(refs #198)Allow group editing by group members.

2025-11-09 06:55:54 +01:00 · 2014-03-03 01:45:00 +09:00
parent d870896cfb
commit 17920e1195
7 changed files with 43 additions and 15 deletions
--- a/src/main/scala/app/AccountController.scala
+++ b/src/main/scala/app/AccountController.scala
@@ -51,14 +51,20 @@ trait AccountControllerBase extends AccountManagementControllerBase {
            getActivitiesByUser(userName, true))

        // Members
-        case "members" if(account.isGroupAccount) =>
-          _root_.account.html.members(account, getGroupMembers(account.userName))
+        case "members" if(account.isGroupAccount) => {
+          val members = getGroupMembers(account.userName)
+          _root_.account.html.members(account, members,
+            context.loginAccount.exists(x => members.contains(x.userName)))
+        }

        // Repositories
-        case _ =>
+        case _ => {
+          val members = getGroupMembers(account.userName)
          _root_.account.html.repositories(account,
            if(account.isGroupAccount) Nil else getGroupsByUserName(userName),
-            getVisibleRepositories(context.loginAccount, baseUrl, Some(userName)))
+            getVisibleRepositories(context.loginAccount, baseUrl, Some(userName)),
+            context.loginAccount.exists(x => members.contains(x.userName)))
+        }
      }
    } getOrElse NotFound
  }
--- a/src/main/scala/app/CreateController.scala
+++ b/src/main/scala/app/CreateController.scala
@@ -13,14 +13,14 @@ import org.apache.commons.io.FileUtils

 class CreateController extends CreateControllerBase
  with RepositoryService with AccountService with WikiService with LabelsService with ActivityService
-  with UsersAuthenticator with ReadableUsersAuthenticator
+  with UsersAuthenticator with ReadableUsersAuthenticator with GroupMemberAuthenticator

 /**
 * Creates new repository or group.
 */
 trait CreateControllerBase extends AccountManagementControllerBase {
  self: RepositoryService with AccountService with WikiService with LabelsService with ActivityService
-    with UsersAuthenticator with ReadableUsersAuthenticator =>
+    with UsersAuthenticator with ReadableUsersAuthenticator with GroupMemberAuthenticator =>

  case class RepositoryCreationForm(owner: String, name: String, description: Option[String],
                                    isPrivate: Boolean, createReadme: Boolean)
@@ -207,13 +207,13 @@ trait CreateControllerBase extends AccountManagementControllerBase {
    redirect(s"/${form.groupName}")
  })

-  get("/:groupName/_edit")(usersOnly { // TODO group manager only
+  get("/:groupName/_edit")(membersOnly {
    defining(params("groupName")){ groupName =>
      html.group(getAccountByUserName(groupName, true), getGroupMembers(groupName))
    }
  })

-  post("/:groupName/_edit", editGroupForm)(usersOnly { form => // TODO group manager only
+  post("/:groupName/_edit", editGroupForm)(membersOnly { form =>
    defining(params("groupName"), form.memberNames.map(_.split(",").toList).getOrElse(Nil)){ case (groupName, memberNames) =>
      getAccountByUserName(groupName, true).map { account =>
        updateGroup(groupName, form.url, form.isRemoved)
--- a/src/main/scala/util/Authenticator.scala
+++ b/src/main/scala/util/Authenticator.scala
@@ -155,3 +155,22 @@ trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService =
    }
  }
 }
+
+/**
+ * Allows only the group members.
+ */
+trait GroupMemberAuthenticator { self: ControllerBase with AccountService =>
+  protected def membersOnly(action: => Any) = { authenticate(action) }
+  protected def membersOnly[T](action: T => Any) = (form: T) => { authenticate(action(form)) }
+
+  private def authenticate(action: => Any) = {
+    {
+      defining(request.paths){ paths =>
+        context.loginAccount match {
+          case Some(x) if(getGroupMembers(paths(0)).contains(x.userName)) => action
+          case _ => Unauthorized()
+        }
+      }
+    }
+  }
+}