package handler import ( "fmt" "net/http" "strconv" "time" "github.com/dchest/authcookie" "github.com/drone/drone/pkg/database" "github.com/drone/drone/pkg/mail" . "github.com/drone/drone/pkg/model" ) // Display a list of Team Members. func TeamMembers(w http.ResponseWriter, r *http.Request, u *User) error { teamParam := r.FormValue(":team") team, err := database.GetTeamSlug(teamParam) if err != nil { return err } // user must be a team member admin if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member { return fmt.Errorf("Forbidden") } members, err := database.ListMembers(team.ID) if err != nil { return err } data := struct { User *User Team *Team Members []*Member }{u, team, members} return RenderTemplate(w, "team_members.html", &data) } // Return an HTML form for creating a new Team Member. func TeamMemberAdd(w http.ResponseWriter, r *http.Request, u *User) error { teamParam := r.FormValue(":team") team, err := database.GetTeamSlug(teamParam) if err != nil { return err } if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member { return fmt.Errorf("Forbidden") } data := struct { User *User Team *Team }{u, team} return RenderTemplate(w, "members_add.html", &data) } // Return an HTML form for editing a Team Member. func TeamMemberEdit(w http.ResponseWriter, r *http.Request, u *User) error { teamParam := r.FormValue(":team") team, err := database.GetTeamSlug(teamParam) if err != nil { return err } if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member { return fmt.Errorf("Forbidden") } // get the ID from the URL parameter idstr := r.FormValue("id") id, err := strconv.Atoi(idstr) if err != nil { return err } user, err := database.GetUser(int64(id)) if err != nil { return err } member, err := database.GetMember(user.ID, team.ID) if err != nil { return err } data := struct { User *User Team *Team Member *Member }{u, team, member} return RenderTemplate(w, "members_edit.html", &data) } // Update a specific Team Member. func TeamMemberUpdate(w http.ResponseWriter, r *http.Request, u *User) error { roleParam := r.FormValue("Role") teamParam := r.FormValue(":team") // get the team from the database team, err := database.GetTeamSlug(teamParam) if err != nil { return RenderError(w, err, http.StatusNotFound) } // verify the user is a admin member of the team if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member { return fmt.Errorf("Forbidden") } // get the ID from the URL parameter idstr := r.FormValue("id") id, err := strconv.Atoi(idstr) if err != nil { return err } // get the user from the database user, err := database.GetUser(int64(id)) if err != nil { return RenderError(w, err, http.StatusNotFound) } // add the user to the team if err := database.SaveMember(user.ID, team.ID, roleParam); err != nil { return RenderError(w, err, http.StatusInternalServerError) } return RenderText(w, http.StatusText(http.StatusOK), http.StatusOK) } // Delete a specific Team Member. func TeamMemberDelete(w http.ResponseWriter, r *http.Request, u *User) error { // get the team from the database teamParam := r.FormValue(":team") team, err := database.GetTeamSlug(teamParam) if err != nil { return RenderNotFound(w) } if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member { return fmt.Errorf("Forbidden") } // get the ID from the URL parameter idstr := r.FormValue("id") id, err := strconv.Atoi(idstr) if err != nil { return err } // get the user from the database user, err := database.GetUser(int64(id)) if err != nil { return RenderNotFound(w) } // must be at least 1 member members, err := database.ListMembers(team.ID) if err != nil { return err } else if len(members) == 1 { return fmt.Errorf("There must be at least 1 member per team") } // delete the member database.DeleteMember(user.ID, team.ID) http.Redirect(w, r, fmt.Sprintf("/account/team/%s/members", team.Name), http.StatusSeeOther) return nil } // Invite a new Team Member. func TeamMemberInvite(w http.ResponseWriter, r *http.Request, u *User) error { teamParam := r.FormValue(":team") mailParam := r.FormValue("email") team, err := database.GetTeamSlug(teamParam) if err != nil { return RenderError(w, err, http.StatusNotFound) } if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member { return fmt.Errorf("Forbidden") } // generate a token that is valid for 3 days to join the team token := authcookie.New(strconv.Itoa(int(team.ID)), time.Now().Add(72*time.Hour), secret) // hostname from settings hostname := database.SettingsMust().URL().String() emailEnabled := database.SettingsMust().SmtpServer != "" if !emailEnabled { // Email is not enabled, so must let the user know the signup link link := fmt.Sprintf("%v/accept?token=%v", hostname, token) return RenderText(w, link, http.StatusOK) } // send the invitation data := struct { User *User Team *Team Token string Host string }{u, team, token, hostname} // send email async go mail.SendInvitation(team.Name, mailParam, &data) return RenderText(w, http.StatusText(http.StatusOK), http.StatusOK) } func TeamMemberAccept(w http.ResponseWriter, r *http.Request, u *User) error { // get the team name from the token token := r.FormValue("token") teamToken := authcookie.Login(token, secret) teamId, err := strconv.Atoi(teamToken) if err != nil || teamId == 0 { return ErrInvalidTeamName } // get the team from the database team, err := database.GetTeam(int64(teamId)) if err != nil { return RenderError(w, err, http.StatusNotFound) } // add the user to the team. // by default the user has write access to the team, which means // they can add and manage new repositories. if err := database.SaveMember(u.ID, team.ID, RoleWrite); err != nil { return RenderError(w, err, http.StatusInternalServerError) } // send the user to the dashboard http.Redirect(w, r, "/dashboard/team/"+team.Slug, http.StatusSeeOther) return nil }