Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add user filter to issueTrackedTimes, enable usage for issue managers #14081

Merged
merged 8 commits into from
Dec 22, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 37 additions & 11 deletions routers/api/v1/repo/issue_tracked_time.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@ func ListTrackedTimes(ctx *context.APIContext) {
// type: integer
// format: int64
// required: true
// - name: user
// in: query
// description: optional filter by user (available for issue managers)
// type: string
// - name: since
// in: query
// description: Only show times updated after the given time. This is a timestamp in RFC 3339 format
Expand Down Expand Up @@ -85,13 +89,34 @@ func ListTrackedTimes(ctx *context.APIContext) {
IssueID: issue.ID,
}

qUser := strings.Trim(ctx.Query("user"), " ")
if qUser != "" {
user, err := models.GetUserByName(qUser)
if models.IsErrUserNotExist(err) {
ctx.Error(http.StatusNotFound, "User does not exist", err)
} else if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
return
}
opts.UserID = user.ID
lunny marked this conversation as resolved.
Show resolved Hide resolved
}

if opts.CreatedBeforeUnix, opts.CreatedAfterUnix, err = utils.GetQueryBeforeSince(ctx); err != nil {
ctx.Error(http.StatusUnprocessableEntity, "GetQueryBeforeSince", err)
return
}

if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin {
opts.UserID = ctx.User.ID
cantSetUser := !ctx.User.IsAdmin &&
opts.UserID != ctx.User.ID &&
!ctx.IsUserRepoWriter([]models.UnitType{models.UnitTypeIssues})

if cantSetUser {
if opts.UserID == 0 {
noerw marked this conversation as resolved.
Show resolved Hide resolved
opts.UserID = ctx.User.ID
} else {
ctx.Error(http.StatusForbidden, "", fmt.Errorf("query by user not allowed; not enough rights"))
return
}
}

trackedTimes, err := models.GetTrackedTimes(opts)
Expand Down Expand Up @@ -394,12 +419,7 @@ func ListTrackedTimesByUser(ctx *context.APIContext) {
}

if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin && ctx.User.ID != user.ID {
ctx.Error(http.StatusForbidden, "", fmt.Errorf("query user not allowed not enouth rights"))
return
}

if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin && ctx.User.ID != user.ID {
ctx.Error(http.StatusForbidden, "", fmt.Errorf("query user not allowed not enouth rights"))
ctx.Error(http.StatusForbidden, "", fmt.Errorf("query by user not allowed; not enough rights"))
return
}

Expand Down Expand Up @@ -440,7 +460,7 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
// required: true
// - name: user
// in: query
// description: optional filter by user
// description: optional filter by user (available for issue managers)
// type: string
// - name: since
// in: query
Expand Down Expand Up @@ -482,7 +502,9 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
qUser := strings.Trim(ctx.Query("user"), " ")
if qUser != "" {
user, err := models.GetUserByName(qUser)
if err != nil {
if models.IsErrUserNotExist(err) {
ctx.Error(http.StatusNotFound, "User does not exist", err)
} else if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
return
}
Expand All @@ -495,7 +517,11 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
return
}

if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin {
cantSetUser := !ctx.User.IsAdmin &&
opts.UserID != ctx.User.ID &&
!ctx.IsUserRepoWriter([]models.UnitType{models.UnitTypeIssues})

if cantSetUser {
if opts.UserID == 0 {
opts.UserID = ctx.User.ID
} else {
Expand Down
8 changes: 7 additions & 1 deletion templates/swagger/v1_json.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -5840,6 +5840,12 @@
"in": "path",
"required": true
},
{
"type": "string",
"description": "optional filter by user (available for issue managers)",
"name": "user",
"in": "query"
},
{
"type": "string",
"format": "date-time",
Expand Down Expand Up @@ -8811,7 +8817,7 @@
},
{
"type": "string",
"description": "optional filter by user",
"description": "optional filter by user (available for issue managers)",
"name": "user",
"in": "query"
},
Expand Down