Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-07 05:55:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Access control for issues.

Browse Source
This commit is contained in:
takezoe
2013-07-03 02:26:01 +09:00
parent 8a19cf7e3c
commit 8890c28fa3
3 changed files with 118 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/main/scala/app/IssuesController.scala
View File

@@ -65,6 +65,7 @@ trait IssuesControllerBase extends ControllerBase {
(getCollaborators(owner, repository) :+ owner).sorted,
getMilestones(owner, repository),
getLabels(owner, repository),
hasWritePermission(owner, repository, context.loginAccount),
getRepository(owner, repository, baseUrl).get)
} getOrElse NotFound
})
@@ -85,12 +86,13 @@ trait IssuesControllerBase extends ControllerBase {
post("/:owner/:repository/issues/new", issueCreateForm)(readableUsersOnly { form =>
val owner = params("owner")
val repository = params("repository")
val writable = hasWritePermission(owner, repository, context.loginAccount)
// TODO User and milestone are assigned by only collaborators.
val issueId = createIssue(owner, repository, context.loginAccount.get.userName,
form.title, form.content, form.assignedUserName, form.milestoneId)
val issueId = createIssue(owner, repository, context.loginAccount.get.userName, form.title, form.content,
if(writable) form.assignedUserName else None,
if(writable) form.milestoneId else None)
// TODO labels are assigned by only collaborators
if(writable){
form.labelNames.map { value =>
val labels = getLabels(owner, repository)
value.split(",").foreach { labelName =>
@@ -99,22 +101,29 @@ trait IssuesControllerBase extends ControllerBase {
}
}
}
}
redirect("/%s/%s/issues/%d".format(owner, repository, issueId))
})
// TODO Authenticator
ajaxPost("/:owner/:repository/issues/edit/:id", issueEditForm){ form =>
ajaxPost("/:owner/:repository/issues/edit/:id", issueEditForm)(readableUsersOnly { form =>
val owner = params("owner")
val repository = params("repository")
val issueId = params("id").toInt
val writable = hasWritePermission(owner, repository, context.loginAccount)
getIssue(owner, repository, issueId.toString).map { issue =>
if(writable || issue.openedUserName == context.loginAccount.get.userName){
updateIssue(owner, repository, issueId, form.title, form.content)
redirect("/%s/%s/issues/_data/%d".format(owner, repository, issueId))
} else {
Unauthorized
}
} getOrElse NotFound
})
// TODO requires users only and readable repository checking
post("/:owner/:repository/issue_comments/new", commentForm)( referrersOnly { form =>
// TODO repository checking
post("/:owner/:repository/issue_comments/new", commentForm)(readableUsersOnly { form =>
val owner = params("owner")
val repository = params("repository")
val action = params.get("action") filter { action =>
@@ -125,13 +134,22 @@ trait IssuesControllerBase extends ControllerBase {
createComment(owner, repository, context.loginAccount.get.userName, form.issueId, form.content, action)))
})
// TODO Authenticator, repository checking
ajaxPost("/:owner/:repository/issue_comments/edit/:id", commentForm){ form =>
// TODO repository checking
ajaxPost("/:owner/:repository/issue_comments/edit/:id", commentForm)(readableUsersOnly { form =>
val owner = params("owner")
val repository = params("repository")
val commentId = params("id").toInt
val writable = hasWritePermission(owner, repository, context.loginAccount)
getComment(commentId.toString).map { comment =>
if(writable || comment.commentedUserName == context.loginAccount.get.userName){
updateComment(commentId, form.content)
redirect("/%s/%s/issue_comments/_data/%d".format(params("owner"), params("repository"), commentId))
redirect("/%s/%s/issue_comments/_data/%d".format(owner, repository, commentId))
} else {
Unauthorized
}
} getOrElse NotFound
})
// TODO Authenticator
ajaxGet("/:owner/:repository/issues/_data/:id"){

13
src/main/twirl/issues/issue.scala.html
View File

@@ -4,6 +4,7 @@
collaborators: List[String],
milestones: List[model.Milestone],
labels: List[model.Label],
hasWritePermission: Boolean,
repository: service.RepositoryService.RepositoryInfo)(implicit context: app.Context)
@import context._
@import view.helpers._
@@ -19,7 +20,9 @@
<div class="box">
<div class="box-content" style="padding: 0px;">
<div class="issue-header">
@if(hasWritePermission || loginAccount.map(_.userName == issue.openedUserName).getOrElse(false)){
<span class="pull-right"><a class="btn btn-small" href="#" id="edit">Edit</a></span>
}
<div class="small muted">
<a href="@url(issue.openedUserName)" class="username">@issue.openedUserName</a> opened this issue @datetime(issue.registeredDate)
</div>
@@ -31,6 +34,7 @@
<a href="@url(userName)" class="username strong">@userName</a> is assigned
}.getOrElse("No one is assigned")
</span>
@if(hasWritePermission){
@helper.html.dropdown {
<li><a href="javascript:void(0);" class="assign" data-name="">Clear assignee</a></li>
<li class="divider"></li>
@@ -38,6 +42,7 @@
<li><a href="javascript:void(0);" class="assign" data-name="@collaborator">@collaborator</a></li>
}
}
}
<div class="pull-right">
<span id="label-milestone">
@issue.milestoneId.map { milestoneId =>
@@ -46,6 +51,7 @@
}
}.getOrElse("No milestone")
</span>
@if(hasWritePermission){
@helper.html.dropdown {
<li><a href="javascript:void(0);" class="milestone" data-id="">No milestone</a></li>
<li class="divider"></li>
@@ -53,6 +59,7 @@
<li><a href="javascript:void(0);" class="milestone" data-id="@milestone.milestoneId">@milestone.title</a></li>
}
}
}
</div>
</div>
<div class="issue-content" id="issueContent">
@@ -66,7 +73,9 @@
<a href="@url(comment.commentedUserName)" class="username strong">@comment.commentedUserName</a> commented
<span class="pull-right">
@datetime(comment.registeredDate)
@if(hasWritePermission || loginAccount.map(_.userName == comment.commentedUserName).getOrElse(false)){
<a href="#" data-comment-id="@comment.commentId"><i class="icon-pencil"></i></a>
}
</span>
</div>
<div class="box-content"class="issue-content" id="commentContent-@comment.commentId">
@@ -85,6 +94,7 @@
</div>
}
}
@if(loginAccount.isDefined){
<form action="@url(repository)/issue_comments/new" method="POST" validate="true">
<div class="box">
<div class="box-content">
@@ -95,6 +105,7 @@
<input type="submit" class="btn btn-success" value="Comment"/>
<input type="submit" class="btn" value="@{if(issue.closed) "Reopen" else "Close"}" id="action"/>
</form>
}
</div>
<div class="span2">
@if(issue.closed) {
@@ -105,6 +116,7 @@
<div class="small">@comments.size comments</div>
<hr/>
<strong>Labels</strong>
@if(hasWritePermission){
<div class="pull-right">
<div class="btn-group">
<button class="btn btn-mini dropdown-toggle" data-toggle="dropdown">
@@ -124,6 +136,7 @@
</ul>
</div>
</div>
}
<ul class="label-list">
@labellist(issueLabels)
</ul>

2
src/main/twirl/issues/tab.scala.html
View File

@@ -4,9 +4,11 @@
<ul class="nav nav-tabs">
<li@if(active == "issues"){ class="active"}><a href="@url(repository)/issues">Browse Issues</a></li>
<li@if(active == "milestones"){ class="active"}><a href="@url(repository)/issues/milestones">Milestones</a></li>
@if(loginAccount.isDefined){
<li class="pull-right">
<div class="btn-group">
<a class="btn btn-success" href="@url(repository)/issues/new">New Issue</a>
</div>
</li>
}
</ul>