Add user filter to issueTrackedTimes, enable usage for issue managers (#14081)

* add user filter to issueTrackedTimes

fixes #14024

* update swagger

* allow user filter for issue writers

* improve swagger doc

* return 404 on invalid user
This commit is contained in:
Norwin 2020-12-22 03:47:17 +00:00 committed by GitHub
parent 6f1dddf5c3
commit c2ae432489
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 44 additions and 12 deletions

View File

@ -41,6 +41,10 @@ func ListTrackedTimes(ctx *context.APIContext) {
// type: integer // type: integer
// format: int64 // format: int64
// required: true // required: true
// - name: user
// in: query
// description: optional filter by user (available for issue managers)
// type: string
// - name: since // - name: since
// in: query // in: query
// description: Only show times updated after the given time. This is a timestamp in RFC 3339 format // description: Only show times updated after the given time. This is a timestamp in RFC 3339 format
@ -85,13 +89,34 @@ func ListTrackedTimes(ctx *context.APIContext) {
IssueID: issue.ID, IssueID: issue.ID,
} }
qUser := strings.Trim(ctx.Query("user"), " ")
if qUser != "" {
user, err := models.GetUserByName(qUser)
if models.IsErrUserNotExist(err) {
ctx.Error(http.StatusNotFound, "User does not exist", err)
} else if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
return
}
opts.UserID = user.ID
}
if opts.CreatedBeforeUnix, opts.CreatedAfterUnix, err = utils.GetQueryBeforeSince(ctx); err != nil { if opts.CreatedBeforeUnix, opts.CreatedAfterUnix, err = utils.GetQueryBeforeSince(ctx); err != nil {
ctx.Error(http.StatusUnprocessableEntity, "GetQueryBeforeSince", err) ctx.Error(http.StatusUnprocessableEntity, "GetQueryBeforeSince", err)
return return
} }
if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin { cantSetUser := !ctx.User.IsAdmin &&
opts.UserID = ctx.User.ID opts.UserID != ctx.User.ID &&
!ctx.IsUserRepoWriter([]models.UnitType{models.UnitTypeIssues})
if cantSetUser {
if opts.UserID == 0 {
opts.UserID = ctx.User.ID
} else {
ctx.Error(http.StatusForbidden, "", fmt.Errorf("query by user not allowed; not enough rights"))
return
}
} }
trackedTimes, err := models.GetTrackedTimes(opts) trackedTimes, err := models.GetTrackedTimes(opts)
@ -394,12 +419,7 @@ func ListTrackedTimesByUser(ctx *context.APIContext) {
} }
if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin && ctx.User.ID != user.ID { if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin && ctx.User.ID != user.ID {
ctx.Error(http.StatusForbidden, "", fmt.Errorf("query user not allowed not enouth rights")) ctx.Error(http.StatusForbidden, "", fmt.Errorf("query by user not allowed; not enough rights"))
return
}
if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin && ctx.User.ID != user.ID {
ctx.Error(http.StatusForbidden, "", fmt.Errorf("query user not allowed not enouth rights"))
return return
} }
@ -440,7 +460,7 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
// required: true // required: true
// - name: user // - name: user
// in: query // in: query
// description: optional filter by user // description: optional filter by user (available for issue managers)
// type: string // type: string
// - name: since // - name: since
// in: query // in: query
@ -482,7 +502,9 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
qUser := strings.Trim(ctx.Query("user"), " ") qUser := strings.Trim(ctx.Query("user"), " ")
if qUser != "" { if qUser != "" {
user, err := models.GetUserByName(qUser) user, err := models.GetUserByName(qUser)
if err != nil { if models.IsErrUserNotExist(err) {
ctx.Error(http.StatusNotFound, "User does not exist", err)
} else if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserByName", err) ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
return return
} }
@ -495,7 +517,11 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
return return
} }
if !ctx.IsUserRepoAdmin() && !ctx.User.IsAdmin { cantSetUser := !ctx.User.IsAdmin &&
opts.UserID != ctx.User.ID &&
!ctx.IsUserRepoWriter([]models.UnitType{models.UnitTypeIssues})
if cantSetUser {
if opts.UserID == 0 { if opts.UserID == 0 {
opts.UserID = ctx.User.ID opts.UserID = ctx.User.ID
} else { } else {

View File

@ -5840,6 +5840,12 @@
"in": "path", "in": "path",
"required": true "required": true
}, },
{
"type": "string",
"description": "optional filter by user (available for issue managers)",
"name": "user",
"in": "query"
},
{ {
"type": "string", "type": "string",
"format": "date-time", "format": "date-time",
@ -8811,7 +8817,7 @@
}, },
{ {
"type": "string", "type": "string",
"description": "optional filter by user", "description": "optional filter by user (available for issue managers)",
"name": "user", "name": "user",
"in": "query" "in": "query"
}, },