diff --git a/src/common/dao/replication_job.go b/src/common/dao/replication_job.go index 400c703cc..e5b061eff 100644 --- a/src/common/dao/replication_job.go +++ b/src/common/dao/replication_job.go @@ -152,12 +152,11 @@ func FilterRepPolicies(name string, projectID int64) ([]*models.RepPolicy, error var args []interface{} - sql := `select rp.id, rp.project_id, p.name as project_name, rp.target_id, + sql := `select rp.id, rp.project_id, rp.target_id, rt.name as target_name, rp.name, rp.enabled, rp.description, rp.cron_str, rp.start_time, rp.creation_time, rp.update_time, count(rj.status) as error_job_count from replication_policy rp - left join project p on rp.project_id=p.project_id left join replication_target rt on rp.target_id=rt.id left join replication_job rj on rp.id=rj.policy_id and (rj.status="error" or rj.status="retrying") diff --git a/src/ui/api/replication_job.go b/src/ui/api/replication_job.go index 661eb2981..e20c56351 100644 --- a/src/ui/api/replication_job.go +++ b/src/ui/api/replication_job.go @@ -25,29 +25,29 @@ import ( "github.com/vmware/harbor/src/common/dao" "github.com/vmware/harbor/src/common/models" "github.com/vmware/harbor/src/common/utils/log" - "github.com/vmware/harbor/src/common/api" ) // RepJobAPI handles request to /api/replicationJobs /api/replicationJobs/:id/log type RepJobAPI struct { - api.BaseAPI + BaseController jobID int64 } // Prepare validates that whether user has system admin role func (ra *RepJobAPI) Prepare() { - uid := ra.ValidateUser() - isAdmin, err := dao.IsAdminRole(uid) - if err != nil { - log.Errorf("Failed to Check if the user is admin, error: %v, uid: %d", err, uid) - } - if !isAdmin { - ra.CustomAbort(http.StatusForbidden, "") + ra.BaseController.Prepare() + if !ra.SecurityCtx.IsAuthenticated() { + ra.HandleUnauthorized() + return } - idStr := ra.Ctx.Input.Param(":id") - if len(idStr) != 0 { - id, err := strconv.ParseInt(idStr, 10, 64) + if !ra.SecurityCtx.IsSysAdmin() { + ra.HandleForbidden(ra.SecurityCtx.GetUsername()) + return + } + + if len(ra.GetStringFromPath(":id")) != 0 { + id, err := ra.GetInt64FromPath(":id") if err != nil { ra.CustomAbort(http.StatusBadRequest, "ID is invalid") } diff --git a/src/ui/api/replication_policy.go b/src/ui/api/replication_policy.go index d3c4d078a..6445134fc 100644 --- a/src/ui/api/replication_policy.go +++ b/src/ui/api/replication_policy.go @@ -23,24 +23,24 @@ import ( "github.com/vmware/harbor/src/common/dao" "github.com/vmware/harbor/src/common/models" "github.com/vmware/harbor/src/common/utils/log" - "github.com/vmware/harbor/src/common/api" ) // RepPolicyAPI handles /api/replicationPolicies /api/replicationPolicies/:id/enablement type RepPolicyAPI struct { - api.BaseAPI + BaseController } // Prepare validates whether the user has system admin role func (pa *RepPolicyAPI) Prepare() { - uid := pa.ValidateUser() - var err error - isAdmin, err := dao.IsAdminRole(uid) - if err != nil { - log.Errorf("Failed to Check if the user is admin, error: %v, uid: %d", err, uid) + pa.BaseController.Prepare() + if !pa.SecurityCtx.IsAuthenticated() { + pa.HandleUnauthorized() + return } - if !isAdmin { - pa.CustomAbort(http.StatusForbidden, "") + + if !pa.SecurityCtx.IsSysAdmin() { + pa.HandleForbidden(pa.SecurityCtx.GetUsername()) + return } } @@ -82,6 +82,19 @@ func (pa *RepPolicyAPI) List() { log.Errorf("failed to filter policies %s project ID %d: %v", name, projectID, err) pa.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) } + + for _, policy := range policies { + project, err := pa.ProjectMgr.Get(policy.ProjectID) + if err != nil { + pa.HandleInternalServerError(fmt.Sprintf( + "failed to get project %d: %v", policy.ProjectID, err)) + return + } + if project != nil { + policy.ProjectName = project.Name + } + } + pa.Data["json"] = policies pa.ServeJSON() } @@ -103,7 +116,7 @@ func (pa *RepPolicyAPI) Post() { } */ - project, err := dao.GetProjectByID(policy.ProjectID) + project, err := pa.ProjectMgr.Get(policy.ProjectID) if err != nil { log.Errorf("failed to get project %d: %v", policy.ProjectID, err) pa.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) diff --git a/src/ui/api/target.go b/src/ui/api/target.go index 306cb1c47..4984bce3a 100644 --- a/src/ui/api/target.go +++ b/src/ui/api/target.go @@ -21,7 +21,6 @@ import ( "net/url" "strconv" - "github.com/vmware/harbor/src/common/api" "github.com/vmware/harbor/src/common/dao" "github.com/vmware/harbor/src/common/models" "github.com/vmware/harbor/src/common/utils" @@ -34,29 +33,29 @@ import ( // TargetAPI handles request to /api/targets/ping /api/targets/{} type TargetAPI struct { - api.BaseAPI + BaseController secretKey string } // Prepare validates the user func (t *TargetAPI) Prepare() { + t.BaseController.Prepare() + if !t.SecurityCtx.IsAuthenticated() { + t.HandleUnauthorized() + return + } + + if !t.SecurityCtx.IsSysAdmin() { + t.HandleForbidden(t.SecurityCtx.GetUsername()) + return + } + var err error t.secretKey, err = config.SecretKey() if err != nil { log.Errorf("failed to get secret key: %v", err) t.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) } - - userID := t.ValidateUser() - isSysAdmin, err := dao.IsAdminRole(userID) - if err != nil { - log.Errorf("error occurred in IsAdminRole: %v", err) - t.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) - } - - if !isSysAdmin { - t.CustomAbort(http.StatusForbidden, http.StatusText(http.StatusForbidden)) - } } func (t *TargetAPI) ping(endpoint, username, password string) {