Nemcio/Gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2026-02-01 12:09:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d2ff1fa978aab5eef50ae3d9a69300f01642ea46
Gogs/internal/database/org_team.go
copilot-swe-agent[bot] 233f0fb18d Migrate internal/database/org_team.go from XORM to GORM 
Co-authored-by: unknwon <2946214+unknwon@users.noreply.github.com>
2026-01-24 01:07:23 +00:00

659 lines
18 KiB
Go
Raw Blame History

package database
import (
"context"
"fmt"
"strings"
"github.com/cockroachdb/errors"
"gorm.io/gorm"
"gogs.io/gogs/internal/errutil"
)
const ownerTeamName = "Owners"
// Team represents a organization team.
type Team struct {
ID int64
OrgID int64 `gorm:"index"`
LowerName string
Name string
Description string
Authorize AccessMode
Repos []*Repository `xorm:"-" json:"-" gorm:"-"`
Members []*User `xorm:"-" json:"-" gorm:"-"`
NumRepos int
NumMembers int
}
func (t *Team) AfterFind(tx *gorm.DB) error {
// LEGACY [1.0]: this is backward compatibility bug fix for https://gogs.io/gogs/issues/3671
if t.NumRepos < 0 {
t.NumRepos = 0
}
return nil
}
// IsOwnerTeam returns true if team is owner team.
func (t *Team) IsOwnerTeam() bool {
return t.Name == ownerTeamName
}
// HasWriteAccess returns true if team has at least write level access mode.
func (t *Team) HasWriteAccess() bool {
return t.Authorize >= AccessModeWrite
}
// IsTeamMember returns true if given user is a member of team.
func (t *Team) IsMember(userID int64) bool {
return IsTeamMember(t.OrgID, t.ID, userID)
}
func (t *Team) getRepositories(tx *gorm.DB) (err error) {
teamRepos := make([]*TeamRepo, 0, t.NumRepos)
if err = tx.Where("team_id = ?", t.ID).Find(&teamRepos).Error; err != nil {
return errors.Newf("get team-repos: %v", err)
}
t.Repos = make([]*Repository, 0, len(teamRepos))
for i := range teamRepos {
repo, err := getRepositoryByID(tx, teamRepos[i].RepoID)
if err != nil {
return errors.Newf("getRepositoryById(%d): %v", teamRepos[i].RepoID, err)
}
t.Repos = append(t.Repos, repo)
}
return nil
}
// GetRepositories returns all repositories in team of organization.
func (t *Team) GetRepositories() error {
return t.getRepositories(db)
}
func (t *Team) getMembers(tx *gorm.DB) (err error) {
t.Members, err = getTeamMembers(tx, t.ID)
return err
}
// GetMembers returns all members in team of organization.
func (t *Team) GetMembers() (err error) {
return t.getMembers(db)
}
// AddMember adds new membership of the team to the organization,
// the user will have membership to the organization automatically when needed.
func (t *Team) AddMember(uid int64) error {
return AddTeamMember(t.OrgID, t.ID, uid)
}
// RemoveMember removes member from team of organization.
func (t *Team) RemoveMember(uid int64) error {
return RemoveTeamMember(t.OrgID, t.ID, uid)
}
func (t *Team) hasRepository(tx *gorm.DB, repoID int64) bool {
return hasTeamRepo(tx, t.OrgID, t.ID, repoID)
}
// HasRepository returns true if given repository belong to team.
func (t *Team) HasRepository(repoID int64) bool {
return t.hasRepository(db, repoID)
}
func (t *Team) addRepository(tx *gorm.DB, repo *Repository) (err error) {
if err = addTeamRepo(tx, t.OrgID, t.ID, repo.ID); err != nil {
return err
}
t.NumRepos++
if err = tx.Model(&Team{}).Where("id = ?", t.ID).Updates(t).Error; err != nil {
return errors.Newf("update team: %v", err)
}
if err = repo.recalculateTeamAccesses(tx, 0); err != nil {
return errors.Newf("recalculateAccesses: %v", err)
}
if err = t.getMembers(tx); err != nil {
return errors.Newf("getMembers: %v", err)
}
for _, u := range t.Members {
if err = watchRepo(tx, u.ID, repo.ID, true); err != nil {
return errors.Newf("watchRepo: %v", err)
}
}
return nil
}
// AddRepository adds new repository to team of organization.
func (t *Team) AddRepository(repo *Repository) (err error) {
if repo.OwnerID != t.OrgID {
return errors.New("Repository does not belong to organization")
} else if t.HasRepository(repo.ID) {
return nil
}
return db.Transaction(func(tx *gorm.DB) error {
return t.addRepository(tx, repo)
})
}
func (t *Team) removeRepository(tx *gorm.DB, repo *Repository, recalculate bool) (err error) {
if err = removeTeamRepo(tx, t.ID, repo.ID); err != nil {
return err
}
t.NumRepos--
if err = tx.Model(&Team{}).Where("id = ?", t.ID).Updates(t).Error; err != nil {
return err
}
// Don't need to recalculate when delete a repository from organization.
if recalculate {
if err = repo.recalculateTeamAccesses(tx, t.ID); err != nil {
return err
}
}
if err = t.getMembers(tx); err != nil {
return errors.Newf("get team members: %v", err)
}
// TODO: Delete me when this method is migrated to use GORM.
userAccessMode := func(tx *gorm.DB, userID int64, repo *Repository) (AccessMode, error) {
mode := AccessModeNone
// Everyone has read access to public repository
if !repo.IsPrivate {
mode = AccessModeRead
}
if userID <= 0 {
return mode, nil
}
if userID == repo.OwnerID {
return AccessModeOwner, nil
}
access := &Access{
UserID: userID,
RepoID: repo.ID,
}
err := tx.Where("user_id = ? AND repo_id = ?", userID, repo.ID).First(access).Error
if errors.Is(err, gorm.ErrRecordNotFound) {
return mode, nil
} else if err != nil {
return mode, err
}
return access.Mode, nil
}
hasAccess := func(tx *gorm.DB, userID int64, repo *Repository, testMode AccessMode) (bool, error) {
mode, err := userAccessMode(tx, userID, repo)
return mode >= testMode, err
}
for _, member := range t.Members {
has, err := hasAccess(tx, member.ID, repo, AccessModeRead)
if err != nil {
return err
} else if has {
continue
}
if err = watchRepo(tx, member.ID, repo.ID, false); err != nil {
return err
}
}
return nil
}
// RemoveRepository removes repository from team of organization.
func (t *Team) RemoveRepository(repoID int64) error {
if !t.HasRepository(repoID) {
return nil
}
repo, err := GetRepositoryByID(repoID)
if err != nil {
return err
}
return db.Transaction(func(tx *gorm.DB) error {
return t.removeRepository(tx, repo, true)
})
}
var reservedTeamNames = map[string]struct{}{
"new": {},
}
// IsUsableTeamName return an error if given name is a reserved name or pattern.
func IsUsableTeamName(name string) error {
return isNameAllowed(reservedTeamNames, nil, name)
}
// NewTeam creates a record of new team.
// It's caller's responsibility to assign organization ID.
func NewTeam(t *Team) error {
if t.Name == "" {
return errors.New("empty team name")
} else if t.OrgID == 0 {
return errors.New("OrgID is not assigned")
}
if err := IsUsableTeamName(t.Name); err != nil {
return err
}
err := db.Where("id = ?", t.OrgID).First(new(User)).Error
if errors.Is(err, gorm.ErrRecordNotFound) {
return ErrOrgNotExist
} else if err != nil {
return err
}
t.LowerName = strings.ToLower(t.Name)
existingTeam := Team{}
err = db.Where("org_id = ? AND lower_name = ?", t.OrgID, t.LowerName).First(&existingTeam).Error
if err == nil {
return ErrTeamAlreadyExist{existingTeam.ID, t.OrgID, t.LowerName}
} else if !errors.Is(err, gorm.ErrRecordNotFound) {
return err
}
return db.Transaction(func(tx *gorm.DB) error {
if err := tx.Create(t).Error; err != nil {
return err
}
// Update organization number of teams.
return tx.Exec("UPDATE `user` SET num_teams=num_teams+1 WHERE id = ?", t.OrgID).Error
})
}
var _ errutil.NotFound = (*ErrTeamNotExist)(nil)
type ErrTeamNotExist struct {
args map[string]any
}
func IsErrTeamNotExist(err error) bool {
_, ok := err.(ErrTeamNotExist)
return ok
}
func (err ErrTeamNotExist) Error() string {
return fmt.Sprintf("team does not exist: %v", err.args)
}
func (ErrTeamNotExist) NotFound() bool {
return true
}
func getTeamOfOrgByName(tx *gorm.DB, orgID int64, name string) (*Team, error) {
t := new(Team)
err := tx.Where("org_id = ? AND lower_name = ?", orgID, strings.ToLower(name)).First(t).Error
if errors.Is(err, gorm.ErrRecordNotFound) {
return nil, ErrTeamNotExist{args: map[string]any{"orgID": orgID, "name": name}}
} else if err != nil {
return nil, err
}
return t, nil
}
// GetTeamOfOrgByName returns team by given team name and organization.
func GetTeamOfOrgByName(orgID int64, name string) (*Team, error) {
return getTeamOfOrgByName(db, orgID, name)
}
func getTeamByID(tx *gorm.DB, teamID int64) (*Team, error) {
t := new(Team)
err := tx.Where("id = ?", teamID).First(t).Error
if errors.Is(err, gorm.ErrRecordNotFound) {
return nil, ErrTeamNotExist{args: map[string]any{"teamID": teamID}}
} else if err != nil {
return nil, err
}
return t, nil
}
// GetTeamByID returns team by given ID.
func GetTeamByID(teamID int64) (*Team, error) {
return getTeamByID(db, teamID)
}
func getTeamsByOrgID(tx *gorm.DB, orgID int64) ([]*Team, error) {
teams := make([]*Team, 0, 3)
return teams, tx.Where("org_id = ?", orgID).Find(&teams).Error
}
// GetTeamsByOrgID returns all teams belong to given organization.
func GetTeamsByOrgID(orgID int64) ([]*Team, error) {
return getTeamsByOrgID(db, orgID)
}
// UpdateTeam updates information of team.
func UpdateTeam(t *Team, authChanged bool) (err error) {
if t.Name == "" {
return errors.New("empty team name")
}
if len(t.Description) > 255 {
t.Description = t.Description[:255]
}
t.LowerName = strings.ToLower(t.Name)
existingTeam := new(Team)
err = db.Where("org_id = ? AND lower_name = ? AND id != ?", t.OrgID, t.LowerName, t.ID).First(existingTeam).Error
if err == nil {
return ErrTeamAlreadyExist{existingTeam.ID, t.OrgID, t.LowerName}
} else if !errors.Is(err, gorm.ErrRecordNotFound) {
return err
}
return db.Transaction(func(tx *gorm.DB) error {
if err := tx.Model(&Team{}).Where("id = ?", t.ID).Updates(t).Error; err != nil {
return errors.Newf("update: %v", err)
}
// Update access for team members if needed.
if authChanged {
if err := t.getRepositories(tx); err != nil {
return errors.Newf("getRepositories:%v", err)
}
for _, repo := range t.Repos {
if err := repo.recalculateTeamAccesses(tx, 0); err != nil {
return errors.Newf("recalculateTeamAccesses: %v", err)
}
}
}
return nil
})
}
// DeleteTeam deletes given team.
// It's caller's responsibility to assign organization ID.
func DeleteTeam(t *Team) error {
if err := t.GetRepositories(); err != nil {
return err
}
// Get organization.
org, err := Handle.Users().GetByID(context.TODO(), t.OrgID)
if err != nil {
return err
}
return db.Transaction(func(tx *gorm.DB) error {
// Delete all accesses.
for _, repo := range t.Repos {
if err := repo.recalculateTeamAccesses(tx, t.ID); err != nil {
return err
}
}
// Delete team-user.
if err := tx.Where("org_id = ? AND team_id = ?", org.ID, t.ID).Delete(new(TeamUser)).Error; err != nil {
return err
}
// Delete team.
if err := tx.Where("id = ?", t.ID).Delete(new(Team)).Error; err != nil {
return err
}
// Update organization number of teams.
return tx.Exec("UPDATE `user` SET num_teams=num_teams-1 WHERE id = ?", t.OrgID).Error
})
}
// ___________ ____ ___
// \__ ___/___ _____ _____ | | \______ ___________
// | |_/ __ \\__ \ / \| | / ___// __ \_ __ \
// | |\ ___/ / __ \| Y Y \ | /\___ \\ ___/| | \/
// |____| \___ >____ /__|_| /______//____ >\___ >__|
// \/ \/ \/ \/ \/
// TeamUser represents an team-user relation.
type TeamUser struct {
ID int64
OrgID int64 `gorm:"index"`
TeamID int64 `gorm:"uniqueIndex:team_user_team_id_uid"`
UID int64 `gorm:"uniqueIndex:team_user_team_id_uid"`
}
func isTeamMember(tx *gorm.DB, orgID, teamID, uid int64) bool {
err := tx.Where("org_id = ? AND team_id = ? AND uid = ?", orgID, teamID, uid).First(new(TeamUser)).Error
return err == nil
}
// IsTeamMember returns true if given user is a member of team.
func IsTeamMember(orgID, teamID, uid int64) bool {
return isTeamMember(db, orgID, teamID, uid)
}
func getTeamMembers(tx *gorm.DB, teamID int64) (_ []*User, err error) {
teamUsers := make([]*TeamUser, 0, 10)
if err = tx.Select("id, org_id, team_id, uid").Where("team_id = ?", teamID).Find(&teamUsers).Error; err != nil {
return nil, errors.Newf("get team-users: %v", err)
}
members := make([]*User, 0, len(teamUsers))
for i := range teamUsers {
member := new(User)
if err = tx.Where("id = ?", teamUsers[i].UID).First(member).Error; err != nil {
return nil, errors.Newf("get user '%d': %v", teamUsers[i].UID, err)
}
members = append(members, member)
}
return members, nil
}
// GetTeamMembers returns all members in given team of organization.
func GetTeamMembers(teamID int64) ([]*User, error) {
return getTeamMembers(db, teamID)
}
func getUserTeams(tx *gorm.DB, orgID, userID int64) ([]*Team, error) {
teamUsers := make([]*TeamUser, 0, 5)
if err := tx.Where("uid = ? AND org_id = ?", userID, orgID).Find(&teamUsers).Error; err != nil {
return nil, err
}
teamIDs := make([]int64, len(teamUsers)+1)
for i := range teamUsers {
teamIDs[i] = teamUsers[i].TeamID
}
teamIDs[len(teamUsers)] = -1
teams := make([]*Team, 0, len(teamIDs))
return teams, tx.Where("org_id = ? AND id IN ?", orgID, teamIDs).Find(&teams).Error
}
// GetUserTeams returns all teams that user belongs to in given organization.
func GetUserTeams(orgID, userID int64) ([]*Team, error) {
return getUserTeams(db, orgID, userID)
}
// AddTeamMember adds new membership of given team to given organization,
// the user will have membership to given organization automatically when needed.
func AddTeamMember(orgID, teamID, userID int64) error {
if IsTeamMember(orgID, teamID, userID) {
return nil
}
if err := AddOrgUser(orgID, userID); err != nil {
return err
}
// Get team and its repositories.
t, err := GetTeamByID(teamID)
if err != nil {
return err
}
t.NumMembers++
if err = t.GetRepositories(); err != nil {
return err
}
return db.Transaction(func(tx *gorm.DB) error {
tu := &TeamUser{
UID: userID,
OrgID: orgID,
TeamID: teamID,
}
if err := tx.Create(tu).Error; err != nil {
return err
}
if err := tx.Model(&Team{}).Where("id = ?", t.ID).Updates(t).Error; err != nil {
return err
}
// Give access to team repositories.
for _, repo := range t.Repos {
if err := repo.recalculateTeamAccesses(tx, 0); err != nil {
return err
}
}
// We make sure it exists before.
ou := new(OrgUser)
if err := tx.Where("uid = ? AND org_id = ?", userID, orgID).First(ou).Error; err != nil {
return err
}
ou.NumTeams++
if t.IsOwnerTeam() {
ou.IsOwner = true
}
return tx.Model(&OrgUser{}).Where("id = ?", ou.ID).Updates(ou).Error
})
}
func removeTeamMember(tx *gorm.DB, orgID, teamID, uid int64) error {
if !isTeamMember(tx, orgID, teamID, uid) {
return nil
}
// Get team and its repositories.
t, err := getTeamByID(tx, teamID)
if err != nil {
return err
}
// Check if the user to delete is the last member in owner team.
if t.IsOwnerTeam() && t.NumMembers == 1 {
return ErrLastOrgOwner{UID: uid}
}
t.NumMembers--
if err = t.getRepositories(tx); err != nil {
return err
}
// Get organization.
org, err := getUserByID(tx, orgID)
if err != nil {
return err
}
tu := &TeamUser{
UID: uid,
OrgID: orgID,
TeamID: teamID,
}
if err := tx.Where("uid = ? AND org_id = ? AND team_id = ?", uid, orgID, teamID).Delete(tu).Error; err != nil {
return err
}
if err = tx.Model(&Team{}).Where("id = ?", t.ID).Updates(t).Error; err != nil {
return err
}
// Delete access to team repositories.
for _, repo := range t.Repos {
if err = repo.recalculateTeamAccesses(tx, 0); err != nil {
return err
}
}
// This must exist.
ou := new(OrgUser)
if err = tx.Where("uid = ? AND org_id = ?", uid, org.ID).First(ou).Error; err != nil {
return err
}
ou.NumTeams--
if t.IsOwnerTeam() {
ou.IsOwner = false
}
return tx.Model(&OrgUser{}).Where("id = ?", ou.ID).Updates(ou).Error
}
// RemoveTeamMember removes member from given team of given organization.
func RemoveTeamMember(orgID, teamID, uid int64) error {
return db.Transaction(func(tx *gorm.DB) error {
return removeTeamMember(tx, orgID, teamID, uid)
})
}
// ___________ __________
// \__ ___/___ _____ _____\______ \ ____ ______ ____
// | |_/ __ \\__ \ / \| _// __ \\____ \ / _ \
// | |\ ___/ / __ \| Y Y \ | \ ___/| |_> > <_> )
// |____| \___ >____ /__|_| /____|_ /\___ > __/ \____/
// \/ \/ \/ \/ \/|__|
// TeamRepo represents an team-repository relation.
type TeamRepo struct {
ID int64
OrgID int64 `gorm:"index"`
TeamID int64 `gorm:"uniqueIndex:team_repo_team_id_repo_id"`
RepoID int64 `gorm:"uniqueIndex:team_repo_team_id_repo_id"`
}
func hasTeamRepo(tx *gorm.DB, orgID, teamID, repoID int64) bool {
err := tx.Where("org_id = ? AND team_id = ? AND repo_id = ?", orgID, teamID, repoID).First(new(TeamRepo)).Error
return err == nil
}
// HasTeamRepo returns true if given team has access to the repository of the organization.
func HasTeamRepo(orgID, teamID, repoID int64) bool {
return hasTeamRepo(db, orgID, teamID, repoID)
}
func addTeamRepo(tx *gorm.DB, orgID, teamID, repoID int64) error {
return tx.Create(&TeamRepo{
OrgID: orgID,
TeamID: teamID,
RepoID: repoID,
}).Error
}
// AddTeamRepo adds new repository relation to team.
func AddTeamRepo(orgID, teamID, repoID int64) error {
return addTeamRepo(db, orgID, teamID, repoID)
}
func removeTeamRepo(tx *gorm.DB, teamID, repoID int64) error {
return tx.Where("team_id = ? AND repo_id = ?", teamID, repoID).Delete(new(TeamRepo)).Error
}
// RemoveTeamRepo deletes repository relation to team.
func RemoveTeamRepo(teamID, repoID int64) error {
return removeTeamRepo(db, teamID, repoID)
}
// GetTeamsHaveAccessToRepo returns all teams in an organization that have given access level to the repository.
func GetTeamsHaveAccessToRepo(orgID, repoID int64, mode AccessMode) ([]*Team, error) {
teams := make([]*Team, 0, 5)
return teams, db.Table("team").
Where("team.authorize >= ?", mode).
Joins("INNER JOIN team_repo ON team_repo.team_id = team.id").
Where("team_repo.org_id = ? AND team_repo.repo_id = ?", orgID, repoID).
Find(&teams).Error
}
Reference in New Issue View Git Blame Copy Permalink