forked from vikunja/vikunja
viehlieb
ed4da96ab1
This change adds the ability to sync teams via a custom openid claim. Vikunja will automatically create and delete teams as necessary, it will also add and remove users when they log in. These teams are fully managed by Vikunja and cannot be updated by a user. Co-authored-by: kolaente <k@knt.li> Reviewed-on: vikunja/vikunja#1393 Resolves vikunja/vikunja#1279 Resolves https://github.com/go-vikunja/vikunja/issues/42 Resolves vikunja/vikunja#950 Co-authored-by: viehlieb <pf@pragma-shift.net> Co-committed-by: viehlieb <pf@pragma-shift.net>
154 lines
4.7 KiB
Go
154 lines
4.7 KiB
Go
// Vikunja is a to-do list application to facilitate your life.
|
|
// Copyright 2018-present Vikunja and contributors. All rights reserved.
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public Licensee as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public Licensee for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public Licensee
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
package models
|
|
|
|
import (
|
|
"code.vikunja.io/api/pkg/events"
|
|
user2 "code.vikunja.io/api/pkg/user"
|
|
"code.vikunja.io/web"
|
|
"xorm.io/xorm"
|
|
)
|
|
|
|
// Create implements the create method to assign a user to a team
|
|
// @Summary Add a user to a team
|
|
// @Description Add a user to a team.
|
|
// @tags team
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Security JWTKeyAuth
|
|
// @Param id path int true "Team ID"
|
|
// @Param team body models.TeamMember true "The user to be added to a team."
|
|
// @Success 201 {object} models.TeamMember "The newly created member object"
|
|
// @Failure 400 {object} web.HTTPError "Invalid member object provided."
|
|
// @Failure 403 {object} web.HTTPError "The user does not have access to the team"
|
|
// @Failure 500 {object} models.Message "Internal error"
|
|
// @Router /teams/{id}/members [put]
|
|
func (tm *TeamMember) Create(s *xorm.Session, a web.Auth) (err error) {
|
|
|
|
// Check if the team extst
|
|
team, err := GetTeamByID(s, tm.TeamID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// Check if the user exists
|
|
member, err := user2.GetUserByUsername(s, tm.Username)
|
|
if err != nil {
|
|
return
|
|
}
|
|
tm.UserID = member.ID
|
|
|
|
// Check if that user is already part of the team
|
|
exists, err := s.
|
|
Where("team_id = ? AND user_id = ?", tm.TeamID, tm.UserID).
|
|
Get(&TeamMember{})
|
|
if err != nil {
|
|
return
|
|
}
|
|
if exists {
|
|
return ErrUserIsMemberOfTeam{tm.TeamID, tm.UserID}
|
|
}
|
|
|
|
// Insert the user
|
|
_, err = s.Insert(tm)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
doer, _ := user2.GetFromAuth(a)
|
|
return events.Dispatch(&TeamMemberAddedEvent{
|
|
Team: team,
|
|
Member: member,
|
|
Doer: doer,
|
|
})
|
|
}
|
|
|
|
// Delete deletes a user from a team
|
|
// @Summary Remove a user from a team
|
|
// @Description Remove a user from a team. This will also revoke any access this user might have via that team. A user can remove themselves from the team if they are not the last user in the team.
|
|
// @tags team
|
|
// @Produce json
|
|
// @Security JWTKeyAuth
|
|
// @Param id path int true "Team ID"
|
|
// @Param userID path int true "User ID"
|
|
// @Success 200 {object} models.Message "The user was successfully removed from the team."
|
|
// @Failure 500 {object} models.Message "Internal error"
|
|
// @Router /teams/{id}/members/{userID} [delete]
|
|
func (tm *TeamMember) Delete(s *xorm.Session, _ web.Auth) (err error) {
|
|
|
|
total, err := s.Where("team_id = ?", tm.TeamID).Count(&TeamMember{})
|
|
if err != nil {
|
|
return
|
|
}
|
|
if total == 1 {
|
|
return ErrCannotDeleteLastTeamMember{tm.TeamID, tm.UserID}
|
|
}
|
|
|
|
// Find the numeric user id
|
|
user, err := user2.GetUserByUsername(s, tm.Username)
|
|
if err != nil {
|
|
return
|
|
}
|
|
tm.UserID = user.ID
|
|
|
|
_, err = s.Where("team_id = ? AND user_id = ?", tm.TeamID, tm.UserID).Delete(&TeamMember{})
|
|
return
|
|
}
|
|
|
|
func (tm *TeamMember) MembershipExists(s *xorm.Session) (exists bool, err error) {
|
|
return s.
|
|
Where("team_id = ? AND user_id = ?", tm.TeamID, tm.UserID).
|
|
Exist(&TeamMember{})
|
|
}
|
|
|
|
// Update toggles a team member's admin status
|
|
// @Summary Toggle a team member's admin status
|
|
// @Description If a user is team admin, this will make them member and vise-versa.
|
|
// @tags team
|
|
// @Produce json
|
|
// @Security JWTKeyAuth
|
|
// @Param id path int true "Team ID"
|
|
// @Param userID path int true "User ID"
|
|
// @Success 200 {object} models.Message "The member right was successfully changed."
|
|
// @Failure 500 {object} models.Message "Internal error"
|
|
// @Router /teams/{id}/members/{userID}/admin [post]
|
|
func (tm *TeamMember) Update(s *xorm.Session, _ web.Auth) (err error) {
|
|
// Find the numeric user id
|
|
user, err := user2.GetUserByUsername(s, tm.Username)
|
|
if err != nil {
|
|
return
|
|
}
|
|
tm.UserID = user.ID
|
|
|
|
// Get the full member object and change the admin right
|
|
ttm := &TeamMember{}
|
|
_, err = s.
|
|
Where("team_id = ? AND user_id = ?", tm.TeamID, tm.UserID).
|
|
Get(ttm)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
ttm.Admin = !ttm.Admin
|
|
|
|
// Do the update
|
|
_, err = s.
|
|
Where("team_id = ? AND user_id = ?", tm.TeamID, tm.UserID).
|
|
Cols("admin").
|
|
Update(ttm)
|
|
tm.Admin = ttm.Admin // Since we're returning the updated rights object
|
|
return
|
|
}
|