2018-06-11 13:13:19 +00:00
package teammemberships
import (
2020-07-07 21:57:52 +00:00
"errors"
2018-06-11 13:13:19 +00:00
"net/http"
2018-09-10 10:01:38 +00:00
httperror "github.com/portainer/libhttp/error"
"github.com/portainer/libhttp/request"
"github.com/portainer/libhttp/response"
2019-03-21 01:20:14 +00:00
"github.com/portainer/portainer/api"
2020-07-07 21:57:52 +00:00
httperrors "github.com/portainer/portainer/api/http/errors"
2019-03-21 01:20:14 +00:00
"github.com/portainer/portainer/api/http/security"
2018-06-11 13:13:19 +00:00
)
type teamMembershipCreatePayload struct {
UserID int
TeamID int
Role int
}
func ( payload * teamMembershipCreatePayload ) Validate ( r * http . Request ) error {
if payload . UserID == 0 {
2020-07-07 21:57:52 +00:00
return errors . New ( "Invalid UserID" )
2018-06-11 13:13:19 +00:00
}
if payload . TeamID == 0 {
2020-07-07 21:57:52 +00:00
return errors . New ( "Invalid TeamID" )
2018-06-11 13:13:19 +00:00
}
if payload . Role != 1 && payload . Role != 2 {
2020-07-07 21:57:52 +00:00
return errors . New ( "Invalid role value. Value must be one of: 1 (leader) or 2 (member)" )
2018-06-11 13:13:19 +00:00
}
return nil
}
// POST request on /api/team_memberships
func ( handler * Handler ) teamMembershipCreate ( w http . ResponseWriter , r * http . Request ) * httperror . HandlerError {
var payload teamMembershipCreatePayload
err := request . DecodeAndValidateJSONPayload ( r , & payload )
if err != nil {
return & httperror . HandlerError { http . StatusBadRequest , "Invalid request payload" , err }
}
securityContext , err := security . RetrieveRestrictedRequestContext ( r )
if err != nil {
return & httperror . HandlerError { http . StatusInternalServerError , "Unable to retrieve info from request context" , err }
}
if ! security . AuthorizedTeamManagement ( portainer . TeamID ( payload . TeamID ) , securityContext ) {
2020-07-07 21:57:52 +00:00
return & httperror . HandlerError { http . StatusForbidden , "Permission denied to manage team memberships" , httperrors . ErrResourceAccessDenied }
2018-06-11 13:13:19 +00:00
}
2020-05-20 05:23:15 +00:00
memberships , err := handler . DataStore . TeamMembership ( ) . TeamMembershipsByUserID ( portainer . UserID ( payload . UserID ) )
2018-06-11 13:13:19 +00:00
if err != nil {
return & httperror . HandlerError { http . StatusInternalServerError , "Unable to retrieve team memberships from the database" , err }
}
if len ( memberships ) > 0 {
for _ , membership := range memberships {
if membership . UserID == portainer . UserID ( payload . UserID ) && membership . TeamID == portainer . TeamID ( payload . TeamID ) {
2020-07-07 21:57:52 +00:00
return & httperror . HandlerError { http . StatusConflict , "Team membership already registered" , errors . New ( "Team membership already exists for this user and team" ) }
2018-06-11 13:13:19 +00:00
}
}
}
membership := & portainer . TeamMembership {
UserID : portainer . UserID ( payload . UserID ) ,
TeamID : portainer . TeamID ( payload . TeamID ) ,
Role : portainer . MembershipRole ( payload . Role ) ,
}
2020-05-20 05:23:15 +00:00
err = handler . DataStore . TeamMembership ( ) . CreateTeamMembership ( membership )
2018-06-11 13:13:19 +00:00
if err != nil {
return & httperror . HandlerError { http . StatusInternalServerError , "Unable to persist team memberships inside the database" , err }
}
2019-10-07 02:42:01 +00:00
err = handler . AuthorizationService . UpdateUsersAuthorizations ( )
if err != nil {
return & httperror . HandlerError { http . StatusInternalServerError , "Unable to update user authorizations" , err }
}
2018-06-11 13:13:19 +00:00
return response . JSON ( w , membership )
}