github.com/kvattikuti/drone@v0.2.1-0.20140603034306-d400229a327a/pkg/handler/members.go (about) 1 package handler 2 3 import ( 4 "fmt" 5 "net/http" 6 "strconv" 7 "time" 8 9 "github.com/dchest/authcookie" 10 "github.com/drone/drone/pkg/database" 11 "github.com/drone/drone/pkg/mail" 12 . "github.com/drone/drone/pkg/model" 13 ) 14 15 // Display a list of Team Members. 16 func TeamMembers(w http.ResponseWriter, r *http.Request, u *User) error { 17 teamParam := r.FormValue(":team") 18 team, err := database.GetTeamSlug(teamParam) 19 if err != nil { 20 return err 21 } 22 // user must be a team member admin 23 if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member { 24 return fmt.Errorf("Forbidden") 25 } 26 members, err := database.ListMembers(team.ID) 27 if err != nil { 28 return err 29 } 30 data := struct { 31 User *User 32 Team *Team 33 Members []*Member 34 }{u, team, members} 35 return RenderTemplate(w, "team_members.html", &data) 36 } 37 38 // Return an HTML form for creating a new Team Member. 39 func TeamMemberAdd(w http.ResponseWriter, r *http.Request, u *User) error { 40 teamParam := r.FormValue(":team") 41 team, err := database.GetTeamSlug(teamParam) 42 if err != nil { 43 return err 44 } 45 if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member { 46 return fmt.Errorf("Forbidden") 47 } 48 data := struct { 49 User *User 50 Team *Team 51 }{u, team} 52 return RenderTemplate(w, "members_add.html", &data) 53 } 54 55 // Return an HTML form for editing a Team Member. 56 func TeamMemberEdit(w http.ResponseWriter, r *http.Request, u *User) error { 57 teamParam := r.FormValue(":team") 58 team, err := database.GetTeamSlug(teamParam) 59 if err != nil { 60 return err 61 } 62 if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member { 63 return fmt.Errorf("Forbidden") 64 } 65 66 // get the ID from the URL parameter 67 idstr := r.FormValue("id") 68 id, err := strconv.Atoi(idstr) 69 if err != nil { 70 return err 71 } 72 73 user, err := database.GetUser(int64(id)) 74 if err != nil { 75 return err 76 } 77 member, err := database.GetMember(user.ID, team.ID) 78 if err != nil { 79 return err 80 } 81 data := struct { 82 User *User 83 Team *Team 84 Member *Member 85 }{u, team, member} 86 return RenderTemplate(w, "members_edit.html", &data) 87 } 88 89 // Update a specific Team Member. 90 func TeamMemberUpdate(w http.ResponseWriter, r *http.Request, u *User) error { 91 roleParam := r.FormValue("Role") 92 teamParam := r.FormValue(":team") 93 94 // get the team from the database 95 team, err := database.GetTeamSlug(teamParam) 96 if err != nil { 97 return RenderError(w, err, http.StatusNotFound) 98 } 99 // verify the user is a admin member of the team 100 if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member { 101 return fmt.Errorf("Forbidden") 102 } 103 104 // get the ID from the URL parameter 105 idstr := r.FormValue("id") 106 id, err := strconv.Atoi(idstr) 107 if err != nil { 108 return err 109 } 110 111 // get the user from the database 112 user, err := database.GetUser(int64(id)) 113 if err != nil { 114 return RenderError(w, err, http.StatusNotFound) 115 } 116 117 // add the user to the team 118 if err := database.SaveMember(user.ID, team.ID, roleParam); err != nil { 119 return RenderError(w, err, http.StatusInternalServerError) 120 } 121 122 return RenderText(w, http.StatusText(http.StatusOK), http.StatusOK) 123 } 124 125 // Delete a specific Team Member. 126 func TeamMemberDelete(w http.ResponseWriter, r *http.Request, u *User) error { 127 // get the team from the database 128 teamParam := r.FormValue(":team") 129 team, err := database.GetTeamSlug(teamParam) 130 if err != nil { 131 return RenderNotFound(w) 132 } 133 134 if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member { 135 return fmt.Errorf("Forbidden") 136 } 137 138 // get the ID from the URL parameter 139 idstr := r.FormValue("id") 140 id, err := strconv.Atoi(idstr) 141 if err != nil { 142 return err 143 } 144 145 // get the user from the database 146 user, err := database.GetUser(int64(id)) 147 if err != nil { 148 return RenderNotFound(w) 149 } 150 // must be at least 1 member 151 members, err := database.ListMembers(team.ID) 152 if err != nil { 153 return err 154 } else if len(members) == 1 { 155 return fmt.Errorf("There must be at least 1 member per team") 156 } 157 // delete the member 158 database.DeleteMember(user.ID, team.ID) 159 http.Redirect(w, r, fmt.Sprintf("/account/team/%s/members", team.Name), http.StatusSeeOther) 160 return nil 161 } 162 163 // Invite a new Team Member. 164 func TeamMemberInvite(w http.ResponseWriter, r *http.Request, u *User) error { 165 teamParam := r.FormValue(":team") 166 mailParam := r.FormValue("email") 167 team, err := database.GetTeamSlug(teamParam) 168 if err != nil { 169 return RenderError(w, err, http.StatusNotFound) 170 } 171 if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member { 172 return fmt.Errorf("Forbidden") 173 } 174 175 // generate a token that is valid for 3 days to join the team 176 token := authcookie.New(strconv.Itoa(int(team.ID)), time.Now().Add(72*time.Hour), secret) 177 178 // hostname from settings 179 hostname := database.SettingsMust().URL().String() 180 emailEnabled := database.SettingsMust().SmtpServer != "" 181 182 if !emailEnabled { 183 // Email is not enabled, so must let the user know the signup link 184 link := fmt.Sprintf("%v/accept?token=%v", hostname, token) 185 return RenderText(w, link, http.StatusOK) 186 } 187 188 // send the invitation 189 data := struct { 190 User *User 191 Team *Team 192 Token string 193 Host string 194 }{u, team, token, hostname} 195 196 // send email async 197 go mail.SendInvitation(team.Name, mailParam, &data) 198 199 return RenderText(w, http.StatusText(http.StatusOK), http.StatusOK) 200 } 201 202 func TeamMemberAccept(w http.ResponseWriter, r *http.Request, u *User) error { 203 // get the team name from the token 204 token := r.FormValue("token") 205 teamToken := authcookie.Login(token, secret) 206 teamId, err := strconv.Atoi(teamToken) 207 if err != nil || teamId == 0 { 208 return ErrInvalidTeamName 209 } 210 211 // get the team from the database 212 team, err := database.GetTeam(int64(teamId)) 213 if err != nil { 214 return RenderError(w, err, http.StatusNotFound) 215 } 216 217 // add the user to the team. 218 // by default the user has write access to the team, which means 219 // they can add and manage new repositories. 220 if err := database.SaveMember(u.ID, team.ID, RoleWrite); err != nil { 221 return RenderError(w, err, http.StatusInternalServerError) 222 } 223 224 // send the user to the dashboard 225 http.Redirect(w, r, "/dashboard/team/"+team.Slug, http.StatusSeeOther) 226 return nil 227 }