Only show teams the user has access to

10 years ago · 88ae14a8a6
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -350,11 +350,14 @@ func runWeb(ctx *cli.Context) {
 			m.Get("/members/action/:action", org.MembersAction)

 			m.Get("/teams", org.Teams)
 		}, middleware.OrgAssignment(true))

 		m.Group("/:org", func() {
 			m.Get("/teams/:team", org.TeamMembers)
 			m.Get("/teams/:team/repositories", org.TeamRepositories)
 			m.Route("/teams/:team/action/:action", "GET,POST", org.TeamsAction)
 			m.Route("/teams/:team/action/repo/:action", "GET,POST", org.TeamsRepoAction)
 		}, middleware.OrgAssignment(true))
 		}, middleware.OrgAssignment(true, false, true))

 		m.Group("/:org", func() {
 			m.Get("/teams/new", org.NewTeam)
--- a/models/org.go
+++ b/models/org.go
@@ -9,7 +9,6 @@ import (
 	"fmt"
 	"os"
 	"strings"
 	"strconv"

 	"github.com/go-xorm/xorm"
 )
@@ -1037,31 +1036,49 @@ func (org *User) getUserRepositories(userID int64) (err error) {
 				And("`team_user`.uid=?", userID).
 				Join("INNER", "`team_user`", "`team_user`.team_id=`team`.id").
 				Find(&teams); err != nil {
 		return fmt.Errorf("get team: %v", err)
 		return fmt.Errorf("getUserRepositories: get teams: %v", err)
 	}

 	var teamIDs []string
 	var teamIDs []int64
 	for _, team := range teams {
 		s := strconv.FormatInt(team.ID, 32)
 		teamIDs = append(teamIDs, s)
 		teamIDs = append(teamIDs, team.ID)
 	}

 	// The "in" clause it not vulnerable to SQL injection because we
 	// convert it from int64 a few lines above. Sadly, xorm does not support
 	// "in" clauses as a function, so we have to build our own (for now).
 	if err := x.Cols("`repository`.*").
 				Where("`team_repo`.team_id in (" + strings.Join(teamIDs, ",") + ")").
 				In("`team_repo`.team_id", teamIDs).
 				Join("INNER", "`team_repo`", "`team_repo`.repo_id=`repository`.id").
 				GroupBy("`repository`.id").
 				Find(&org.Repos); err != nil {
 		return fmt.Errorf("get repositories: %v", err)
 		return fmt.Errorf("getUserRepositories: get repositories: %v", err)
 	}

 	org.NumRepos = len(org.Repos)

 	return
 }

 // GetUserRepositories gets all repositories of an organization,
 // that the user with the given userID has access to.
 func (org *User) GetUserRepositories(userID int64) (err error) {
 func (org *User) GetUserRepositories(userID int64) error {
 	return org.getUserRepositories(userID)
 }

 func (org *User) getUserTeams(userID int64) (err error) {
 	if err := x.Cols("`team`.*").
 				Where("`team_user`.org_id=?", org.Id).
 				And("`team_user`.uid=?", userID).
 				Join("INNER", "`team_user`", "`team_user`.team_id=`team`.id").
 				Find(&org.Teams); err != nil {
 		return fmt.Errorf("getUserTeams: %v", err)
 	}

 	org.NumTeams = len(org.Teams)

 	return
 }

 // GetTeams returns all teams that belong to organization,
 // and that the user has joined.
 func (org *User) GetUserTeams(userID int64) error {
 	return org.getUserTeams(userID)
 }
--- a/modules/middleware/context.go
+++ b/modules/middleware/context.go
@@ -65,6 +65,7 @@ type Context struct {
 	Org struct {
 		IsOwner      bool
 		IsMember     bool
 		IsTeamMember bool // Is member of team.
 		IsAdminTeam  bool // In owner team or team that has admin permission level.
 		Organization *models.User
 		OrgLink      string
--- a/modules/middleware/org.go
+++ b/modules/middleware/org.go
@@ -5,6 +5,8 @@
 package middleware

 import (
 	"strings"

 	"gopkg.in/macaron.v1"

 	"github.com/gogits/gogs/models"
@@ -13,9 +15,10 @@ import (

 func HandleOrgAssignment(ctx *Context, args ...bool) {
 	var (
 		requireMember    bool
 		requireOwner     bool
 		requireAdminTeam bool
 		requireMember     bool
 		requireOwner      bool
 		requireTeamMember bool
 		requireAdminTeam  bool
 	)
 	if len(args) >= 1 {
 		requireMember = args[0]
@@ -24,7 +27,10 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 		requireOwner = args[1]
 	}
 	if len(args) >= 3 {
 		requireAdminTeam = args[2]
 		requireTeamMember = args[2]
 	}
 	if len(args) >= 4 {
 		requireAdminTeam = args[3]
 	}

 	orgName := ctx.Params(":org")
@@ -52,11 +58,13 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 	if ctx.IsSigned && ctx.User.IsAdmin {
 		ctx.Org.IsOwner = true
 		ctx.Org.IsMember = true
 		ctx.Org.IsTeamMember = true
 		ctx.Org.IsAdminTeam = true
 	} else if ctx.IsSigned {
 		ctx.Org.IsOwner = org.IsOwnedBy(ctx.User.Id)
 		if ctx.Org.IsOwner {
 			ctx.Org.IsMember = true
 			ctx.Org.IsTeamMember = true
 			ctx.Org.IsAdminTeam = true
 		} else {
 			if org.IsOrgMember(ctx.User.Id) {
@@ -79,25 +87,45 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 	ctx.Data["OrgLink"] = ctx.Org.OrgLink

 	// Team.
 	if ctx.Org.IsMember {
 		if err := org.GetUserTeams(ctx.User.Id); err != nil {
 			ctx.Handle(500, "GetUserTeams", err)
 			return
 		}
 	}

 	teamName := ctx.Params(":team")
 	if len(teamName) > 0 {
 		ctx.Org.Team, err = org.GetTeam(teamName)
 		if err != nil {
 			if err == models.ErrTeamNotExist {
 				ctx.Handle(404, "GetTeam", err)
 			} else {
 				ctx.Handle(500, "GetTeam", err)
 		teamExists := false
 		for _, team := range org.Teams {
 			if strings.ToLower(team.Name) == strings.ToLower(teamName) {
 				teamExists = true
 				ctx.Org.Team = team
 				ctx.Org.IsTeamMember = true
 				ctx.Data["Team"] = ctx.Org.Team
 				break
 			}
 		}

 		if !teamExists {
 			ctx.Handle(404, "OrgAssignment", err)
 			return
 		}

 		ctx.Data["IsTeamMember"] = ctx.Org.IsTeamMember
 		if requireTeamMember && !ctx.Org.IsTeamMember {
 			ctx.Handle(404, "OrgAssignment", err)
 			return
 		}
 		ctx.Data["Team"] = ctx.Org.Team

 		ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.ACCESS_MODE_ADMIN
 		ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
 		if requireAdminTeam && !ctx.Org.IsAdminTeam {
 			ctx.Handle(404, "OrgAssignment", err)
 			return
 		}
 	}
 	ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
 	if requireAdminTeam && !ctx.Org.IsAdminTeam {
 		ctx.Handle(404, "OrgAssignment", err)
 		return
 	}

 }

 func OrgAssignment(args ...bool) macaron.Handler {
--- a/routers/org/teams.go
+++ b/routers/org/teams.go
@@ -28,10 +28,7 @@ func Teams(ctx *middleware.Context) {
 	ctx.Data["Title"] = org.FullName
 	ctx.Data["PageIsOrgTeams"] = true

 	if err := org.GetTeams(); err != nil {
 		ctx.Handle(500, "GetTeams", err)
 		return
 	}
 	// org.Teams is already loaded by middleware
 	for _, t := range org.Teams {
 		if err := t.GetMembers(); err != nil {
 			ctx.Handle(500, "GetMembers", err)
--- a/routers/user/home.go
+++ b/routers/user/home.go
@@ -312,9 +312,10 @@ func showOrgProfile(ctx *middleware.Context) {
 	}

 	org := ctx.Org.Organization
 	userId := ctx.User.Id
 	ctx.Data["Title"] = org.FullName

 	if err := org.GetUserRepositories(ctx.User.Id); err != nil {
 	if err := org.GetUserRepositories(userId); err != nil {
 		ctx.Handle(500, "GetUserRepositories", err)
 		return
 	}
@@ -326,11 +327,7 @@ func showOrgProfile(ctx *middleware.Context) {
 	}
 	ctx.Data["Members"] = org.Members

 	if err := org.GetTeams(); err != nil {
 		ctx.Handle(500, "GetTeams", err)
 		return
 	}
 	ctx.Data["Teams"] = org.Teams
 	ctx.Data["Teams"] = org.Teams // already loaded by middleware

 	ctx.HTML(200, ORG_HOME)
 }