Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-03 03:55:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor authentication(issue controller).

Browse Source
This commit is contained in:
shimamoto
2013-07-03 18:00:52 +09:00
parent b59a4ce94b
commit eee723c266
2 changed files with 101 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

217
src/main/scala/app/IssuesController.scala
View File

@@ -41,117 +41,115 @@ trait IssuesControllerBase extends ControllerBase {
)(CommentForm.apply) )(CommentForm.apply)
get("/:owner/:repository/issues")(referrersOnly { get("/:owner/:repository/issues")(referrersOnly {
searchIssues("all") searchIssues("all", _)
}) })
get("/:owner/:repository/issues/assigned/:userName")(referrersOnly { get("/:owner/:repository/issues/assigned/:userName")(referrersOnly {
searchIssues("assigned") searchIssues("assigned", _)
}) })
get("/:owner/:repository/issues/created_by/:userName")(referrersOnly { get("/:owner/:repository/issues/created_by/:userName")(referrersOnly {
searchIssues("created_by") searchIssues("created_by", _)
}) })
get("/:owner/:repository/issues/:id")(referrersOnly { get("/:owner/:repository/issues/:id")(referrersOnly { repository =>
val owner = params("owner") val owner = repository.owner
val repository = params("repository") val name = repository.name
val issueId = params("id") val issueId = params("id")
getIssue(owner, repository, issueId) map { getIssue(owner, name, issueId) map {
issues.html.issue( issues.html.issue(
_, _,
getComments(owner, repository, issueId.toInt), getComments(owner, name, issueId.toInt),
getIssueLabels(owner, repository, issueId.toInt), getIssueLabels(owner, name, issueId.toInt),
(getCollaborators(owner, repository) :+ owner).sorted, (getCollaborators(owner, name) :+ owner).sorted,
getMilestones(owner, repository), getMilestones(owner, name),
getLabels(owner, repository), getLabels(owner, name),
hasWritePermission(owner, repository, context.loginAccount), hasWritePermission(owner, name, context.loginAccount),
getRepository(owner, repository, baseUrl).get) repository)
} getOrElse NotFound } getOrElse NotFound
}) })
get("/:owner/:repository/issues/new")(readableUsersOnly { get("/:owner/:repository/issues/new")(readableUsersOnly { repository =>
val owner = params("owner") val owner = repository.owner
val repository = params("repository") val name = repository.name
getRepository(owner, repository, baseUrl).map {
issues.html.create( issues.html.create(
(getCollaborators(owner, repository) :+ owner).sorted, (getCollaborators(owner, name) :+ owner).sorted,
getMilestones(owner, repository), getMilestones(owner, name),
getLabels(owner, repository), getLabels(owner, name),
hasWritePermission(owner, repository, context.loginAccount), hasWritePermission(owner, name, context.loginAccount),
_) repository)
} getOrElse NotFound
}) })
post("/:owner/:repository/issues/new", issueCreateForm)(readableUsersOnly { form => post("/:owner/:repository/issues/new", issueCreateForm)(readableUsersOnly { (form, repository) =>
val owner = params("owner") val owner = repository.owner
val repository = params("repository") val name = repository.name
val writable = hasWritePermission(owner, repository, context.loginAccount) val writable = hasWritePermission(owner, name, context.loginAccount)
val issueId = createIssue(owner, repository, context.loginAccount.get.userName, form.title, form.content, val issueId = createIssue(owner, name, context.loginAccount.get.userName, form.title, form.content,
if(writable) form.assignedUserName else None, if(writable) form.assignedUserName else None,
if(writable) form.milestoneId else None) if(writable) form.milestoneId else None)
if(writable){ if(writable){
form.labelNames.map { value => form.labelNames.map { value =>
val labels = getLabels(owner, repository) val labels = getLabels(owner, name)
value.split(",").foreach { labelName => value.split(",").foreach { labelName =>
labels.find(_.labelName == labelName).map { label => labels.find(_.labelName == labelName).map { label =>
registerIssueLabel(owner, repository, issueId, label.labelId) registerIssueLabel(owner, name, issueId, label.labelId)
} }
} }
} }
} }
redirect("/%s/%s/issues/%d".format(owner, repository, issueId)) redirect("/%s/%s/issues/%d".format(owner, name, issueId))
}) })
ajaxPost("/:owner/:repository/issues/edit/:id", issueEditForm)(readableUsersOnly { form => ajaxPost("/:owner/:repository/issues/edit/:id", issueEditForm)(readableUsersOnly { (form, repository) =>
val owner = params("owner") val owner = repository.owner
val repository = params("repository") val name = repository.name
val issueId = params("id").toInt
getIssue(owner, repository, issueId.toString).map { issue => getIssue(owner, name, params("id")).map { issue =>
if(hasWritePermission(owner, repository, context.loginAccount) || issue.openedUserName == context.loginAccount.get.userName){ if(hasWritePermission(owner, name, context.loginAccount) ||
updateIssue(owner, repository, issueId, form.title, form.content) issue.openedUserName == context.loginAccount.get.userName){
redirect("/%s/%s/issues/_data/%d".format(owner, repository, issueId)) updateIssue(owner, name, issue.issueId, form.title, form.content)
redirect("/%s/%s/issues/_data/%d".format(owner, name, issue.issueId))
} else Unauthorized } else Unauthorized
} getOrElse NotFound } getOrElse NotFound
}) })
// TODO repository checking post("/:owner/:repository/issue_comments/new", commentForm)(readableUsersOnly { (form, repository) =>
post("/:owner/:repository/issue_comments/new", commentForm)(readableUsersOnly { form => val owner = repository.owner
val owner = params("owner") val name = repository.name
val repository = params("repository")
val action = params.get("action") filter { action =>
updateClosed(owner, repository, form.issueId, if(action == "close") true else false) > 0
}
redirect("/%s/%s/issues/%d#comment-%d".format(owner, repository, form.issueId, redirect("/%s/%s/issues/%d#comment-%d".format(
createComment(owner, repository, context.loginAccount.get.userName, form.issueId, form.content, action))) owner, name, form.issueId,
createComment(owner, name, context.loginAccount.get.userName,
form.issueId,
form.content,
params.get("action") filter { action =>
updateClosed(owner, name, form.issueId, if(action == "close") true else false) > 0
})
))
}) })
// TODO repository checking ajaxPost("/:owner/:repository/issue_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
ajaxPost("/:owner/:repository/issue_comments/edit/:id", commentForm)(readableUsersOnly { form => val owner = repository.owner
val owner = params("owner") val name = repository.name
val repository = params("repository")
val commentId = params("id").toInt
getComment(commentId.toString).map { comment => getComment(owner, name, params("id")).map { comment =>
if(hasWritePermission(owner, repository, context.loginAccount) || comment.commentedUserName == context.loginAccount.get.userName){ if(hasWritePermission(owner, name, context.loginAccount) ||
updateComment(commentId, form.content) comment.commentedUserName == context.loginAccount.get.userName){
redirect("/%s/%s/issue_comments/_data/%d".format(owner, repository, commentId)) updateComment(comment.commentId, form.content)
redirect("/%s/%s/issue_comments/_data/%d".format(owner, name, comment.commentId))
} else Unauthorized } else Unauthorized
} getOrElse NotFound } getOrElse NotFound
}) })
ajaxGet("/:owner/:repository/issues/_data/:id")(readableUsersOnly { ajaxGet("/:owner/:repository/issues/_data/:id")(readableUsersOnly { repository =>
val owner = params("owner") getIssue(repository.owner, repository.name, params("id")) map { x =>
val repository = params("repository") if(hasWritePermission(x.userName, x.repositoryName, context.loginAccount) ||
x.openedUserName == context.loginAccount.get.userName){
getIssue(params("owner"), params("repository"), params("id")) map { x =>
if(hasWritePermission(owner, repository, context.loginAccount) || x.openedUserName == context.loginAccount.get.userName){
params.get("dataType") collect { params.get("dataType") collect {
case t if t == "html" => issues.html.editissue( case t if t == "html" => issues.html.editissue(
x.title, x.content, x.issueId, x.userName, x.repositoryName) x.title, x.content, x.issueId, x.userName, x.repositoryName)
@@ -160,19 +158,17 @@ trait IssuesControllerBase extends ControllerBase {
org.json4s.jackson.Serialization.write( org.json4s.jackson.Serialization.write(
Map("title" -> x.title, Map("title" -> x.title,
"content" -> view.Markdown.toHtml(x.content getOrElse "No description given.", "content" -> view.Markdown.toHtml(x.content getOrElse "No description given.",
getRepository(x.userName, x.repositoryName, baseUrl).get, false, true, true) repository, false, true, true)
)) ))
} }
} else Unauthorized } else Unauthorized
} getOrElse NotFound } getOrElse NotFound
}) })
ajaxGet("/:owner/:repository/issue_comments/_data/:id")(readableUsersOnly { ajaxGet("/:owner/:repository/issue_comments/_data/:id")(readableUsersOnly { repository =>
val owner = params("owner") getComment(repository.owner, repository.name, params("id")) map { x =>
val repository = params("repository") if(hasWritePermission(x.userName, x.repositoryName, context.loginAccount) ||
x.commentedUserName == context.loginAccount.get.userName){
getComment(params("id")) map { x =>
if(hasWritePermission(owner, repository, context.loginAccount) || x.commentedUserName == context.loginAccount.get.userName){
params.get("dataType") collect { params.get("dataType") collect {
case t if t == "html" => issues.html.editcomment( case t if t == "html" => issues.html.editcomment(
x.content, x.commentId, x.userName, x.repositoryName) x.content, x.commentId, x.userName, x.repositoryName)
@@ -180,64 +176,44 @@ trait IssuesControllerBase extends ControllerBase {
contentType = formats("json") contentType = formats("json")
org.json4s.jackson.Serialization.write( org.json4s.jackson.Serialization.write(
Map("content" -> view.Markdown.toHtml(x.content, Map("content" -> view.Markdown.toHtml(x.content,
getRepository(x.userName, x.repositoryName, baseUrl).get, false, true, true) repository, false, true, true)
)) ))
} }
} else Unauthorized } else Unauthorized
} getOrElse NotFound } getOrElse NotFound
}) })
ajaxPost("/:owner/:repository/issues/:id/label/new")(collaboratorsOnly { ajaxPost("/:owner/:repository/issues/:id/label/new")(collaboratorsOnly { repository =>
val owner = params("owner")
val repository = params("repository")
val issueId = params("id").toInt val issueId = params("id").toInt
registerIssueLabel(owner, repository, issueId, params("labelId").toInt) registerIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt)
issues.html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
issues.html.labellist(getIssueLabels(owner, repository, issueId))
}) })
ajaxPost("/:owner/:repository/issues/:id/label/delete")(collaboratorsOnly { ajaxPost("/:owner/:repository/issues/:id/label/delete")(collaboratorsOnly { repository =>
val owner = params("owner")
val repository = params("repository")
val issueId = params("id").toInt val issueId = params("id").toInt
deleteIssueLabel(owner, repository, issueId, params("labelId").toInt) deleteIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt)
issues.html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
issues.html.labellist(getIssueLabels(owner, repository, issueId))
}) })
ajaxPost("/:owner/:repository/issues/:id/assign")(collaboratorsOnly { ajaxPost("/:owner/:repository/issues/:id/assign")(collaboratorsOnly { repository =>
val owner = params("owner") updateAssignedUserName(repository.owner, repository.name, params("id").toInt,
val repository = params("repository") params.get("assignedUserName") filter (_.trim != ""))
val issueId = params("id").toInt
params.get("assignedUserName") match {
case None => updateAssignedUserName(owner, repository, issueId, None)
case Some(x) if(x.trim == "") => updateAssignedUserName(owner, repository, issueId, None)
case Some(userName) => updateAssignedUserName(owner, repository, issueId, Some(userName))
}
Ok("updated") Ok("updated")
}) })
ajaxPost("/:owner/:repository/issues/:id/milestone")(collaboratorsOnly { ajaxPost("/:owner/:repository/issues/:id/milestone")(collaboratorsOnly { repository =>
val owner = params("owner") updateMilestoneId(repository.owner, repository.name, params("id").toInt,
val repository = params("repository") params.get("milestoneId") collect { case x if x.trim != "" => x.toInt })
val issueId = params("id").toInt
params.get("milestoneId") match {
case None => updateMilestoneId(owner, repository, issueId, None)
case Some(x) if(x.trim == "") => updateMilestoneId(owner, repository, issueId, None)
case Some(milestoneId) => updateMilestoneId(owner, repository, issueId, Some(milestoneId.toInt))
}
Ok("updated") Ok("updated")
}) })
private def searchIssues(filter: String) = { private def searchIssues(filter: String, repository: RepositoryService.RepositoryInfo) = {
val owner = params("owner") val owner = repository.owner
val repository = params("repository") val repoName = repository.name
val userName = if(filter != "all") Some(params("userName")) else None val userName = if(filter != "all") Some(params("userName")) else None
val sessionKey = "%s/%s/issues".format(owner, repository) val sessionKey = "%s/%s/issues".format(owner, repoName)
val page = try { val page = try {
val i = params.getOrElse("page", "1").toInt val i = params.getOrElse("page", "1").toInt
@@ -253,24 +229,21 @@ trait IssuesControllerBase extends ControllerBase {
session.put(sessionKey, condition) session.put(sessionKey, condition)
getRepository(owner, repository, baseUrl).map { repositoryInfo =>
issues.html.list( issues.html.list(
searchIssue(owner, repository, condition, filter, userName, (page - 1) * IssueLimit, IssueLimit), searchIssue(owner, repoName, condition, filter, userName, (page - 1) * IssueLimit, IssueLimit),
page, page,
getLabels(owner, repository), getLabels(owner, repoName),
getMilestones(owner, repository).filter(_.closedDate.isEmpty), getMilestones(owner, repoName).filter(_.closedDate.isEmpty),
countIssue(owner, repository, condition.copy(state = "open"), filter, userName), countIssue(owner, repoName, condition.copy(state = "open"), filter, userName),
countIssue(owner, repository, condition.copy(state = "closed"), filter, userName), countIssue(owner, repoName, condition.copy(state = "closed"), filter, userName),
countIssue(owner, repository, condition, "all", None), countIssue(owner, repoName, condition, "all", None),
context.loginAccount.map(x => countIssue(owner, repository, condition, "assigned", Some(x.userName))), context.loginAccount.map(x => countIssue(owner, repoName, condition, "assigned", Some(x.userName))),
context.loginAccount.map(x => countIssue(owner, repository, condition, "created_by", Some(x.userName))), context.loginAccount.map(x => countIssue(owner, repoName, condition, "created_by", Some(x.userName))),
countIssueGroupByLabels(owner, repository, condition, filter, userName), countIssueGroupByLabels(owner, repoName, condition, filter, userName),
condition, condition,
filter, filter,
repositoryInfo, repository,
hasWritePermission(owner, repository, context.loginAccount)) hasWritePermission(owner, repoName, context.loginAccount))
} getOrElse NotFound
} }
} }

6
src/main/scala/service/IssuesService.scala
View File

@@ -20,9 +20,11 @@ trait IssuesService {
def getComments(owner: String, repository: String, issueId: Int) = def getComments(owner: String, repository: String, issueId: Int) =
Query(IssueComments) filter (_.byIssue(owner, repository, issueId)) list Query(IssueComments) filter (_.byIssue(owner, repository, issueId)) list
def getComment(commentId: String) = def getComment(owner: String, repository: String, commentId: String) =
if (commentId forall (_.isDigit)) if (commentId forall (_.isDigit))
Query(IssueComments) filter (_.byPrimaryKey(commentId.toInt)) firstOption Query(IssueComments) filter { t =>
t.byPrimaryKey(commentId.toInt) && t.byRepository(owner, repository)
} firstOption
else None else None
def getIssueLabels(owner: String, repository: String, issueId: Int) = def getIssueLabels(owner: String, repository: String, issueId: Int) =