From 5758506e7c995007e23543e50ddfe73a96ced9f9 Mon Sep 17 00:00:00 2001 From: kolaente Date: Tue, 22 Dec 2020 17:41:39 +0100 Subject: [PATCH] Add session handling for link shares and related entities --- pkg/models/link_sharing.go | 28 +++++++++++++------------- pkg/models/link_sharing_rights.go | 16 +++++++-------- pkg/models/list_duplicate.go | 2 +- pkg/models/list_team.go | 2 +- pkg/models/list_users.go | 2 +- pkg/models/task_assignees.go | 4 ++-- pkg/models/task_collection.go | 2 +- pkg/models/tasks_rights.go | 8 ++++---- pkg/routes/api/v1/link_sharing_auth.go | 2 +- pkg/routes/api/v1/login.go | 2 +- 10 files changed, 34 insertions(+), 34 deletions(-) diff --git a/pkg/models/link_sharing.go b/pkg/models/link_sharing.go index 5389a8f7a..67c0cc2a2 100644 --- a/pkg/models/link_sharing.go +++ b/pkg/models/link_sharing.go @@ -100,7 +100,7 @@ func GetLinkShareFromClaims(claims jwt.MapClaims) (share *LinkSharing, err error // @Failure 404 {object} web.HTTPError "The list does not exist." // @Failure 500 {object} models.Message "Internal error" // @Router /lists/{list}/shares [put] -func (share *LinkSharing) Create(a web.Auth) (err error) { +func (share *LinkSharing) Create(s *xorm.Session, a web.Auth) (err error) { err = share.Right.isValid() if err != nil { @@ -109,7 +109,7 @@ func (share *LinkSharing) Create(a web.Auth) (err error) { share.SharedByID = a.GetID() share.Hash = utils.MakeRandomString(40) - _, err = x.Insert(share) + _, err = s.Insert(share) share.SharedBy, _ = user.GetFromAuth(a) return } @@ -128,8 +128,8 @@ func (share *LinkSharing) Create(a web.Auth) (err error) { // @Failure 404 {object} web.HTTPError "Share Link not found." // @Failure 500 {object} models.Message "Internal error" // @Router /lists/{list}/shares/{share} [get] -func (share *LinkSharing) ReadOne() (err error) { - exists, err := x.Where("id = ?", share.ID).Get(share) +func (share *LinkSharing) ReadOne(s *xorm.Session) (err error) { + exists, err := s.Where("id = ?", share.ID).Get(share) if err != nil { return err } @@ -153,9 +153,9 @@ func (share *LinkSharing) ReadOne() (err error) { // @Success 200 {array} models.LinkSharing "The share links" // @Failure 500 {object} models.Message "Internal error" // @Router /lists/{list}/shares [get] -func (share *LinkSharing) ReadAll(a web.Auth, search string, page int, perPage int) (result interface{}, resultCount int, totalItems int64, err error) { +func (share *LinkSharing) ReadAll(s *xorm.Session, a web.Auth, search string, page int, perPage int) (result interface{}, resultCount int, totalItems int64, err error) { list := &List{ID: share.ListID} - can, _, err := list.CanRead(nil, a) + can, _, err := list.CanRead(s, a) if err != nil { return nil, 0, 0, err } @@ -166,7 +166,7 @@ func (share *LinkSharing) ReadAll(a web.Auth, search string, page int, perPage i limit, start := getLimitFromPageIndex(page, perPage) var shares []*LinkSharing - query := x. + query := s. Where("list_id = ? AND hash LIKE ?", share.ListID, "%"+search+"%") if limit > 0 { query = query.Limit(limit, start) @@ -183,7 +183,7 @@ func (share *LinkSharing) ReadAll(a web.Auth, search string, page int, perPage i } users := make(map[int64]*user.User) - err = x.In("id", userIDs).Find(&users) + err = s.In("id", userIDs).Find(&users) if err != nil { return nil, 0, 0, err } @@ -193,7 +193,7 @@ func (share *LinkSharing) ReadAll(a web.Auth, search string, page int, perPage i } // Total count - totalItems, err = x. + totalItems, err = s. Where("list_id = ? AND hash LIKE ?", share.ListID, "%"+search+"%"). Count(&LinkSharing{}) if err != nil { @@ -217,15 +217,15 @@ func (share *LinkSharing) ReadAll(a web.Auth, search string, page int, perPage i // @Failure 404 {object} web.HTTPError "Share Link not found." // @Failure 500 {object} models.Message "Internal error" // @Router /lists/{list}/shares/{share} [delete] -func (share *LinkSharing) Delete() (err error) { - _, err = x.Where("id = ?", share.ID).Delete(share) +func (share *LinkSharing) Delete(s *xorm.Session) (err error) { + _, err = s.Where("id = ?", share.ID).Delete(share) return } // GetLinkShareByHash returns a link share by hash -func GetLinkShareByHash(hash string) (share *LinkSharing, err error) { +func GetLinkShareByHash(s *xorm.Session, hash string) (share *LinkSharing, err error) { share = &LinkSharing{} - has, err := x.Where("hash = ?", hash).Get(share) + has, err := s.Where("hash = ?", hash).Get(share) if err != nil { return } @@ -237,7 +237,7 @@ func GetLinkShareByHash(hash string) (share *LinkSharing, err error) { // GetListByShareHash returns a link share by its hash func GetListByShareHash(s *xorm.Session, hash string) (list *List, err error) { - share, err := GetLinkShareByHash(hash) + share, err := GetLinkShareByHash(s, hash) if err != nil { return } diff --git a/pkg/models/link_sharing_rights.go b/pkg/models/link_sharing_rights.go index 69737dc53..1d9f0d40c 100644 --- a/pkg/models/link_sharing_rights.go +++ b/pkg/models/link_sharing_rights.go @@ -32,22 +32,22 @@ func (share *LinkSharing) CanRead(s *xorm.Session, a web.Auth) (bool, int, error if err != nil { return false, 0, err } - return l.CanRead(nil, a) + return l.CanRead(s, a) } // CanDelete implements the delete right check for a link share -func (share *LinkSharing) CanDelete(a web.Auth) (bool, error) { - return share.canDoLinkShare(a) +func (share *LinkSharing) CanDelete(s *xorm.Session, a web.Auth) (bool, error) { + return share.canDoLinkShare(s, a) } // CanUpdate implements the update right check for a link share -func (share *LinkSharing) CanUpdate(a web.Auth) (bool, error) { - return share.canDoLinkShare(a) +func (share *LinkSharing) CanUpdate(s *xorm.Session, a web.Auth) (bool, error) { + return share.canDoLinkShare(s, a) } // CanCreate implements the create right check for a link share -func (share *LinkSharing) CanCreate(a web.Auth) (bool, error) { - return share.canDoLinkShare(a) +func (share *LinkSharing) CanCreate(s *xorm.Session, a web.Auth) (bool, error) { + return share.canDoLinkShare(s, a) } func (share *LinkSharing) canDoLinkShare(s *xorm.Session, a web.Auth) (bool, error) { @@ -66,5 +66,5 @@ func (share *LinkSharing) canDoLinkShare(s *xorm.Session, a web.Auth) (bool, err return l.IsAdmin(s, a) } - return l.CanWrite(nil, a) + return l.CanWrite(s, a) } diff --git a/pkg/models/list_duplicate.go b/pkg/models/list_duplicate.go index c3a6b752b..1505930e6 100644 --- a/pkg/models/list_duplicate.go +++ b/pkg/models/list_duplicate.go @@ -41,7 +41,7 @@ type ListDuplicate struct { func (ld *ListDuplicate) CanCreate(a web.Auth) (canCreate bool, err error) { // List Exists + user has read access to list ld.List = &List{ID: ld.ListID} - canRead, _, err := ld.List.CanRead(nil, a) + canRead, _, err := ld.List.CanRead(s, a) if err != nil || !canRead { return canRead, err } diff --git a/pkg/models/list_team.go b/pkg/models/list_team.go index 1d0b1c4d7..5a7dc03b6 100644 --- a/pkg/models/list_team.go +++ b/pkg/models/list_team.go @@ -169,7 +169,7 @@ func (tl *TeamList) Delete() (err error) { func (tl *TeamList) ReadAll(a web.Auth, search string, page int, perPage int) (result interface{}, resultCount int, totalItems int64, err error) { // Check if the user can read the namespace l := &List{ID: tl.ListID} - canRead, _, err := l.CanRead(nil, a) + canRead, _, err := l.CanRead(s, a) if err != nil { return nil, 0, 0, err } diff --git a/pkg/models/list_users.go b/pkg/models/list_users.go index 3c8e5cb67..53b5e5633 100644 --- a/pkg/models/list_users.go +++ b/pkg/models/list_users.go @@ -175,7 +175,7 @@ func (lu *ListUser) Delete() (err error) { func (lu *ListUser) ReadAll(a web.Auth, search string, page int, perPage int) (result interface{}, resultCount int, numberOfTotalItems int64, err error) { // Check if the user has access to the list l := &List{ID: lu.ListID} - canRead, _, err := l.CanRead(nil, a) + canRead, _, err := l.CanRead(s, a) if err != nil { return nil, 0, 0, err } diff --git a/pkg/models/task_assignees.go b/pkg/models/task_assignees.go index 148c9c781..4e3784311 100644 --- a/pkg/models/task_assignees.go +++ b/pkg/models/task_assignees.go @@ -207,7 +207,7 @@ func (t *Task) addNewAssigneeByID(newAssigneeID int64, list *List) (err error) { if err != nil { return err } - canRead, _, err := list.CanRead(nil, newAssignee) + canRead, _, err := list.CanRead(s, newAssignee) if err != nil { return err } @@ -247,7 +247,7 @@ func (la *TaskAssginee) ReadAll(a web.Auth, search string, page int, perPage int return nil, 0, 0, err } - can, _, err := task.CanRead(nil, a) + can, _, err := task.CanRead(s, a) if err != nil { return nil, 0, 0, err } diff --git a/pkg/models/task_collection.go b/pkg/models/task_collection.go index 385b6978a..0dadde5b7 100644 --- a/pkg/models/task_collection.go +++ b/pkg/models/task_collection.go @@ -176,7 +176,7 @@ func (tf *TaskCollection) ReadAll(a web.Auth, search string, page int, perPage i } else { // Check the list exists and the user has acess on it list := &List{ID: tf.ListID} - canRead, _, err := list.CanRead(nil, a) + canRead, _, err := list.CanRead(s, a) if err != nil { return nil, 0, 0, err } diff --git a/pkg/models/tasks_rights.go b/pkg/models/tasks_rights.go index f3707197b..cac9f32fa 100644 --- a/pkg/models/tasks_rights.go +++ b/pkg/models/tasks_rights.go @@ -34,7 +34,7 @@ func (t *Task) CanUpdate(a web.Auth) (bool, error) { func (t *Task) CanCreate(a web.Auth) (bool, error) { // A user can do a task if he has write acces to its list l := &List{ID: t.ListID} - return l.CanWrite(nil, a) + return l.CanWrite(s, a) } // CanRead determines if a user can read a task @@ -47,7 +47,7 @@ func (t *Task) CanRead(a web.Auth) (canRead bool, maxRight int, err error) { // A user can read a task if it has access to the list l := &List{ID: t.ListID} - return l.CanRead(nil, a) + return l.CanRead(s, a) } // CanWrite checks if a user has write access to a task @@ -66,7 +66,7 @@ func (t *Task) canDoTask(a web.Auth) (bool, error) { // Check if we're moving the task into a different list to check if the user has sufficient rights for that on the new list if t.ListID != 0 && t.ListID != ot.ListID { newList := &List{ID: t.ListID} - can, err := newList.CanWrite(nil, a) + can, err := newList.CanWrite(s, a) if err != nil { return false, err } @@ -77,5 +77,5 @@ func (t *Task) canDoTask(a web.Auth) (bool, error) { // A user can do a task if it has write acces to its list l := &List{ID: ot.ListID} - return l.CanWrite(nil, a) + return l.CanWrite(s, a) } diff --git a/pkg/routes/api/v1/link_sharing_auth.go b/pkg/routes/api/v1/link_sharing_auth.go index 0040cfecb..99e913f10 100644 --- a/pkg/routes/api/v1/link_sharing_auth.go +++ b/pkg/routes/api/v1/link_sharing_auth.go @@ -45,7 +45,7 @@ type LinkShareToken struct { // @Router /shares/{share}/auth [post] func AuthenticateLinkShare(c echo.Context) error { hash := c.Param("share") - share, err := models.GetLinkShareByHash(hash) + share, err := models.GetLinkShareByHash(s, hash) if err != nil { return handler.HandleHTTPError(err, c) } diff --git a/pkg/routes/api/v1/login.go b/pkg/routes/api/v1/login.go index 56dcc084e..028c39ad1 100644 --- a/pkg/routes/api/v1/login.go +++ b/pkg/routes/api/v1/login.go @@ -88,7 +88,7 @@ func RenewToken(c echo.Context) (err error) { if typ == auth.AuthTypeLinkShare { share := &models.LinkSharing{} share.ID = int64(claims["id"].(float64)) - err := share.ReadOne() + err := share.ReadOne(s) if err != nil { return handler.HandleHTTPError(err, c) }