diff options
| author | ☃ Stephen Shkardoon ☃ <ss23@ss23.geek.nz> | 2020-04-07 07:03:22 +1200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-07 03:03:22 +0800 |
| commit | 4ebdcb719a348be072b1b032d74aa6aee1b1554f (patch) | |
| tree | 31863d5a02a808a1355b0c0a2d34ef0a3efa4395 /internal/db | |
| parent | 571be84e260300d001290a022232a45a86518331 (diff) | |
db: include the Team ID in the error message (#6056)
This means that when using the API to create a new team, the output
contains the existing team ID, not just the name.
While there may be the thought that this reveals sensitive
information, it is never the case that a user can create or update
a team without permission to view the teams in the first place.
Diffstat (limited to 'internal/db')
| -rw-r--r-- | internal/db/error.go | 3 | ||||
| -rw-r--r-- | internal/db/org_team.go | 10 |
2 files changed, 8 insertions, 5 deletions
diff --git a/internal/db/error.go b/internal/db/error.go index ce87debd..ed173d86 100644 --- a/internal/db/error.go +++ b/internal/db/error.go @@ -368,6 +368,7 @@ func (err ErrLoginSourceInUse) Error() string { // \/ \/ \/ type ErrTeamAlreadyExist struct { + ID int64 OrgID int64 Name string } @@ -378,7 +379,7 @@ func IsErrTeamAlreadyExist(err error) bool { } func (err ErrTeamAlreadyExist) Error() string { - return fmt.Sprintf("team already exists [org_id: %d, name: %s]", err.OrgID, err.Name) + return fmt.Sprintf("team already exists [id: %d, org_id: %d, name: %s]", err.ID, err.OrgID, err.Name) } // ____ ___ .__ .___ diff --git a/internal/db/org_team.go b/internal/db/org_team.go index f5309888..6e141d25 100644 --- a/internal/db/org_team.go +++ b/internal/db/org_team.go @@ -241,11 +241,12 @@ func NewTeam(t *Team) error { } t.LowerName = strings.ToLower(t.Name) - has, err = x.Where("org_id=?", t.OrgID).And("lower_name=?", t.LowerName).Get(new(Team)) + existingTeam := Team{} + has, err = x.Where("org_id=?", t.OrgID).And("lower_name=?", t.LowerName).Get(&existingTeam) if err != nil { return err } else if has { - return ErrTeamAlreadyExist{t.OrgID, t.LowerName} + return ErrTeamAlreadyExist{existingTeam.ID, t.OrgID, t.LowerName} } sess := x.NewSession() @@ -346,11 +347,12 @@ func UpdateTeam(t *Team, authChanged bool) (err error) { } t.LowerName = strings.ToLower(t.Name) - has, err := x.Where("org_id=?", t.OrgID).And("lower_name=?", t.LowerName).And("id!=?", t.ID).Get(new(Team)) + existingTeam := new(Team) + has, err := x.Where("org_id=?", t.OrgID).And("lower_name=?", t.LowerName).And("id!=?", t.ID).Get(&existingTeam) if err != nil { return err } else if has { - return ErrTeamAlreadyExist{t.OrgID, t.LowerName} + return ErrTeamAlreadyExist{existingTeam.ID, t.OrgID, t.LowerName} } if _, err = sess.ID(t.ID).AllCols().Update(t); err != nil { |