Ensure some things don't work with a link share auth
All checks were successful
continuous-integration/drone/pr Build is passing
All checks were successful
continuous-integration/drone/pr Build is passing
This commit is contained in:
parent
685988171c
commit
cb701a1f74
|
@ -43,6 +43,11 @@ func (l *Label) CanCreate(a web.Auth) (bool, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (l *Label) isLabelOwner(a web.Auth) (bool, error) {
|
func (l *Label) isLabelOwner(a web.Auth) (bool, error) {
|
||||||
|
|
||||||
|
if _, is := a.(*LinkSharing); is {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
|
||||||
lorig, err := getLabelByIDSimple(l.ID)
|
lorig, err := getLabelByIDSimple(l.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
|
@ -52,6 +57,9 @@ func (l *Label) isLabelOwner(a web.Auth) (bool, error) {
|
||||||
|
|
||||||
// Helper method to check if a user can see a specific label
|
// Helper method to check if a user can see a specific label
|
||||||
func (l *Label) hasAccessToLabel(a web.Auth) (bool, error) {
|
func (l *Label) hasAccessToLabel(a web.Auth) (bool, error) {
|
||||||
|
|
||||||
|
// TODO: add an extra check for link share handling
|
||||||
|
|
||||||
// Get all tasks
|
// Get all tasks
|
||||||
taskIDs, err := getUserTaskIDs(&User{ID: a.GetID()})
|
taskIDs, err := getUserTaskIDs(&User{ID: a.GetID()})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -20,6 +20,11 @@ import "code.vikunja.io/web"
|
||||||
|
|
||||||
// CanRead implements the read right check for a link share
|
// CanRead implements the read right check for a link share
|
||||||
func (share *LinkSharing) CanRead(a web.Auth) (bool, error) {
|
func (share *LinkSharing) CanRead(a web.Auth) (bool, error) {
|
||||||
|
// Don't allow creating link shares if the user itself authenticated with a link share
|
||||||
|
if _, is := a.(*LinkSharing); is {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
|
||||||
l, err := GetListByShareHash(share.Hash)
|
l, err := GetListByShareHash(share.Hash)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
|
@ -43,6 +48,11 @@ func (share *LinkSharing) CanCreate(a web.Auth) (bool, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (share *LinkSharing) canDoLinkShare(a web.Auth) (bool, error) {
|
func (share *LinkSharing) canDoLinkShare(a web.Auth) (bool, error) {
|
||||||
|
// Don't allow creating link shares if the user itself authenticated with a link share
|
||||||
|
if _, is := a.(*LinkSharing); is {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
|
||||||
l, err := GetListByShareHash(share.Hash)
|
l, err := GetListByShareHash(share.Hash)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
|
|
|
@ -41,5 +41,5 @@ func canDoTaskAssingee(taskID int64, a web.Auth) (bool, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
return list.CanCreate(a)
|
return list.CanUpdate(a)
|
||||||
}
|
}
|
||||||
|
|
|
@ -47,8 +47,8 @@ func (t *Task) CanRead(a web.Auth) (canRead bool, err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// A user can read a task if it has access to the list
|
// A user can read a task if it has access to the list
|
||||||
list := &List{ID: t.ListID}
|
l := &List{ID: t.ListID}
|
||||||
return list.CanRead(a)
|
return l.CanRead(a)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Helper function to check if a user can do stuff on a list task
|
// Helper function to check if a user can do stuff on a list task
|
||||||
|
|
|
@ -32,6 +32,11 @@ func (tm *TeamMember) CanDelete(a web.Auth) (bool, error) {
|
||||||
|
|
||||||
// IsAdmin checks if the user is team admin
|
// IsAdmin checks if the user is team admin
|
||||||
func (tm *TeamMember) IsAdmin(a web.Auth) (bool, error) {
|
func (tm *TeamMember) IsAdmin(a web.Auth) (bool, error) {
|
||||||
|
// Don't allow anything if we're dealing with a list share here
|
||||||
|
if _, is := a.(*LinkSharing); is {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
|
||||||
// A user can add a member to a team if he is admin of that team
|
// A user can add a member to a team if he is admin of that team
|
||||||
exists, err := x.Where("user_id = ? AND team_id = ? AND admin = ?", a.GetID(), tm.TeamID, true).
|
exists, err := x.Where("user_id = ? AND team_id = ? AND admin = ?", a.GetID(), tm.TeamID, true).
|
||||||
Get(&TeamMember{})
|
Get(&TeamMember{})
|
||||||
|
|
|
@ -38,6 +38,11 @@ func (t *Team) CanDelete(a web.Auth) (bool, error) {
|
||||||
|
|
||||||
// IsAdmin returns true when the user is admin of a team
|
// IsAdmin returns true when the user is admin of a team
|
||||||
func (t *Team) IsAdmin(a web.Auth) (bool, error) {
|
func (t *Team) IsAdmin(a web.Auth) (bool, error) {
|
||||||
|
// Don't do anything if we're deadling with a link share auth here
|
||||||
|
if _, is := a.(*LinkSharing); is {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
|
||||||
// Check if the team exists to be able to return a proper error message if not
|
// Check if the team exists to be able to return a proper error message if not
|
||||||
_, err := GetTeamByID(t.ID)
|
_, err := GetTeamByID(t.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user