2024-11-28 05:12:26 +08:00
// Copyright 2024 The Gitea Authors. All rights reserved.
2022-11-28 02:20:29 +08:00
// SPDX-License-Identifier: MIT
2016-03-26 06:04:02 +08:00
2024-11-28 05:12:26 +08:00
package org
2016-03-26 06:04:02 +08:00
import (
2021-11-19 19:41:40 +08:00
"context"
2016-03-26 06:04:02 +08:00
"fmt"
"strings"
2017-12-21 15:43:26 +08:00
2021-09-19 19:49:59 +08:00
"code.gitea.io/gitea/models/db"
2022-06-12 23:51:54 +08:00
git_model "code.gitea.io/gitea/models/git"
2022-06-13 17:37:59 +08:00
issues_model "code.gitea.io/gitea/models/issues"
2022-03-29 14:29:02 +08:00
"code.gitea.io/gitea/models/organization"
2022-05-11 18:09:36 +08:00
access_model "code.gitea.io/gitea/models/perm/access"
2021-12-10 09:27:50 +08:00
repo_model "code.gitea.io/gitea/models/repo"
2021-11-24 17:49:20 +08:00
user_model "code.gitea.io/gitea/models/user"
2022-04-01 09:53:18 +08:00
"code.gitea.io/gitea/modules/log"
2019-01-27 17:25:21 +08:00
"code.gitea.io/gitea/modules/setting"
2022-03-22 09:09:45 +08:00
"code.gitea.io/gitea/modules/util"
2024-11-28 05:12:26 +08:00
repo_service "code.gitea.io/gitea/services/repository"
2019-01-27 17:25:21 +08:00
2019-10-01 13:32:28 +08:00
"xorm.io/builder"
2016-03-26 06:04:02 +08:00
)
// NewTeam creates a record of new team.
// It's caller's responsibility to assign organization ID.
2023-09-15 01:09:32 +08:00
func NewTeam ( ctx context . Context , t * organization . Team ) ( err error ) {
2016-03-26 06:04:02 +08:00
if len ( t . Name ) == 0 {
2022-12-31 19:49:37 +08:00
return util . NewInvalidArgumentErrorf ( "empty team name" )
2016-03-26 06:04:02 +08:00
}
2022-03-29 14:29:02 +08:00
if err = organization . IsUsableTeamName ( t . Name ) ; err != nil {
2016-11-06 17:07:03 +08:00
return err
}
2023-12-07 15:27:36 +08:00
has , err := db . ExistByID [ user_model . User ] ( ctx , t . OrgID )
2016-03-26 06:04:02 +08:00
if err != nil {
return err
2019-06-13 03:41:28 +08:00
}
if ! has {
2022-03-29 14:29:02 +08:00
return organization . ErrOrgNotExist { ID : t . OrgID }
2016-03-26 06:04:02 +08:00
}
t . LowerName = strings . ToLower ( t . Name )
2023-12-07 15:27:36 +08:00
has , err = db . Exist [ organization . Team ] ( ctx , builder . Eq {
"org_id" : t . OrgID ,
"lower_name" : t . LowerName ,
} )
2016-03-26 06:04:02 +08:00
if err != nil {
return err
2019-06-13 03:41:28 +08:00
}
if has {
2022-03-29 14:29:02 +08:00
return organization . ErrTeamAlreadyExist { OrgID : t . OrgID , Name : t . LowerName }
2016-03-26 06:04:02 +08:00
}
2023-09-15 01:09:32 +08:00
ctx , committer , err := db . TxContext ( ctx )
2021-11-21 23:41:00 +08:00
if err != nil {
2016-03-26 06:04:02 +08:00
return err
}
2021-11-21 23:41:00 +08:00
defer committer . Close ( )
2016-03-26 06:04:02 +08:00
2021-11-21 23:41:00 +08:00
if err = db . Insert ( ctx , t ) ; err != nil {
2016-03-26 06:04:02 +08:00
return err
}
2018-06-22 00:00:13 +08:00
// insert units for team
if len ( t . Units ) > 0 {
for _ , unit := range t . Units {
unit . TeamID = t . ID
}
2021-11-21 23:41:00 +08:00
if err = db . Insert ( ctx , & t . Units ) ; err != nil {
2018-06-22 00:00:13 +08:00
return err
}
}
2019-11-06 17:37:14 +08:00
// Add all repositories to the team if it has access to all of them.
if t . IncludesAllRepositories {
2024-11-28 05:12:26 +08:00
err = repo_service . AddAllRepositoriesToTeam ( ctx , t )
2019-11-06 17:37:14 +08:00
if err != nil {
2022-10-25 03:29:17 +08:00
return fmt . Errorf ( "addAllRepositories: %w" , err )
2019-11-06 17:37:14 +08:00
}
}
2016-03-26 06:04:02 +08:00
// Update organization number of teams.
2021-11-21 23:41:00 +08:00
if _ , err = db . Exec ( ctx , "UPDATE `user` SET num_teams=num_teams+1 WHERE id = ?" , t . OrgID ) ; err != nil {
2016-03-26 06:04:02 +08:00
return err
}
2021-11-21 23:41:00 +08:00
return committer . Commit ( )
2016-03-26 06:04:02 +08:00
}
// UpdateTeam updates information of team.
2023-09-15 01:09:32 +08:00
func UpdateTeam ( ctx context . Context , t * organization . Team , authChanged , includeAllChanged bool ) ( err error ) {
2016-03-26 06:04:02 +08:00
if len ( t . Name ) == 0 {
2022-12-31 19:49:37 +08:00
return util . NewInvalidArgumentErrorf ( "empty team name" )
2016-03-26 06:04:02 +08:00
}
if len ( t . Description ) > 255 {
t . Description = t . Description [ : 255 ]
}
2023-09-15 01:09:32 +08:00
ctx , committer , err := db . TxContext ( ctx )
2021-11-21 23:41:00 +08:00
if err != nil {
2016-03-26 06:04:02 +08:00
return err
}
2021-11-21 23:41:00 +08:00
defer committer . Close ( )
2016-03-26 06:04:02 +08:00
t . LowerName = strings . ToLower ( t . Name )
2023-12-07 15:27:36 +08:00
has , err := db . Exist [ organization . Team ] ( ctx , builder . Eq {
"org_id" : t . OrgID ,
"lower_name" : t . LowerName ,
} . And ( builder . Neq { "id" : t . ID } ) ,
)
2016-03-26 06:04:02 +08:00
if err != nil {
return err
} else if has {
2022-03-29 14:29:02 +08:00
return organization . ErrTeamAlreadyExist { OrgID : t . OrgID , Name : t . LowerName }
2016-03-26 06:04:02 +08:00
}
2023-12-07 15:27:36 +08:00
sess := db . GetEngine ( ctx )
2020-01-09 21:15:14 +08:00
if _ , err = sess . ID ( t . ID ) . Cols ( "name" , "lower_name" , "description" ,
"can_create_org_repo" , "authorize" , "includes_all_repositories" ) . Update ( t ) ; err != nil {
2022-10-25 03:29:17 +08:00
return fmt . Errorf ( "update: %w" , err )
2016-03-26 06:04:02 +08:00
}
2018-11-11 03:45:32 +08:00
// update units for team
if len ( t . Units ) > 0 {
for _ , unit := range t . Units {
unit . TeamID = t . ID
}
// Delete team-unit.
if _ , err := sess .
Where ( "team_id=?" , t . ID ) .
2022-03-29 14:29:02 +08:00
Delete ( new ( organization . TeamUnit ) ) ; err != nil {
2018-11-11 03:45:32 +08:00
return err
}
2022-01-05 11:37:00 +08:00
if _ , err = sess . Cols ( "org_id" , "team_id" , "type" , "access_mode" ) . Insert ( & t . Units ) ; err != nil {
2018-11-11 03:45:32 +08:00
return err
}
}
2016-03-26 06:04:02 +08:00
// Update access for team members if needed.
if authChanged {
2024-12-18 11:44:16 +08:00
repos , err := repo_model . GetTeamRepositories ( ctx , & repo_model . SearchTeamRepoOptions {
TeamID : t . ID ,
} )
if err != nil {
return fmt . Errorf ( "GetTeamRepositories: %w" , err )
2016-03-26 06:04:02 +08:00
}
2024-12-18 11:44:16 +08:00
for _ , repo := range repos {
2022-05-11 18:09:36 +08:00
if err = access_model . RecalculateTeamAccesses ( ctx , repo , 0 ) ; err != nil {
2022-10-25 03:29:17 +08:00
return fmt . Errorf ( "recalculateTeamAccesses: %w" , err )
2016-03-26 06:04:02 +08:00
}
}
}
2019-11-06 17:37:14 +08:00
// Add all repositories to the team if it has access to all of them.
if includeAllChanged && t . IncludesAllRepositories {
2024-11-28 05:12:26 +08:00
err = repo_service . AddAllRepositoriesToTeam ( ctx , t )
2019-11-06 17:37:14 +08:00
if err != nil {
2022-10-25 03:29:17 +08:00
return fmt . Errorf ( "addAllRepositories: %w" , err )
2019-11-06 17:37:14 +08:00
}
}
2021-11-21 23:41:00 +08:00
return committer . Commit ( )
2016-03-26 06:04:02 +08:00
}
// DeleteTeam deletes given team.
// It's caller's responsibility to assign organization ID.
2023-09-15 01:09:32 +08:00
func DeleteTeam ( ctx context . Context , t * organization . Team ) error {
ctx , committer , err := db . TxContext ( ctx )
2021-11-21 23:41:00 +08:00
if err != nil {
2016-03-26 06:04:02 +08:00
return err
}
2021-11-21 23:41:00 +08:00
defer committer . Close ( )
2016-03-26 06:04:02 +08:00
2022-12-03 10:48:26 +08:00
if err := t . LoadMembers ( ctx ) ; err != nil {
2018-06-20 03:44:33 +08:00
return err
}
2022-03-22 09:09:45 +08:00
// update branch protections
{
2022-06-12 23:51:54 +08:00
protections := make ( [ ] * git_model . ProtectedBranch , 0 , 10 )
2023-01-16 16:00:22 +08:00
err := db . GetEngine ( ctx ) . In ( "repo_id" ,
2022-03-22 09:09:45 +08:00
builder . Select ( "id" ) . From ( "repository" ) . Where ( builder . Eq { "owner_id" : t . OrgID } ) ) .
Find ( & protections )
if err != nil {
2022-10-25 03:29:17 +08:00
return fmt . Errorf ( "findProtectedBranches: %w" , err )
2022-03-22 09:09:45 +08:00
}
for _ , p := range protections {
2023-01-16 16:00:22 +08:00
if err := git_model . RemoveTeamIDFromProtectedBranch ( ctx , p , t . ID ) ; err != nil {
return err
2022-03-22 09:09:45 +08:00
}
}
}
2024-11-28 05:12:26 +08:00
if err := repo_service . RemoveAllRepositoriesFromTeam ( ctx , t ) ; err != nil {
return err
2017-02-23 09:36:15 +08:00
}
2022-10-19 20:40:28 +08:00
if err := db . DeleteBeans ( ctx ,
& organization . Team { ID : t . ID } ,
& organization . TeamUser { OrgID : t . OrgID , TeamID : t . ID } ,
& organization . TeamUnit { TeamID : t . ID } ,
& organization . TeamInvite { TeamID : t . ID } ,
2023-04-20 07:50:00 +08:00
& issues_model . Review { Type : issues_model . ReviewTypeRequest , ReviewerTeamID : t . ID } , // batch delete the binding relationship between team and PR (request review from team)
2022-10-19 20:40:28 +08:00
) ; err != nil {
2018-06-22 00:00:13 +08:00
return err
}
2023-04-25 03:52:38 +08:00
for _ , tm := range t . Members {
2024-03-04 16:16:03 +08:00
if err := removeInvalidOrgUser ( ctx , t . OrgID , tm ) ; err != nil {
2023-04-25 03:52:38 +08:00
return err
}
}
2016-03-26 06:04:02 +08:00
// Update organization number of teams.
2023-01-16 16:00:22 +08:00
if _ , err := db . Exec ( ctx , "UPDATE `user` SET num_teams=num_teams-1 WHERE id=?" , t . OrgID ) ; err != nil {
2016-03-26 06:04:02 +08:00
return err
}
2021-11-21 23:41:00 +08:00
return committer . Commit ( )
2016-03-26 06:04:02 +08:00
}
// AddTeamMember adds new membership of given team to given organization,
// the user will have membership to given organization automatically when needed.
2024-03-04 16:16:03 +08:00
func AddTeamMember ( ctx context . Context , team * organization . Team , user * user_model . User ) error {
if user_model . IsUserBlockedBy ( ctx , user , team . OrgID ) {
return user_model . ErrBlockedUser
}
isAlreadyMember , err := organization . IsTeamMember ( ctx , team . OrgID , team . ID , user . ID )
2017-12-21 15:43:26 +08:00
if err != nil || isAlreadyMember {
return err
2016-03-26 06:04:02 +08:00
}
2024-03-04 16:16:03 +08:00
if err := organization . AddOrgUser ( ctx , team . OrgID , user . ID ) ; err != nil {
2016-03-26 06:04:02 +08:00
return err
}
2023-09-16 20:54:23 +08:00
err = db . WithTx ( ctx , func ( ctx context . Context ) error {
// check in transaction
2024-03-04 16:16:03 +08:00
isAlreadyMember , err = organization . IsTeamMember ( ctx , team . OrgID , team . ID , user . ID )
2023-09-16 20:54:23 +08:00
if err != nil || isAlreadyMember {
return err
}
2022-05-14 21:30:19 +08:00
2023-09-16 20:54:23 +08:00
sess := db . GetEngine ( ctx )
2021-11-21 23:41:00 +08:00
2023-09-16 20:54:23 +08:00
if err := db . Insert ( ctx , & organization . TeamUser {
2024-03-04 16:16:03 +08:00
UID : user . ID ,
2023-09-16 20:54:23 +08:00
OrgID : team . OrgID ,
TeamID : team . ID ,
} ) ; err != nil {
return err
} else if _ , err := sess . Incr ( "num_members" ) . ID ( team . ID ) . Update ( new ( organization . Team ) ) ; err != nil {
return err
}
2016-03-26 06:04:02 +08:00
2023-09-16 20:54:23 +08:00
team . NumMembers ++
2017-12-31 11:08:08 +08:00
2023-09-16 20:54:23 +08:00
// Give access to team repositories.
// update exist access if mode become bigger
subQuery := builder . Select ( "repo_id" ) . From ( "team_repo" ) .
Where ( builder . Eq { "team_id" : team . ID } )
2022-04-01 09:53:18 +08:00
2024-03-04 16:16:03 +08:00
if _ , err := sess . Where ( "user_id=?" , user . ID ) .
2023-09-16 20:54:23 +08:00
In ( "repo_id" , subQuery ) .
And ( "mode < ?" , team . AccessMode ) .
SetExpr ( "mode" , team . AccessMode ) .
Update ( new ( access_model . Access ) ) ; err != nil {
return fmt . Errorf ( "update user accesses: %w" , err )
}
2022-04-01 09:53:18 +08:00
2023-09-16 20:54:23 +08:00
// for not exist access
var repoIDs [ ] int64
2024-03-04 16:16:03 +08:00
accessSubQuery := builder . Select ( "repo_id" ) . From ( "access" ) . Where ( builder . Eq { "user_id" : user . ID } )
2023-09-16 20:54:23 +08:00
if err := sess . SQL ( subQuery . And ( builder . NotIn ( "repo_id" , accessSubQuery ) ) ) . Find ( & repoIDs ) ; err != nil {
return fmt . Errorf ( "select id accesses: %w" , err )
}
2022-04-01 09:53:18 +08:00
2023-09-16 20:54:23 +08:00
accesses := make ( [ ] * access_model . Access , 0 , 100 )
for i , repoID := range repoIDs {
2024-03-04 16:16:03 +08:00
accesses = append ( accesses , & access_model . Access { RepoID : repoID , UserID : user . ID , Mode : team . AccessMode } )
2023-09-16 20:54:23 +08:00
if ( i % 100 == 0 || i == len ( repoIDs ) - 1 ) && len ( accesses ) > 0 {
if err = db . Insert ( ctx , accesses ) ; err != nil {
return fmt . Errorf ( "insert new user accesses: %w" , err )
}
accesses = accesses [ : 0 ]
2019-01-27 17:25:21 +08:00
}
2018-06-20 03:44:33 +08:00
}
2023-09-16 20:54:23 +08:00
return nil
} )
if err != nil {
return err
2016-03-26 06:04:02 +08:00
}
2022-12-03 10:48:26 +08:00
// this behaviour may spend much time so run it in a goroutine
// FIXME: Update watch repos batchly
2022-04-01 09:53:18 +08:00
if setting . Service . AutoWatchNewRepos {
// Get team and its repositories.
2024-12-18 11:44:16 +08:00
repos , err := repo_model . GetTeamRepositories ( ctx , & repo_model . SearchTeamRepoOptions {
TeamID : team . ID ,
} )
if err != nil {
log . Error ( "GetTeamRepositories failed: %v" , err )
2022-04-01 09:53:18 +08:00
}
2024-03-04 16:16:03 +08:00
2023-09-15 01:09:32 +08:00
// FIXME: in the goroutine, it can't access the "ctx", it could only use db.DefaultContext at the moment
2022-04-01 09:53:18 +08:00
go func ( repos [ ] * repo_model . Repository ) {
for _ , repo := range repos {
2024-03-04 16:16:03 +08:00
if err = repo_model . WatchRepo ( db . DefaultContext , user , repo , true ) ; err != nil {
2022-04-01 09:53:18 +08:00
log . Error ( "watch repo failed: %v" , err )
}
}
2024-12-18 11:44:16 +08:00
} ( repos )
2022-04-01 09:53:18 +08:00
}
2023-09-16 20:54:23 +08:00
return nil
2016-03-26 06:04:02 +08:00
}
2024-03-04 16:16:03 +08:00
func removeTeamMember ( ctx context . Context , team * organization . Team , user * user_model . User ) error {
2021-11-19 19:41:40 +08:00
e := db . GetEngine ( ctx )
2024-03-04 16:16:03 +08:00
isMember , err := organization . IsTeamMember ( ctx , team . OrgID , team . ID , user . ID )
2017-12-21 15:43:26 +08:00
if err != nil || ! isMember {
return err
2016-03-26 06:04:02 +08:00
}
// Check if the user to delete is the last member in owner team.
2017-02-24 14:25:09 +08:00
if team . IsOwnerTeam ( ) && team . NumMembers == 1 {
2024-03-04 16:16:03 +08:00
return organization . ErrLastOrgOwner { UID : user . ID }
2016-03-26 06:04:02 +08:00
}
2017-02-24 14:25:09 +08:00
team . NumMembers --
2016-03-26 06:04:02 +08:00
2024-12-18 11:44:16 +08:00
repos , err := repo_model . GetTeamRepositories ( ctx , & repo_model . SearchTeamRepoOptions {
TeamID : team . ID ,
} )
if err != nil {
2016-03-26 06:04:02 +08:00
return err
}
2022-03-29 14:29:02 +08:00
if _ , err := e . Delete ( & organization . TeamUser {
2024-03-04 16:16:03 +08:00
UID : user . ID ,
2017-02-24 14:25:09 +08:00
OrgID : team . OrgID ,
TeamID : team . ID ,
} ) ; err != nil {
2016-03-26 06:04:02 +08:00
return err
2016-11-10 23:16:32 +08:00
} else if _ , err = e .
2017-10-05 12:43:04 +08:00
ID ( team . ID ) .
2017-09-25 12:59:27 +08:00
Cols ( "num_members" ) .
2017-02-24 14:25:09 +08:00
Update ( team ) ; err != nil {
2016-03-26 06:04:02 +08:00
return err
}
// Delete access to team repositories.
2024-12-18 11:44:16 +08:00
for _ , repo := range repos {
2024-03-04 16:16:03 +08:00
if err := access_model . RecalculateUserAccess ( ctx , repo , user . ID ) ; err != nil {
2016-03-26 06:04:02 +08:00
return err
}
2018-06-20 03:44:33 +08:00
// Remove watches from now unaccessible
2024-11-28 05:12:26 +08:00
if err := repo_service . ReconsiderWatches ( ctx , repo , user ) ; err != nil {
2018-06-20 03:44:33 +08:00
return err
}
2020-04-08 05:52:01 +08:00
// Remove issue assignments from now unaccessible
2024-11-28 05:12:26 +08:00
if err := repo_service . ReconsiderRepoIssuesAssignee ( ctx , repo , user ) ; err != nil {
2018-06-20 03:44:33 +08:00
return err
}
2016-03-26 06:04:02 +08:00
}
2024-03-04 16:16:03 +08:00
return removeInvalidOrgUser ( ctx , team . OrgID , user )
2023-04-25 03:52:38 +08:00
}
2024-03-04 16:16:03 +08:00
func removeInvalidOrgUser ( ctx context . Context , orgID int64 , user * user_model . User ) error {
2018-02-23 16:42:02 +08:00
// Check if the user is a member of any team in the organization.
2023-04-25 03:52:38 +08:00
if count , err := db . GetEngine ( ctx ) . Count ( & organization . TeamUser {
2024-03-04 16:16:03 +08:00
UID : user . ID ,
2023-04-25 03:52:38 +08:00
OrgID : orgID ,
2018-02-23 16:42:02 +08:00
} ) ; err != nil {
return err
} else if count == 0 {
2024-03-04 16:16:03 +08:00
org , err := organization . GetOrgByID ( ctx , orgID )
if err != nil {
return err
}
return RemoveOrgUser ( ctx , org , user )
2018-02-23 16:42:02 +08:00
}
2016-03-26 06:04:02 +08:00
return nil
}
// RemoveTeamMember removes member from given team of given organization.
2024-03-04 16:16:03 +08:00
func RemoveTeamMember ( ctx context . Context , team * organization . Team , user * user_model . User ) error {
2023-09-15 01:09:32 +08:00
ctx , committer , err := db . TxContext ( ctx )
2021-11-19 19:41:40 +08:00
if err != nil {
2016-03-26 06:04:02 +08:00
return err
}
2021-11-19 19:41:40 +08:00
defer committer . Close ( )
2024-03-04 16:16:03 +08:00
if err := removeTeamMember ( ctx , team , user ) ; err != nil {
2016-03-26 06:04:02 +08:00
return err
}
2021-11-19 19:41:40 +08:00
return committer . Commit ( )
2016-03-26 06:04:02 +08:00
}