diff --git a/internal/services/gateway/action/user.go b/internal/services/gateway/action/user.go index 3c7695af1..768ef7da4 100644 --- a/internal/services/gateway/action/user.go +++ b/internal/services/gateway/action/user.go @@ -57,6 +57,36 @@ func (h *ActionHandler) GetUser(ctx context.Context, userRef string) (*cstypes.U return user, nil } +func (h *ActionHandler) GetUserOrgs(ctx context.Context, userRef string) ([]*csapitypes.UserOrgsResponse, error) { + if !h.IsUserAdmin(ctx) { + userIDVal := ctx.Value("userid") + if userIDVal == nil { + return nil, util.NewErrUnauthorized(errors.Errorf("user not authenticated")) + } + userID := userIDVal.(string) + + userLogged, err := h.GetUser(ctx, userID) + if err != nil { + return nil, err + } + + user, err := h.GetUser(ctx, userRef) + if err != nil { + return nil, err + } + + if userLogged.ID != user.ID { + return nil, util.NewErrUnauthorized(errors.Errorf("user not authorized")) + } + } + + orgs, resp, err := h.configstoreClient.GetUserOrgs(ctx, userRef) + if err != nil { + return nil, ErrFromRemote(resp, err) + } + return orgs, nil +} + type GetUsersRequest struct { Start string Limit int diff --git a/internal/services/gateway/api/user.go b/internal/services/gateway/api/user.go index db2a18853..2472167bb 100644 --- a/internal/services/gateway/api/user.go +++ b/internal/services/gateway/api/user.go @@ -23,6 +23,7 @@ import ( "agola.io/agola/internal/services/gateway/action" "agola.io/agola/internal/util" + csapitypes "agola.io/agola/services/configstore/api/types" cstypes "agola.io/agola/services/configstore/types" gwapitypes "agola.io/agola/services/gateway/api/types" @@ -590,3 +591,42 @@ func (h *UserCreateRunHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) h.log.Errorf("err: %+v", err) } } + +type UserOrgsHandler struct { + log *zap.SugaredLogger + ah *action.ActionHandler +} + +func NewUserOrgsHandler(logger *zap.Logger, ah *action.ActionHandler) *UserOrgsHandler { + return &UserOrgsHandler{log: logger.Sugar(), ah: ah} +} + +func (h *UserOrgsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + vars := mux.Vars(r) + userRef := vars["userref"] + + userOrgs, err := h.ah.GetUserOrgs(ctx, userRef) + if httpError(w, err) { + h.log.Errorf("err: %+v", err) + return + } + + res := make([]*gwapitypes.UserOrgsResponse, len(userOrgs)) + for i, userOrg := range userOrgs { + res[i] = createUserOrgsResponse(userOrg) + } + + if err := httpResponse(w, http.StatusOK, res); err != nil { + h.log.Errorf("err: %+v", err) + } +} + +func createUserOrgsResponse(o *csapitypes.UserOrgsResponse) *gwapitypes.UserOrgsResponse { + userOrgs := &gwapitypes.UserOrgsResponse{ + Organization: createOrgResponse(o.Organization), + Role: gwapitypes.MemberRole(o.Role), + } + + return userOrgs +} diff --git a/internal/services/gateway/gateway.go b/internal/services/gateway/gateway.go index f37552c8a..8a1cc8dc0 100644 --- a/internal/services/gateway/gateway.go +++ b/internal/services/gateway/gateway.go @@ -187,6 +187,7 @@ func (g *Gateway) Run(ctx context.Context) error { createUserHandler := api.NewCreateUserHandler(logger, g.ah) deleteUserHandler := api.NewDeleteUserHandler(logger, g.ah) userCreateRunHandler := api.NewUserCreateRunHandler(logger, g.ah) + userOrgsHandler := api.NewUserOrgsHandler(logger, g.ah) createUserLAHandler := api.NewCreateUserLAHandler(logger, g.ah) deleteUserLAHandler := api.NewDeleteUserLAHandler(logger, g.ah) @@ -283,6 +284,7 @@ func (g *Gateway) Run(ctx context.Context) error { apirouter.Handle("/users", authForcedHandler(createUserHandler)).Methods("POST") apirouter.Handle("/users/{userref}", authForcedHandler(deleteUserHandler)).Methods("DELETE") apirouter.Handle("/user/createrun", authForcedHandler(userCreateRunHandler)).Methods("POST") + apirouter.Handle("/user/{userref}/orgs", authForcedHandler(userOrgsHandler)).Methods("GET") apirouter.Handle("/users/{userref}/linkedaccounts", authForcedHandler(createUserLAHandler)).Methods("POST") apirouter.Handle("/users/{userref}/linkedaccounts/{laid}", authForcedHandler(deleteUserLAHandler)).Methods("DELETE") diff --git a/services/gateway/api/types/user.go b/services/gateway/api/types/user.go index 06f7910e7..2b75d3fdf 100644 --- a/services/gateway/api/types/user.go +++ b/services/gateway/api/types/user.go @@ -106,3 +106,8 @@ type UserCreateRunRequest struct { PullRequestRefRegexes []string `json:"pull_request_ref_regexes,omitempty"` Variables map[string]string `json:"variables,omitempty"` } + +type UserOrgsResponse struct { + Organization *OrgResponse + Role MemberRole +} diff --git a/services/gateway/client/client.go b/services/gateway/client/client.go index 234cd850b..20350d824 100644 --- a/services/gateway/client/client.go +++ b/services/gateway/client/client.go @@ -60,7 +60,6 @@ func (c *Client) doRequest(ctx context.Context, method, path string, query url.V return nil, err } u.RawQuery = query.Encode() - req, err := http.NewRequest(method, u.String(), ibody) req = req.WithContext(ctx) if err != nil { @@ -611,3 +610,9 @@ func (c *Client) GetVersion(ctx context.Context) (*gwapitypes.VersionResponse, * resp, err := c.getParsedResponse(ctx, "GET", "/version", nil, jsonContent, nil, &res) return res, resp, err } + +func (c *Client) GetUserOrgs(ctx context.Context, userRef string) ([]*gwapitypes.UserOrgsResponse, *http.Response, error) { + userOrgs := []*gwapitypes.UserOrgsResponse{} + resp, err := c.getParsedResponse(ctx, "GET", fmt.Sprintf("/user/%s/orgs", userRef), nil, jsonContent, nil, &userOrgs) + return userOrgs, resp, err +} diff --git a/tests/setup_test.go b/tests/setup_test.go index a9776c65b..3f0eae649 100644 --- a/tests/setup_test.go +++ b/tests/setup_test.go @@ -23,6 +23,7 @@ import ( "os/exec" "path" "path/filepath" + "sort" "strings" "testing" "time" @@ -1934,3 +1935,88 @@ def main(ctx): } } } + +func TestUserOrgs(t *testing.T) { + dir, err := ioutil.TempDir("", "agola") + if err != nil { + t.Fatalf("unexpected err: %v", err) + } + defer os.RemoveAll(dir) + + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + tetcd, tgitea, c := setup(ctx, t, dir) + defer shutdownGitea(tgitea) + defer shutdownEtcd(tetcd) + + gwClient := gwclient.NewClient(c.Gateway.APIExposedURL, "admintoken") + + _, _, err = gwClient.CreateUser(ctx, &gwapitypes.CreateUserRequest{UserName: giteaUser01}) + if err != nil { + t.Fatalf("unexpected err: %v", err) + } + _, _, err = gwClient.CreateUser(ctx, &gwapitypes.CreateUserRequest{UserName: giteaUser02}) + if err != nil { + t.Fatalf("unexpected err: %v", err) + } + _, _, err = gwClient.CreateOrg(ctx, &gwapitypes.CreateOrgRequest{Name: "org01", Visibility: gwapitypes.VisibilityPublic}) + if err != nil { + t.Fatalf("unexpected err: %v", err) + } + _, _, err = gwClient.CreateOrg(ctx, &gwapitypes.CreateOrgRequest{Name: "org02", Visibility: gwapitypes.VisibilityPublic}) + if err != nil { + t.Fatalf("unexpected err: %v", err) + } + _, _, err = gwClient.CreateOrg(ctx, &gwapitypes.CreateOrgRequest{Name: "org03", Visibility: gwapitypes.VisibilityPublic}) + if err != nil { + t.Fatalf("unexpected err: %v", err) + } + _, _, err = gwClient.AddOrgMember(ctx, "org01", giteaUser01, gwapitypes.MemberRoleMember) + if err != nil { + t.Fatalf("unexpected err: %v", err) + } + _, _, err = gwClient.AddOrgMember(ctx, "org02", giteaUser01, gwapitypes.MemberRoleOwner) + if err != nil { + t.Fatalf("unexpected err: %v", err) + } + _, _, err = gwClient.AddOrgMember(ctx, "org01", giteaUser02, gwapitypes.MemberRoleOwner) + if err != nil { + t.Fatalf("unexpected err: %v", err) + } + _, _, err = gwClient.AddOrgMember(ctx, "org03", giteaUser02, gwapitypes.MemberRoleOwner) + if err != nil { + t.Fatalf("unexpected err: %v", err) + } + // test user01 + orgs, _, err := gwClient.GetUserOrgs(ctx, giteaUser01) + if err != nil { + t.Fatalf("unexpected err: %v", err) + } + if len(orgs) != 2 { + t.Fatalf("expected len 2 got: %d", len(orgs)) + } + + sort.SliceStable(orgs, func(i, j int) bool { + return strings.Compare(strings.ToLower(orgs[i].Organization.Name), strings.ToLower(orgs[j].Organization.Name)) < 0 + }) + if orgs[0].Organization.Name != "org01" || orgs[1].Organization.Name != "org02" { + t.Fatalf("expected org01 and org02 got: %s and %s", orgs[0].Organization.Name, orgs[1].Organization.Name) + } + + // test user02 + orgs, _, err = gwClient.GetUserOrgs(ctx, giteaUser02) + if err != nil { + t.Fatalf("unexpected err: %v", err) + } + if len(orgs) != 2 { + t.Fatalf("expected len 2 got: %d", len(orgs)) + } + + sort.SliceStable(orgs, func(i, j int) bool { + return strings.Compare(strings.ToLower(orgs[i].Organization.Name), strings.ToLower(orgs[j].Organization.Name)) < 0 + }) + if orgs[0].Organization.Name != "org01" || orgs[1].Organization.Name != "org03" { + t.Fatalf("expected org01 and org03 got: %s and %s", orgs[0].Organization.Name, orgs[1].Organization.Name) + } +}