gitea/routers/api/v1/user/user.go
Norwin f6bec85296
rework heatmap permissions (#14080)
* now uses the same permission model as for the activity feed:
  only include activities in repos, that the doer has access to.
  this might be somewhat slower.

* also improves handling of user.KeepActivityPrivate (still shows
  the heatmap to self & admins)

* extend tests

* adjust integration test to new behaviour

* add access to actions for admins

* extend heatmap unit tests
2020-12-22 03:53:37 +01:00

176 lines
4.4 KiB
Go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2020 The Gitea Authors.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package user
import (
"fmt"
"net/http"
"strings"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/convert"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/routers/api/v1/utils"
"github.com/unknwon/com"
)
// Search search users
func Search(ctx *context.APIContext) {
// swagger:operation GET /users/search user userSearch
// ---
// summary: Search for users
// produces:
// - application/json
// parameters:
// - name: q
// in: query
// description: keyword
// type: string
// - name: uid
// in: query
// description: ID of the user to search for
// type: integer
// format: int64
// - name: page
// in: query
// description: page number of results to return (1-based)
// type: integer
// - name: limit
// in: query
// description: page size of results
// type: integer
// responses:
// "200":
// description: "SearchResults of a successful search"
// schema:
// type: object
// properties:
// ok:
// type: boolean
// data:
// type: array
// items:
// "$ref": "#/definitions/User"
listOptions := utils.GetListOptions(ctx)
opts := &models.SearchUserOptions{
Keyword: strings.Trim(ctx.Query("q"), " "),
UID: com.StrTo(ctx.Query("uid")).MustInt64(),
Type: models.UserTypeIndividual,
ListOptions: listOptions,
}
users, maxResults, err := models.SearchUsers(opts)
if err != nil {
ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
"ok": false,
"error": err.Error(),
})
return
}
results := make([]*api.User, len(users))
for i := range users {
results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User != nil && ctx.User.IsAdmin)
}
ctx.SetLinkHeader(int(maxResults), listOptions.PageSize)
ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", maxResults))
ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
ctx.JSON(http.StatusOK, map[string]interface{}{
"ok": true,
"data": results,
})
}
// GetInfo get user's information
func GetInfo(ctx *context.APIContext) {
// swagger:operation GET /users/{username} user userGet
// ---
// summary: Get a user
// produces:
// - application/json
// parameters:
// - name: username
// in: path
// description: username of user to get
// type: string
// required: true
// responses:
// "200":
// "$ref": "#/responses/User"
// "404":
// "$ref": "#/responses/notFound"
u, err := models.GetUserByName(ctx.Params(":username"))
if err != nil {
if models.IsErrUserNotExist(err) {
ctx.NotFound()
} else {
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
}
return
}
ctx.JSON(http.StatusOK, convert.ToUser(u, ctx.IsSigned, ctx.User != nil && (ctx.User.ID == u.ID || ctx.User.IsAdmin)))
}
// GetAuthenticatedUser get current user's information
func GetAuthenticatedUser(ctx *context.APIContext) {
// swagger:operation GET /user user userGetCurrent
// ---
// summary: Get the authenticated user
// produces:
// - application/json
// responses:
// "200":
// "$ref": "#/responses/User"
ctx.JSON(http.StatusOK, convert.ToUser(ctx.User, ctx.IsSigned, ctx.User != nil))
}
// GetUserHeatmapData is the handler to get a users heatmap
func GetUserHeatmapData(ctx *context.APIContext) {
// swagger:operation GET /users/{username}/heatmap user userGetHeatmapData
// ---
// summary: Get a user's heatmap
// produces:
// - application/json
// parameters:
// - name: username
// in: path
// description: username of user to get
// type: string
// required: true
// responses:
// "200":
// "$ref": "#/responses/UserHeatmapData"
// "404":
// "$ref": "#/responses/notFound"
// Get the user to throw an error if it does not exist
user, err := models.GetUserByName(ctx.Params(":username"))
if err != nil {
if models.IsErrUserNotExist(err) {
ctx.Status(http.StatusNotFound)
} else {
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
}
return
}
heatmap, err := models.GetUserHeatmapDataByUser(user, ctx.User)
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserHeatmapDataByUser", err)
return
}
ctx.JSON(http.StatusOK, heatmap)
}