afan
/
gitea
Beobachten 1
Favorisieren 0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
gitea源码
3 Commits
2 Branches
Struktur: 6d2efddf43
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von '6d2efddf43'
${ noResults }
gitea/services/org/team.go

team.go 9.4KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353 
  1. // Copyright 2024 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package org

  5. 

  6. import (

  7. 	"context"

  8. 	"fmt"

  9. 	"strings"

  10. 

  11. 	"code.gitea.io/gitea/models/db"

  12. 	git_model "code.gitea.io/gitea/models/git"

  13. 	issues_model "code.gitea.io/gitea/models/issues"

  14. 	"code.gitea.io/gitea/models/organization"

  15. 	access_model "code.gitea.io/gitea/models/perm/access"

  16. 	repo_model "code.gitea.io/gitea/models/repo"

  17. 	user_model "code.gitea.io/gitea/models/user"

  18. 	"code.gitea.io/gitea/modules/graceful"

  19. 	"code.gitea.io/gitea/modules/log"

  20. 	"code.gitea.io/gitea/modules/setting"

  21. 	"code.gitea.io/gitea/modules/util"

  22. 	repo_service "code.gitea.io/gitea/services/repository"

  23. 

  24. 	"xorm.io/builder"

  25. )

  26. 

  27. // NewTeam creates a record of new team.

  28. // It's caller's responsibility to assign organization ID.

  29. func NewTeam(ctx context.Context, t *organization.Team) (err error) {

  30. 	if len(t.Name) == 0 {

  31. 		return util.NewInvalidArgumentErrorf("empty team name")

  32. 	}

  33. 

  34. 	if err = organization.IsUsableTeamName(t.Name); err != nil {

  35. 		return err

  36. 	}

  37. 

  38. 	has, err := db.ExistByID[user_model.User](ctx, t.OrgID)

  39. 	if err != nil {

  40. 		return err

  41. 	}

  42. 	if !has {

  43. 		return organization.ErrOrgNotExist{ID: t.OrgID}

  44. 	}

  45. 

  46. 	t.LowerName = strings.ToLower(t.Name)

  47. 	has, err = db.Exist[organization.Team](ctx, builder.Eq{

  48. 		"org_id":     t.OrgID,

  49. 		"lower_name": t.LowerName,

  50. 	})

  51. 	if err != nil {

  52. 		return err

  53. 	}

  54. 	if has {

  55. 		return organization.ErrTeamAlreadyExist{OrgID: t.OrgID, Name: t.LowerName}

  56. 	}

  57. 

  58. 	return db.WithTx(ctx, func(ctx context.Context) error {

  59. 		if err = db.Insert(ctx, t); err != nil {

  60. 			return err

  61. 		}

  62. 

  63. 		// insert units for team

  64. 		if len(t.Units) > 0 {

  65. 			for _, unit := range t.Units {

  66. 				unit.TeamID = t.ID

  67. 			}

  68. 			if err = db.Insert(ctx, &t.Units); err != nil {

  69. 				return err

  70. 			}

  71. 		}

  72. 

  73. 		// Add all repositories to the team if it has access to all of them.

  74. 		if t.IncludesAllRepositories {

  75. 			err = repo_service.AddAllRepositoriesToTeam(ctx, t)

  76. 			if err != nil {

  77. 				return fmt.Errorf("addAllRepositories: %w", err)

  78. 			}

  79. 		}

  80. 

  81. 		// Update organization number of teams.

  82. 		_, err = db.Exec(ctx, "UPDATE `user` SET num_teams=num_teams+1 WHERE id = ?", t.OrgID)

  83. 		return err

  84. 	})

  85. }

  86. 

  87. // UpdateTeam updates information of team.

  88. func UpdateTeam(ctx context.Context, t *organization.Team, authChanged, includeAllChanged bool) (err error) {

  89. 	if len(t.Name) == 0 {

  90. 		return util.NewInvalidArgumentErrorf("empty team name")

  91. 	}

  92. 

  93. 	if len(t.Description) > 255 {

  94. 		t.Description = t.Description[:255]

  95. 	}

  96. 

  97. 	return db.WithTx(ctx, func(ctx context.Context) error {

  98. 		t.LowerName = strings.ToLower(t.Name)

  99. 		has, err := db.Exist[organization.Team](ctx, builder.Eq{

  100. 			"org_id":     t.OrgID,

  101. 			"lower_name": t.LowerName,

  102. 		}.And(builder.Neq{"id": t.ID}),

  103. 		)

  104. 		if err != nil {

  105. 			return err

  106. 		} else if has {

  107. 			return organization.ErrTeamAlreadyExist{OrgID: t.OrgID, Name: t.LowerName}

  108. 		}

  109. 

  110. 		sess := db.GetEngine(ctx)

  111. 		if _, err = sess.ID(t.ID).Cols("name", "lower_name", "description",

  112. 			"can_create_org_repo", "authorize", "includes_all_repositories").Update(t); err != nil {

  113. 			return fmt.Errorf("update: %w", err)

  114. 		}

  115. 

  116. 		// update units for team

  117. 		if len(t.Units) > 0 {

  118. 			for _, unit := range t.Units {

  119. 				unit.TeamID = t.ID

  120. 			}

  121. 			// Delete team-unit.

  122. 			if _, err := sess.

  123. 				Where("team_id=?", t.ID).

  124. 				Delete(new(organization.TeamUnit)); err != nil {

  125. 				return err

  126. 			}

  127. 			if _, err = sess.Cols("org_id", "team_id", "type", "access_mode").Insert(&t.Units); err != nil {

  128. 				return err

  129. 			}

  130. 		}

  131. 

  132. 		// Update access for team members if needed.

  133. 		if authChanged {

  134. 			repos, err := repo_model.GetTeamRepositories(ctx, &repo_model.SearchTeamRepoOptions{

  135. 				TeamID: t.ID,

  136. 			})

  137. 			if err != nil {

  138. 				return fmt.Errorf("GetTeamRepositories: %w", err)

  139. 			}

  140. 

  141. 			for _, repo := range repos {

  142. 				if err = access_model.RecalculateTeamAccesses(ctx, repo, 0); err != nil {

  143. 					return fmt.Errorf("recalculateTeamAccesses: %w", err)

  144. 				}

  145. 			}

  146. 		}

  147. 

  148. 		// Add all repositories to the team if it has access to all of them.

  149. 		if includeAllChanged && t.IncludesAllRepositories {

  150. 			err = repo_service.AddAllRepositoriesToTeam(ctx, t)

  151. 			if err != nil {

  152. 				return fmt.Errorf("addAllRepositories: %w", err)

  153. 			}

  154. 		}

  155. 

  156. 		return nil

  157. 	})

  158. }

  159. 

  160. // DeleteTeam deletes given team.

  161. // It's caller's responsibility to assign organization ID.

  162. func DeleteTeam(ctx context.Context, t *organization.Team) error {

  163. 	return db.WithTx(ctx, func(ctx context.Context) error {

  164. 		if err := t.LoadMembers(ctx); err != nil {

  165. 			return err

  166. 		}

  167. 

  168. 		// update branch protections

  169. 		{

  170. 			protections := make([]*git_model.ProtectedBranch, 0, 10)

  171. 			err := db.GetEngine(ctx).In("repo_id",

  172. 				builder.Select("id").From("repository").Where(builder.Eq{"owner_id": t.OrgID})).

  173. 				Find(&protections)

  174. 			if err != nil {

  175. 				return fmt.Errorf("findProtectedBranches: %w", err)

  176. 			}

  177. 			for _, p := range protections {

  178. 				if err := git_model.RemoveTeamIDFromProtectedBranch(ctx, p, t.ID); err != nil {

  179. 					return err

  180. 				}

  181. 			}

  182. 		}

  183. 

  184. 		if err := repo_service.RemoveAllRepositoriesFromTeam(ctx, t); err != nil {

  185. 			return err

  186. 		}

  187. 

  188. 		if err := db.DeleteBeans(ctx,

  189. 			&organization.Team{ID: t.ID},

  190. 			&organization.TeamUser{OrgID: t.OrgID, TeamID: t.ID},

  191. 			&organization.TeamUnit{TeamID: t.ID},

  192. 			&organization.TeamInvite{TeamID: t.ID},

  193. 			&issues_model.Review{Type: issues_model.ReviewTypeRequest, ReviewerTeamID: t.ID}, // batch delete the binding relationship between team and PR (request review from team)

  194. 		); err != nil {

  195. 			return err

  196. 		}

  197. 

  198. 		for _, tm := range t.Members {

  199. 			if err := removeInvalidOrgUser(ctx, t.OrgID, tm); err != nil {

  200. 				return err

  201. 			}

  202. 		}

  203. 

  204. 		// Update organization number of teams.

  205. 		_, err := db.Exec(ctx, "UPDATE `user` SET num_teams=num_teams-1 WHERE id=?", t.OrgID)

  206. 		return err

  207. 	})

  208. }

  209. 

  210. // AddTeamMember adds new membership of given team to given organization,

  211. // the user will have membership to given organization automatically when needed.

  212. func AddTeamMember(ctx context.Context, team *organization.Team, user *user_model.User) error {

  213. 	if user_model.IsUserBlockedBy(ctx, user, team.OrgID) {

  214. 		return user_model.ErrBlockedUser

  215. 	}

  216. 

  217. 	isAlreadyMember, err := organization.IsTeamMember(ctx, team.OrgID, team.ID, user.ID)

  218. 	if err != nil || isAlreadyMember {

  219. 		return err

  220. 	}

  221. 

  222. 	if err := organization.AddOrgUser(ctx, team.OrgID, user.ID); err != nil {

  223. 		return err

  224. 	}

  225. 

  226. 	err = db.WithTx(ctx, func(ctx context.Context) error {

  227. 		// check in transaction

  228. 		isAlreadyMember, err = organization.IsTeamMember(ctx, team.OrgID, team.ID, user.ID)

  229. 		if err != nil || isAlreadyMember {

  230. 			return err

  231. 		}

  232. 

  233. 		sess := db.GetEngine(ctx)

  234. 

  235. 		if err := db.Insert(ctx, &organization.TeamUser{

  236. 			UID:    user.ID,

  237. 			OrgID:  team.OrgID,

  238. 			TeamID: team.ID,

  239. 		}); err != nil {

  240. 			return err

  241. 		} else if _, err := sess.Incr("num_members").ID(team.ID).Update(new(organization.Team)); err != nil {

  242. 			return err

  243. 		}

  244. 

  245. 		team.NumMembers++

  246. 		return nil

  247. 	})

  248. 	if err != nil {

  249. 		return err

  250. 	}

  251. 

  252. 	// this behaviour may spend much time so run it in a goroutine

  253. 	// FIXME: Update watch repos batchly

  254. 	if setting.Service.AutoWatchNewRepos {

  255. 		// Get team and its repositories.

  256. 		repos, err := repo_model.GetTeamRepositories(ctx, &repo_model.SearchTeamRepoOptions{

  257. 			TeamID: team.ID,

  258. 		})

  259. 		if err != nil {

  260. 			log.Error("GetTeamRepositories failed: %v", err)

  261. 		}

  262. 

  263. 		go func(repos []*repo_model.Repository) {

  264. 			for _, repo := range repos {

  265. 				if err = repo_model.WatchRepo(graceful.GetManager().ShutdownContext(), user, repo, true); err != nil {

  266. 					log.Error("watch repo failed: %v", err)

  267. 				}

  268. 			}

  269. 		}(repos)

  270. 	}

  271. 

  272. 	return nil

  273. }

  274. 

  275. func removeTeamMember(ctx context.Context, team *organization.Team, user *user_model.User) error {

  276. 	e := db.GetEngine(ctx)

  277. 	isMember, err := organization.IsTeamMember(ctx, team.OrgID, team.ID, user.ID)

  278. 	if err != nil || !isMember {

  279. 		return err

  280. 	}

  281. 

  282. 	// Check if the user to delete is the last member in owner team.

  283. 	if team.IsOwnerTeam() && team.NumMembers == 1 {

  284. 		return organization.ErrLastOrgOwner{UID: user.ID}

  285. 	}

  286. 

  287. 	team.NumMembers--

  288. 

  289. 	repos, err := repo_model.GetTeamRepositories(ctx, &repo_model.SearchTeamRepoOptions{

  290. 		TeamID: team.ID,

  291. 	})

  292. 	if err != nil {

  293. 		return err

  294. 	}

  295. 

  296. 	if _, err := e.Delete(&organization.TeamUser{

  297. 		UID:    user.ID,

  298. 		OrgID:  team.OrgID,

  299. 		TeamID: team.ID,

  300. 	}); err != nil {

  301. 		return err

  302. 	} else if _, err = e.

  303. 		ID(team.ID).

  304. 		Cols("num_members").

  305. 		Update(team); err != nil {

  306. 		return err

  307. 	}

  308. 

  309. 	// Delete access to team repositories.

  310. 	for _, repo := range repos {

  311. 		if err := access_model.RecalculateUserAccess(ctx, repo, user.ID); err != nil {

  312. 			return err

  313. 		}

  314. 

  315. 		// Remove watches from now unaccessible

  316. 		if err := repo_service.ReconsiderWatches(ctx, repo, user); err != nil {

  317. 			return err

  318. 		}

  319. 

  320. 		// Remove issue assignments from now unaccessible

  321. 		if err := repo_service.ReconsiderRepoIssuesAssignee(ctx, repo, user); err != nil {

  322. 			return err

  323. 		}

  324. 	}

  325. 

  326. 	return removeInvalidOrgUser(ctx, team.OrgID, user)

  327. }

  328. 

  329. func removeInvalidOrgUser(ctx context.Context, orgID int64, user *user_model.User) error {

  330. 	// Check if the user is a member of any team in the organization.

  331. 	if count, err := db.GetEngine(ctx).Count(&organization.TeamUser{

  332. 		UID:   user.ID,

  333. 		OrgID: orgID,

  334. 	}); err != nil {

  335. 		return err

  336. 	} else if count == 0 {

  337. 		org, err := organization.GetOrgByID(ctx, orgID)

  338. 		if err != nil {

  339. 			return err

  340. 		}

  341. 

  342. 		return RemoveOrgUser(ctx, org, user)

  343. 	}

  344. 	return nil

  345. }

  346. 

  347. // RemoveTeamMember removes member from given team of given organization.

  348. func RemoveTeamMember(ctx context.Context, team *organization.Team, user *user_model.User) error {

  349. 	return db.WithTx(ctx, func(ctx context.Context) error {

  350. 		return removeTeamMember(ctx, team, user)

  351. 	})

  352. }