2016-02-01 12:59:10 +01:00
|
|
|
/*
|
|
|
|
Copyright (c) 2016 VMware, Inc. All Rights Reserved.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
2016-02-26 11:54:14 +01:00
|
|
|
|
2016-02-01 12:59:10 +01:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/vmware/harbor/dao"
|
|
|
|
"github.com/vmware/harbor/models"
|
2016-03-28 02:50:09 +02:00
|
|
|
"github.com/vmware/harbor/utils/log"
|
2016-02-01 12:59:10 +01:00
|
|
|
)
|
|
|
|
|
2016-02-26 11:35:55 +01:00
|
|
|
func checkProjectPermission(userID int, projectID int64) bool {
|
2016-05-19 12:36:40 +02:00
|
|
|
roles, err := listRoles(userID, projectID)
|
2016-02-01 12:59:10 +01:00
|
|
|
if err != nil {
|
2016-05-19 12:36:40 +02:00
|
|
|
log.Errorf("error occurred in getProjectPermission: %v", err)
|
2016-02-01 12:59:10 +01:00
|
|
|
return false
|
|
|
|
}
|
2016-05-19 12:36:40 +02:00
|
|
|
return len(roles) > 0
|
|
|
|
}
|
|
|
|
|
|
|
|
func hasProjectAdminRole(userID int, projectID int64) bool {
|
|
|
|
roles, err := listRoles(userID, projectID)
|
2016-02-01 12:59:10 +01:00
|
|
|
if err != nil {
|
2016-05-19 12:36:40 +02:00
|
|
|
log.Errorf("error occurred in getProjectPermission: %v", err)
|
2016-02-01 12:59:10 +01:00
|
|
|
return false
|
|
|
|
}
|
2016-05-19 12:36:40 +02:00
|
|
|
|
|
|
|
for _, role := range roles {
|
|
|
|
if role.RoleID == models.PROJECTADMIN {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
//sysadmin has all privileges to all projects
|
|
|
|
func listRoles(userID int, projectID int64) ([]models.Role, error) {
|
2016-06-01 07:47:23 +02:00
|
|
|
roles := make([]models.Role, 0, 1)
|
2016-05-19 12:36:40 +02:00
|
|
|
isSysAdmin, err := dao.IsAdminRole(userID)
|
|
|
|
if err != nil {
|
|
|
|
return roles, err
|
|
|
|
}
|
|
|
|
if isSysAdmin {
|
|
|
|
role, err := dao.GetRoleByID(models.PROJECTADMIN)
|
|
|
|
if err != nil {
|
|
|
|
return roles, err
|
|
|
|
}
|
|
|
|
roles = append(roles, *role)
|
|
|
|
return roles, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
rs, err := dao.GetUserProjectRoles(userID, projectID)
|
|
|
|
if err != nil {
|
|
|
|
return roles, err
|
|
|
|
}
|
|
|
|
roles = append(roles, rs...)
|
|
|
|
return roles, nil
|
2016-02-01 12:59:10 +01:00
|
|
|
}
|
|
|
|
|
2016-02-26 11:35:55 +01:00
|
|
|
func checkUserExists(name string) int {
|
2016-02-01 12:59:10 +01:00
|
|
|
u, err := dao.GetUser(models.User{Username: name})
|
|
|
|
if err != nil {
|
2016-03-28 02:50:09 +02:00
|
|
|
log.Errorf("Error occurred in GetUser, error: %v", err)
|
2016-02-01 12:59:10 +01:00
|
|
|
return 0
|
|
|
|
}
|
|
|
|
if u != nil {
|
2016-02-26 03:15:01 +01:00
|
|
|
return u.UserID
|
2016-02-01 12:59:10 +01:00
|
|
|
}
|
|
|
|
return 0
|
|
|
|
}
|