// CreateApp creates a new app.
//
// Creating a new app is a process composed of the following steps:
//
// 1. Save the app in the database
// 2. Create the git repository using the repository manager
// 3. Provision the app using the provisioner
func CreateApp(app *App, user *auth.User) error {
teams, err := user.Teams()
if err != nil {
return err
}
if len(teams) == 0 {
return NoTeamsError{}
}
platform, err := getPlatform(app.Platform)
if err != nil {
return err
}
if platform.Disabled && !user.IsAdmin() {
return InvalidPlatformError{}
}
var plan *Plan
if app.Plan.Name == "" {
plan, err = DefaultPlan()
} else {
plan, err = findPlanByName(app.Plan.Name)
}
if err != nil {
return err
}
if app.TeamOwner == "" {
if len(teams) > 1 {
return ManyTeamsError{}
}
app.TeamOwner = teams[0].Name
}
err = app.ValidateTeamOwner(user)
if err != nil {
return err
}
app.Plan = *plan
err = app.SetPool()
if err != nil {
return err
}
app.Teams = []string{app.TeamOwner}
app.Owner = user.Email
err = app.validate()
if err != nil {
return err
}
actions := []*action.Action{
&reserveUserApp,
&insertApp,
&exportEnvironmentsAction,
&createRepository,
&provisionApp,
&setAppIp,
}
pipeline := action.NewPipeline(actions...)
err = pipeline.Execute(app, user)
if err != nil {
return &AppCreationError{app: app.Name, Err: err}
}
return nil
}
// List returns the list of apps that the given user has access to.
//
// If the user does not have access to any app, this function returns an empty
// list and a nil error.
//
// The list can be filtered through the filter parameter.
func List(u *auth.User, filter *Filter) ([]App, error) {
var apps []App
conn, err := db.Conn()
if err != nil {
return nil, err
}
defer conn.Close()
query := filter.Query()
if u == nil || u.IsAdmin() {
if err = conn.Apps().Find(query).All(&apps); err != nil {
return []App{}, err
}
return apps, nil
}
ts, err := u.Teams()
if err != nil {
return []App{}, err
}
teams := auth.GetTeamsNames(ts)
query["teams"] = bson.M{"$in": teams}
if err := conn.Apps().Find(query).All(&apps); err != nil {
return []App{}, err
}
return apps, nil
}
func GetServiceInstancesByServicesAndTeams(services []Service, u *auth.User, appName string) ([]ServiceInstance, error) {
var instances []ServiceInstance
teams, err := u.Teams()
if err != nil {
return nil, err
}
if len(teams) == 0 {
return nil, nil
}
conn, err := db.Conn()
if err != nil {
return nil, err
}
defer conn.Close()
var teamNames []string
if !u.IsAdmin() {
teamNames = auth.GetTeamsNames(teams)
}
query := genericServiceInstancesFilter(services, teamNames)
if appName != "" {
query["apps"] = appName
}
err = conn.ServiceInstances().Find(query).All(&instances)
return instances, err
}
func getApp(name string, u *auth.User) (*app.App, error) {
a, err := app.GetByName(name)
if err != nil {
return nil, &errors.HTTP{Code: http.StatusNotFound, Message: fmt.Sprintf("App %s not found.", name)}
}
if u == nil || u.IsAdmin() {
return a, nil
}
if !auth.CheckUserAccess(a.Teams, u) {
return a, &errors.HTTP{Code: http.StatusForbidden, Message: "User does not have access to this app"}
}
return a, nil
}
func getApp(name string, u *auth.User, r *http.Request) (app.App, error) {
var err error
a := context.GetApp(r)
if a == nil {
a, err = app.GetByName(name)
if err != nil {
return app.App{}, &errors.HTTP{Code: http.StatusNotFound, Message: fmt.Sprintf("App %s not found.", name)}
}
context.SetApp(r, a)
}
if u == nil || u.IsAdmin() {
return *a, nil
}
if !auth.CheckUserAccess(a.Teams, u) {
return *a, &errors.HTTP{Code: http.StatusForbidden, Message: "user does not have access to this app"}
}
return *a, nil
}
func (app *App) ValidateTeamOwner(user *auth.User) error {
if _, err := auth.GetTeam(app.TeamOwner); err == auth.ErrTeamNotFound {
return err
}
if user.IsAdmin() {
return nil
}
teams, err := user.Teams()
if err != nil {
return err
}
for _, t := range teams {
if t.Name == app.TeamOwner {
return nil
}
}
errorMsg := fmt.Sprintf("You can not set %s team as app's owner. Please set one of your teams as app's owner.", app.TeamOwner)
return stderr.New(errorMsg)
}
// List returns the list of apps that the given user has access to.
//
// If the user does not have acces to any app, this function returns an empty
// list and a nil error.
func List(u *auth.User) ([]App, error) {
var apps []App
conn, err := db.Conn()
if err != nil {
return nil, err
}
defer conn.Close()
if u.IsAdmin() {
if err := conn.Apps().Find(nil).All(&apps); err != nil {
return []App{}, err
}
return apps, nil
}
ts, err := u.Teams()
if err != nil {
return []App{}, err
}
teams := auth.GetTeamsNames(ts)
if err := conn.Apps().Find(bson.M{"teams": bson.M{"$in": teams}}).All(&apps); err != nil {
return []App{}, err
}
return apps, nil
}
