, true, nil return user, g.Open, nil
} }
func (g *Gitlab) Auth(token, secret string) (string, error) { func (g *Gitlab) Auth(token, secret string) (string, error) {
@ -454,25 +476,6 @@ func (g *Gitlab) Oauth2Transport(r *http.Request) *oauth2.Transport {
} }
} }
// Accessor method, to allowed remote organizations field.
func (g *Gitlab) GetOrgs() []string {
return g.AllowedOrgs
}
// Accessor method, to open field.
func (g *Gitlab) GetOpen() bool {
return g.Open
}
// return default scope for GitHub
func (g *Gitlab) Scope() string {
return DefaultScope
}
func (g *Gitlab) String() string {
return "gitlab"
}
const ( const (
StatusPending = "pending" StatusPending = "pending"
StatusRunning = "running" StatusRunning = "running"