github.com/covergates/covergates@v0.2.2-0.20201009050117-42ef8a19fb95/routers/api/report/middleware.go (about) 1 package report 2 3 import ( 4 "github.com/covergates/covergates/core" 5 "github.com/covergates/covergates/routers/api/request" 6 "github.com/gin-gonic/gin" 7 ) 8 9 // ProtectReport from modifying by unauthorized users 10 func ProtectReport(checkLogin gin.HandlerFunc, repoStore core.RepoStore, service core.SCMService) gin.HandlerFunc { 11 return func(c *gin.Context) { 12 setting := MustGetSetting(c) 13 if !setting.Protected { 14 return 15 } 16 checkLogin(c) 17 if c.IsAborted() { 18 return 19 } 20 ctx := c.Request.Context() 21 user := request.MustGetUserFrom(c) 22 repo := MustGetRepo(c) 23 client, err := service.Client(repo.SCM) 24 if err != nil { 25 c.String(500, err.Error()) 26 c.Abort() 27 return 28 } 29 creator, err := repoStore.Creator(repo) 30 if err != nil { 31 c.String(500, err.Error()) 32 c.Abort() 33 return 34 } 35 if !client.Repositories().IsAdmin(ctx, user, repo.FullName()) && user.Login != creator.Login { 36 c.String(401, "permission denied") 37 c.Abort() 38 return 39 } 40 } 41 } 42 43 // InjectReportContext such as repository, setting according to report id 44 func InjectReportContext(repoStore core.RepoStore) gin.HandlerFunc { 45 return func(c *gin.Context) { 46 reportID := c.Param("id") 47 repo, err := repoStore.Find(&core.Repo{ReportID: reportID}) 48 if err != nil { 49 return 50 } 51 WithRepo(c, repo) 52 if setting, err := repoStore.Setting(repo); err == nil { 53 WithSetting(c, setting) 54 } 55 } 56 }