mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-01-06 23:55:27 +00:00
Use id to access orgs (#1873)
closes #1743 fixes: setting secrets for own user namespace - create org in database - use orgID for org related APIs Co-authored-by: 6543 <6543@obermui.de>
This commit is contained in:
parent
aec2051071
commit
e5d5ec8b47
51 changed files with 1261 additions and 392 deletions
|
@ -72,3 +72,9 @@ var RepoFlag = &cli.StringFlag{
|
||||||
Aliases: []string{"repo"},
|
Aliases: []string{"repo"},
|
||||||
Usage: "repository id or full-name (e.g. 134 or octocat/hello-world)",
|
Usage: "repository id or full-name (e.g. 134 or octocat/hello-world)",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var OrgFlag = &cli.StringFlag{
|
||||||
|
Name: "organization",
|
||||||
|
Aliases: []string{"org"},
|
||||||
|
Usage: "organization id or full-name (e.g. 123 or octocat)",
|
||||||
|
}
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
package secret
|
package secret
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/urfave/cli/v2"
|
"github.com/urfave/cli/v2"
|
||||||
|
@ -24,9 +26,9 @@ var Command = &cli.Command{
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
func parseTargetArgs(client woodpecker.Client, c *cli.Context) (global bool, owner string, repoID int64, err error) {
|
func parseTargetArgs(client woodpecker.Client, c *cli.Context) (global bool, orgID, repoID int64, err error) {
|
||||||
if c.Bool("global") {
|
if c.Bool("global") {
|
||||||
return true, "", -1, nil
|
return true, -1, -1, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
repoIDOrFullName := c.String("repository")
|
repoIDOrFullName := c.String("repository")
|
||||||
|
@ -34,19 +36,36 @@ func parseTargetArgs(client woodpecker.Client, c *cli.Context) (global bool, own
|
||||||
repoIDOrFullName = c.Args().First()
|
repoIDOrFullName = c.Args().First()
|
||||||
}
|
}
|
||||||
|
|
||||||
orgName := c.String("organization")
|
orgIDOrName := c.String("organization")
|
||||||
if orgName != "" && repoIDOrFullName == "" {
|
if orgIDOrName == "" && repoIDOrFullName == "" {
|
||||||
return false, orgName, -1, err
|
if err := cli.ShowSubcommandHelp(c); err != nil {
|
||||||
|
return false, -1, -1, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if orgName != "" && !strings.Contains(repoIDOrFullName, "/") {
|
return false, -1, -1, fmt.Errorf("missing arguments")
|
||||||
repoIDOrFullName = orgName + "/" + repoIDOrFullName
|
}
|
||||||
|
|
||||||
|
if orgIDOrName != "" && repoIDOrFullName == "" {
|
||||||
|
if orgID, err := strconv.ParseInt(orgIDOrName, 10, 64); err == nil {
|
||||||
|
return false, orgID, -1, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
org, err := client.OrgLookup(orgIDOrName)
|
||||||
|
if err != nil {
|
||||||
|
return false, -1, -1, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return false, org.ID, -1, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if orgIDOrName != "" && !strings.Contains(repoIDOrFullName, "/") {
|
||||||
|
repoIDOrFullName = orgIDOrName + "/" + repoIDOrFullName
|
||||||
}
|
}
|
||||||
|
|
||||||
repoID, err = internal.ParseRepo(client, repoIDOrFullName)
|
repoID, err = internal.ParseRepo(client, repoIDOrFullName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, "", -1, err
|
return false, -1, -1, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return false, "", repoID, nil
|
return false, -1, repoID, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,10 +21,7 @@ var secretCreateCmd = &cli.Command{
|
||||||
Name: "global",
|
Name: "global",
|
||||||
Usage: "global secret",
|
Usage: "global secret",
|
||||||
},
|
},
|
||||||
&cli.StringFlag{
|
common.OrgFlag,
|
||||||
Name: "organization",
|
|
||||||
Usage: "organization name (e.g. octocat)",
|
|
||||||
},
|
|
||||||
common.RepoFlag,
|
common.RepoFlag,
|
||||||
&cli.StringFlag{
|
&cli.StringFlag{
|
||||||
Name: "name",
|
Name: "name",
|
||||||
|
@ -74,7 +71,7 @@ func secretCreate(c *cli.Context) error {
|
||||||
secret.Value = string(out)
|
secret.Value = string(out)
|
||||||
}
|
}
|
||||||
|
|
||||||
global, owner, repoID, err := parseTargetArgs(client, c)
|
global, orgID, repoID, err := parseTargetArgs(client, c)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -83,10 +80,12 @@ func secretCreate(c *cli.Context) error {
|
||||||
_, err = client.GlobalSecretCreate(secret)
|
_, err = client.GlobalSecretCreate(secret)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if owner != "" {
|
|
||||||
_, err = client.OrgSecretCreate(owner, secret)
|
if orgID != -1 {
|
||||||
|
_, err = client.OrgSecretCreate(orgID, secret)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = client.SecretCreate(repoID, secret)
|
_, err = client.SecretCreate(repoID, secret)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,10 +21,7 @@ var secretInfoCmd = &cli.Command{
|
||||||
Name: "global",
|
Name: "global",
|
||||||
Usage: "global secret",
|
Usage: "global secret",
|
||||||
},
|
},
|
||||||
&cli.StringFlag{
|
common.OrgFlag,
|
||||||
Name: "organization",
|
|
||||||
Usage: "organization name (e.g. octocat)",
|
|
||||||
},
|
|
||||||
common.RepoFlag,
|
common.RepoFlag,
|
||||||
&cli.StringFlag{
|
&cli.StringFlag{
|
||||||
Name: "name",
|
Name: "name",
|
||||||
|
@ -44,7 +41,7 @@ func secretInfo(c *cli.Context) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
global, owner, repoID, err := parseTargetArgs(client, c)
|
global, orgID, repoID, err := parseTargetArgs(client, c)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -55,8 +52,8 @@ func secretInfo(c *cli.Context) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
} else if owner != "" {
|
} else if orgID != -1 {
|
||||||
secret, err = client.OrgSecret(owner, secretName)
|
secret, err = client.OrgSecret(orgID, secretName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,10 +22,7 @@ var secretListCmd = &cli.Command{
|
||||||
Name: "global",
|
Name: "global",
|
||||||
Usage: "global secret",
|
Usage: "global secret",
|
||||||
},
|
},
|
||||||
&cli.StringFlag{
|
common.OrgFlag,
|
||||||
Name: "organization",
|
|
||||||
Usage: "organization name (e.g. octocat)",
|
|
||||||
},
|
|
||||||
common.RepoFlag,
|
common.RepoFlag,
|
||||||
common.FormatFlag(tmplSecretList, true),
|
common.FormatFlag(tmplSecretList, true),
|
||||||
),
|
),
|
||||||
|
@ -39,7 +36,7 @@ func secretList(c *cli.Context) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
global, owner, repoID, err := parseTargetArgs(client, c)
|
global, orgID, repoID, err := parseTargetArgs(client, c)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -50,8 +47,8 @@ func secretList(c *cli.Context) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
} else if owner != "" {
|
} else if orgID != -1 {
|
||||||
list, err = client.OrgSecretList(owner)
|
list, err = client.OrgSecretList(orgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,10 +17,7 @@ var secretDeleteCmd = &cli.Command{
|
||||||
Name: "global",
|
Name: "global",
|
||||||
Usage: "global secret",
|
Usage: "global secret",
|
||||||
},
|
},
|
||||||
&cli.StringFlag{
|
common.OrgFlag,
|
||||||
Name: "organization",
|
|
||||||
Usage: "organization name (e.g. octocat)",
|
|
||||||
},
|
|
||||||
common.RepoFlag,
|
common.RepoFlag,
|
||||||
&cli.StringFlag{
|
&cli.StringFlag{
|
||||||
Name: "name",
|
Name: "name",
|
||||||
|
@ -37,7 +34,7 @@ func secretDelete(c *cli.Context) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
global, owner, repoID, err := parseTargetArgs(client, c)
|
global, orgID, repoID, err := parseTargetArgs(client, c)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -45,8 +42,8 @@ func secretDelete(c *cli.Context) error {
|
||||||
if global {
|
if global {
|
||||||
return client.GlobalSecretDelete(secretName)
|
return client.GlobalSecretDelete(secretName)
|
||||||
}
|
}
|
||||||
if owner != "" {
|
if orgID != -1 {
|
||||||
return client.OrgSecretDelete(owner, secretName)
|
return client.OrgSecretDelete(orgID, secretName)
|
||||||
}
|
}
|
||||||
return client.SecretDelete(repoID, secretName)
|
return client.SecretDelete(repoID, secretName)
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,10 +21,7 @@ var secretUpdateCmd = &cli.Command{
|
||||||
Name: "global",
|
Name: "global",
|
||||||
Usage: "global secret",
|
Usage: "global secret",
|
||||||
},
|
},
|
||||||
&cli.StringFlag{
|
common.OrgFlag,
|
||||||
Name: "organization",
|
|
||||||
Usage: "organization name (e.g. octocat)",
|
|
||||||
},
|
|
||||||
common.RepoFlag,
|
common.RepoFlag,
|
||||||
&cli.StringFlag{
|
&cli.StringFlag{
|
||||||
Name: "name",
|
Name: "name",
|
||||||
|
@ -71,7 +68,7 @@ func secretUpdate(c *cli.Context) error {
|
||||||
secret.Value = string(out)
|
secret.Value = string(out)
|
||||||
}
|
}
|
||||||
|
|
||||||
global, owner, repoID, err := parseTargetArgs(client, c)
|
global, orgID, repoID, err := parseTargetArgs(client, c)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -80,8 +77,8 @@ func secretUpdate(c *cli.Context) error {
|
||||||
_, err = client.GlobalSecretUpdate(secret)
|
_, err = client.GlobalSecretUpdate(secret)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if owner != "" {
|
if orgID != -1 {
|
||||||
_, err = client.OrgSecretUpdate(owner, secret)
|
_, err = client.OrgSecretUpdate(orgID, secret)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
_, err = client.SecretUpdate(repoID, secret)
|
_, err = client.SecretUpdate(repoID, secret)
|
||||||
|
|
|
@ -783,7 +783,82 @@ const docTemplate = `{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"/orgs/{owner}/permissions": {
|
"/org/lookup/{org_full_name}": {
|
||||||
|
"get": {
|
||||||
|
"produces": [
|
||||||
|
"application/json"
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
"Organizations"
|
||||||
|
],
|
||||||
|
"summary": "Lookup organization by full-name",
|
||||||
|
"parameters": [
|
||||||
|
{
|
||||||
|
"type": "string",
|
||||||
|
"default": "Bearer \u003cpersonal access token\u003e",
|
||||||
|
"description": "Insert your personal access token",
|
||||||
|
"name": "Authorization",
|
||||||
|
"in": "header",
|
||||||
|
"required": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "string",
|
||||||
|
"description": "the organizations full-name / slug",
|
||||||
|
"name": "org_full_name",
|
||||||
|
"in": "path",
|
||||||
|
"required": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"responses": {
|
||||||
|
"200": {
|
||||||
|
"description": "OK",
|
||||||
|
"schema": {
|
||||||
|
"$ref": "#/definitions/Org"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"/orgs/{org_id}": {
|
||||||
|
"get": {
|
||||||
|
"produces": [
|
||||||
|
"application/json"
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
"Organization"
|
||||||
|
],
|
||||||
|
"summary": "Get organization by id",
|
||||||
|
"parameters": [
|
||||||
|
{
|
||||||
|
"type": "string",
|
||||||
|
"default": "Bearer \u003cpersonal access token\u003e",
|
||||||
|
"description": "Insert your personal access token",
|
||||||
|
"name": "Authorization",
|
||||||
|
"in": "header",
|
||||||
|
"required": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "string",
|
||||||
|
"description": "the organziation's id",
|
||||||
|
"name": "org_id",
|
||||||
|
"in": "path",
|
||||||
|
"required": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"responses": {
|
||||||
|
"200": {
|
||||||
|
"description": "OK",
|
||||||
|
"schema": {
|
||||||
|
"type": "array",
|
||||||
|
"items": {
|
||||||
|
"$ref": "#/definitions/Org"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"/orgs/{org_id}/permissions": {
|
||||||
"get": {
|
"get": {
|
||||||
"produces": [
|
"produces": [
|
||||||
"application/json"
|
"application/json"
|
||||||
|
@ -803,8 +878,8 @@ const docTemplate = `{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"description": "the owner's name",
|
"description": "the organziation's id",
|
||||||
"name": "owner",
|
"name": "org_id",
|
||||||
"in": "path",
|
"in": "path",
|
||||||
"required": true
|
"required": true
|
||||||
}
|
}
|
||||||
|
@ -822,7 +897,7 @@ const docTemplate = `{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"/orgs/{owner}/secrets": {
|
"/orgs/{org_id}/secrets": {
|
||||||
"get": {
|
"get": {
|
||||||
"produces": [
|
"produces": [
|
||||||
"application/json"
|
"application/json"
|
||||||
|
@ -842,8 +917,8 @@ const docTemplate = `{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"description": "the owner's name",
|
"description": "the org's id",
|
||||||
"name": "owner",
|
"name": "org_id",
|
||||||
"in": "path",
|
"in": "path",
|
||||||
"required": true
|
"required": true
|
||||||
},
|
},
|
||||||
|
@ -873,52 +948,9 @@ const docTemplate = `{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
|
||||||
"post": {
|
|
||||||
"produces": [
|
|
||||||
"application/json"
|
|
||||||
],
|
|
||||||
"tags": [
|
|
||||||
"Organization secrets"
|
|
||||||
],
|
|
||||||
"summary": "Persist/create an organization secret",
|
|
||||||
"parameters": [
|
|
||||||
{
|
|
||||||
"type": "string",
|
|
||||||
"default": "Bearer \u003cpersonal access token\u003e",
|
|
||||||
"description": "Insert your personal access token",
|
|
||||||
"name": "Authorization",
|
|
||||||
"in": "header",
|
|
||||||
"required": true
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "string",
|
|
||||||
"description": "the owner's name",
|
|
||||||
"name": "owner",
|
|
||||||
"in": "path",
|
|
||||||
"required": true
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"description": "the new secret",
|
|
||||||
"name": "secretData",
|
|
||||||
"in": "body",
|
|
||||||
"required": true,
|
|
||||||
"schema": {
|
|
||||||
"$ref": "#/definitions/Secret"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"responses": {
|
|
||||||
"200": {
|
|
||||||
"description": "OK",
|
|
||||||
"schema": {
|
|
||||||
"$ref": "#/definitions/Secret"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"/orgs/{owner}/secrets/{secret}": {
|
"/orgs/{org_id}/secrets/{secret}": {
|
||||||
"get": {
|
"get": {
|
||||||
"produces": [
|
"produces": [
|
||||||
"application/json"
|
"application/json"
|
||||||
|
@ -938,8 +970,8 @@ const docTemplate = `{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"description": "the owner's name",
|
"description": "the org's id",
|
||||||
"name": "owner",
|
"name": "org_id",
|
||||||
"in": "path",
|
"in": "path",
|
||||||
"required": true
|
"required": true
|
||||||
},
|
},
|
||||||
|
@ -979,8 +1011,8 @@ const docTemplate = `{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"description": "the owner's name",
|
"description": "the org's id",
|
||||||
"name": "owner",
|
"name": "org_id",
|
||||||
"in": "path",
|
"in": "path",
|
||||||
"required": true
|
"required": true
|
||||||
},
|
},
|
||||||
|
@ -1017,8 +1049,8 @@ const docTemplate = `{
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"description": "the owner's name",
|
"description": "the org's id",
|
||||||
"name": "owner",
|
"name": "org_id",
|
||||||
"in": "path",
|
"in": "path",
|
||||||
"required": true
|
"required": true
|
||||||
},
|
},
|
||||||
|
@ -1049,6 +1081,51 @@ const docTemplate = `{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"/orgs/{owner}/secrets": {
|
||||||
|
"post": {
|
||||||
|
"produces": [
|
||||||
|
"application/json"
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
"Organization secrets"
|
||||||
|
],
|
||||||
|
"summary": "Persist/create an organization secret",
|
||||||
|
"parameters": [
|
||||||
|
{
|
||||||
|
"type": "string",
|
||||||
|
"default": "Bearer \u003cpersonal access token\u003e",
|
||||||
|
"description": "Insert your personal access token",
|
||||||
|
"name": "Authorization",
|
||||||
|
"in": "header",
|
||||||
|
"required": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "string",
|
||||||
|
"description": "the org's id",
|
||||||
|
"name": "org_id",
|
||||||
|
"in": "path",
|
||||||
|
"required": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "the new secret",
|
||||||
|
"name": "secretData",
|
||||||
|
"in": "body",
|
||||||
|
"required": true,
|
||||||
|
"schema": {
|
||||||
|
"$ref": "#/definitions/Secret"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"responses": {
|
||||||
|
"200": {
|
||||||
|
"description": "OK",
|
||||||
|
"schema": {
|
||||||
|
"$ref": "#/definitions/Secret"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"/pipelines": {
|
"/pipelines": {
|
||||||
"get": {
|
"get": {
|
||||||
"produces": [
|
"produces": [
|
||||||
|
@ -3603,6 +3680,20 @@ const docTemplate = `{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"Org": {
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"id": {
|
||||||
|
"type": "integer"
|
||||||
|
},
|
||||||
|
"is_user": {
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
|
"name": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"OrgPerm": {
|
"OrgPerm": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
|
@ -3845,6 +3936,9 @@ const docTemplate = `{
|
||||||
"netrc_only_trusted": {
|
"netrc_only_trusted": {
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
},
|
},
|
||||||
|
"org_id": {
|
||||||
|
"type": "integer"
|
||||||
|
},
|
||||||
"owner": {
|
"owner": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
|
|
|
@ -86,7 +86,7 @@ func HandleAuth(c *gin.Context) {
|
||||||
if len(config.Orgs) != 0 {
|
if len(config.Orgs) != 0 {
|
||||||
teams, terr := _forge.Teams(c, tmpuser)
|
teams, terr := _forge.Teams(c, tmpuser)
|
||||||
if terr != nil || !config.IsMember(teams) {
|
if terr != nil || !config.IsMember(teams) {
|
||||||
log.Error().Msgf("cannot verify team membership for %s.", u.Login)
|
log.Error().Err(terr).Msgf("cannot verify team membership for %s.", u.Login)
|
||||||
c.Redirect(303, "/login?error=access_denied")
|
c.Redirect(303, "/login?error=access_denied")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -111,6 +111,15 @@ func HandleAuth(c *gin.Context) {
|
||||||
c.Redirect(http.StatusSeeOther, "/login?error=internal_error")
|
c.Redirect(http.StatusSeeOther, "/login?error=internal_error")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// if another user already have activated repos on behave of that user,
|
||||||
|
// the user was stored as org. now we adopt it to the user.
|
||||||
|
if org, err := _store.OrgFindByName(u.Login); err == nil && org != nil {
|
||||||
|
org.IsUser = true
|
||||||
|
if err := _store.OrgUpdate(org); err != nil {
|
||||||
|
log.Error().Err(err).Msgf("on user creation, could not mark org as user")
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// update the user meta data and authorization data.
|
// update the user meta data and authorization data.
|
||||||
|
@ -127,7 +136,7 @@ func HandleAuth(c *gin.Context) {
|
||||||
if len(config.Orgs) != 0 {
|
if len(config.Orgs) != 0 {
|
||||||
teams, terr := _forge.Teams(c, u)
|
teams, terr := _forge.Teams(c, u)
|
||||||
if terr != nil || !config.IsMember(teams) {
|
if terr != nil || !config.IsMember(teams) {
|
||||||
log.Error().Msgf("cannot verify team membership for %s.", u.Login)
|
log.Error().Err(terr).Msgf("cannot verify team membership for %s.", u.Login)
|
||||||
c.Redirect(http.StatusSeeOther, "/login?error=access_denied")
|
c.Redirect(http.StatusSeeOther, "/login?error=access_denied")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,41 +15,149 @@
|
||||||
package api
|
package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/rs/zerolog/log"
|
||||||
"github.com/woodpecker-ci/woodpecker/server"
|
"github.com/woodpecker-ci/woodpecker/server"
|
||||||
"github.com/woodpecker-ci/woodpecker/server/model"
|
"github.com/woodpecker-ci/woodpecker/server/model"
|
||||||
"github.com/woodpecker-ci/woodpecker/server/router/middleware/session"
|
"github.com/woodpecker-ci/woodpecker/server/router/middleware/session"
|
||||||
|
"github.com/woodpecker-ci/woodpecker/server/store"
|
||||||
|
"github.com/woodpecker-ci/woodpecker/server/store/types"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// GetOrg
|
||||||
|
//
|
||||||
|
// @Summary Get organization by id
|
||||||
|
// @Router /orgs/{org_id} [get]
|
||||||
|
// @Produce json
|
||||||
|
// @Success 200 {array} Org
|
||||||
|
// @Tags Organization
|
||||||
|
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
||||||
|
// @Param org_id path string true "the organziation's id"
|
||||||
|
func GetOrg(c *gin.Context) {
|
||||||
|
_store := store.FromContext(c)
|
||||||
|
|
||||||
|
orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
|
||||||
|
if err != nil {
|
||||||
|
c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
org, err := _store.OrgGet(orgID)
|
||||||
|
if err != nil {
|
||||||
|
if errors.Is(err, types.RecordNotExist) {
|
||||||
|
c.AbortWithStatus(http.StatusNotFound)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
_ = c.AbortWithError(http.StatusInternalServerError, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
c.JSON(http.StatusOK, org)
|
||||||
|
}
|
||||||
|
|
||||||
// GetOrgPermissions
|
// GetOrgPermissions
|
||||||
//
|
//
|
||||||
// @Summary Get the permissions of the current user in the given organization
|
// @Summary Get the permissions of the current user in the given organization
|
||||||
// @Router /orgs/{owner}/permissions [get]
|
// @Router /orgs/{org_id}/permissions [get]
|
||||||
// @Produce json
|
// @Produce json
|
||||||
// @Success 200 {array} OrgPerm
|
// @Success 200 {array} OrgPerm
|
||||||
// @Tags Organization permissions
|
// @Tags Organization permissions
|
||||||
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
||||||
// @Param owner path string true "the owner's name"
|
// @Param org_id path string true "the organziation's id"
|
||||||
func GetOrgPermissions(c *gin.Context) {
|
func GetOrgPermissions(c *gin.Context) {
|
||||||
var (
|
user := session.User(c)
|
||||||
err error
|
_store := store.FromContext(c)
|
||||||
user = session.User(c)
|
|
||||||
owner = c.Param("owner")
|
orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
|
||||||
)
|
if err != nil {
|
||||||
|
c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if user == nil {
|
if user == nil {
|
||||||
c.JSON(http.StatusOK, &model.OrgPerm{})
|
c.JSON(http.StatusOK, &model.OrgPerm{})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
perm, err := server.Config.Services.Membership.Get(c, user, owner)
|
org, err := _store.OrgGet(orgID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.String(http.StatusInternalServerError, "Error getting membership for %q. %s", owner, err)
|
c.String(http.StatusInternalServerError, "Error getting org %d. %s", orgID, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if (org.IsUser && org.Name == user.Login) || user.Admin {
|
||||||
|
c.JSON(http.StatusOK, &model.OrgPerm{
|
||||||
|
Member: true,
|
||||||
|
Admin: true,
|
||||||
|
})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
perm, err := server.Config.Services.Membership.Get(c, user, org.Name)
|
||||||
|
if err != nil {
|
||||||
|
c.String(http.StatusInternalServerError, "Error getting membership for %d. %s", orgID, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
c.JSON(http.StatusOK, perm)
|
c.JSON(http.StatusOK, perm)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// LookupOrg
|
||||||
|
//
|
||||||
|
// @Summary Lookup organization by full-name
|
||||||
|
// @Router /org/lookup/{org_full_name} [get]
|
||||||
|
// @Produce json
|
||||||
|
// @Success 200 {object} Org
|
||||||
|
// @Tags Organizations
|
||||||
|
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
||||||
|
// @Param org_full_name path string true "the organizations full-name / slug"
|
||||||
|
func LookupOrg(c *gin.Context) {
|
||||||
|
_store := store.FromContext(c)
|
||||||
|
|
||||||
|
orgFullName := strings.TrimLeft(c.Param("org_full_name"), "/")
|
||||||
|
|
||||||
|
org, err := _store.OrgFindByName(orgFullName)
|
||||||
|
if err != nil {
|
||||||
|
if errors.Is(err, types.RecordNotExist) {
|
||||||
|
c.AbortWithStatus(http.StatusNotFound)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
_ = c.AbortWithError(http.StatusInternalServerError, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// don't leak private org infos
|
||||||
|
if org.Private {
|
||||||
|
user := session.User(c)
|
||||||
|
if user == nil {
|
||||||
|
c.AbortWithStatus(http.StatusNotFound)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if !user.Admin && org.Name != user.Login {
|
||||||
|
c.AbortWithStatus(http.StatusNotFound)
|
||||||
|
return
|
||||||
|
} else if !user.Admin {
|
||||||
|
perm, err := server.Config.Services.Membership.Get(c, user, org.Name)
|
||||||
|
if err != nil {
|
||||||
|
log.Error().Msgf("Failed to check membership: %v", err)
|
||||||
|
c.String(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if perm == nil || !perm.Member {
|
||||||
|
c.AbortWithStatus(http.StatusNotFound)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
c.JSON(http.StatusOK, org)
|
||||||
|
}
|
||||||
|
|
|
@ -16,6 +16,7 @@ package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/woodpecker-ci/woodpecker/server/router/middleware/session"
|
"github.com/woodpecker-ci/woodpecker/server/router/middleware/session"
|
||||||
|
@ -27,19 +28,23 @@ import (
|
||||||
// GetOrgSecret
|
// GetOrgSecret
|
||||||
//
|
//
|
||||||
// @Summary Get the named organization secret
|
// @Summary Get the named organization secret
|
||||||
// @Router /orgs/{owner}/secrets/{secret} [get]
|
// @Router /orgs/{org_id}/secrets/{secret} [get]
|
||||||
// @Produce json
|
// @Produce json
|
||||||
// @Success 200 {object} Secret
|
// @Success 200 {object} Secret
|
||||||
// @Tags Organization secrets
|
// @Tags Organization secrets
|
||||||
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
||||||
// @Param owner path string true "the owner's name"
|
// @Param org_id path string true "the org's id"
|
||||||
// @Param secret path string true "the secret's name"
|
// @Param secret path string true "the secret's name"
|
||||||
func GetOrgSecret(c *gin.Context) {
|
func GetOrgSecret(c *gin.Context) {
|
||||||
var (
|
name := c.Param("secret")
|
||||||
owner = c.Param("owner")
|
|
||||||
name = c.Param("secret")
|
orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
|
||||||
)
|
if err != nil {
|
||||||
secret, err := server.Config.Services.Secrets.OrgSecretFind(owner, name)
|
c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
secret, err := server.Config.Services.Secrets.OrgSecretFind(orgID, name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
handleDbGetError(c, err)
|
handleDbGetError(c, err)
|
||||||
return
|
return
|
||||||
|
@ -50,19 +55,24 @@ func GetOrgSecret(c *gin.Context) {
|
||||||
// GetOrgSecretList
|
// GetOrgSecretList
|
||||||
//
|
//
|
||||||
// @Summary Get the organization secret list
|
// @Summary Get the organization secret list
|
||||||
// @Router /orgs/{owner}/secrets [get]
|
// @Router /orgs/{org_id}/secrets [get]
|
||||||
// @Produce json
|
// @Produce json
|
||||||
// @Success 200 {array} Secret
|
// @Success 200 {array} Secret
|
||||||
// @Tags Organization secrets
|
// @Tags Organization secrets
|
||||||
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
||||||
// @Param owner path string true "the owner's name"
|
// @Param org_id path string true "the org's id"
|
||||||
// @Param page query int false "for response pagination, page offset number" default(1)
|
// @Param page query int false "for response pagination, page offset number" default(1)
|
||||||
// @Param perPage query int false "for response pagination, max items per page" default(50)
|
// @Param perPage query int false "for response pagination, max items per page" default(50)
|
||||||
func GetOrgSecretList(c *gin.Context) {
|
func GetOrgSecretList(c *gin.Context) {
|
||||||
owner := c.Param("owner")
|
orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
|
||||||
list, err := server.Config.Services.Secrets.OrgSecretList(owner, session.Pagination(c))
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.String(http.StatusInternalServerError, "Error getting secret list for %q. %s", owner, err)
|
c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
list, err := server.Config.Services.Secrets.OrgSecretList(orgID, session.Pagination(c))
|
||||||
|
if err != nil {
|
||||||
|
c.String(http.StatusInternalServerError, "Error getting secret list for %q. %s", orgID, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
// copy the secret detail to remove the sensitive
|
// copy the secret detail to remove the sensitive
|
||||||
|
@ -81,18 +91,22 @@ func GetOrgSecretList(c *gin.Context) {
|
||||||
// @Success 200 {object} Secret
|
// @Success 200 {object} Secret
|
||||||
// @Tags Organization secrets
|
// @Tags Organization secrets
|
||||||
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
||||||
// @Param owner path string true "the owner's name"
|
// @Param org_id path string true "the org's id"
|
||||||
// @Param secretData body Secret true "the new secret"
|
// @Param secretData body Secret true "the new secret"
|
||||||
func PostOrgSecret(c *gin.Context) {
|
func PostOrgSecret(c *gin.Context) {
|
||||||
owner := c.Param("owner")
|
orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
|
||||||
|
if err != nil {
|
||||||
|
c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
in := new(model.Secret)
|
in := new(model.Secret)
|
||||||
if err := c.Bind(in); err != nil {
|
if err := c.Bind(in); err != nil {
|
||||||
c.String(http.StatusBadRequest, "Error parsing org %q secret. %s", owner, err)
|
c.String(http.StatusBadRequest, "Error parsing org %q secret. %s", orgID, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
secret := &model.Secret{
|
secret := &model.Secret{
|
||||||
Owner: owner,
|
OrgID: orgID,
|
||||||
Name: in.Name,
|
Name: in.Name,
|
||||||
Value: in.Value,
|
Value: in.Value,
|
||||||
Events: in.Events,
|
Events: in.Events,
|
||||||
|
@ -100,11 +114,11 @@ func PostOrgSecret(c *gin.Context) {
|
||||||
PluginsOnly: in.PluginsOnly,
|
PluginsOnly: in.PluginsOnly,
|
||||||
}
|
}
|
||||||
if err := secret.Validate(); err != nil {
|
if err := secret.Validate(); err != nil {
|
||||||
c.String(http.StatusUnprocessableEntity, "Error inserting org %q secret. %s", owner, err)
|
c.String(http.StatusUnprocessableEntity, "Error inserting org %q secret. %s", orgID, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err := server.Config.Services.Secrets.OrgSecretCreate(owner, secret); err != nil {
|
if err := server.Config.Services.Secrets.OrgSecretCreate(orgID, secret); err != nil {
|
||||||
c.String(http.StatusInternalServerError, "Error inserting org %q secret %q. %s", owner, in.Name, err)
|
c.String(http.StatusInternalServerError, "Error inserting org %q secret %q. %s", orgID, in.Name, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
c.JSON(http.StatusOK, secret.Copy())
|
c.JSON(http.StatusOK, secret.Copy())
|
||||||
|
@ -113,28 +127,30 @@ func PostOrgSecret(c *gin.Context) {
|
||||||
// PatchOrgSecret
|
// PatchOrgSecret
|
||||||
//
|
//
|
||||||
// @Summary Update an organization secret
|
// @Summary Update an organization secret
|
||||||
// @Router /orgs/{owner}/secrets/{secret} [patch]
|
// @Router /orgs/{org_id}/secrets/{secret} [patch]
|
||||||
// @Produce json
|
// @Produce json
|
||||||
// @Success 200 {object} Secret
|
// @Success 200 {object} Secret
|
||||||
// @Tags Organization secrets
|
// @Tags Organization secrets
|
||||||
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
||||||
// @Param owner path string true "the owner's name"
|
// @Param org_id path string true "the org's id"
|
||||||
// @Param secret path string true "the secret's name"
|
// @Param secret path string true "the secret's name"
|
||||||
// @Param secretData body Secret true "the update secret data"
|
// @Param secretData body Secret true "the update secret data"
|
||||||
func PatchOrgSecret(c *gin.Context) {
|
func PatchOrgSecret(c *gin.Context) {
|
||||||
var (
|
name := c.Param("secret")
|
||||||
owner = c.Param("owner")
|
orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
|
||||||
name = c.Param("secret")
|
if err != nil {
|
||||||
)
|
c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
in := new(model.Secret)
|
in := new(model.Secret)
|
||||||
err := c.Bind(in)
|
err = c.Bind(in)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.String(http.StatusBadRequest, "Error parsing secret. %s", err)
|
c.String(http.StatusBadRequest, "Error parsing secret. %s", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
secret, err := server.Config.Services.Secrets.OrgSecretFind(owner, name)
|
secret, err := server.Config.Services.Secrets.OrgSecretFind(orgID, name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
handleDbGetError(c, err)
|
handleDbGetError(c, err)
|
||||||
return
|
return
|
||||||
|
@ -151,11 +167,11 @@ func PatchOrgSecret(c *gin.Context) {
|
||||||
secret.PluginsOnly = in.PluginsOnly
|
secret.PluginsOnly = in.PluginsOnly
|
||||||
|
|
||||||
if err := secret.Validate(); err != nil {
|
if err := secret.Validate(); err != nil {
|
||||||
c.String(http.StatusUnprocessableEntity, "Error updating org %q secret. %s", owner, err)
|
c.String(http.StatusUnprocessableEntity, "Error updating org %q secret. %s", orgID, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err := server.Config.Services.Secrets.OrgSecretUpdate(owner, secret); err != nil {
|
if err := server.Config.Services.Secrets.OrgSecretUpdate(orgID, secret); err != nil {
|
||||||
c.String(http.StatusInternalServerError, "Error updating org %q secret %q. %s", owner, in.Name, err)
|
c.String(http.StatusInternalServerError, "Error updating org %q secret %q. %s", orgID, in.Name, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
c.JSON(http.StatusOK, secret.Copy())
|
c.JSON(http.StatusOK, secret.Copy())
|
||||||
|
@ -164,19 +180,22 @@ func PatchOrgSecret(c *gin.Context) {
|
||||||
// DeleteOrgSecret
|
// DeleteOrgSecret
|
||||||
//
|
//
|
||||||
// @Summary Delete the named secret from an organization
|
// @Summary Delete the named secret from an organization
|
||||||
// @Router /orgs/{owner}/secrets/{secret} [delete]
|
// @Router /orgs/{org_id}/secrets/{secret} [delete]
|
||||||
// @Produce plain
|
// @Produce plain
|
||||||
// @Success 200
|
// @Success 200
|
||||||
// @Tags Organization secrets
|
// @Tags Organization secrets
|
||||||
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
||||||
// @Param owner path string true "the owner's name"
|
// @Param org_id path string true "the org's id"
|
||||||
// @Param secret path string true "the secret's name"
|
// @Param secret path string true "the secret's name"
|
||||||
func DeleteOrgSecret(c *gin.Context) {
|
func DeleteOrgSecret(c *gin.Context) {
|
||||||
var (
|
name := c.Param("secret")
|
||||||
owner = c.Param("owner")
|
orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
|
||||||
name = c.Param("secret")
|
if err != nil {
|
||||||
)
|
c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
|
||||||
if err := server.Config.Services.Secrets.OrgSecretDelete(owner, name); err != nil {
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := server.Config.Services.Secrets.OrgSecretDelete(orgID, name); err != nil {
|
||||||
handleDbGetError(c, err)
|
handleDbGetError(c, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -119,6 +119,31 @@ func PostRepo(c *gin.Context) {
|
||||||
sig,
|
sig,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// find org of repo
|
||||||
|
var org *model.Org
|
||||||
|
org, err = _store.OrgFindByName(repo.Owner)
|
||||||
|
if err != nil && !errors.Is(err, types.RecordNotExist) {
|
||||||
|
c.String(http.StatusInternalServerError, err.Error())
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// create an org if it doesn't exist yet
|
||||||
|
if errors.Is(err, types.RecordNotExist) {
|
||||||
|
org, err = forge.Org(c, user, repo.Owner)
|
||||||
|
if err != nil {
|
||||||
|
c.String(http.StatusInternalServerError, "Could not fetch organization from forge.")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
err = _store.OrgCreate(org)
|
||||||
|
if err != nil {
|
||||||
|
c.String(http.StatusInternalServerError, err.Error())
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
repo.OrgID = org.ID
|
||||||
|
|
||||||
err = forge.Activate(c, user, repo, link)
|
err = forge.Activate(c, user, repo, link)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.String(http.StatusInternalServerError, err.Error())
|
c.String(http.StatusInternalServerError, err.Error())
|
||||||
|
|
25
server/cache/membership.go
vendored
25
server/cache/membership.go
vendored
|
@ -16,6 +16,7 @@ package cache
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/woodpecker-ci/woodpecker/server/forge"
|
"github.com/woodpecker-ci/woodpecker/server/forge"
|
||||||
|
@ -27,37 +28,37 @@ import (
|
||||||
// MembershipService is a service to check for user membership.
|
// MembershipService is a service to check for user membership.
|
||||||
type MembershipService interface {
|
type MembershipService interface {
|
||||||
// Get returns if the user is a member of the organization.
|
// Get returns if the user is a member of the organization.
|
||||||
Get(ctx context.Context, u *model.User, name string) (*model.OrgPerm, error)
|
Get(ctx context.Context, u *model.User, org string) (*model.OrgPerm, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
type membershipCache struct {
|
type membershipCache struct {
|
||||||
Forge forge.Forge
|
forge forge.Forge
|
||||||
Cache *ttlcache.Cache[string, *model.OrgPerm]
|
cache *ttlcache.Cache[string, *model.OrgPerm]
|
||||||
TTL time.Duration
|
ttl time.Duration
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewMembershipService creates a new membership service.
|
// NewMembershipService creates a new membership service.
|
||||||
func NewMembershipService(f forge.Forge) MembershipService {
|
func NewMembershipService(f forge.Forge) MembershipService {
|
||||||
return &membershipCache{
|
return &membershipCache{
|
||||||
TTL: 10 * time.Minute,
|
ttl: 10 * time.Minute,
|
||||||
Forge: f,
|
forge: f,
|
||||||
Cache: ttlcache.New(ttlcache.WithDisableTouchOnHit[string, *model.OrgPerm]()),
|
cache: ttlcache.New(ttlcache.WithDisableTouchOnHit[string, *model.OrgPerm]()),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get returns if the user is a member of the organization.
|
// Get returns if the user is a member of the organization.
|
||||||
func (c *membershipCache) Get(ctx context.Context, u *model.User, name string) (*model.OrgPerm, error) {
|
func (c *membershipCache) Get(ctx context.Context, u *model.User, org string) (*model.OrgPerm, error) {
|
||||||
key := u.Login + "/" + name
|
key := fmt.Sprintf("%s-%s", u.ForgeRemoteID, org)
|
||||||
// Error can be safely ignored, as cache can only return error from loaders.
|
// Error can be safely ignored, as cache can only return error from loaders.
|
||||||
item, _ := c.Cache.Get(key)
|
item, _ := c.cache.Get(key)
|
||||||
if item != nil && !item.IsExpired() {
|
if item != nil && !item.IsExpired() {
|
||||||
return item.Value(), nil
|
return item.Value(), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
perm, err := c.Forge.OrgMembership(ctx, u, name)
|
perm, err := c.forge.OrgMembership(ctx, u, org)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
c.Cache.Set(key, perm, c.TTL)
|
c.cache.Set(key, perm, c.ttl)
|
||||||
return perm, nil
|
return perm, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -334,6 +334,18 @@ func (c *config) OrgMembership(ctx context.Context, u *model.User, owner string)
|
||||||
return &model.OrgPerm{Member: perm != "", Admin: perm == "owner"}, nil
|
return &model.OrgPerm{Member: perm != "", Admin: perm == "owner"}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *config) Org(ctx context.Context, u *model.User, owner string) (*model.Org, error) {
|
||||||
|
workspace, err := c.newClient(ctx, u).GetWorkspace(owner)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return &model.Org{
|
||||||
|
Name: workspace.Slug,
|
||||||
|
IsUser: false, // bitbucket uses workspaces (similar to orgs) for teams and single users so we can not distinguish between them
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
// helper function to return the bitbucket oauth2 client
|
// helper function to return the bitbucket oauth2 client
|
||||||
func (c *config) newClient(ctx context.Context, u *model.User) *internal.Client {
|
func (c *config) newClient(ctx context.Context, u *model.User) *internal.Client {
|
||||||
if u == nil {
|
if u == nil {
|
||||||
|
|
|
@ -226,6 +226,13 @@ func (c *Client) ListPullRequests(owner, name string, opts *ListOpts) ([]*PullRe
|
||||||
return out.Values, err
|
return out.Values, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Client) GetWorkspace(name string) (*Workspace, error) {
|
||||||
|
out := new(Workspace)
|
||||||
|
uri := fmt.Sprintf(pathWorkspace, c.base, name)
|
||||||
|
_, err := c.do(uri, get, nil, out)
|
||||||
|
return out, err
|
||||||
|
}
|
||||||
|
|
||||||
func (c *Client) do(rawurl, method string, in, out interface{}) (*string, error) {
|
func (c *Client) do(rawurl, method string, in, out interface{}) (*string, error) {
|
||||||
uri, err := url.Parse(rawurl)
|
uri, err := url.Parse(rawurl)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -52,7 +52,7 @@ type Forge interface {
|
||||||
// Repos fetches a list of repos from the forge.
|
// Repos fetches a list of repos from the forge.
|
||||||
Repos(ctx context.Context, u *model.User) ([]*model.Repo, error)
|
Repos(ctx context.Context, u *model.User) ([]*model.Repo, error)
|
||||||
|
|
||||||
// File fetches a file from the forge repository and returns in string
|
// File fetches a file from the forge repository and returns it in string
|
||||||
// format.
|
// format.
|
||||||
File(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]byte, error)
|
File(ctx context.Context, u *model.User, r *model.Repo, b *model.Pipeline, f string) ([]byte, error)
|
||||||
|
|
||||||
|
@ -89,7 +89,10 @@ type Forge interface {
|
||||||
|
|
||||||
// OrgMembership returns if user is member of organization and if user
|
// OrgMembership returns if user is member of organization and if user
|
||||||
// is admin/owner in that organization.
|
// is admin/owner in that organization.
|
||||||
OrgMembership(ctx context.Context, u *model.User, owner string) (*model.OrgPerm, error)
|
OrgMembership(ctx context.Context, u *model.User, org string) (*model.OrgPerm, error)
|
||||||
|
|
||||||
|
// Org fetches the organization from the forge by name. If the name is a user an org with type user is returned.
|
||||||
|
Org(ctx context.Context, u *model.User, org string) (*model.Org, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Refresher refreshes an oauth token and expiration for the given user. It
|
// Refresher refreshes an oauth token and expiration for the given user. It
|
||||||
|
|
|
@ -528,6 +528,32 @@ func (c *Gitea) OrgMembership(ctx context.Context, u *model.User, owner string)
|
||||||
return &model.OrgPerm{Member: member, Admin: perm.IsAdmin || perm.IsOwner}, nil
|
return &model.OrgPerm{Member: member, Admin: perm.IsAdmin || perm.IsOwner}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Gitea) Org(ctx context.Context, u *model.User, owner string) (*model.Org, error) {
|
||||||
|
client, err := c.newClientToken(ctx, u.Token)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
user, _, err := client.GetUserInfo(owner)
|
||||||
|
if user != nil && err == nil {
|
||||||
|
return &model.Org{
|
||||||
|
Name: user.UserName,
|
||||||
|
IsUser: true,
|
||||||
|
Private: user.Visibility != gitea.VisibleTypePublic,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
org, _, err := client.GetOrg(owner)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return &model.Org{
|
||||||
|
Name: org.UserName,
|
||||||
|
Private: gitea.VisibleType(org.Visibility) != gitea.VisibleTypePublic,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
// helper function to return the Gitea client with Token
|
// helper function to return the Gitea client with Token
|
||||||
func (c *Gitea) newClientToken(ctx context.Context, token string) (*gitea.Client, error) {
|
func (c *Gitea) newClientToken(ctx context.Context, token string) (*gitea.Client, error) {
|
||||||
httpClient := &http.Client{}
|
httpClient := &http.Client{}
|
||||||
|
|
|
@ -350,6 +350,27 @@ func (c *client) OrgMembership(ctx context.Context, u *model.User, owner string)
|
||||||
return &model.OrgPerm{Member: org.GetState() == "active", Admin: org.GetRole() == "admin"}, nil
|
return &model.OrgPerm{Member: org.GetState() == "active", Admin: org.GetRole() == "admin"}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *client) Org(ctx context.Context, u *model.User, owner string) (*model.Org, error) {
|
||||||
|
client := c.newClientToken(ctx, u.Token)
|
||||||
|
|
||||||
|
user, _, err := client.Users.Get(ctx, owner)
|
||||||
|
if user != nil && err == nil {
|
||||||
|
return &model.Org{
|
||||||
|
Name: user.GetName(),
|
||||||
|
IsUser: true,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
org, _, err := client.Organizations.Get(ctx, owner)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return &model.Org{
|
||||||
|
Name: org.GetName(),
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
// helper function to return the GitHub oauth2 context using an HTTPClient that
|
// helper function to return the GitHub oauth2 context using an HTTPClient that
|
||||||
// disables TLS verification if disabled in the forge settings.
|
// disables TLS verification if disabled in the forge settings.
|
||||||
func (c *client) newContext(ctx context.Context) context.Context {
|
func (c *client) newContext(ctx context.Context) context.Context {
|
||||||
|
|
|
@ -680,6 +680,48 @@ func (g *GitLab) OrgMembership(ctx context.Context, u *model.User, owner string)
|
||||||
return &model.OrgPerm{}, nil
|
return &model.OrgPerm{}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (g *GitLab) Org(ctx context.Context, u *model.User, owner string) (*model.Org, error) {
|
||||||
|
client, err := newClient(g.url, u.Token, g.SkipVerify)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
users, _, err := client.Users.ListUsers(&gitlab.ListUsersOptions{
|
||||||
|
ListOptions: gitlab.ListOptions{
|
||||||
|
Page: 1,
|
||||||
|
PerPage: 1,
|
||||||
|
},
|
||||||
|
Username: gitlab.String(owner),
|
||||||
|
})
|
||||||
|
if len(users) == 1 && err == nil {
|
||||||
|
return &model.Org{
|
||||||
|
Name: users[0].Username,
|
||||||
|
IsUser: true,
|
||||||
|
Private: users[0].PrivateProfile,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
groups, _, err := client.Groups.ListGroups(&gitlab.ListGroupsOptions{
|
||||||
|
ListOptions: gitlab.ListOptions{
|
||||||
|
Page: 1,
|
||||||
|
PerPage: 1,
|
||||||
|
},
|
||||||
|
Search: gitlab.String(owner),
|
||||||
|
}, gitlab.WithContext(ctx))
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(groups) != 1 {
|
||||||
|
return nil, fmt.Errorf("could not find org %s", owner)
|
||||||
|
}
|
||||||
|
|
||||||
|
return &model.Org{
|
||||||
|
Name: groups[0].Name,
|
||||||
|
Private: groups[0].Visibility != gitlab.PublicVisibility,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
func (g *GitLab) loadChangedFilesFromMergeRequest(ctx context.Context, tmpRepo *model.Repo, pipeline *model.Pipeline, mergeIID int) (*model.Pipeline, error) {
|
func (g *GitLab) loadChangedFilesFromMergeRequest(ctx context.Context, tmpRepo *model.Repo, pipeline *model.Pipeline, mergeIID int) (*model.Pipeline, error) {
|
||||||
_store, ok := store.TryFromContext(ctx)
|
_store, ok := store.TryFromContext(ctx)
|
||||||
if !ok {
|
if !ok {
|
||||||
|
|
|
@ -274,17 +274,43 @@ func (_m *Forge) Netrc(u *model.User, r *model.Repo) (*model.Netrc, error) {
|
||||||
return r0, r1
|
return r0, r1
|
||||||
}
|
}
|
||||||
|
|
||||||
// OrgMembership provides a mock function with given fields: ctx, u, owner
|
// Org provides a mock function with given fields: ctx, u, org
|
||||||
func (_m *Forge) OrgMembership(ctx context.Context, u *model.User, owner string) (*model.OrgPerm, error) {
|
func (_m *Forge) Org(ctx context.Context, u *model.User, org string) (*model.Org, error) {
|
||||||
ret := _m.Called(ctx, u, owner)
|
ret := _m.Called(ctx, u, org)
|
||||||
|
|
||||||
|
var r0 *model.Org
|
||||||
|
var r1 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, *model.User, string) (*model.Org, error)); ok {
|
||||||
|
return rf(ctx, u, org)
|
||||||
|
}
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, *model.User, string) *model.Org); ok {
|
||||||
|
r0 = rf(ctx, u, org)
|
||||||
|
} else {
|
||||||
|
if ret.Get(0) != nil {
|
||||||
|
r0 = ret.Get(0).(*model.Org)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if rf, ok := ret.Get(1).(func(context.Context, *model.User, string) error); ok {
|
||||||
|
r1 = rf(ctx, u, org)
|
||||||
|
} else {
|
||||||
|
r1 = ret.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0, r1
|
||||||
|
}
|
||||||
|
|
||||||
|
// OrgMembership provides a mock function with given fields: ctx, u, org
|
||||||
|
func (_m *Forge) OrgMembership(ctx context.Context, u *model.User, org string) (*model.OrgPerm, error) {
|
||||||
|
ret := _m.Called(ctx, u, org)
|
||||||
|
|
||||||
var r0 *model.OrgPerm
|
var r0 *model.OrgPerm
|
||||||
var r1 error
|
var r1 error
|
||||||
if rf, ok := ret.Get(0).(func(context.Context, *model.User, string) (*model.OrgPerm, error)); ok {
|
if rf, ok := ret.Get(0).(func(context.Context, *model.User, string) (*model.OrgPerm, error)); ok {
|
||||||
return rf(ctx, u, owner)
|
return rf(ctx, u, org)
|
||||||
}
|
}
|
||||||
if rf, ok := ret.Get(0).(func(context.Context, *model.User, string) *model.OrgPerm); ok {
|
if rf, ok := ret.Get(0).(func(context.Context, *model.User, string) *model.OrgPerm); ok {
|
||||||
r0 = rf(ctx, u, owner)
|
r0 = rf(ctx, u, org)
|
||||||
} else {
|
} else {
|
||||||
if ret.Get(0) != nil {
|
if ret.Get(0) != nil {
|
||||||
r0 = ret.Get(0).(*model.OrgPerm)
|
r0 = ret.Get(0).(*model.OrgPerm)
|
||||||
|
@ -292,7 +318,7 @@ func (_m *Forge) OrgMembership(ctx context.Context, u *model.User, owner string)
|
||||||
}
|
}
|
||||||
|
|
||||||
if rf, ok := ret.Get(1).(func(context.Context, *model.User, string) error); ok {
|
if rf, ok := ret.Get(1).(func(context.Context, *model.User, string) error); ok {
|
||||||
r1 = rf(ctx, u, owner)
|
r1 = rf(ctx, u, org)
|
||||||
} else {
|
} else {
|
||||||
r1 = ret.Error(1)
|
r1 = ret.Error(1)
|
||||||
}
|
}
|
||||||
|
|
29
server/model/org.go
Normal file
29
server/model/org.go
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
// Copyright 2023 Woodpecker Authors
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package model
|
||||||
|
|
||||||
|
// Org represents an organization.
|
||||||
|
type Org struct {
|
||||||
|
ID int64 `json:"id,omitempty" xorm:"pk autoincr 'id'"`
|
||||||
|
Name string `json:"name" xorm:"UNIQUE 'name'"`
|
||||||
|
IsUser bool `json:"is_user" xorm:"is_user"`
|
||||||
|
// if name lookup has to check for membership or not
|
||||||
|
Private bool `json:"-" xorm:"private"`
|
||||||
|
} // @name Org
|
||||||
|
|
||||||
|
// TableName return database table name for xorm
|
||||||
|
func (Org) TableName() string {
|
||||||
|
return "orgs"
|
||||||
|
}
|
|
@ -26,6 +26,7 @@ type Repo struct {
|
||||||
UserID int64 `json:"-" xorm:"repo_user_id"`
|
UserID int64 `json:"-" xorm:"repo_user_id"`
|
||||||
// ForgeRemoteID is the unique identifier for the repository on the forge.
|
// ForgeRemoteID is the unique identifier for the repository on the forge.
|
||||||
ForgeRemoteID ForgeRemoteID `json:"forge_remote_id" xorm:"forge_remote_id"`
|
ForgeRemoteID ForgeRemoteID `json:"forge_remote_id" xorm:"forge_remote_id"`
|
||||||
|
OrgID int64 `json:"org_id" xorm:"repo_org_id"`
|
||||||
Owner string `json:"owner" xorm:"UNIQUE(name) 'repo_owner'"`
|
Owner string `json:"owner" xorm:"UNIQUE(name) 'repo_owner'"`
|
||||||
Name string `json:"name" xorm:"UNIQUE(name) 'repo_name'"`
|
Name string `json:"name" xorm:"UNIQUE(name) 'repo_name'"`
|
||||||
FullName string `json:"full_name" xorm:"UNIQUE 'repo_full_name'"`
|
FullName string `json:"full_name" xorm:"UNIQUE 'repo_full_name'"`
|
||||||
|
|
|
@ -40,11 +40,11 @@ type SecretService interface {
|
||||||
SecretUpdate(*Repo, *Secret) error
|
SecretUpdate(*Repo, *Secret) error
|
||||||
SecretDelete(*Repo, string) error
|
SecretDelete(*Repo, string) error
|
||||||
// Organization secrets
|
// Organization secrets
|
||||||
OrgSecretFind(string, string) (*Secret, error)
|
OrgSecretFind(int64, string) (*Secret, error)
|
||||||
OrgSecretList(string, *ListOptions) ([]*Secret, error)
|
OrgSecretList(int64, *ListOptions) ([]*Secret, error)
|
||||||
OrgSecretCreate(string, *Secret) error
|
OrgSecretCreate(int64, *Secret) error
|
||||||
OrgSecretUpdate(string, *Secret) error
|
OrgSecretUpdate(int64, *Secret) error
|
||||||
OrgSecretDelete(string, string) error
|
OrgSecretDelete(int64, string) error
|
||||||
// Global secrets
|
// Global secrets
|
||||||
GlobalSecretFind(string) (*Secret, error)
|
GlobalSecretFind(string) (*Secret, error)
|
||||||
GlobalSecretList(*ListOptions) ([]*Secret, error)
|
GlobalSecretList(*ListOptions) ([]*Secret, error)
|
||||||
|
@ -60,8 +60,8 @@ type SecretStore interface {
|
||||||
SecretCreate(*Secret) error
|
SecretCreate(*Secret) error
|
||||||
SecretUpdate(*Secret) error
|
SecretUpdate(*Secret) error
|
||||||
SecretDelete(*Secret) error
|
SecretDelete(*Secret) error
|
||||||
OrgSecretFind(string, string) (*Secret, error)
|
OrgSecretFind(int64, string) (*Secret, error)
|
||||||
OrgSecretList(string, *ListOptions) ([]*Secret, error)
|
OrgSecretList(int64, *ListOptions) ([]*Secret, error)
|
||||||
GlobalSecretFind(string) (*Secret, error)
|
GlobalSecretFind(string) (*Secret, error)
|
||||||
GlobalSecretList(*ListOptions) ([]*Secret, error)
|
GlobalSecretList(*ListOptions) ([]*Secret, error)
|
||||||
SecretListAll() ([]*Secret, error)
|
SecretListAll() ([]*Secret, error)
|
||||||
|
@ -70,7 +70,7 @@ type SecretStore interface {
|
||||||
// Secret represents a secret variable, such as a password or token.
|
// Secret represents a secret variable, such as a password or token.
|
||||||
type Secret struct {
|
type Secret struct {
|
||||||
ID int64 `json:"id" xorm:"pk autoincr 'secret_id'"`
|
ID int64 `json:"id" xorm:"pk autoincr 'secret_id'"`
|
||||||
Owner string `json:"-" xorm:"NOT NULL DEFAULT '' UNIQUE(s) INDEX 'secret_owner'"`
|
OrgID int64 `json:"-" xorm:"NOT NULL DEFAULT 0 UNIQUE(s) INDEX 'secret_org_id'"`
|
||||||
RepoID int64 `json:"-" xorm:"NOT NULL DEFAULT 0 UNIQUE(s) INDEX 'secret_repo_id'"`
|
RepoID int64 `json:"-" xorm:"NOT NULL DEFAULT 0 UNIQUE(s) INDEX 'secret_repo_id'"`
|
||||||
Name string `json:"name" xorm:"NOT NULL UNIQUE(s) INDEX 'secret_name'"`
|
Name string `json:"name" xorm:"NOT NULL UNIQUE(s) INDEX 'secret_name'"`
|
||||||
Value string `json:"value,omitempty" xorm:"TEXT 'secret_value'"`
|
Value string `json:"value,omitempty" xorm:"TEXT 'secret_value'"`
|
||||||
|
@ -93,12 +93,12 @@ func (s *Secret) BeforeInsert() {
|
||||||
|
|
||||||
// Global secret.
|
// Global secret.
|
||||||
func (s Secret) Global() bool {
|
func (s Secret) Global() bool {
|
||||||
return s.RepoID == 0 && s.Owner == ""
|
return s.RepoID == 0 && s.OrgID == 0
|
||||||
}
|
}
|
||||||
|
|
||||||
// Organization secret.
|
// Organization secret.
|
||||||
func (s Secret) Organization() bool {
|
func (s Secret) Organization() bool {
|
||||||
return s.RepoID == 0 && s.Owner != ""
|
return s.RepoID == 0 && s.OrgID != 0
|
||||||
}
|
}
|
||||||
|
|
||||||
// Match returns true if an image and event match the restricted list.
|
// Match returns true if an image and event match the restricted list.
|
||||||
|
@ -155,7 +155,7 @@ func (s *Secret) Validate() error {
|
||||||
func (s *Secret) Copy() *Secret {
|
func (s *Secret) Copy() *Secret {
|
||||||
return &Secret{
|
return &Secret{
|
||||||
ID: s.ID,
|
ID: s.ID,
|
||||||
Owner: s.Owner,
|
OrgID: s.OrgID,
|
||||||
RepoID: s.RepoID,
|
RepoID: s.RepoID,
|
||||||
Name: s.Name,
|
Name: s.Name,
|
||||||
Images: s.Images,
|
Images: s.Images,
|
||||||
|
|
|
@ -99,7 +99,7 @@ func (wrapper *EncryptedSecretStore) SecretDelete(secret *model.Secret) error {
|
||||||
return wrapper.store.SecretDelete(secret)
|
return wrapper.store.SecretDelete(secret)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (wrapper *EncryptedSecretStore) OrgSecretFind(s, s2 string) (*model.Secret, error) {
|
func (wrapper *EncryptedSecretStore) OrgSecretFind(s int64, s2 string) (*model.Secret, error) {
|
||||||
result, err := wrapper.store.OrgSecretFind(s, s2)
|
result, err := wrapper.store.OrgSecretFind(s, s2)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -112,7 +112,7 @@ func (wrapper *EncryptedSecretStore) OrgSecretFind(s, s2 string) (*model.Secret,
|
||||||
return result, nil
|
return result, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (wrapper *EncryptedSecretStore) OrgSecretList(s string, p *model.ListOptions) ([]*model.Secret, error) {
|
func (wrapper *EncryptedSecretStore) OrgSecretList(s int64, p *model.ListOptions) ([]*model.Secret, error) {
|
||||||
results, err := wrapper.store.OrgSecretList(s, p)
|
results, err := wrapper.store.OrgSecretList(s, p)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
@ -86,23 +86,23 @@ func (b *builtin) SecretDelete(repo *model.Repo, name string) error {
|
||||||
return b.store.SecretDelete(secret)
|
return b.store.SecretDelete(secret)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *builtin) OrgSecretFind(owner, name string) (*model.Secret, error) {
|
func (b *builtin) OrgSecretFind(owner int64, name string) (*model.Secret, error) {
|
||||||
return b.store.OrgSecretFind(owner, name)
|
return b.store.OrgSecretFind(owner, name)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *builtin) OrgSecretList(owner string, p *model.ListOptions) ([]*model.Secret, error) {
|
func (b *builtin) OrgSecretList(owner int64, p *model.ListOptions) ([]*model.Secret, error) {
|
||||||
return b.store.OrgSecretList(owner, p)
|
return b.store.OrgSecretList(owner, p)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *builtin) OrgSecretCreate(_ string, in *model.Secret) error {
|
func (b *builtin) OrgSecretCreate(_ int64, in *model.Secret) error {
|
||||||
return b.store.SecretCreate(in)
|
return b.store.SecretCreate(in)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *builtin) OrgSecretUpdate(_ string, in *model.Secret) error {
|
func (b *builtin) OrgSecretUpdate(_ int64, in *model.Secret) error {
|
||||||
return b.store.SecretUpdate(in)
|
return b.store.SecretUpdate(in)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *builtin) OrgSecretDelete(owner, name string) error {
|
func (b *builtin) OrgSecretDelete(owner int64, name string) error {
|
||||||
secret, err := b.store.OrgSecretFind(owner, name)
|
secret, err := b.store.OrgSecretFind(owner, name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -46,13 +46,15 @@ func apiRoutes(e *gin.Engine) {
|
||||||
users.DELETE("/:login", api.DeleteUser)
|
users.DELETE("/:login", api.DeleteUser)
|
||||||
}
|
}
|
||||||
|
|
||||||
orgBase := apiBase.Group("/orgs/:owner")
|
apiBase.GET("/orgs/lookup/*org_full_name", api.LookupOrg)
|
||||||
|
orgBase := apiBase.Group("/orgs/:org_id")
|
||||||
{
|
{
|
||||||
orgBase.GET("/permissions", api.GetOrgPermissions)
|
orgBase.GET("/permissions", api.GetOrgPermissions)
|
||||||
|
|
||||||
org := orgBase.Group("")
|
org := orgBase.Group("")
|
||||||
{
|
{
|
||||||
org.Use(session.MustOrgMember(true))
|
org.Use(session.MustOrgMember(true))
|
||||||
|
org.GET("", api.GetOrg)
|
||||||
org.GET("/secrets", api.GetOrgSecretList)
|
org.GET("/secrets", api.GetOrgSecretList)
|
||||||
org.POST("/secrets", api.PostOrgSecret)
|
org.POST("/secrets", api.PostOrgSecret)
|
||||||
org.GET("/secrets/:secret", api.GetOrgSecret)
|
org.GET("/secrets/:secret", api.GetOrgSecret)
|
||||||
|
|
|
@ -16,6 +16,7 @@ package session
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
"github.com/woodpecker-ci/woodpecker/server"
|
"github.com/woodpecker-ci/woodpecker/server"
|
||||||
"github.com/woodpecker-ci/woodpecker/server/model"
|
"github.com/woodpecker-ci/woodpecker/server/model"
|
||||||
|
@ -117,36 +118,47 @@ func MustUser() gin.HandlerFunc {
|
||||||
|
|
||||||
func MustOrgMember(admin bool) gin.HandlerFunc {
|
func MustOrgMember(admin bool) gin.HandlerFunc {
|
||||||
return func(c *gin.Context) {
|
return func(c *gin.Context) {
|
||||||
|
_store := store.FromContext(c)
|
||||||
|
|
||||||
user := User(c)
|
user := User(c)
|
||||||
owner := c.Param("owner")
|
|
||||||
if user == nil {
|
if user == nil {
|
||||||
c.String(http.StatusUnauthorized, "User not authorized")
|
c.String(http.StatusUnauthorized, "User not authorized")
|
||||||
c.Abort()
|
c.Abort()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if owner == "" {
|
|
||||||
c.String(http.StatusForbidden, "User not authorized")
|
orgID, err := strconv.ParseInt(c.Param("org_id"), 10, 64)
|
||||||
c.Abort()
|
if err != nil {
|
||||||
|
c.String(http.StatusBadRequest, "Error parsing org id. %s", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
org, err := _store.OrgGet(orgID)
|
||||||
|
if err != nil {
|
||||||
|
c.String(http.StatusNotFound, "Organization not found")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// User can access his own, admin can access all
|
// User can access his own, admin can access all
|
||||||
if user.Login == owner || user.Admin {
|
if (org.Name == user.Login) || user.Admin {
|
||||||
c.Next()
|
c.Next()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
perm, err := server.Config.Services.Membership.Get(c, user, owner)
|
perm, err := server.Config.Services.Membership.Get(c, user, org.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error().Msgf("Failed to check membership: %v", err)
|
log.Error().Msgf("Failed to check membership: %v", err)
|
||||||
c.String(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
|
c.String(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
|
||||||
c.Abort()
|
c.Abort()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if perm == nil || (!admin && !perm.Member) || (admin && !perm.Admin) {
|
if perm == nil || (!admin && !perm.Member) || (admin && !perm.Admin) {
|
||||||
c.String(http.StatusForbidden, "User not authorized")
|
c.String(http.StatusForbidden, "User not authorized")
|
||||||
c.Abort()
|
c.Abort()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
c.Next()
|
c.Next()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
// Copyright 2018 Drone.IO Inc.
|
// Copyright 2023 Woodpecker Authors
|
||||||
//
|
//
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
// you may not use this file except in compliance with the License.
|
// you may not use this file except in compliance with the License.
|
||||||
|
|
112
server/store/datastore/migration/021_add_orgs.go
Normal file
112
server/store/datastore/migration/021_add_orgs.go
Normal file
|
@ -0,0 +1,112 @@
|
||||||
|
// Copyright 2022 Woodpecker Authors
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package migration
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"xorm.io/builder"
|
||||||
|
"xorm.io/xorm"
|
||||||
|
|
||||||
|
"github.com/woodpecker-ci/woodpecker/server/model"
|
||||||
|
)
|
||||||
|
|
||||||
|
type oldSecret021 struct {
|
||||||
|
ID int64 `json:"id" xorm:"pk autoincr 'secret_id'"`
|
||||||
|
Owner string `json:"-" xorm:"'secret_owner'"`
|
||||||
|
OrgID int64 `json:"-" xorm:"NOT NULL DEFAULT 0 UNIQUE(s) INDEX 'secret_org_id'"`
|
||||||
|
RepoID int64 `json:"-" xorm:"NOT NULL DEFAULT 0 UNIQUE(s) INDEX 'secret_repo_id'"`
|
||||||
|
Name string `json:"name" xorm:"NOT NULL UNIQUE(s) INDEX 'secret_name'"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (oldSecret021) TableName() string {
|
||||||
|
return "secrets"
|
||||||
|
}
|
||||||
|
|
||||||
|
var addOrgs = task{
|
||||||
|
name: "add-orgs",
|
||||||
|
required: true,
|
||||||
|
fn: func(sess *xorm.Session) error {
|
||||||
|
if exist, err := sess.IsTableExist("orgs"); exist && err == nil {
|
||||||
|
if err := sess.DropTable("orgs"); err != nil {
|
||||||
|
return fmt.Errorf("drop old orgs table failed: %w", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := sess.Sync(new(model.Org), new(model.Repo), new(model.User)); err != nil {
|
||||||
|
return fmt.Errorf("sync new models failed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// make sure the columns exist before removing them
|
||||||
|
if err := sess.Sync(new(oldSecret021)); err != nil {
|
||||||
|
return fmt.Errorf("sync old secrets models failed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// get all org names from repos
|
||||||
|
var repos []*model.Repo
|
||||||
|
if err := sess.Find(&repos); err != nil {
|
||||||
|
return fmt.Errorf("find all repos failed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
orgs := make(map[string]*model.Org)
|
||||||
|
users := make(map[string]bool)
|
||||||
|
for _, repo := range repos {
|
||||||
|
orgName := strings.ToLower(repo.Owner)
|
||||||
|
|
||||||
|
// check if it's a registered user
|
||||||
|
if _, ok := users[orgName]; !ok {
|
||||||
|
exist, err := sess.Where("user_login = ?", orgName).Exist(new(model.User))
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("check if user '%s' exist failed: %w", orgName, err)
|
||||||
|
}
|
||||||
|
users[orgName] = exist
|
||||||
|
}
|
||||||
|
|
||||||
|
// create org if not already created
|
||||||
|
if _, ok := orgs[orgName]; !ok {
|
||||||
|
org := &model.Org{
|
||||||
|
Name: orgName,
|
||||||
|
IsUser: users[orgName],
|
||||||
|
}
|
||||||
|
if _, err := sess.Insert(org); err != nil {
|
||||||
|
return fmt.Errorf("insert org %#v failed: %w", org, err)
|
||||||
|
}
|
||||||
|
orgs[orgName] = org
|
||||||
|
|
||||||
|
// update org secrets
|
||||||
|
var secrets []*oldSecret021
|
||||||
|
if err := sess.Where(builder.Eq{"secret_owner": orgName, "secret_repo_id": 0}).Find(&secrets); err != nil {
|
||||||
|
return fmt.Errorf("get org secrets failed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, secret := range secrets {
|
||||||
|
secret.OrgID = org.ID
|
||||||
|
if _, err := sess.ID(secret.ID).Cols("secret_org_id").Update(secret); err != nil {
|
||||||
|
return fmt.Errorf("update org secret %d failed: %w", secret.ID, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// update the repo
|
||||||
|
repo.OrgID = orgs[orgName].ID
|
||||||
|
if _, err := sess.ID(repo.ID).Cols("repo_org_id").Update(repo); err != nil {
|
||||||
|
return fmt.Errorf("update repos failed: %w", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return dropTableColumns(sess, "secrets", "secret_owner")
|
||||||
|
},
|
||||||
|
}
|
|
@ -53,6 +53,7 @@ var migrationTasks = []*task{
|
||||||
&initLogsEntriesTable,
|
&initLogsEntriesTable,
|
||||||
&migrateLogs2LogEntries,
|
&migrateLogs2LogEntries,
|
||||||
&parentStepsToWorkflows,
|
&parentStepsToWorkflows,
|
||||||
|
&addOrgs,
|
||||||
}
|
}
|
||||||
|
|
||||||
var allBeans = []interface{}{
|
var allBeans = []interface{}{
|
||||||
|
@ -72,6 +73,7 @@ var allBeans = []interface{}{
|
||||||
new(model.Cron),
|
new(model.Cron),
|
||||||
new(model.Redirection),
|
new(model.Redirection),
|
||||||
new(model.Workflow),
|
new(model.Workflow),
|
||||||
|
new(model.Org),
|
||||||
}
|
}
|
||||||
|
|
||||||
type migrations struct {
|
type migrations struct {
|
||||||
|
@ -106,39 +108,47 @@ func Migrate(e *xorm.Engine) error {
|
||||||
e.SetDisableGlobalCache(true)
|
e.SetDisableGlobalCache(true)
|
||||||
|
|
||||||
if err := e.Sync(new(migrations)); err != nil {
|
if err := e.Sync(new(migrations)); err != nil {
|
||||||
return err
|
return fmt.Errorf("error to create migrations table: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
sess := e.NewSession()
|
sess := e.NewSession()
|
||||||
defer sess.Close()
|
defer sess.Close()
|
||||||
if err := sess.Begin(); err != nil {
|
if err := sess.Begin(); err != nil {
|
||||||
return err
|
return fmt.Errorf("could not create initial migration session: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if we have a fresh installation or need to check for migrations
|
// check if we have a fresh installation or need to check for migrations
|
||||||
c, err := sess.Count(new(migrations))
|
c, err := sess.Count(new(migrations))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("could not count migrations: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if c == 0 {
|
if c == 0 {
|
||||||
if err := initNew(sess); err != nil {
|
if err := initNew(sess); err != nil {
|
||||||
return err
|
return fmt.Errorf("could not init a new database: %w", err)
|
||||||
}
|
}
|
||||||
return sess.Commit()
|
if err := sess.Commit(); err != nil {
|
||||||
|
return fmt.Errorf("could not commit initial migration session: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := sess.Commit(); err != nil {
|
if err := sess.Commit(); err != nil {
|
||||||
return err
|
return fmt.Errorf("could not commit initial migration session: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := runTasks(e, migrationTasks); err != nil {
|
if err := runTasks(e, migrationTasks); err != nil {
|
||||||
return err
|
return fmt.Errorf("run tasks failed: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
e.SetDisableGlobalCache(false)
|
e.SetDisableGlobalCache(false)
|
||||||
|
|
||||||
return syncAll(e)
|
if err := syncAll(e); err != nil {
|
||||||
|
return fmt.Errorf("msg: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func runTasks(e *xorm.Engine, tasks []*task) error {
|
func runTasks(e *xorm.Engine, tasks []*task) error {
|
||||||
|
@ -166,17 +176,16 @@ func runTasks(e *xorm.Engine, tasks []*task) error {
|
||||||
sess := e.NewSession().NoCache()
|
sess := e.NewSession().NoCache()
|
||||||
defer sess.Close()
|
defer sess.Close()
|
||||||
if err := sess.Begin(); err != nil {
|
if err := sess.Begin(); err != nil {
|
||||||
return err
|
return fmt.Errorf("could not begin session for '%s': %w", task.name, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if taskErr = task.fn(sess); taskErr != nil {
|
if taskErr = task.fn(sess); taskErr != nil {
|
||||||
aliveMsgCancel(nil)
|
aliveMsgCancel(nil)
|
||||||
if err2 := sess.Rollback(); err2 != nil {
|
if err := sess.Rollback(); err != nil {
|
||||||
taskErr = errors.Join(taskErr, err2)
|
taskErr = errors.Join(taskErr, err)
|
||||||
}
|
}
|
||||||
}
|
} else if err := sess.Commit(); err != nil {
|
||||||
if err := sess.Commit(); err != nil {
|
return fmt.Errorf("could not commit session for '%s': %w", task.name, err)
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
} else if task.engineFn != nil {
|
} else if task.engineFn != nil {
|
||||||
taskErr = task.engineFn(e)
|
taskErr = task.engineFn(e)
|
||||||
|
@ -189,7 +198,7 @@ func runTasks(e *xorm.Engine, tasks []*task) error {
|
||||||
aliveMsgCancel(nil)
|
aliveMsgCancel(nil)
|
||||||
if taskErr != nil {
|
if taskErr != nil {
|
||||||
if task.required {
|
if task.required {
|
||||||
return taskErr
|
return fmt.Errorf("migration task '%s' failed: %w", task.name, taskErr)
|
||||||
}
|
}
|
||||||
log.Error().Err(taskErr).Msgf("migration task '%s' failed but is not required", task.name)
|
log.Error().Err(taskErr).Msgf("migration task '%s' failed but is not required", task.name)
|
||||||
continue
|
continue
|
||||||
|
@ -197,7 +206,7 @@ func runTasks(e *xorm.Engine, tasks []*task) error {
|
||||||
log.Debug().Msgf("migration task '%s' done", task.name)
|
log.Debug().Msgf("migration task '%s' done", task.name)
|
||||||
|
|
||||||
if _, err := e.Insert(&migrations{task.name}); err != nil {
|
if _, err := e.Insert(&migrations{task.name}); err != nil {
|
||||||
return err
|
return fmt.Errorf("migration task '%s' could not be marked as finished: %w", task.name, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
migCache[task.name] = true
|
migCache[task.name] = true
|
||||||
|
|
59
server/store/datastore/org.go
Normal file
59
server/store/datastore/org.go
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
// Copyright 2022 Woodpecker Authors
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package datastore
|
||||||
|
|
||||||
|
import (
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/woodpecker-ci/woodpecker/server/model"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (s storage) OrgCreate(org *model.Org) error {
|
||||||
|
// sanitize
|
||||||
|
org.Name = strings.ToLower(org.Name)
|
||||||
|
// insert
|
||||||
|
_, err := s.engine.Insert(org)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s storage) OrgGet(id int64) (*model.Org, error) {
|
||||||
|
org := new(model.Org)
|
||||||
|
return org, wrapGet(s.engine.ID(id).Get(org))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s storage) OrgUpdate(org *model.Org) error {
|
||||||
|
// sanitize
|
||||||
|
org.Name = strings.ToLower(org.Name)
|
||||||
|
// update
|
||||||
|
_, err := s.engine.ID(org.ID).AllCols().Update(org)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s storage) OrgDelete(id int64) error {
|
||||||
|
return wrapDelete(s.engine.ID(id).Delete(new(model.Org)))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s storage) OrgFindByName(name string) (*model.Org, error) {
|
||||||
|
// sanitize
|
||||||
|
name = strings.ToLower(name)
|
||||||
|
// find
|
||||||
|
org := new(model.Org)
|
||||||
|
return org, wrapGet(s.engine.Where("name = ?", name).Get(org))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s storage) OrgRepoList(org *model.Org, p *model.ListOptions) ([]*model.Repo, error) {
|
||||||
|
var repos []*model.Repo
|
||||||
|
return repos, s.paginate(p).OrderBy("repo_id").Where("repo_org_id = ?", org.ID).Find(&repos)
|
||||||
|
}
|
75
server/store/datastore/org_test.go
Normal file
75
server/store/datastore/org_test.go
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
// Copyright 2023 Woodpecker Authors
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package datastore
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
|
||||||
|
"github.com/woodpecker-ci/woodpecker/server/model"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestOrgCRUD(t *testing.T) {
|
||||||
|
store, closer := newTestStore(t, new(model.Org), new(model.Repo))
|
||||||
|
defer closer()
|
||||||
|
|
||||||
|
org1 := &model.Org{
|
||||||
|
Name: "someAwesomeOrg",
|
||||||
|
IsUser: false,
|
||||||
|
Private: true,
|
||||||
|
}
|
||||||
|
|
||||||
|
// create first org to play with
|
||||||
|
assert.NoError(t, store.OrgCreate(org1))
|
||||||
|
assert.EqualValues(t, "someawesomeorg", org1.Name)
|
||||||
|
|
||||||
|
// retrieve it
|
||||||
|
orgOne, err := store.OrgGet(org1.ID)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.EqualValues(t, org1, orgOne)
|
||||||
|
|
||||||
|
// change name
|
||||||
|
assert.NoError(t, store.OrgUpdate(&model.Org{ID: org1.ID, Name: "RenamedOrg"}))
|
||||||
|
|
||||||
|
// force a name duplication and fail
|
||||||
|
assert.Error(t, store.OrgCreate(&model.Org{Name: "reNamedorg"}))
|
||||||
|
|
||||||
|
// find updated org by name
|
||||||
|
orgOne, err = store.OrgFindByName("renamedorG")
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.NotEqualValues(t, org1, orgOne)
|
||||||
|
assert.EqualValues(t, org1.ID, orgOne.ID)
|
||||||
|
assert.EqualValues(t, false, orgOne.IsUser)
|
||||||
|
assert.EqualValues(t, false, orgOne.Private)
|
||||||
|
assert.EqualValues(t, "renamedorg", orgOne.Name)
|
||||||
|
|
||||||
|
// create two more orgs and repos
|
||||||
|
someUser := &model.Org{Name: "some_other_u", IsUser: true}
|
||||||
|
assert.NoError(t, store.OrgCreate(someUser))
|
||||||
|
assert.NoError(t, store.OrgCreate(&model.Org{Name: "some_other_org"}))
|
||||||
|
assert.NoError(t, store.CreateRepo(&model.Repo{UserID: 1, Owner: "some_other_u", Name: "abc", FullName: "some_other_u/abc", OrgID: someUser.ID}))
|
||||||
|
assert.NoError(t, store.CreateRepo(&model.Repo{UserID: 1, Owner: "some_other_u", Name: "xyz", FullName: "some_other_u/xyz", OrgID: someUser.ID}))
|
||||||
|
assert.NoError(t, store.CreateRepo(&model.Repo{UserID: 1, Owner: "renamedorg", Name: "567", FullName: "renamedorg/567", OrgID: orgOne.ID}))
|
||||||
|
|
||||||
|
// get all repos for a specific org
|
||||||
|
repos, err := store.OrgRepoList(someUser, &model.ListOptions{All: true})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Len(t, repos, 2)
|
||||||
|
|
||||||
|
// delete an org and check if it's gone
|
||||||
|
assert.NoError(t, store.OrgDelete(org1.ID))
|
||||||
|
assert.Error(t, store.OrgDelete(org1.ID))
|
||||||
|
}
|
|
@ -33,8 +33,8 @@ func (s storage) SecretList(repo *model.Repo, includeGlobalAndOrgSecrets bool, p
|
||||||
var secrets []*model.Secret
|
var secrets []*model.Secret
|
||||||
var cond builder.Cond = builder.Eq{"secret_repo_id": repo.ID}
|
var cond builder.Cond = builder.Eq{"secret_repo_id": repo.ID}
|
||||||
if includeGlobalAndOrgSecrets {
|
if includeGlobalAndOrgSecrets {
|
||||||
cond = cond.Or(builder.Eq{"secret_owner": repo.Owner}).
|
cond = cond.Or(builder.Eq{"secret_org_id": repo.OrgID}).
|
||||||
Or(builder.And(builder.Eq{"secret_owner": ""}, builder.Eq{"secret_repo_id": 0}))
|
Or(builder.And(builder.Eq{"secret_org_id": 0}, builder.Eq{"secret_repo_id": 0}))
|
||||||
}
|
}
|
||||||
return secrets, s.paginate(p).Where(cond).OrderBy(orderSecretsBy).Find(&secrets)
|
return secrets, s.paginate(p).Where(cond).OrderBy(orderSecretsBy).Find(&secrets)
|
||||||
}
|
}
|
||||||
|
@ -59,28 +59,28 @@ func (s storage) SecretDelete(secret *model.Secret) error {
|
||||||
return wrapDelete(s.engine.ID(secret.ID).Delete(new(model.Secret)))
|
return wrapDelete(s.engine.ID(secret.ID).Delete(new(model.Secret)))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s storage) OrgSecretFind(owner, name string) (*model.Secret, error) {
|
func (s storage) OrgSecretFind(orgID int64, name string) (*model.Secret, error) {
|
||||||
secret := new(model.Secret)
|
secret := new(model.Secret)
|
||||||
return secret, wrapGet(s.engine.Where(
|
return secret, wrapGet(s.engine.Where(
|
||||||
builder.Eq{"secret_owner": owner, "secret_name": name},
|
builder.Eq{"secret_org_id": orgID, "secret_name": name},
|
||||||
).Get(secret))
|
).Get(secret))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s storage) OrgSecretList(owner string, p *model.ListOptions) ([]*model.Secret, error) {
|
func (s storage) OrgSecretList(orgID int64, p *model.ListOptions) ([]*model.Secret, error) {
|
||||||
secrets := make([]*model.Secret, 0)
|
secrets := make([]*model.Secret, 0)
|
||||||
return secrets, s.paginate(p).Where("secret_owner = ?", owner).OrderBy(orderSecretsBy).Find(&secrets)
|
return secrets, s.paginate(p).Where("secret_org_id = ?", orgID).OrderBy(orderSecretsBy).Find(&secrets)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s storage) GlobalSecretFind(name string) (*model.Secret, error) {
|
func (s storage) GlobalSecretFind(name string) (*model.Secret, error) {
|
||||||
secret := new(model.Secret)
|
secret := new(model.Secret)
|
||||||
return secret, wrapGet(s.engine.Where(
|
return secret, wrapGet(s.engine.Where(
|
||||||
builder.Eq{"secret_owner": "", "secret_repo_id": 0, "secret_name": name},
|
builder.Eq{"secret_org_id": 0, "secret_repo_id": 0, "secret_name": name},
|
||||||
).Get(secret))
|
).Get(secret))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s storage) GlobalSecretList(p *model.ListOptions) ([]*model.Secret, error) {
|
func (s storage) GlobalSecretList(p *model.ListOptions) ([]*model.Secret, error) {
|
||||||
secrets := make([]*model.Secret, 0)
|
secrets := make([]*model.Secret, 0)
|
||||||
return secrets, s.paginate(p).Where(
|
return secrets, s.paginate(p).Where(
|
||||||
builder.Eq{"secret_owner": "", "secret_repo_id": 0},
|
builder.Eq{"secret_org_id": 0, "secret_repo_id": 0},
|
||||||
).OrderBy(orderSecretsBy).Find(&secrets)
|
).OrderBy(orderSecretsBy).Find(&secrets)
|
||||||
}
|
}
|
||||||
|
|
|
@ -73,7 +73,7 @@ func TestSecretList(t *testing.T) {
|
||||||
|
|
||||||
createTestSecrets(t, store)
|
createTestSecrets(t, store)
|
||||||
|
|
||||||
list, err := store.SecretList(&model.Repo{ID: 1, Owner: "org"}, false, &model.ListOptions{Page: 1, PerPage: 50})
|
list, err := store.SecretList(&model.Repo{ID: 1, OrgID: 12}, false, &model.ListOptions{Page: 1, PerPage: 50})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Len(t, list, 2)
|
assert.Len(t, list, 2)
|
||||||
}
|
}
|
||||||
|
@ -95,7 +95,7 @@ func TestSecretPipelineList(t *testing.T) {
|
||||||
|
|
||||||
createTestSecrets(t, store)
|
createTestSecrets(t, store)
|
||||||
|
|
||||||
list, err := store.SecretList(&model.Repo{ID: 1, Owner: "org"}, true, &model.ListOptions{Page: 1, PerPage: 50})
|
list, err := store.SecretList(&model.Repo{ID: 1, OrgID: 12}, true, &model.ListOptions{Page: 1, PerPage: 50})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Len(t, list, 4)
|
assert.Len(t, list, 4)
|
||||||
}
|
}
|
||||||
|
@ -179,7 +179,7 @@ func TestSecretIndexes(t *testing.T) {
|
||||||
|
|
||||||
func createTestSecrets(t *testing.T, store *storage) {
|
func createTestSecrets(t *testing.T, store *storage) {
|
||||||
assert.NoError(t, store.SecretCreate(&model.Secret{
|
assert.NoError(t, store.SecretCreate(&model.Secret{
|
||||||
Owner: "org",
|
OrgID: 12,
|
||||||
Name: "usr",
|
Name: "usr",
|
||||||
Value: "sec",
|
Value: "sec",
|
||||||
}))
|
}))
|
||||||
|
@ -204,7 +204,7 @@ func TestOrgSecretFind(t *testing.T) {
|
||||||
defer closer()
|
defer closer()
|
||||||
|
|
||||||
err := store.SecretCreate(&model.Secret{
|
err := store.SecretCreate(&model.Secret{
|
||||||
Owner: "org",
|
OrgID: 12,
|
||||||
Name: "password",
|
Name: "password",
|
||||||
Value: "correct-horse-battery-staple",
|
Value: "correct-horse-battery-staple",
|
||||||
Images: []string{"golang", "node"},
|
Images: []string{"golang", "node"},
|
||||||
|
@ -215,13 +215,13 @@ func TestOrgSecretFind(t *testing.T) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
secret, err := store.OrgSecretFind("org", "password")
|
secret, err := store.OrgSecretFind(12, "password")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Error(err)
|
t.Error(err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if got, want := secret.Owner, "org"; got != want {
|
if got, want := secret.OrgID, int64(12); got != want {
|
||||||
t.Errorf("Want owner %s, got %s", want, got)
|
t.Errorf("Want org_id %d, got %d", want, got)
|
||||||
}
|
}
|
||||||
if got, want := secret.Name, "password"; got != want {
|
if got, want := secret.Name, "password"; got != want {
|
||||||
t.Errorf("Want secret name %s, got %s", want, got)
|
t.Errorf("Want secret name %s, got %s", want, got)
|
||||||
|
@ -249,7 +249,7 @@ func TestOrgSecretList(t *testing.T) {
|
||||||
|
|
||||||
createTestSecrets(t, store)
|
createTestSecrets(t, store)
|
||||||
|
|
||||||
list, err := store.OrgSecretList("org", &model.ListOptions{All: true})
|
list, err := store.OrgSecretList(12, &model.ListOptions{All: true})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Len(t, list, 1)
|
assert.Len(t, list, 1)
|
||||||
|
|
||||||
|
|
|
@ -1169,16 +1169,122 @@ func (_m *Store) Migrate() error {
|
||||||
return r0
|
return r0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// OrgCreate provides a mock function with given fields: _a0
|
||||||
|
func (_m *Store) OrgCreate(_a0 *model.Org) error {
|
||||||
|
ret := _m.Called(_a0)
|
||||||
|
|
||||||
|
var r0 error
|
||||||
|
if rf, ok := ret.Get(0).(func(*model.Org) error); ok {
|
||||||
|
r0 = rf(_a0)
|
||||||
|
} else {
|
||||||
|
r0 = ret.Error(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0
|
||||||
|
}
|
||||||
|
|
||||||
|
// OrgDelete provides a mock function with given fields: _a0
|
||||||
|
func (_m *Store) OrgDelete(_a0 int64) error {
|
||||||
|
ret := _m.Called(_a0)
|
||||||
|
|
||||||
|
var r0 error
|
||||||
|
if rf, ok := ret.Get(0).(func(int64) error); ok {
|
||||||
|
r0 = rf(_a0)
|
||||||
|
} else {
|
||||||
|
r0 = ret.Error(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0
|
||||||
|
}
|
||||||
|
|
||||||
|
// OrgFindByName provides a mock function with given fields: _a0
|
||||||
|
func (_m *Store) OrgFindByName(_a0 string) (*model.Org, error) {
|
||||||
|
ret := _m.Called(_a0)
|
||||||
|
|
||||||
|
var r0 *model.Org
|
||||||
|
var r1 error
|
||||||
|
if rf, ok := ret.Get(0).(func(string) (*model.Org, error)); ok {
|
||||||
|
return rf(_a0)
|
||||||
|
}
|
||||||
|
if rf, ok := ret.Get(0).(func(string) *model.Org); ok {
|
||||||
|
r0 = rf(_a0)
|
||||||
|
} else {
|
||||||
|
if ret.Get(0) != nil {
|
||||||
|
r0 = ret.Get(0).(*model.Org)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if rf, ok := ret.Get(1).(func(string) error); ok {
|
||||||
|
r1 = rf(_a0)
|
||||||
|
} else {
|
||||||
|
r1 = ret.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0, r1
|
||||||
|
}
|
||||||
|
|
||||||
|
// OrgGet provides a mock function with given fields: _a0
|
||||||
|
func (_m *Store) OrgGet(_a0 int64) (*model.Org, error) {
|
||||||
|
ret := _m.Called(_a0)
|
||||||
|
|
||||||
|
var r0 *model.Org
|
||||||
|
var r1 error
|
||||||
|
if rf, ok := ret.Get(0).(func(int64) (*model.Org, error)); ok {
|
||||||
|
return rf(_a0)
|
||||||
|
}
|
||||||
|
if rf, ok := ret.Get(0).(func(int64) *model.Org); ok {
|
||||||
|
r0 = rf(_a0)
|
||||||
|
} else {
|
||||||
|
if ret.Get(0) != nil {
|
||||||
|
r0 = ret.Get(0).(*model.Org)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if rf, ok := ret.Get(1).(func(int64) error); ok {
|
||||||
|
r1 = rf(_a0)
|
||||||
|
} else {
|
||||||
|
r1 = ret.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0, r1
|
||||||
|
}
|
||||||
|
|
||||||
|
// OrgRepoList provides a mock function with given fields: _a0, _a1
|
||||||
|
func (_m *Store) OrgRepoList(_a0 *model.Org, _a1 *model.ListOptions) ([]*model.Repo, error) {
|
||||||
|
ret := _m.Called(_a0, _a1)
|
||||||
|
|
||||||
|
var r0 []*model.Repo
|
||||||
|
var r1 error
|
||||||
|
if rf, ok := ret.Get(0).(func(*model.Org, *model.ListOptions) ([]*model.Repo, error)); ok {
|
||||||
|
return rf(_a0, _a1)
|
||||||
|
}
|
||||||
|
if rf, ok := ret.Get(0).(func(*model.Org, *model.ListOptions) []*model.Repo); ok {
|
||||||
|
r0 = rf(_a0, _a1)
|
||||||
|
} else {
|
||||||
|
if ret.Get(0) != nil {
|
||||||
|
r0 = ret.Get(0).([]*model.Repo)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if rf, ok := ret.Get(1).(func(*model.Org, *model.ListOptions) error); ok {
|
||||||
|
r1 = rf(_a0, _a1)
|
||||||
|
} else {
|
||||||
|
r1 = ret.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0, r1
|
||||||
|
}
|
||||||
|
|
||||||
// OrgSecretFind provides a mock function with given fields: _a0, _a1
|
// OrgSecretFind provides a mock function with given fields: _a0, _a1
|
||||||
func (_m *Store) OrgSecretFind(_a0 string, _a1 string) (*model.Secret, error) {
|
func (_m *Store) OrgSecretFind(_a0 int64, _a1 string) (*model.Secret, error) {
|
||||||
ret := _m.Called(_a0, _a1)
|
ret := _m.Called(_a0, _a1)
|
||||||
|
|
||||||
var r0 *model.Secret
|
var r0 *model.Secret
|
||||||
var r1 error
|
var r1 error
|
||||||
if rf, ok := ret.Get(0).(func(string, string) (*model.Secret, error)); ok {
|
if rf, ok := ret.Get(0).(func(int64, string) (*model.Secret, error)); ok {
|
||||||
return rf(_a0, _a1)
|
return rf(_a0, _a1)
|
||||||
}
|
}
|
||||||
if rf, ok := ret.Get(0).(func(string, string) *model.Secret); ok {
|
if rf, ok := ret.Get(0).(func(int64, string) *model.Secret); ok {
|
||||||
r0 = rf(_a0, _a1)
|
r0 = rf(_a0, _a1)
|
||||||
} else {
|
} else {
|
||||||
if ret.Get(0) != nil {
|
if ret.Get(0) != nil {
|
||||||
|
@ -1186,7 +1292,7 @@ func (_m *Store) OrgSecretFind(_a0 string, _a1 string) (*model.Secret, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if rf, ok := ret.Get(1).(func(string, string) error); ok {
|
if rf, ok := ret.Get(1).(func(int64, string) error); ok {
|
||||||
r1 = rf(_a0, _a1)
|
r1 = rf(_a0, _a1)
|
||||||
} else {
|
} else {
|
||||||
r1 = ret.Error(1)
|
r1 = ret.Error(1)
|
||||||
|
@ -1196,15 +1302,15 @@ func (_m *Store) OrgSecretFind(_a0 string, _a1 string) (*model.Secret, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// OrgSecretList provides a mock function with given fields: _a0, _a1
|
// OrgSecretList provides a mock function with given fields: _a0, _a1
|
||||||
func (_m *Store) OrgSecretList(_a0 string, _a1 *model.ListOptions) ([]*model.Secret, error) {
|
func (_m *Store) OrgSecretList(_a0 int64, _a1 *model.ListOptions) ([]*model.Secret, error) {
|
||||||
ret := _m.Called(_a0, _a1)
|
ret := _m.Called(_a0, _a1)
|
||||||
|
|
||||||
var r0 []*model.Secret
|
var r0 []*model.Secret
|
||||||
var r1 error
|
var r1 error
|
||||||
if rf, ok := ret.Get(0).(func(string, *model.ListOptions) ([]*model.Secret, error)); ok {
|
if rf, ok := ret.Get(0).(func(int64, *model.ListOptions) ([]*model.Secret, error)); ok {
|
||||||
return rf(_a0, _a1)
|
return rf(_a0, _a1)
|
||||||
}
|
}
|
||||||
if rf, ok := ret.Get(0).(func(string, *model.ListOptions) []*model.Secret); ok {
|
if rf, ok := ret.Get(0).(func(int64, *model.ListOptions) []*model.Secret); ok {
|
||||||
r0 = rf(_a0, _a1)
|
r0 = rf(_a0, _a1)
|
||||||
} else {
|
} else {
|
||||||
if ret.Get(0) != nil {
|
if ret.Get(0) != nil {
|
||||||
|
@ -1212,7 +1318,7 @@ func (_m *Store) OrgSecretList(_a0 string, _a1 *model.ListOptions) ([]*model.Sec
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if rf, ok := ret.Get(1).(func(string, *model.ListOptions) error); ok {
|
if rf, ok := ret.Get(1).(func(int64, *model.ListOptions) error); ok {
|
||||||
r1 = rf(_a0, _a1)
|
r1 = rf(_a0, _a1)
|
||||||
} else {
|
} else {
|
||||||
r1 = ret.Error(1)
|
r1 = ret.Error(1)
|
||||||
|
@ -1221,6 +1327,20 @@ func (_m *Store) OrgSecretList(_a0 string, _a1 *model.ListOptions) ([]*model.Sec
|
||||||
return r0, r1
|
return r0, r1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// OrgUpdate provides a mock function with given fields: _a0
|
||||||
|
func (_m *Store) OrgUpdate(_a0 *model.Org) error {
|
||||||
|
ret := _m.Called(_a0)
|
||||||
|
|
||||||
|
var r0 error
|
||||||
|
if rf, ok := ret.Get(0).(func(*model.Org) error); ok {
|
||||||
|
r0 = rf(_a0)
|
||||||
|
} else {
|
||||||
|
r0 = ret.Error(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0
|
||||||
|
}
|
||||||
|
|
||||||
// PermDelete provides a mock function with given fields: perm
|
// PermDelete provides a mock function with given fields: perm
|
||||||
func (_m *Store) PermDelete(perm *model.Perm) error {
|
func (_m *Store) PermDelete(perm *model.Perm) error {
|
||||||
ret := _m.Called(perm)
|
ret := _m.Called(perm)
|
||||||
|
|
|
@ -121,8 +121,8 @@ type Store interface {
|
||||||
SecretCreate(*model.Secret) error
|
SecretCreate(*model.Secret) error
|
||||||
SecretUpdate(*model.Secret) error
|
SecretUpdate(*model.Secret) error
|
||||||
SecretDelete(*model.Secret) error
|
SecretDelete(*model.Secret) error
|
||||||
OrgSecretFind(string, string) (*model.Secret, error)
|
OrgSecretFind(int64, string) (*model.Secret, error)
|
||||||
OrgSecretList(string, *model.ListOptions) ([]*model.Secret, error)
|
OrgSecretList(int64, *model.ListOptions) ([]*model.Secret, error)
|
||||||
GlobalSecretFind(string) (*model.Secret, error)
|
GlobalSecretFind(string) (*model.Secret, error)
|
||||||
GlobalSecretList(*model.ListOptions) ([]*model.Secret, error)
|
GlobalSecretList(*model.ListOptions) ([]*model.Secret, error)
|
||||||
|
|
||||||
|
@ -183,6 +183,16 @@ type Store interface {
|
||||||
WorkflowLoad(int64) (*model.Workflow, error)
|
WorkflowLoad(int64) (*model.Workflow, error)
|
||||||
WorkflowUpdate(*model.Workflow) error
|
WorkflowUpdate(*model.Workflow) error
|
||||||
|
|
||||||
|
// Org
|
||||||
|
OrgCreate(*model.Org) error
|
||||||
|
OrgGet(int64) (*model.Org, error)
|
||||||
|
OrgFindByName(string) (*model.Org, error)
|
||||||
|
OrgUpdate(*model.Org) error
|
||||||
|
OrgDelete(int64) error
|
||||||
|
|
||||||
|
// Org repos
|
||||||
|
OrgRepoList(*model.Org, *model.ListOptions) ([]*model.Repo, error)
|
||||||
|
|
||||||
// Store operations
|
// Store operations
|
||||||
Ping() error
|
Ping() error
|
||||||
Close() error
|
Close() error
|
||||||
|
|
|
@ -38,9 +38,9 @@
|
||||||
</Panel>
|
</Panel>
|
||||||
</template>
|
</template>
|
||||||
|
|
||||||
<script lang="ts">
|
<script lang="ts" setup>
|
||||||
import { cloneDeep } from 'lodash';
|
import { cloneDeep } from 'lodash';
|
||||||
import { computed, defineComponent, inject, Ref, ref } from 'vue';
|
import { computed, inject, Ref, ref } from 'vue';
|
||||||
import { useI18n } from 'vue-i18n';
|
import { useI18n } from 'vue-i18n';
|
||||||
|
|
||||||
import Button from '~/components/atomic/Button.vue';
|
import Button from '~/components/atomic/Button.vue';
|
||||||
|
@ -61,37 +61,25 @@ const emptySecret = {
|
||||||
event: [WebhookEvents.Push],
|
event: [WebhookEvents.Push],
|
||||||
};
|
};
|
||||||
|
|
||||||
export default defineComponent({
|
const apiClient = useApiClient();
|
||||||
name: 'OrgSecretsTab',
|
const notifications = useNotifications();
|
||||||
|
const i18n = useI18n();
|
||||||
|
|
||||||
components: {
|
const org = inject<Ref<Org>>('org');
|
||||||
Button,
|
const selectedSecret = ref<Partial<Secret>>();
|
||||||
Panel,
|
const isEditingSecret = computed(() => !!selectedSecret.value?.id);
|
||||||
DocsLink,
|
|
||||||
SecretList,
|
|
||||||
SecretEdit,
|
|
||||||
},
|
|
||||||
|
|
||||||
setup() {
|
async function loadSecrets(page: number): Promise<Secret[] | null> {
|
||||||
const apiClient = useApiClient();
|
|
||||||
const notifications = useNotifications();
|
|
||||||
const i18n = useI18n();
|
|
||||||
|
|
||||||
const org = inject<Ref<Org>>('org');
|
|
||||||
const selectedSecret = ref<Partial<Secret>>();
|
|
||||||
const isEditingSecret = computed(() => !!selectedSecret.value?.id);
|
|
||||||
|
|
||||||
async function loadSecrets(page: number): Promise<Secret[] | null> {
|
|
||||||
if (!org?.value) {
|
if (!org?.value) {
|
||||||
throw new Error("Unexpected: Can't load org");
|
throw new Error("Unexpected: Can't load org");
|
||||||
}
|
}
|
||||||
|
|
||||||
return apiClient.getOrgSecretList(org.value.name, page);
|
return apiClient.getOrgSecretList(org.value.id, page);
|
||||||
}
|
}
|
||||||
|
|
||||||
const { resetPage, data: secrets } = usePagination(loadSecrets, () => !selectedSecret.value);
|
const { resetPage, data: secrets } = usePagination(loadSecrets, () => !selectedSecret.value);
|
||||||
|
|
||||||
const { doSubmit: createSecret, isLoading: isSaving } = useAsyncAction(async () => {
|
const { doSubmit: createSecret, isLoading: isSaving } = useAsyncAction(async () => {
|
||||||
if (!org?.value) {
|
if (!org?.value) {
|
||||||
throw new Error("Unexpected: Can't load org");
|
throw new Error("Unexpected: Can't load org");
|
||||||
}
|
}
|
||||||
|
@ -101,9 +89,9 @@ export default defineComponent({
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isEditingSecret.value) {
|
if (isEditingSecret.value) {
|
||||||
await apiClient.updateOrgSecret(org.value.name, selectedSecret.value);
|
await apiClient.updateOrgSecret(org.value.id, selectedSecret.value);
|
||||||
} else {
|
} else {
|
||||||
await apiClient.createOrgSecret(org.value.name, selectedSecret.value);
|
await apiClient.createOrgSecret(org.value.id, selectedSecret.value);
|
||||||
}
|
}
|
||||||
notifications.notify({
|
notifications.notify({
|
||||||
title: i18n.t(isEditingSecret.value ? 'org.settings.secrets.saved' : 'org.settings.secrets.created'),
|
title: i18n.t(isEditingSecret.value ? 'org.settings.secrets.saved' : 'org.settings.secrets.created'),
|
||||||
|
@ -111,36 +99,23 @@ export default defineComponent({
|
||||||
});
|
});
|
||||||
selectedSecret.value = undefined;
|
selectedSecret.value = undefined;
|
||||||
resetPage();
|
resetPage();
|
||||||
});
|
});
|
||||||
|
|
||||||
const { doSubmit: deleteSecret, isLoading: isDeleting } = useAsyncAction(async (_secret: Secret) => {
|
const { doSubmit: deleteSecret, isLoading: isDeleting } = useAsyncAction(async (_secret: Secret) => {
|
||||||
if (!org?.value) {
|
if (!org?.value) {
|
||||||
throw new Error("Unexpected: Can't load org");
|
throw new Error("Unexpected: Can't load org");
|
||||||
}
|
}
|
||||||
|
|
||||||
await apiClient.deleteOrgSecret(org.value.name, _secret.name);
|
await apiClient.deleteOrgSecret(org.value.id, _secret.name);
|
||||||
notifications.notify({ title: i18n.t('org.settings.secrets.deleted'), type: 'success' });
|
notifications.notify({ title: i18n.t('org.settings.secrets.deleted'), type: 'success' });
|
||||||
resetPage();
|
resetPage();
|
||||||
});
|
|
||||||
|
|
||||||
function editSecret(secret: Secret) {
|
|
||||||
selectedSecret.value = cloneDeep(secret);
|
|
||||||
}
|
|
||||||
|
|
||||||
function showAddSecret() {
|
|
||||||
selectedSecret.value = cloneDeep(emptySecret);
|
|
||||||
}
|
|
||||||
|
|
||||||
return {
|
|
||||||
selectedSecret,
|
|
||||||
secrets,
|
|
||||||
isDeleting,
|
|
||||||
isSaving,
|
|
||||||
showAddSecret,
|
|
||||||
createSecret,
|
|
||||||
editSecret,
|
|
||||||
deleteSecret,
|
|
||||||
};
|
|
||||||
},
|
|
||||||
});
|
});
|
||||||
|
|
||||||
|
function editSecret(secret: Secret) {
|
||||||
|
selectedSecret.value = cloneDeep(secret);
|
||||||
|
}
|
||||||
|
|
||||||
|
function showAddSecret() {
|
||||||
|
selectedSecret.value = cloneDeep(emptySecret);
|
||||||
|
}
|
||||||
</script>
|
</script>
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
import { inject as vueInject, InjectionKey, provide as vueProvide, Ref } from 'vue';
|
import { inject as vueInject, InjectionKey, provide as vueProvide, Ref } from 'vue';
|
||||||
|
|
||||||
import { Repo } from '~/lib/api/types';
|
import { Org, OrgPermissions, Repo } from '~/lib/api/types';
|
||||||
|
|
||||||
export type InjectKeys = {
|
export type InjectKeys = {
|
||||||
repo: Ref<Repo>;
|
repo: Ref<Repo>;
|
||||||
|
org: Ref<Org | undefined>;
|
||||||
|
'org-permissions': Ref<OrgPermissions | undefined>;
|
||||||
};
|
};
|
||||||
|
|
||||||
export function inject<T extends keyof InjectKeys>(key: T): InjectKeys[T] {
|
export function inject<T extends keyof InjectKeys>(key: T): InjectKeys[T] {
|
||||||
|
|
|
@ -2,6 +2,7 @@ import ApiClient, { encodeQueryString } from './client';
|
||||||
import {
|
import {
|
||||||
Agent,
|
Agent,
|
||||||
Cron,
|
Cron,
|
||||||
|
Org,
|
||||||
OrgPermissions,
|
OrgPermissions,
|
||||||
Pipeline,
|
Pipeline,
|
||||||
PipelineConfig,
|
PipelineConfig,
|
||||||
|
@ -190,26 +191,34 @@ export default class WoodpeckerClient extends ApiClient {
|
||||||
return this._post(`/api/repos/${repoId}/cron/${cronId}`) as Promise<Pipeline>;
|
return this._post(`/api/repos/${repoId}/cron/${cronId}`) as Promise<Pipeline>;
|
||||||
}
|
}
|
||||||
|
|
||||||
getOrgPermissions(owner: string): Promise<OrgPermissions> {
|
getOrg(orgId: number): Promise<Org> {
|
||||||
return this._get(`/api/orgs/${owner}/permissions`) as Promise<OrgPermissions>;
|
return this._get(`/api/orgs/${orgId}`) as Promise<Org>;
|
||||||
}
|
}
|
||||||
|
|
||||||
getOrgSecretList(owner: string, page: number): Promise<Secret[] | null> {
|
lookupOrg(name: string): Promise<Org> {
|
||||||
return this._get(`/api/orgs/${owner}/secrets?page=${page}`) as Promise<Secret[] | null>;
|
return this._get(`/api/orgs/lookup/${name}`) as Promise<Org>;
|
||||||
}
|
}
|
||||||
|
|
||||||
createOrgSecret(owner: string, secret: Partial<Secret>): Promise<unknown> {
|
getOrgPermissions(orgId: number): Promise<OrgPermissions> {
|
||||||
return this._post(`/api/orgs/${owner}/secrets`, secret);
|
return this._get(`/api/orgs/${orgId}/permissions`) as Promise<OrgPermissions>;
|
||||||
}
|
}
|
||||||
|
|
||||||
updateOrgSecret(owner: string, secret: Partial<Secret>): Promise<unknown> {
|
getOrgSecretList(orgId: number, page: number): Promise<Secret[] | null> {
|
||||||
|
return this._get(`/api/orgs/${orgId}/secrets?page=${page}`) as Promise<Secret[] | null>;
|
||||||
|
}
|
||||||
|
|
||||||
|
createOrgSecret(orgId: number, secret: Partial<Secret>): Promise<unknown> {
|
||||||
|
return this._post(`/api/orgs/${orgId}/secrets`, secret);
|
||||||
|
}
|
||||||
|
|
||||||
|
updateOrgSecret(orgId: number, secret: Partial<Secret>): Promise<unknown> {
|
||||||
const secretName = encodeURIComponent(secret.name ?? '');
|
const secretName = encodeURIComponent(secret.name ?? '');
|
||||||
return this._patch(`/api/orgs/${owner}/secrets/${secretName}`, secret);
|
return this._patch(`/api/orgs/${orgId}/secrets/${secretName}`, secret);
|
||||||
}
|
}
|
||||||
|
|
||||||
deleteOrgSecret(owner: string, secretName: string): Promise<unknown> {
|
deleteOrgSecret(orgId: number, secretName: string): Promise<unknown> {
|
||||||
const name = encodeURIComponent(secretName);
|
const name = encodeURIComponent(secretName);
|
||||||
return this._delete(`/api/orgs/${owner}/secrets/${name}`);
|
return this._delete(`/api/orgs/${orgId}/secrets/${name}`);
|
||||||
}
|
}
|
||||||
|
|
||||||
getGlobalSecretList(page: number): Promise<Secret[] | null> {
|
getGlobalSecretList(page: number): Promise<Secret[] | null> {
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
// A version control organization.
|
// A version control organization.
|
||||||
export type Org = {
|
export type Org = {
|
||||||
// The name of the organization.
|
// The name of the organization.
|
||||||
|
id: number;
|
||||||
name: string;
|
name: string;
|
||||||
|
is_user: boolean;
|
||||||
};
|
};
|
||||||
|
|
||||||
export type OrgPermissions = {
|
export type OrgPermissions = {
|
||||||
|
|
|
@ -13,6 +13,9 @@ export type Repo = {
|
||||||
// Currently this is either 'git' or 'hg' (Mercurial).
|
// Currently this is either 'git' or 'hg' (Mercurial).
|
||||||
scm: string;
|
scm: string;
|
||||||
|
|
||||||
|
// The id of the organization that owns the repository.
|
||||||
|
org_id: number;
|
||||||
|
|
||||||
// The owner of the repository.
|
// The owner of the repository.
|
||||||
owner: string;
|
owner: string;
|
||||||
|
|
||||||
|
|
|
@ -105,7 +105,7 @@ const routes: RouteRecordRaw[] = [
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
path: '/org/:orgName',
|
path: '/orgs/:orgId',
|
||||||
component: (): Component => import('~/views/org/OrgWrapper.vue'),
|
component: (): Component => import('~/views/org/OrgWrapper.vue'),
|
||||||
props: true,
|
props: true,
|
||||||
children: [
|
children: [
|
||||||
|
@ -124,6 +124,11 @@ const routes: RouteRecordRaw[] = [
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
path: '/org/:orgName/:pathMatch(.*)*',
|
||||||
|
component: (): Component => import('~/views/org/OrgDeprecatedRedirect.vue'),
|
||||||
|
props: true,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
path: '/admin',
|
path: '/admin',
|
||||||
component: (): Component => import('~/views/RouterView.vue'),
|
component: (): Component => import('~/views/RouterView.vue'),
|
||||||
|
|
26
web/src/views/org/OrgDeprecatedRedirect.vue
Normal file
26
web/src/views/org/OrgDeprecatedRedirect.vue
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
<template>
|
||||||
|
<div />
|
||||||
|
</template>
|
||||||
|
|
||||||
|
<script setup lang="ts">
|
||||||
|
import { onMounted } from 'vue';
|
||||||
|
import { useRoute, useRouter } from 'vue-router';
|
||||||
|
|
||||||
|
import useApiClient from '~/compositions/useApiClient';
|
||||||
|
|
||||||
|
const apiClient = useApiClient();
|
||||||
|
const route = useRoute();
|
||||||
|
const router = useRouter();
|
||||||
|
|
||||||
|
const props = defineProps<{
|
||||||
|
orgName: string;
|
||||||
|
}>();
|
||||||
|
|
||||||
|
onMounted(async () => {
|
||||||
|
const org = await apiClient.lookupOrg(props.orgName);
|
||||||
|
|
||||||
|
const path = route.path.replace(`/org/${props.orgName}`, `/orgs/${org?.id}`);
|
||||||
|
|
||||||
|
await router.replace({ path });
|
||||||
|
});
|
||||||
|
</script>
|
|
@ -1,7 +1,7 @@
|
||||||
<template>
|
<template>
|
||||||
<Scaffold v-model:search="search">
|
<Scaffold v-if="org && orgPermissions" v-model:search="search">
|
||||||
<template #title>
|
<template #title>
|
||||||
{{ orgName }}
|
{{ org.name }}
|
||||||
</template>
|
</template>
|
||||||
|
|
||||||
<template #titleActions>
|
<template #titleActions>
|
||||||
|
@ -25,33 +25,25 @@
|
||||||
</template>
|
</template>
|
||||||
|
|
||||||
<script lang="ts" setup>
|
<script lang="ts" setup>
|
||||||
import { computed, onMounted, ref, toRef } from 'vue';
|
import { computed, onMounted, ref } from 'vue';
|
||||||
|
|
||||||
import IconButton from '~/components/atomic/IconButton.vue';
|
import IconButton from '~/components/atomic/IconButton.vue';
|
||||||
import ListItem from '~/components/atomic/ListItem.vue';
|
import ListItem from '~/components/atomic/ListItem.vue';
|
||||||
import Scaffold from '~/components/layout/scaffold/Scaffold.vue';
|
import Scaffold from '~/components/layout/scaffold/Scaffold.vue';
|
||||||
import useApiClient from '~/compositions/useApiClient';
|
import { inject } from '~/compositions/useInjectProvide';
|
||||||
import { useRepoSearch } from '~/compositions/useRepoSearch';
|
import { useRepoSearch } from '~/compositions/useRepoSearch';
|
||||||
import { OrgPermissions } from '~/lib/api/types';
|
|
||||||
import { useRepoStore } from '~/store/repos';
|
import { useRepoStore } from '~/store/repos';
|
||||||
|
|
||||||
const props = defineProps<{
|
|
||||||
orgName: string;
|
|
||||||
}>();
|
|
||||||
|
|
||||||
const apiClient = useApiClient();
|
|
||||||
const repoStore = useRepoStore();
|
const repoStore = useRepoStore();
|
||||||
|
|
||||||
// TODO: filter server side
|
const org = inject('org');
|
||||||
const orgName = toRef(props, 'orgName');
|
const orgPermissions = inject('org-permissions');
|
||||||
const repos = computed(() => Array.from(repoStore.repos.values()).filter((repo) => repo.owner === orgName.value));
|
|
||||||
const search = ref('');
|
|
||||||
const orgPermissions = ref<OrgPermissions>({ member: false, admin: false });
|
|
||||||
|
|
||||||
|
const search = ref('');
|
||||||
|
const repos = computed(() => Array.from(repoStore.repos.values()).filter((repo) => repo.org_id === org.value?.id));
|
||||||
const { searchedRepos } = useRepoSearch(repos, search);
|
const { searchedRepos } = useRepoSearch(repos, search);
|
||||||
|
|
||||||
onMounted(async () => {
|
onMounted(async () => {
|
||||||
await repoStore.loadRepos();
|
await repoStore.loadRepos(); // TODO: load only org repos
|
||||||
orgPermissions.value = await apiClient.getOrgPermissions(orgName.value);
|
|
||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
<template>
|
<template>
|
||||||
<Scaffold enable-tabs :go-back="goBack">
|
<Scaffold v-if="org" enable-tabs :go-back="goBack">
|
||||||
<template #title>
|
<template #title>
|
||||||
<span>
|
<span>
|
||||||
<router-link :to="{ name: 'org', params: { orgName: org.name } }" class="hover:underline">
|
<router-link :to="{ name: 'org' }" class="hover:underline">
|
||||||
{{ org.name }}
|
{{ org.name }}
|
||||||
</router-link>
|
</router-link>
|
||||||
/
|
/
|
||||||
|
@ -17,32 +17,25 @@
|
||||||
</template>
|
</template>
|
||||||
|
|
||||||
<script lang="ts" setup>
|
<script lang="ts" setup>
|
||||||
import { inject, onMounted, Ref } from 'vue';
|
import { onMounted } from 'vue';
|
||||||
import { useI18n } from 'vue-i18n';
|
import { useI18n } from 'vue-i18n';
|
||||||
import { useRouter } from 'vue-router';
|
import { useRouter } from 'vue-router';
|
||||||
|
|
||||||
import Tab from '~/components/layout/scaffold/Tab.vue';
|
import Tab from '~/components/layout/scaffold/Tab.vue';
|
||||||
import OrgSecretsTab from '~/components/org/settings/OrgSecretsTab.vue';
|
import OrgSecretsTab from '~/components/org/settings/OrgSecretsTab.vue';
|
||||||
|
import { inject } from '~/compositions/useInjectProvide';
|
||||||
import useNotifications from '~/compositions/useNotifications';
|
import useNotifications from '~/compositions/useNotifications';
|
||||||
import { useRouteBackOrDefault } from '~/compositions/useRouteBackOrDefault';
|
import { useRouteBackOrDefault } from '~/compositions/useRouteBackOrDefault';
|
||||||
import { Org, OrgPermissions } from '~/lib/api/types';
|
|
||||||
|
|
||||||
const notifications = useNotifications();
|
const notifications = useNotifications();
|
||||||
const router = useRouter();
|
const router = useRouter();
|
||||||
const i18n = useI18n();
|
const i18n = useI18n();
|
||||||
|
|
||||||
const orgPermissions = inject<Ref<OrgPermissions>>('org-permissions');
|
const org = inject('org');
|
||||||
if (!orgPermissions) {
|
const orgPermissions = inject('org-permissions');
|
||||||
throw new Error('Unexpected: "orgPermissions" should be provided at this place');
|
|
||||||
}
|
|
||||||
|
|
||||||
const org = inject<Ref<Org>>('org');
|
|
||||||
if (!org) {
|
|
||||||
throw new Error('Unexpected: "org" should be provided at this place');
|
|
||||||
}
|
|
||||||
|
|
||||||
onMounted(async () => {
|
onMounted(async () => {
|
||||||
if (!orgPermissions.value.admin) {
|
if (!orgPermissions.value?.admin) {
|
||||||
notifications.notify({ type: 'error', title: i18n.t('org.settings.not_allowed') });
|
notifications.notify({ type: 'error', title: i18n.t('org.settings.not_allowed') });
|
||||||
await router.replace({ name: 'home' });
|
await router.replace({ name: 'home' });
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,34 +19,31 @@
|
||||||
</template>
|
</template>
|
||||||
|
|
||||||
<script lang="ts" setup>
|
<script lang="ts" setup>
|
||||||
import { computed, onMounted, provide, ref, toRef, watch } from 'vue';
|
import { computed, onMounted, ref, watch } from 'vue';
|
||||||
|
|
||||||
import IconButton from '~/components/atomic/IconButton.vue';
|
import IconButton from '~/components/atomic/IconButton.vue';
|
||||||
import Scaffold from '~/components/layout/scaffold/Scaffold.vue';
|
import Scaffold from '~/components/layout/scaffold/Scaffold.vue';
|
||||||
import useApiClient from '~/compositions/useApiClient';
|
import useApiClient from '~/compositions/useApiClient';
|
||||||
|
import { provide } from '~/compositions/useInjectProvide';
|
||||||
import { Org, OrgPermissions } from '~/lib/api/types';
|
import { Org, OrgPermissions } from '~/lib/api/types';
|
||||||
|
|
||||||
const props = defineProps<{
|
const props = defineProps<{
|
||||||
orgName: string;
|
orgId: string;
|
||||||
}>();
|
}>();
|
||||||
|
|
||||||
const orgName = toRef(props, 'orgName');
|
const orgId = computed(() => parseInt(props.orgId, 10));
|
||||||
const apiClient = useApiClient();
|
const apiClient = useApiClient();
|
||||||
|
|
||||||
const org = computed<Org>(() => ({ name: orgName.value }));
|
const org = ref<Org>();
|
||||||
const orgPermissions = ref<OrgPermissions>();
|
const orgPermissions = ref<OrgPermissions>();
|
||||||
provide('org', org);
|
provide('org', org);
|
||||||
provide('org-permissions', orgPermissions);
|
provide('org-permissions', orgPermissions);
|
||||||
|
|
||||||
async function load() {
|
async function load() {
|
||||||
orgPermissions.value = await apiClient.getOrgPermissions(orgName.value);
|
org.value = await apiClient.getOrg(orgId.value);
|
||||||
|
orgPermissions.value = await apiClient.getOrgPermissions(org.value.id);
|
||||||
}
|
}
|
||||||
|
|
||||||
onMounted(() => {
|
onMounted(load);
|
||||||
load();
|
watch(orgId, load);
|
||||||
});
|
|
||||||
|
|
||||||
watch([orgName], () => {
|
|
||||||
load();
|
|
||||||
});
|
|
||||||
</script>
|
</script>
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
<Scaffold enable-tabs :go-back="goBack">
|
<Scaffold enable-tabs :go-back="goBack">
|
||||||
<template #title>
|
<template #title>
|
||||||
<span>
|
<span>
|
||||||
<router-link :to="{ name: 'org', params: { orgName: repo.owner } }" class="hover:underline">
|
<router-link :to="{ name: 'org', params: { orgId: repo.org_id } }" class="hover:underline">
|
||||||
{{ repo.owner }}
|
{{ repo.owner }}
|
||||||
</router-link>
|
</router-link>
|
||||||
/
|
/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
>
|
>
|
||||||
<template #title>
|
<template #title>
|
||||||
<span class="flex">
|
<span class="flex">
|
||||||
<router-link :to="{ name: 'org', params: { orgName: repo?.owner } }" class="hover:underline">{{
|
<router-link :to="{ name: 'org', params: { orgId: repo.org_id } }" class="hover:underline">{{
|
||||||
repo.owner
|
repo.owner
|
||||||
}}</router-link>
|
}}</router-link>
|
||||||
{{ ` / ${repo.name}` }}
|
{{ ` / ${repo.name}` }}
|
||||||
|
|
|
@ -46,8 +46,10 @@ const (
|
||||||
pathRepoRegistry = "%s/api/repos/%d/registry/%s"
|
pathRepoRegistry = "%s/api/repos/%d/registry/%s"
|
||||||
pathRepoCrons = "%s/api/repos/%d/cron"
|
pathRepoCrons = "%s/api/repos/%d/cron"
|
||||||
pathRepoCron = "%s/api/repos/%d/cron/%d"
|
pathRepoCron = "%s/api/repos/%d/cron/%d"
|
||||||
pathOrgSecrets = "%s/api/orgs/%s/secrets"
|
pathOrg = "%s/api/orgs/%d"
|
||||||
pathOrgSecret = "%s/api/orgs/%s/secrets/%s"
|
pathOrgLookup = "%s/api/orgs/lookup/%s"
|
||||||
|
pathOrgSecrets = "%s/api/orgs/%d/secrets"
|
||||||
|
pathOrgSecret = "%s/api/orgs/%d/secrets/%s"
|
||||||
pathGlobalSecrets = "%s/api/secrets"
|
pathGlobalSecrets = "%s/api/secrets"
|
||||||
pathGlobalSecret = "%s/api/secrets/%s"
|
pathGlobalSecret = "%s/api/secrets/%s"
|
||||||
pathUsers = "%s/api/users"
|
pathUsers = "%s/api/users"
|
||||||
|
@ -397,41 +399,57 @@ func (c *client) SecretDelete(repoID int64, secret string) error {
|
||||||
return c.delete(uri)
|
return c.delete(uri)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Org returns an organization by id.
|
||||||
|
func (c *client) Org(orgID int64) (*Org, error) {
|
||||||
|
out := new(Org)
|
||||||
|
uri := fmt.Sprintf(pathOrg, c.addr, orgID)
|
||||||
|
err := c.get(uri, out)
|
||||||
|
return out, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// OrgLookup returns a organsization by its name.
|
||||||
|
func (c *client) OrgLookup(name string) (*Org, error) {
|
||||||
|
out := new(Org)
|
||||||
|
uri := fmt.Sprintf(pathOrgLookup, c.addr, name)
|
||||||
|
err := c.get(uri, out)
|
||||||
|
return out, err
|
||||||
|
}
|
||||||
|
|
||||||
// OrgSecret returns an organization secret by name.
|
// OrgSecret returns an organization secret by name.
|
||||||
func (c *client) OrgSecret(owner, secret string) (*Secret, error) {
|
func (c *client) OrgSecret(orgID int64, secret string) (*Secret, error) {
|
||||||
out := new(Secret)
|
out := new(Secret)
|
||||||
uri := fmt.Sprintf(pathOrgSecret, c.addr, owner, secret)
|
uri := fmt.Sprintf(pathOrgSecret, c.addr, orgID, secret)
|
||||||
err := c.get(uri, out)
|
err := c.get(uri, out)
|
||||||
return out, err
|
return out, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// OrgSecretList returns a list of all organization secrets.
|
// OrgSecretList returns a list of all organization secrets.
|
||||||
func (c *client) OrgSecretList(owner string) ([]*Secret, error) {
|
func (c *client) OrgSecretList(orgID int64) ([]*Secret, error) {
|
||||||
var out []*Secret
|
var out []*Secret
|
||||||
uri := fmt.Sprintf(pathOrgSecrets, c.addr, owner)
|
uri := fmt.Sprintf(pathOrgSecrets, c.addr, orgID)
|
||||||
err := c.get(uri, &out)
|
err := c.get(uri, &out)
|
||||||
return out, err
|
return out, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// OrgSecretCreate creates an organization secret.
|
// OrgSecretCreate creates an organization secret.
|
||||||
func (c *client) OrgSecretCreate(owner string, in *Secret) (*Secret, error) {
|
func (c *client) OrgSecretCreate(orgID int64, in *Secret) (*Secret, error) {
|
||||||
out := new(Secret)
|
out := new(Secret)
|
||||||
uri := fmt.Sprintf(pathOrgSecrets, c.addr, owner)
|
uri := fmt.Sprintf(pathOrgSecrets, c.addr, orgID)
|
||||||
err := c.post(uri, in, out)
|
err := c.post(uri, in, out)
|
||||||
return out, err
|
return out, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// OrgSecretUpdate updates an organization secret.
|
// OrgSecretUpdate updates an organization secret.
|
||||||
func (c *client) OrgSecretUpdate(owner string, in *Secret) (*Secret, error) {
|
func (c *client) OrgSecretUpdate(orgID int64, in *Secret) (*Secret, error) {
|
||||||
out := new(Secret)
|
out := new(Secret)
|
||||||
uri := fmt.Sprintf(pathOrgSecret, c.addr, owner, in.Name)
|
uri := fmt.Sprintf(pathOrgSecret, c.addr, orgID, in.Name)
|
||||||
err := c.patch(uri, in, out)
|
err := c.patch(uri, in, out)
|
||||||
return out, err
|
return out, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// OrgSecretDelete deletes an organization secret.
|
// OrgSecretDelete deletes an organization secret.
|
||||||
func (c *client) OrgSecretDelete(owner, secret string) error {
|
func (c *client) OrgSecretDelete(orgID int64, secret string) error {
|
||||||
uri := fmt.Sprintf(pathOrgSecret, c.addr, owner, secret)
|
uri := fmt.Sprintf(pathOrgSecret, c.addr, orgID, secret)
|
||||||
return c.delete(uri)
|
return c.delete(uri)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -148,20 +148,26 @@ type Client interface {
|
||||||
// SecretDelete deletes a secret.
|
// SecretDelete deletes a secret.
|
||||||
SecretDelete(repoID int64, secret string) error
|
SecretDelete(repoID int64, secret string) error
|
||||||
|
|
||||||
|
// Org returns an organization by name.
|
||||||
|
Org(orgID int64) (*Org, error)
|
||||||
|
|
||||||
|
// OrgLookup returns an organization id by name.
|
||||||
|
OrgLookup(orgName string) (*Org, error)
|
||||||
|
|
||||||
// OrgSecret returns an organization secret by name.
|
// OrgSecret returns an organization secret by name.
|
||||||
OrgSecret(owner, secret string) (*Secret, error)
|
OrgSecret(orgID int64, secret string) (*Secret, error)
|
||||||
|
|
||||||
// OrgSecretList returns a list of all organization secrets.
|
// OrgSecretList returns a list of all organization secrets.
|
||||||
OrgSecretList(owner string) ([]*Secret, error)
|
OrgSecretList(orgID int64) ([]*Secret, error)
|
||||||
|
|
||||||
// OrgSecretCreate creates an organization secret.
|
// OrgSecretCreate creates an organization secret.
|
||||||
OrgSecretCreate(owner string, secret *Secret) (*Secret, error)
|
OrgSecretCreate(orgID int64, secret *Secret) (*Secret, error)
|
||||||
|
|
||||||
// OrgSecretUpdate updates an organization secret.
|
// OrgSecretUpdate updates an organization secret.
|
||||||
OrgSecretUpdate(owner string, secret *Secret) (*Secret, error)
|
OrgSecretUpdate(orgID int64, secret *Secret) (*Secret, error)
|
||||||
|
|
||||||
// OrgSecretDelete deletes an organization secret.
|
// OrgSecretDelete deletes an organization secret.
|
||||||
OrgSecretDelete(owner, secret string) error
|
OrgSecretDelete(orgID int64, secret string) error
|
||||||
|
|
||||||
// GlobalSecret returns an global secret by name.
|
// GlobalSecret returns an global secret by name.
|
||||||
GlobalSecret(secret string) (*Secret, error)
|
GlobalSecret(secret string) (*Secret, error)
|
||||||
|
|
|
@ -241,4 +241,11 @@ type (
|
||||||
DepStatus map[string]string `json:"dep_status"`
|
DepStatus map[string]string `json:"dep_status"`
|
||||||
AgentID int64 `json:"agent_id"`
|
AgentID int64 `json:"agent_id"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Org is the JSON data for an organization
|
||||||
|
Org struct {
|
||||||
|
ID int64 `json:"id"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
IsUser bool `json:"is_user"`
|
||||||
|
}
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue