Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-07 05:55:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Access control for issues.

Browse Source
This commit is contained in:
takezoe
2013-07-03 02:26:01 +09:00
parent 8a19cf7e3c
commit 8890c28fa3
3 changed files with 118 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
src/main/scala/app/IssuesController.scala
View File

@@ -65,11 +65,12 @@ trait IssuesControllerBase extends ControllerBase {
(getCollaborators(owner, repository) :+ owner).sorted, (getCollaborators(owner, repository) :+ owner).sorted,
getMilestones(owner, repository), getMilestones(owner, repository),
getLabels(owner, repository), getLabels(owner, repository),
hasWritePermission(owner, repository, context.loginAccount),
getRepository(owner, repository, baseUrl).get) getRepository(owner, repository, baseUrl).get)
} getOrElse NotFound } getOrElse NotFound
}) })
get("/:owner/:repository/issues/new")( readableUsersOnly { get("/:owner/:repository/issues/new")(readableUsersOnly {
val owner = params("owner") val owner = params("owner")
val repository = params("repository") val repository = params("repository")
@@ -82,20 +83,22 @@ trait IssuesControllerBase extends ControllerBase {
} getOrElse NotFound } getOrElse NotFound
}) })
post("/:owner/:repository/issues/new", issueCreateForm)( readableUsersOnly { form => post("/:owner/:repository/issues/new", issueCreateForm)(readableUsersOnly { form =>
val owner = params("owner") val owner = params("owner")
val repository = params("repository") val repository = params("repository")
val writable = hasWritePermission(owner, repository, context.loginAccount)
// TODO User and milestone are assigned by only collaborators. val issueId = createIssue(owner, repository, context.loginAccount.get.userName, form.title, form.content,
val issueId = createIssue(owner, repository, context.loginAccount.get.userName, if(writable) form.assignedUserName else None,
form.title, form.content, form.assignedUserName, form.milestoneId) if(writable) form.milestoneId else None)
// TODO labels are assigned by only collaborators if(writable){
form.labelNames.map { value => form.labelNames.map { value =>
val labels = getLabels(owner, repository) val labels = getLabels(owner, repository)
value.split(",").foreach { labelName => value.split(",").foreach { labelName =>
labels.find(_.labelName == labelName).map { label => labels.find(_.labelName == labelName).map { label =>
registerIssueLabel(owner, repository, issueId, label.labelId) registerIssueLabel(owner, repository, issueId, label.labelId)
}
} }
} }
} }
@@ -103,18 +106,24 @@ trait IssuesControllerBase extends ControllerBase {
redirect("/%s/%s/issues/%d".format(owner, repository, issueId)) redirect("/%s/%s/issues/%d".format(owner, repository, issueId))
}) })
// TODO Authenticator ajaxPost("/:owner/:repository/issues/edit/:id", issueEditForm)(readableUsersOnly { form =>
ajaxPost("/:owner/:repository/issues/edit/:id", issueEditForm){ form => val owner = params("owner")
val owner = params("owner")
val repository = params("repository") val repository = params("repository")
val issueId = params("id").toInt val issueId = params("id").toInt
val writable = hasWritePermission(owner, repository, context.loginAccount)
updateIssue(owner, repository, issueId, form.title, form.content) getIssue(owner, repository, issueId.toString).map { issue =>
redirect("/%s/%s/issues/_data/%d".format(owner, repository, issueId)) if(writable || issue.openedUserName == context.loginAccount.get.userName){
} updateIssue(owner, repository, issueId, form.title, form.content)
redirect("/%s/%s/issues/_data/%d".format(owner, repository, issueId))
} else {
Unauthorized
}
} getOrElse NotFound
})
// TODO requires users only and readable repository checking // TODO repository checking
post("/:owner/:repository/issue_comments/new", commentForm)( referrersOnly { form => post("/:owner/:repository/issue_comments/new", commentForm)(readableUsersOnly { form =>
val owner = params("owner") val owner = params("owner")
val repository = params("repository") val repository = params("repository")
val action = params.get("action") filter { action => val action = params.get("action") filter { action =>
@@ -125,13 +134,22 @@ trait IssuesControllerBase extends ControllerBase {
createComment(owner, repository, context.loginAccount.get.userName, form.issueId, form.content, action))) createComment(owner, repository, context.loginAccount.get.userName, form.issueId, form.content, action)))
}) })
// TODO Authenticator, repository checking // TODO repository checking
ajaxPost("/:owner/:repository/issue_comments/edit/:id", commentForm){ form => ajaxPost("/:owner/:repository/issue_comments/edit/:id", commentForm)(readableUsersOnly { form =>
val commentId = params("id").toInt val owner = params("owner")
val repository = params("repository")
val commentId = params("id").toInt
val writable = hasWritePermission(owner, repository, context.loginAccount)
updateComment(commentId, form.content) getComment(commentId.toString).map { comment =>
redirect("/%s/%s/issue_comments/_data/%d".format(params("owner"), params("repository"), commentId)) if(writable || comment.commentedUserName == context.loginAccount.get.userName){
} updateComment(commentId, form.content)
redirect("/%s/%s/issue_comments/_data/%d".format(owner, repository, commentId))
} else {
Unauthorized
}
} getOrElse NotFound
})
// TODO Authenticator // TODO Authenticator
ajaxGet("/:owner/:repository/issues/_data/:id"){ ajaxGet("/:owner/:repository/issues/_data/:id"){

129
src/main/twirl/issues/issue.scala.html
View File

@@ -4,6 +4,7 @@
collaborators: List[String], collaborators: List[String],
milestones: List[model.Milestone], milestones: List[model.Milestone],
labels: List[model.Label], labels: List[model.Label],
hasWritePermission: Boolean,
repository: service.RepositoryService.RepositoryInfo)(implicit context: app.Context) repository: service.RepositoryService.RepositoryInfo)(implicit context: app.Context)
@import context._ @import context._
@import view.helpers._ @import view.helpers._
@@ -19,7 +20,9 @@
<div class="box"> <div class="box">
<div class="box-content" style="padding: 0px;"> <div class="box-content" style="padding: 0px;">
<div class="issue-header"> <div class="issue-header">
<span class="pull-right"><a class="btn btn-small" href="#" id="edit">Edit</a></span> @if(hasWritePermission || loginAccount.map(_.userName == issue.openedUserName).getOrElse(false)){
<span class="pull-right"><a class="btn btn-small" href="#" id="edit">Edit</a></span>
}
<div class="small muted"> <div class="small muted">
<a href="@url(issue.openedUserName)" class="username">@issue.openedUserName</a> opened this issue @datetime(issue.registeredDate) <a href="@url(issue.openedUserName)" class="username">@issue.openedUserName</a> opened this issue @datetime(issue.registeredDate)
</div> </div>
@@ -31,11 +34,13 @@
<a href="@url(userName)" class="username strong">@userName</a> is assigned <a href="@url(userName)" class="username strong">@userName</a> is assigned
}.getOrElse("No one is assigned") }.getOrElse("No one is assigned")
</span> </span>
@helper.html.dropdown { @if(hasWritePermission){
<li><a href="javascript:void(0);" class="assign" data-name="">Clear assignee</a></li> @helper.html.dropdown {
<li class="divider"></li> <li><a href="javascript:void(0);" class="assign" data-name="">Clear assignee</a></li>
@collaborators.map { collaborator => <li class="divider"></li>
<li><a href="javascript:void(0);" class="assign" data-name="@collaborator">@collaborator</a></li> @collaborators.map { collaborator =>
<li><a href="javascript:void(0);" class="assign" data-name="@collaborator">@collaborator</a></li>
}
} }
} }
<div class="pull-right"> <div class="pull-right">
@@ -46,11 +51,13 @@
} }
}.getOrElse("No milestone") }.getOrElse("No milestone")
</span> </span>
@helper.html.dropdown { @if(hasWritePermission){
<li><a href="javascript:void(0);" class="milestone" data-id="">No milestone</a></li> @helper.html.dropdown {
<li class="divider"></li> <li><a href="javascript:void(0);" class="milestone" data-id="">No milestone</a></li>
@milestones.map { milestone => <li class="divider"></li>
<li><a href="javascript:void(0);" class="milestone" data-id="@milestone.milestoneId">@milestone.title</a></li> @milestones.map { milestone =>
<li><a href="javascript:void(0);" class="milestone" data-id="@milestone.milestoneId">@milestone.title</a></li>
}
} }
} }
</div> </div>
@@ -61,40 +68,44 @@
</div> </div>
</div> </div>
@comments.map { comment => @comments.map { comment =>
<div class="box" id="comment-@comment.commentId"> <div class="box" id="comment-@comment.commentId">
<div class="box-header-small"> <div class="box-header-small">
<a href="@url(comment.commentedUserName)" class="username strong">@comment.commentedUserName</a> commented <a href="@url(comment.commentedUserName)" class="username strong">@comment.commentedUserName</a> commented
<span class="pull-right"> <span class="pull-right">
@datetime(comment.registeredDate) @datetime(comment.registeredDate)
<a href="#" data-comment-id="@comment.commentId"><i class="icon-pencil"></i></a> @if(hasWritePermission || loginAccount.map(_.userName == comment.commentedUserName).getOrElse(false)){
</span> <a href="#" data-comment-id="@comment.commentId"><i class="icon-pencil"></i></a>
}
</span>
</div>
<div class="box-content"class="issue-content" id="commentContent-@comment.commentId">
@markdown(comment.content, repository, false, true, true)
</div>
</div> </div>
<div class="box-content"class="issue-content" id="commentContent-@comment.commentId"> @comment.action.map { action =>
@markdown(comment.content, repository, false, true, true) <div class="small">
@if(action == "close"){
<span class="label label-important">Closed</span>
<a href="@url(comment.commentedUserName)">@comment.commentedUserName</a> closed the issue @datetime(comment.registeredDate)
} else {
<span class="label label-success">Reopened</span>
<a href="@url(comment.commentedUserName)">@comment.commentedUserName</a> reopened the issue @datetime(comment.registeredDate)
}
</div> </div>
</div>
@comment.action.map { action =>
<div class="small">
@if(action == "close"){
<span class="label label-important">Closed</span>
<a href="@url(comment.commentedUserName)">@comment.commentedUserName</a> closed the issue @datetime(comment.registeredDate)
} else {
<span class="label label-success">Reopened</span>
<a href="@url(comment.commentedUserName)">@comment.commentedUserName</a> reopened the issue @datetime(comment.registeredDate)
} }
</div>
} }
@if(loginAccount.isDefined){
<form action="@url(repository)/issue_comments/new" method="POST" validate="true">
<div class="box">
<div class="box-content">
@helper.html.preview(repository, "", false, true, true, "width: 730px; height: 100px;")
</div>
</div>
<input type="hidden" name="issueId" value="@issue.issueId"/>
<input type="submit" class="btn btn-success" value="Comment"/>
<input type="submit" class="btn" value="@{if(issue.closed) "Reopen" else "Close"}" id="action"/>
</form>
} }
<form action="@url(repository)/issue_comments/new" method="POST" validate="true">
<div class="box">
<div class="box-content">
@helper.html.preview(repository, "", false, true, true, "width: 730px; height: 100px;")
</div>
</div>
<input type="hidden" name="issueId" value="@issue.issueId"/>
<input type="submit" class="btn btn-success" value="Comment"/>
<input type="submit" class="btn" value="@{if(issue.closed) "Reopen" else "Close"}" id="action"/>
</form>
</div> </div>
<div class="span2"> <div class="span2">
@if(issue.closed) { @if(issue.closed) {
@@ -105,25 +116,27 @@
<div class="small">@comments.size comments</div> <div class="small">@comments.size comments</div>
<hr/> <hr/>
<strong>Labels</strong> <strong>Labels</strong>
<div class="pull-right"> @if(hasWritePermission){
<div class="btn-group"> <div class="pull-right">
<button class="btn btn-mini dropdown-toggle" data-toggle="dropdown"> <div class="btn-group">
<i class="icon-cog"></i> <button class="btn btn-mini dropdown-toggle" data-toggle="dropdown">
<span class="caret"></span> <i class="icon-cog"></i>
</button> <span class="caret"></span>
<ul class="dropdown-menu"> </button>
@labels.map { label => <ul class="dropdown-menu">
<li> @labels.map { label =>
<a href="#" class="toggle-label" data-label-id="@label.labelId"> <li>
<i class="@{if(issueLabels.exists(_.labelId == label.labelId)) "icon-ok" else "icon-white"}"></i> <a href="#" class="toggle-label" data-label-id="@label.labelId">
<span class="label" style="background-color: #@label.color;">&nbsp;</span> <i class="@{if(issueLabels.exists(_.labelId == label.labelId)) "icon-ok" else "icon-white"}"></i>
@label.labelName <span class="label" style="background-color: #@label.color;">&nbsp;</span>
</a> @label.labelName
</li> </a>
} </li>
</ul> }
</ul>
</div>
</div> </div>
</div> }
<ul class="label-list"> <ul class="label-list">
@labellist(issueLabels) @labellist(issueLabels)
</ul> </ul>

2
src/main/twirl/issues/tab.scala.html
View File

@@ -4,9 +4,11 @@
<ul class="nav nav-tabs"> <ul class="nav nav-tabs">
<li@if(active == "issues"){ class="active"}><a href="@url(repository)/issues">Browse Issues</a></li> <li@if(active == "issues"){ class="active"}><a href="@url(repository)/issues">Browse Issues</a></li>
<li@if(active == "milestones"){ class="active"}><a href="@url(repository)/issues/milestones">Milestones</a></li> <li@if(active == "milestones"){ class="active"}><a href="@url(repository)/issues/milestones">Milestones</a></li>
@if(loginAccount.isDefined){
<li class="pull-right"> <li class="pull-right">
<div class="btn-group"> <div class="btn-group">
<a class="btn btn-success" href="@url(repository)/issues/new">New Issue</a> <a class="btn btn-success" href="@url(repository)/issues/new">New Issue</a>
</div> </div>
</li> </li>
}
</ul> </ul>