permPR[i] = false
continue
}
- perm, err := getUserRepoPermission(ctx, repo, user)
+ perm, err := GetUserRepoPermission(ctx, repo, user)
if err != nil {
permCode[i] = false
permIssue[i] = false
// If ID is 0, it creates a new record. Otherwise, updates existing record.
// This function also performs check if whitelist user and team's IDs have been changed
// to avoid unnecessary whitelist delete and regenerate.
-func UpdateProtectBranch(repo *repo_model.Repository, protectBranch *ProtectedBranch, opts WhitelistOptions) (err error) {
- if err = repo.GetOwner(db.DefaultContext); err != nil {
+func UpdateProtectBranch(ctx context.Context, repo *repo_model.Repository, protectBranch *ProtectedBranch, opts WhitelistOptions) (err error) {
+ if err = repo.GetOwner(ctx); err != nil {
return fmt.Errorf("GetOwner: %v", err)
}
- whitelist, err := updateUserWhitelist(repo, protectBranch.WhitelistUserIDs, opts.UserIDs)
+ whitelist, err := updateUserWhitelist(ctx, repo, protectBranch.WhitelistUserIDs, opts.UserIDs)
if err != nil {
return err
}
protectBranch.WhitelistUserIDs = whitelist
- whitelist, err = updateUserWhitelist(repo, protectBranch.MergeWhitelistUserIDs, opts.MergeUserIDs)
+ whitelist, err = updateUserWhitelist(ctx, repo, protectBranch.MergeWhitelistUserIDs, opts.MergeUserIDs)
if err != nil {
return err
}
protectBranch.MergeWhitelistUserIDs = whitelist
- whitelist, err = updateApprovalWhitelist(repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
+ whitelist, err = updateApprovalWhitelist(ctx, repo, protectBranch.ApprovalsWhitelistUserIDs, opts.ApprovalsUserIDs)
if err != nil {
return err
}
protectBranch.ApprovalsWhitelistUserIDs = whitelist
// if the repo is in an organization
- whitelist, err = updateTeamWhitelist(repo, protectBranch.WhitelistTeamIDs, opts.TeamIDs)
+ whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.WhitelistTeamIDs, opts.TeamIDs)
if err != nil {
return err
}
protectBranch.WhitelistTeamIDs = whitelist
- whitelist, err = updateTeamWhitelist(repo, protectBranch.MergeWhitelistTeamIDs, opts.MergeTeamIDs)
+ whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.MergeWhitelistTeamIDs, opts.MergeTeamIDs)
if err != nil {
return err
}
protectBranch.MergeWhitelistTeamIDs = whitelist
- whitelist, err = updateTeamWhitelist(repo, protectBranch.ApprovalsWhitelistTeamIDs, opts.ApprovalsTeamIDs)
+ whitelist, err = updateTeamWhitelist(ctx, repo, protectBranch.ApprovalsWhitelistTeamIDs, opts.ApprovalsTeamIDs)
if err != nil {
return err
}
// Make sure protectBranch.ID is not 0 for whitelists
if protectBranch.ID == 0 {
- if _, err = db.GetEngine(db.DefaultContext).Insert(protectBranch); err != nil {
+ if _, err = db.GetEngine(ctx).Insert(protectBranch); err != nil {
return fmt.Errorf("Insert: %v", err)
}
return nil
}
- if _, err = db.GetEngine(db.DefaultContext).ID(protectBranch.ID).AllCols().Update(protectBranch); err != nil {
+ if _, err = db.GetEngine(ctx).ID(protectBranch.ID).AllCols().Update(protectBranch); err != nil {
return fmt.Errorf("Update: %v", err)
}
// updateApprovalWhitelist checks whether the user whitelist changed and returns a whitelist with
// the users from newWhitelist which have explicit read or write access to the repo.
-func updateApprovalWhitelist(repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
+func updateApprovalWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
if !hasUsersChanged {
return currentWhitelist, nil
whitelist = make([]int64, 0, len(newWhitelist))
for _, userID := range newWhitelist {
- if reader, err := IsRepoReader(repo, userID); err != nil {
+ if reader, err := IsRepoReader(ctx, repo, userID); err != nil {
return nil, err
} else if !reader {
continue
// updateUserWhitelist checks whether the user whitelist changed and returns a whitelist with
// the users from newWhitelist which have write access to the repo.
-func updateUserWhitelist(repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
+func updateUserWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
hasUsersChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
if !hasUsersChanged {
return currentWhitelist, nil
whitelist = make([]int64, 0, len(newWhitelist))
for _, userID := range newWhitelist {
- user, err := user_model.GetUserByID(userID)
+ user, err := user_model.GetUserByIDCtx(ctx, userID)
if err != nil {
return nil, fmt.Errorf("GetUserByID [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)
}
- perm, err := GetUserRepoPermission(repo, user)
+ perm, err := GetUserRepoPermission(ctx, repo, user)
if err != nil {
return nil, fmt.Errorf("GetUserRepoPermission [user_id: %d, repo_id: %d]: %v", userID, repo.ID, err)
}
// updateTeamWhitelist checks whether the team whitelist changed and returns a whitelist with
// the teams from newWhitelist which have write access to the repo.
-func updateTeamWhitelist(repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
+func updateTeamWhitelist(ctx context.Context, repo *repo_model.Repository, currentWhitelist, newWhitelist []int64) (whitelist []int64, err error) {
hasTeamsChanged := !util.IsSliceInt64Eq(currentWhitelist, newWhitelist)
if !hasTeamsChanged {
return currentWhitelist, nil
}
- teams, err := organization.GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, perm.AccessModeRead)
+ teams, err := organization.GetTeamsWithAccessToRepo(ctx, repo.OwnerID, repo.ID, perm.AccessModeRead)
if err != nil {
return nil, fmt.Errorf("GetTeamsWithAccessToRepo [org_id: %d, repo_id: %d]: %v", repo.OwnerID, repo.ID, err)
}
import (
"testing"
+ "code.gitea.io/gitea/models/db"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unittest"
repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1}).(*repo_model.Repository)
_isDefault := false
- err := UpdateProtectBranch(repo1, &ProtectedBranch{
+ ctx, committer, err := db.TxContext()
+ defer committer.Close()
+ assert.NoError(t, err)
+ assert.NoError(t, UpdateProtectBranch(ctx, repo1, &ProtectedBranch{
RepoID: repo1.ID,
BranchName: "master",
- }, WhitelistOptions{})
- assert.NoError(t, err)
+ }, WhitelistOptions{}))
+ assert.NoError(t, committer.Commit())
assert.NoError(t, RenameBranch(repo1, "master", "main", func(isDefault bool) error {
_isDefault = isDefault
// GetLatestCommitStatus returns all statuses with a unique context for a given commit.
func GetLatestCommitStatus(repoID int64, sha string, listOptions db.ListOptions) ([]*CommitStatus, int64, error) {
- return getLatestCommitStatus(db.GetEngine(db.DefaultContext), repoID, sha, listOptions)
+ return GetLatestCommitStatusCtx(db.DefaultContext, repoID, sha, listOptions)
}
-func getLatestCommitStatus(e db.Engine, repoID int64, sha string, listOptions db.ListOptions) ([]*CommitStatus, int64, error) {
+// GetLatestCommitStatusCtx returns all statuses with a unique context for a given commit.
+func GetLatestCommitStatusCtx(ctx context.Context, repoID int64, sha string, listOptions db.ListOptions) ([]*CommitStatus, int64, error) {
ids := make([]int64, 0, 10)
- sess := e.Table(&CommitStatus{}).
+ sess := db.GetEngine(ctx).Table(&CommitStatus{}).
Where("repo_id = ?", repoID).And("sha = ?", sha).
Select("max( id ) as id").
GroupBy("context_hash").OrderBy("max( id ) desc")
if len(ids) == 0 {
return statuses, count, nil
}
- return statuses, count, e.In("id", ids).Find(&statuses)
+ return statuses, count, db.GetEngine(ctx).In("id", ids).Find(&statuses)
}
// FindRepoRecentCommitStatusContexts returns repository's recent commit status contexts
}
// LoadLabels loads labels
-func (issue *Issue) LoadLabels() error {
- return issue.loadLabels(db.GetEngine(db.DefaultContext))
-}
-
-func (issue *Issue) loadLabels(e db.Engine) (err error) {
+func (issue *Issue) LoadLabels(ctx context.Context) (err error) {
if issue.Labels == nil {
- issue.Labels, err = getLabelsByIssueID(e, issue.ID)
+ issue.Labels, err = getLabelsByIssueID(db.GetEngine(ctx), issue.ID)
if err != nil {
return fmt.Errorf("getLabelsByIssueID [%d]: %v", issue.ID, err)
}
return
}
- if err = issue.loadLabels(e); err != nil {
+ if err = issue.LoadLabels(ctx); err != nil {
return
}
return err
}
- perm, err := getUserRepoPermission(ctx, issue.Repo, doer)
+ perm, err := GetUserRepoPermission(ctx, issue.Repo, doer)
if err != nil {
return err
}
return err
}
- if err = issue.loadLabels(db.GetEngine(ctx)); err != nil {
+ if err = issue.LoadLabels(ctx); err != nil {
return err
}
}
issue.Labels = nil
- if err = issue.loadLabels(db.GetEngine(ctx)); err != nil {
+ if err = issue.LoadLabels(ctx); err != nil {
return err
}
continue
}
// Normal users must have read access to the referencing issue
- perm, err := getUserRepoPermission(ctx, issue.Repo, user)
+ perm, err := GetUserRepoPermission(ctx, issue.Repo, user)
if err != nil {
- return nil, fmt.Errorf("getUserRepoPermission [%d]: %v", user.ID, err)
+ return nil, fmt.Errorf("GetUserRepoPermission [%d]: %v", user.ID, err)
}
if !perm.CanReadIssuesOrPulls(issue.IsPull) {
continue
return err
}
defer committer.Close()
- sess := db.GetEngine(ctx)
if err = issue.LoadRepo(ctx); err != nil {
return err
}
issue.Labels = nil
- if err = issue.loadLabels(sess); err != nil {
+ if err = issue.LoadLabels(ctx); err != nil {
return err
}
}
issue.Labels = nil
- if err = issue.loadLabels(db.GetEngine(ctx)); err != nil {
+ if err = issue.LoadLabels(ctx); err != nil {
return err
}
}
// DeleteIssueLabel deletes issue-label relation.
-func DeleteIssueLabel(issue *Issue, label *Label, doer *user_model.User) (err error) {
- ctx, committer, err := db.TxContext()
- if err != nil {
- return err
- }
- defer committer.Close()
-
- if err = deleteIssueLabel(ctx, issue, label, doer); err != nil {
+func DeleteIssueLabel(ctx context.Context, issue *Issue, label *Label, doer *user_model.User) error {
+ if err := deleteIssueLabel(ctx, issue, label, doer); err != nil {
return err
}
issue.Labels = nil
- if err = issue.loadLabels(db.GetEngine(ctx)); err != nil {
- return err
- }
-
- return committer.Commit()
+ return issue.LoadLabels(ctx)
}
func deleteLabelsByRepoID(sess db.Engine, repoID int64) error {
}
}
- assert.NoError(t, DeleteIssueLabel(issue, label, doer))
+ ctx, committer, err := db.TxContext()
+ defer committer.Close()
+ assert.NoError(t, err)
+ assert.NoError(t, DeleteIssueLabel(ctx, issue, label, doer))
+ assert.NoError(t, committer.Commit())
+
unittest.AssertNotExistsBean(t, &IssueLabel{IssueID: issueID, LabelID: labelID})
unittest.AssertExistsAndLoadBean(t, &Comment{
Type: CommentTypeLabel,
// Check doer permissions; set action to None if the doer can't change the destination
if refIssue.RepoID != ctx.OrigIssue.RepoID || ref.Action != references.XRefActionNone {
- perm, err := getUserRepoPermission(stdCtx, refIssue.Repo, ctx.Doer)
+ perm, err := GetUserRepoPermission(stdCtx, refIssue.Repo, ctx.Doer)
if err != nil {
return nil, references.XRefActionNone, err
}
package models
import (
+ "context"
"fmt"
"path"
"strings"
// CreateLFSLock creates a new lock.
func CreateLFSLock(repo *repo_model.Repository, lock *LFSLock) (*LFSLock, error) {
- err := CheckLFSAccessForRepo(lock.OwnerID, repo, perm.AccessModeWrite)
+ dbCtx, committer, err := db.TxContext()
if err != nil {
return nil, err
}
+ defer committer.Close()
+
+ if err := CheckLFSAccessForRepo(dbCtx, lock.OwnerID, repo, perm.AccessModeWrite); err != nil {
+ return nil, err
+ }
lock.Path = cleanPath(lock.Path)
lock.RepoID = repo.ID
- l, err := GetLFSLock(repo, lock.Path)
+ l, err := GetLFSLock(dbCtx, repo, lock.Path)
if err == nil {
return l, ErrLFSLockAlreadyExist{lock.RepoID, lock.Path}
}
return nil, err
}
- err = db.Insert(db.DefaultContext, lock)
- return lock, err
+ if err := db.Insert(dbCtx, lock); err != nil {
+ return nil, err
+ }
+
+ return lock, committer.Commit()
}
// GetLFSLock returns release by given path.
-func GetLFSLock(repo *repo_model.Repository, path string) (*LFSLock, error) {
+func GetLFSLock(ctx context.Context, repo *repo_model.Repository, path string) (*LFSLock, error) {
path = cleanPath(path)
rel := &LFSLock{RepoID: repo.ID}
- has, err := db.GetEngine(db.DefaultContext).Where("lower(path) = ?", strings.ToLower(path)).Get(rel)
+ has, err := db.GetEngine(ctx).Where("lower(path) = ?", strings.ToLower(path)).Get(rel)
if err != nil {
return nil, err
}
}
// GetLFSLockByID returns release by given id.
-func GetLFSLockByID(id int64) (*LFSLock, error) {
+func GetLFSLockByID(ctx context.Context, id int64) (*LFSLock, error) {
lock := new(LFSLock)
- has, err := db.GetEngine(db.DefaultContext).ID(id).Get(lock)
+ has, err := db.GetEngine(ctx).ID(id).Get(lock)
if err != nil {
return nil, err
} else if !has {
// DeleteLFSLockByID deletes a lock by given ID.
func DeleteLFSLockByID(id int64, repo *repo_model.Repository, u *user_model.User, force bool) (*LFSLock, error) {
- lock, err := GetLFSLockByID(id)
+ dbCtx, committer, err := db.TxContext()
if err != nil {
return nil, err
}
+ defer committer.Close()
- err = CheckLFSAccessForRepo(u.ID, repo, perm.AccessModeWrite)
+ lock, err := GetLFSLockByID(dbCtx, id)
if err != nil {
return nil, err
}
+ if err := CheckLFSAccessForRepo(dbCtx, u.ID, repo, perm.AccessModeWrite); err != nil {
+ return nil, err
+ }
+
if !force && u.ID != lock.OwnerID {
return nil, fmt.Errorf("user doesn't own lock and force flag is not set")
}
- _, err = db.GetEngine(db.DefaultContext).ID(id).Delete(new(LFSLock))
- return lock, err
+ if _, err := db.GetEngine(dbCtx).ID(id).Delete(new(LFSLock)); err != nil {
+ return nil, err
+ }
+
+ return lock, committer.Commit()
}
// CheckLFSAccessForRepo check needed access mode base on action
-func CheckLFSAccessForRepo(ownerID int64, repo *repo_model.Repository, mode perm.AccessMode) error {
+func CheckLFSAccessForRepo(ctx context.Context, ownerID int64, repo *repo_model.Repository, mode perm.AccessMode) error {
if ownerID == 0 {
return ErrLFSUnauthorizedAction{repo.ID, "undefined", mode}
}
- u, err := user_model.GetUserByID(ownerID)
+ u, err := user_model.GetUserByIDCtx(ctx, ownerID)
if err != nil {
return err
}
- perm, err := GetUserRepoPermission(repo, u)
+ perm, err := GetUserRepoPermission(ctx, repo, u)
if err != nil {
return err
}
// TeamsWithAccessToRepo returns all teams that have given access level to the repository.
func (org *Organization) TeamsWithAccessToRepo(repoID int64, mode perm.AccessMode) ([]*Team, error) {
- return GetTeamsWithAccessToRepo(org.ID, repoID, mode)
+ return GetTeamsWithAccessToRepo(db.DefaultContext, org.ID, repoID, mode)
}
// GetUserTeamIDs returns of all team IDs of the organization that user is member of.
}
// GetTeamsWithAccessToRepo returns all teams in an organization that have given access level to the repository.
-func GetTeamsWithAccessToRepo(orgID, repoID int64, mode perm.AccessMode) ([]*Team, error) {
+func GetTeamsWithAccessToRepo(ctx context.Context, orgID, repoID int64, mode perm.AccessMode) ([]*Team, error) {
teams := make([]*Team, 0, 5)
- return teams, db.GetEngine(db.DefaultContext).Where("team.authorize >= ?", mode).
+ return teams, db.GetEngine(ctx).Where("team.authorize >= ?", mode).
Join("INNER", "team_repo", "team_repo.team_id = team.id").
And("team_repo.org_id = ?", orgID).
And("team_repo.repo_id = ?", repoID).
return pr.loadAttributes(db.GetEngine(db.DefaultContext))
}
-func (pr *PullRequest) loadHeadRepo(ctx context.Context) (err error) {
+// LoadHeadRepoCtx loads the head repository
+func (pr *PullRequest) LoadHeadRepoCtx(ctx context.Context) (err error) {
if !pr.isHeadRepoLoaded && pr.HeadRepo == nil && pr.HeadRepoID > 0 {
if pr.HeadRepoID == pr.BaseRepoID {
if pr.BaseRepo != nil {
// LoadHeadRepo loads the head repository
func (pr *PullRequest) LoadHeadRepo() error {
- return pr.loadHeadRepo(db.DefaultContext)
+ return pr.LoadHeadRepoCtx(db.DefaultContext)
}
// LoadBaseRepo loads the target repository
func (pr *PullRequest) LoadBaseRepo() error {
- return pr.loadBaseRepo(db.DefaultContext)
+ return pr.LoadBaseRepoCtx(db.DefaultContext)
}
-func (pr *PullRequest) loadBaseRepo(ctx context.Context) (err error) {
+// LoadBaseRepoCtx loads the target repository
+func (pr *PullRequest) LoadBaseRepoCtx(ctx context.Context) (err error) {
if pr.BaseRepo != nil {
return nil
}
// LoadIssue loads issue information from database
func (pr *PullRequest) LoadIssue() (err error) {
- return pr.loadIssue(db.GetEngine(db.DefaultContext))
+ return pr.LoadIssueCtx(db.DefaultContext)
}
-func (pr *PullRequest) loadIssue(e db.Engine) (err error) {
+// LoadIssueCtx loads issue information from database
+func (pr *PullRequest) LoadIssueCtx(ctx context.Context) (err error) {
if pr.Issue != nil {
return nil
}
- pr.Issue, err = getIssueByID(e, pr.IssueID)
+ pr.Issue, err = getIssueByID(db.GetEngine(ctx), pr.IssueID)
if err == nil {
pr.Issue.PullRequest = pr
}
// LoadProtectedBranch loads the protected branch of the base branch
func (pr *PullRequest) LoadProtectedBranch() (err error) {
- return pr.loadProtectedBranch(db.DefaultContext)
+ return pr.LoadProtectedBranchCtx(db.DefaultContext)
}
-func (pr *PullRequest) loadProtectedBranch(ctx context.Context) (err error) {
+// LoadProtectedBranchCtx loads the protected branch of the base branch
+func (pr *PullRequest) LoadProtectedBranchCtx(ctx context.Context) (err error) {
if pr.ProtectedBranch == nil {
if pr.BaseRepo == nil {
if pr.BaseRepoID == 0 {
}
pr.Issue = nil
- if err := pr.loadIssue(sess); err != nil {
+ if err := pr.LoadIssueCtx(ctx); err != nil {
return false, err
}
// GetPullRequestByIndex returns a pull request by the given index
func GetPullRequestByIndex(repoID, index int64) (*PullRequest, error) {
+ return GetPullRequestByIndexCtx(db.DefaultContext, repoID, index)
+}
+
+// GetPullRequestByIndexCtx returns a pull request by the given index
+func GetPullRequestByIndexCtx(ctx context.Context, repoID, index int64) (*PullRequest, error) {
if index < 1 {
return nil, ErrPullRequestNotExist{}
}
Index: index,
}
- has, err := db.GetEngine(db.DefaultContext).Get(pr)
+ has, err := db.GetEngine(ctx).Get(pr)
if err != nil {
return nil, err
} else if !has {
return nil, ErrPullRequestNotExist{0, 0, 0, repoID, "", ""}
}
- if err = pr.LoadAttributes(); err != nil {
+ if err = pr.loadAttributes(db.GetEngine(ctx)); err != nil {
return nil, err
}
- if err = pr.LoadIssue(); err != nil {
+ if err = pr.LoadIssueCtx(ctx); err != nil {
return nil, err
}
}
// GetPullRequestByID returns a pull request by given ID.
-func GetPullRequestByID(id int64) (*PullRequest, error) {
- return getPullRequestByID(db.GetEngine(db.DefaultContext), id)
+func GetPullRequestByID(ctx context.Context, id int64) (*PullRequest, error) {
+ return getPullRequestByID(db.GetEngine(ctx), id)
}
// GetPullRequestByIssueIDWithNoAttributes returns pull request with no attributes loaded by given issue ID.
package models
import (
+ "context"
"fmt"
"code.gitea.io/gitea/models/db"
return prs.loadAttributes(db.GetEngine(db.DefaultContext))
}
-func (prs PullRequestList) invalidateCodeComments(e db.Engine, doer *user_model.User, repo *git.Repository, branch string) error {
+// InvalidateCodeComments will lookup the prs for code comments which got invalidated by change
+func (prs PullRequestList) InvalidateCodeComments(ctx context.Context, doer *user_model.User, repo *git.Repository, branch string) error {
if len(prs) == 0 {
return nil
}
issueIDs := prs.getIssueIDs()
var codeComments []*Comment
- if err := e.
+ if err := db.GetEngine(ctx).
Where("type = ? and invalidated = ?", CommentTypeCode, false).
In("issue_id", issueIDs).
Find(&codeComments); err != nil {
}
return nil
}
-
-// InvalidateCodeComments will lookup the prs for code comments which got invalidated by change
-func (prs PullRequestList) InvalidateCodeComments(doer *user_model.User, repo *git.Repository, branch string) error {
- return prs.invalidateCodeComments(db.GetEngine(db.DefaultContext), doer, repo, branch)
-}
func TestGetPullRequestByID(t *testing.T) {
assert.NoError(t, unittest.PrepareTestDatabase())
- pr, err := GetPullRequestByID(1)
+ pr, err := GetPullRequestByID(db.DefaultContext, 1)
assert.NoError(t, err)
assert.Equal(t, int64(1), pr.ID)
assert.Equal(t, int64(2), pr.IssueID)
- _, err = GetPullRequestByID(9223372036854775807)
+ _, err = GetPullRequestByID(db.DefaultContext, 9223372036854775807)
assert.Error(t, err)
assert.True(t, IsErrPullRequestNotExist(err))
}
if user.IsAdmin {
return true
}
- perm, err := getUserRepoPermission(ctx, repo, user)
+ perm, err := GetUserRepoPermission(ctx, repo, user)
if err != nil {
- log.Error("getUserRepoPermission(): %v", err)
+ log.Error("GetUserRepoPermission(): %v", err)
return false
}
return nil, nil
}
- teams, err := organization.GetTeamsWithAccessToRepo(repo.OwnerID, repo.ID, perm.AccessModeRead)
+ teams, err := organization.GetTeamsWithAccessToRepo(db.DefaultContext, repo.OwnerID, repo.ID, perm.AccessModeRead)
if err != nil {
return nil, err
}
}
// GetUserRepoPermission returns the user permissions to the repository
-func GetUserRepoPermission(repo *repo_model.Repository, user *user_model.User) (Permission, error) {
- return getUserRepoPermission(db.DefaultContext, repo, user)
-}
-
-func getUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (perm Permission, err error) {
+func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (perm Permission, err error) {
if log.IsTrace() {
defer func() {
if user == nil {
}
func accessLevelUnit(ctx context.Context, user *user_model.User, repo *repo_model.Repository, unitType unit.Type) (perm_model.AccessMode, error) {
- perm, err := getUserRepoPermission(ctx, repo, user)
+ perm, err := GetUserRepoPermission(ctx, repo, user)
if err != nil {
return perm_model.AccessModeNone, err
}
if user.IsOrganization() {
return false, fmt.Errorf("Organization can't be added as assignee [user_id: %d, repo_id: %d]", user.ID, repo.ID)
}
- perm, err := getUserRepoPermission(ctx, repo, user)
+ perm, err := GetUserRepoPermission(ctx, repo, user)
if err != nil {
return false, err
}
return false, err
}
}
- perm, err := getUserRepoPermission(ctx, repo, user)
+ perm, err := GetUserRepoPermission(ctx, repo, user)
if err != nil {
return false, err
}
}
// IsRepoReader returns true if user has explicit read access or higher to the repository.
-func IsRepoReader(repo *repo_model.Repository, userID int64) (bool, error) {
+func IsRepoReader(ctx context.Context, repo *repo_model.Repository, userID int64) (bool, error) {
if repo.OwnerID == userID {
return true, nil
}
- return db.GetEngine(db.DefaultContext).Where("repo_id = ? AND user_id = ? AND mode >= ?", repo.ID, userID, perm_model.AccessModeRead).Get(&Access{})
+ return db.GetEngine(ctx).Where("repo_id = ? AND user_id = ? AND mode >= ?", repo.ID, userID, perm_model.AccessModeRead).Get(&Access{})
}
// plain user
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
- perm, err := GetUserRepoPermission(repo, user)
+ perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// change to collaborator
assert.NoError(t, AddCollaborator(repo, user))
- perm, err = GetUserRepoPermission(repo, user)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// collaborator
collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
- perm, err = GetUserRepoPermission(repo, collaborator)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, collaborator)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// owner
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
- perm, err = GetUserRepoPermission(repo, owner)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// admin
admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
- perm, err = GetUserRepoPermission(repo, admin)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// plain user
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
- perm, err := GetUserRepoPermission(repo, user)
+ perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.False(t, perm.CanRead(unit.Type))
// change to collaborator to default write access
assert.NoError(t, AddCollaborator(repo, user))
- perm, err = GetUserRepoPermission(repo, user)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
}
assert.NoError(t, ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
- perm, err = GetUserRepoPermission(repo, user)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// owner
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
- perm, err = GetUserRepoPermission(repo, owner)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// admin
admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
- perm, err = GetUserRepoPermission(repo, admin)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// plain user
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
- perm, err := GetUserRepoPermission(repo, user)
+ perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// change to collaborator to default write access
assert.NoError(t, AddCollaborator(repo, user))
- perm, err = GetUserRepoPermission(repo, user)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
}
assert.NoError(t, ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
- perm, err = GetUserRepoPermission(repo, user)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// org member team owner
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
- perm, err = GetUserRepoPermission(repo, owner)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// org member team tester
member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
- perm, err = GetUserRepoPermission(repo, member)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, member)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// admin
admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
- perm, err = GetUserRepoPermission(repo, admin)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// plain user
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
- perm, err := GetUserRepoPermission(repo, user)
+ perm, err := GetUserRepoPermission(db.DefaultContext, repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.False(t, perm.CanRead(unit.Type))
// change to collaborator to default write access
assert.NoError(t, AddCollaborator(repo, user))
- perm, err = GetUserRepoPermission(repo, user)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
}
assert.NoError(t, ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
- perm, err = GetUserRepoPermission(repo, user)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, user)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// org member team owner
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
- perm, err = GetUserRepoPermission(repo, owner)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5}).(*organization.Team)
err = organization.UpdateTeamUnits(team, nil)
assert.NoError(t, err)
- perm, err = GetUserRepoPermission(repo, owner)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, owner)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
// org member team tester
tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
- perm, err = GetUserRepoPermission(repo, tester)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, tester)
assert.NoError(t, err)
assert.True(t, perm.CanWrite(unit.TypeIssues))
assert.False(t, perm.CanWrite(unit.TypeCode))
// org member team reviewer
reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}).(*user_model.User)
- perm, err = GetUserRepoPermission(repo, reviewer)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, reviewer)
assert.NoError(t, err)
assert.False(t, perm.CanRead(unit.TypeIssues))
assert.False(t, perm.CanWrite(unit.TypeCode))
// admin
admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
- perm, err = GetUserRepoPermission(repo, admin)
+ perm, err = GetUserRepoPermission(db.DefaultContext, repo, admin)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
if err != nil {
return false, err
}
- if err = pr.loadProtectedBranch(ctx); err != nil {
+ if err = pr.LoadProtectedBranchCtx(ctx); err != nil {
return false, err
}
if pr.ProtectedBranch == nil {
if err != nil {
return false, err
}
- if err = pr.loadProtectedBranch(ctx); err != nil {
+ if err = pr.LoadProtectedBranchCtx(ctx); err != nil {
return false, err
}
if pr.ProtectedBranch == nil {
return false, err
}
- p, err := GetUserRepoPermission(issue.Repo, doer)
+ p, err := GetUserRepoPermission(db.DefaultContext, issue.Repo, doer)
if err != nil {
return false, err
}
return
}
- perm, err := models.GetUserRepoPermission(templateRepo, ctx.Doer)
+ perm, err := models.GetUserRepoPermission(ctx, templateRepo, ctx.Doer)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return
return
}
- ctx.Repo.Permission, err = models.GetUserRepoPermission(repo, ctx.Doer)
+ ctx.Repo.Permission, err = models.GetUserRepoPermission(ctx, repo, ctx.Doer)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return
"code.gitea.io/gitea/models"
asymkey_model "code.gitea.io/gitea/models/asymkey"
"code.gitea.io/gitea/models/auth"
+ "code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/organization"
"code.gitea.io/gitea/models/perm"
repo_model "code.gitea.io/gitea/models/repo"
}
if user != nil {
- permission, err := models.GetUserRepoPermission(repo, user)
+ permission, err := models.GetUserRepoPermission(db.DefaultContext, repo, user)
if err != nil {
return nil, err
}
// Required - Poster, Labels,
// Optional - Milestone, Assignee, PullRequest
func ToAPIIssue(issue *models.Issue) *api.Issue {
- if err := issue.LoadLabels(); err != nil {
+ if err := issue.LoadLabels(db.DefaultContext); err != nil {
return &api.Issue{}
}
if err := issue.LoadPoster(); err != nil {
}
apiIssue := ToAPIIssue(pr.Issue)
- if err := pr.LoadBaseRepo(); err != nil {
+ if err := pr.LoadBaseRepoCtx(ctx); err != nil {
log.Error("GetRepositoryById[%d]: %v", pr.ID, err)
return nil
}
- if err := pr.LoadHeadRepo(); err != nil {
+ if err := pr.LoadHeadRepoCtx(ctx); err != nil {
log.Error("GetRepositoryById[%d]: %v", pr.ID, err)
return nil
}
- p, err := models.GetUserRepoPermission(pr.BaseRepo, doer)
+ p, err := models.GetUserRepoPermission(ctx, pr.BaseRepo, doer)
if err != nil {
log.Error("GetUserRepoPermission[%d]: %v", pr.BaseRepoID, err)
p.AccessMode = perm.AccessModeNone
}
if pr.HeadRepo != nil && pr.Flow == models.PullRequestFlowGithub {
- p, err := models.GetUserRepoPermission(pr.HeadRepo, doer)
+ p, err := models.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
if err != nil {
log.Error("GetUserRepoPermission[%d]: %v", pr.HeadRepoID, err)
p.AccessMode = perm.AccessModeNone
log.Error("comment.Issue.LoadPullRequest: %v", err)
return
}
- if err = comment.Issue.PullRequest.LoadBaseRepo(); err != nil {
+ if err = comment.Issue.PullRequest.LoadBaseRepoCtx(ctx); err != nil {
log.Error("comment.Issue.PullRequest.LoadBaseRepo: %v", err)
return
}
ctx.Repo.Owner, err = user_model.GetUserByID(ctx.Repo.Repository.OwnerID)
assert.NoError(t, err)
ctx.Repo.RepoLink = ctx.Repo.Repository.Link()
- ctx.Repo.Permission, err = models.GetUserRepoPermission(ctx.Repo.Repository, ctx.Doer)
+ ctx.Repo.Permission, err = models.GetUserRepoPermission(ctx, ctx.Repo.Repository, ctx.Doer)
assert.NoError(t, err)
}
repo.Owner = owner
ctx.Repo.Repository = repo
- ctx.Repo.Permission, err = models.GetUserRepoPermission(repo, ctx.Doer)
+ ctx.Repo.Permission, err = models.GetUserRepoPermission(ctx, repo, ctx.Doer)
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
return
BlockOnOutdatedBranch: form.BlockOnOutdatedBranch,
}
- err = models.UpdateProtectBranch(ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
+ err = models.UpdateProtectBranch(ctx, ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
UserIDs: whitelistUsers,
TeamIDs: whitelistTeams,
MergeUserIDs: mergeWhitelistUsers,
}
}
- err = models.UpdateProtectBranch(ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
+ err = models.UpdateProtectBranch(ctx, ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
UserIDs: whitelistUsers,
TeamIDs: whitelistTeams,
MergeUserIDs: mergeWhitelistUsers,
package repo
import (
+ stdCtx "context"
"errors"
"net/http"
var apiComments []*api.TimelineComment
for _, comment := range comments {
- if comment.Type != models.CommentTypeCode && isXRefCommentAccessible(ctx.Doer, comment, issue.RepoID) {
+ if comment.Type != models.CommentTypeCode && isXRefCommentAccessible(ctx, ctx.Doer, comment, issue.RepoID) {
comment.Issue = issue
apiComments = append(apiComments, convert.ToTimelineComment(comment, ctx.Doer))
}
ctx.JSON(http.StatusOK, &apiComments)
}
-func isXRefCommentAccessible(user *user_model.User, c *models.Comment, issueRepoID int64) bool {
+func isXRefCommentAccessible(ctx stdCtx.Context, user *user_model.User, c *models.Comment, issueRepoID int64) bool {
// Remove comments that the user has no permissions to see
if models.CommentTypeIsRef(c.Type) && c.RefRepoID != issueRepoID && c.RefRepoID != 0 {
var err error
// Set RefRepo for description in template
- c.RefRepo, err = repo_model.GetRepositoryByID(c.RefRepoID)
+ c.RefRepo, err = repo_model.GetRepositoryByIDCtx(ctx, c.RefRepoID)
if err != nil {
return false
}
- perm, err := models.GetUserRepoPermission(c.RefRepo, user)
+ perm, err := models.GetUserRepoPermission(ctx, c.RefRepo, user)
if err != nil {
return false
}
ctx.Error(http.StatusInternalServerError, "LoadAttributes", err)
return
}
- if err = prs[i].LoadBaseRepo(); err != nil {
+ if err = prs[i].LoadBaseRepoCtx(ctx); err != nil {
ctx.Error(http.StatusInternalServerError, "LoadBaseRepo", err)
return
}
- if err = prs[i].LoadHeadRepo(); err != nil {
+ if err = prs[i].LoadHeadRepoCtx(ctx); err != nil {
ctx.Error(http.StatusInternalServerError, "LoadHeadRepo", err)
return
}
return
}
- if err = pr.LoadBaseRepo(); err != nil {
+ if err = pr.LoadBaseRepoCtx(ctx); err != nil {
ctx.Error(http.StatusInternalServerError, "LoadBaseRepo", err)
return
}
- if err = pr.LoadHeadRepo(); err != nil {
+ if err = pr.LoadHeadRepoCtx(ctx); err != nil {
ctx.Error(http.StatusInternalServerError, "LoadHeadRepo", err)
return
}
return
}
- if err := pr.LoadHeadRepo(); err != nil {
+ if err := pr.LoadHeadRepoCtx(ctx); err != nil {
ctx.Error(http.StatusInternalServerError, "LoadHeadRepo", err)
return
}
}
// user should have permission to read baseRepo's codes and pulls, NOT headRepo's
- permBase, err := models.GetUserRepoPermission(baseRepo, ctx.Doer)
+ permBase, err := models.GetUserRepoPermission(ctx, baseRepo, ctx.Doer)
if err != nil {
headGitRepo.Close()
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
}
// user should have permission to read headrepo's codes
- permHead, err := models.GetUserRepoPermission(headRepo, ctx.Doer)
+ permHead, err := models.GetUserRepoPermission(ctx, headRepo, ctx.Doer)
if err != nil {
headGitRepo.Close()
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
return
}
- if err = pr.LoadBaseRepo(); err != nil {
+ if err = pr.LoadBaseRepoCtx(ctx); err != nil {
ctx.Error(http.StatusInternalServerError, "LoadBaseRepo", err)
return
}
- if err = pr.LoadHeadRepo(); err != nil {
+ if err = pr.LoadHeadRepoCtx(ctx); err != nil {
ctx.Error(http.StatusInternalServerError, "LoadHeadRepo", err)
return
}
rebase := ctx.FormString("style") == "rebase"
- allowedUpdateByMerge, allowedUpdateByRebase, err := pull_service.IsUserAllowedToUpdate(pr, ctx.Doer)
+ allowedUpdateByMerge, allowedUpdateByRebase, err := pull_service.IsUserAllowedToUpdate(ctx, pr, ctx.Doer)
if err != nil {
ctx.Error(http.StatusInternalServerError, "IsUserAllowedToMerge", err)
return
return
}
- if err := pr.LoadBaseRepo(); err != nil {
+ if err := pr.LoadBaseRepoCtx(ctx); err != nil {
ctx.InternalServerError(err)
return
}
reviewers := make([]*user_model.User, 0, len(opts.Reviewers))
- permDoer, err := models.GetUserRepoPermission(pr.Issue.Repo, ctx.Doer)
+ permDoer, err := models.GetUserRepoPermission(ctx, pr.Issue.Repo, ctx.Doer)
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
return
return
}
- err = issue_service.IsValidReviewRequest(reviewer, ctx.Doer, isAdd, pr.Issue, &permDoer)
+ err = issue_service.IsValidReviewRequest(ctx, reviewer, ctx.Doer, isAdd, pr.Issue, &permDoer)
if err != nil {
if models.IsErrNotValidReviewRequest(err) {
ctx.Error(http.StatusUnprocessableEntity, "NotValidReviewRequest", err)
return
}
- err = issue_service.IsValidTeamReviewRequest(teamReviewer, ctx.Doer, isAdd, pr.Issue)
+ err = issue_service.IsValidTeamReviewRequest(ctx, teamReviewer, ctx.Doer, isAdd, pr.Issue)
if err != nil {
if models.IsErrNotValidReviewRequest(err) {
ctx.Error(http.StatusUnprocessableEntity, "NotValidReviewRequest", err)
return
}
- perm, err := models.GetUserRepoPermission(repo, ctx.Doer)
+ perm, err := models.GetUserRepoPermission(ctx, repo, ctx.Doer)
if err != nil {
ctx.Error(http.StatusInternalServerError, "AccessLevel", err)
return
// 6b. Merge (from UI or API)
// Get the PR, user and permissions for the user in the repository
- pr, err := models.GetPullRequestByID(ctx.opts.PullRequestID)
+ pr, err := models.GetPullRequestByID(ctx, ctx.opts.PullRequestID)
if err != nil {
log.Error("Unable to get PullRequest %d Error: %v", ctx.opts.PullRequestID, err)
ctx.JSON(http.StatusInternalServerError, private.Response{
}
ctx.user = user
- userPerm, err := models.GetUserRepoPermission(ctx.Repo.Repository, user)
+ userPerm, err := models.GetUserRepoPermission(ctx, ctx.Repo.Repository, user)
if err != nil {
log.Error("Unable to get Repo permission of repo %s/%s of User %s", ctx.Repo.Repository.OwnerName, ctx.Repo.Repository.Name, user.Name, err)
ctx.JSON(http.StatusInternalServerError, private.Response{
mode = perm.AccessModeRead
}
- perm, err := models.GetUserRepoPermission(repo, user)
+ perm, err := models.GetUserRepoPermission(ctx, repo, user)
if err != nil {
log.Error("Unable to get permissions for %-v with key %d in %-v Error: %v", user, key.ID, repo, err)
ctx.JSON(http.StatusInternalServerError, private.ErrServCommand{
return
}
} else { // If we have the repository we check access
- perm, err := models.GetUserRepoPermission(repository, ctx.Doer)
+ perm, err := models.GetUserRepoPermission(ctx, repository, ctx.Doer)
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error())
return
}
if repo, ok := repoIDToRepo[pr.BaseRepoID]; ok {
pr.BaseRepo = repo
- } else if err := pr.LoadBaseRepo(); err != nil {
+ } else if err := pr.LoadBaseRepoCtx(ctx); err != nil {
ctx.ServerError("pr.LoadBaseRepo", err)
return nil
} else {
// Now we need to assert that the ctx.Doer has permission to read
// the baseRepo's code and pulls
// (NOT headRepo's)
- permBase, err := models.GetUserRepoPermission(baseRepo, ctx.Doer)
+ permBase, err := models.GetUserRepoPermission(ctx, baseRepo, ctx.Doer)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return nil
// If we're not merging from the same repo:
if !isSameRepo {
// Assert ctx.Doer has permission to read headRepo's codes
- permHead, err := models.GetUserRepoPermission(ci.HeadRepo, ctx.Doer)
+ permHead, err := models.GetUserRepoPermission(ctx, ci.HeadRepo, ctx.Doer)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return nil
}
if repoExist {
- p, err := models.GetUserRepoPermission(repo, ctx.Doer)
+ p, err := models.GetUserRepoPermission(ctx, repo, ctx.Doer)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return
import (
"bytes"
+ stdCtx "context"
"errors"
"fmt"
"io"
}
// roleDescriptor returns the Role Descriptor for a comment in/with the given repo, poster and issue
-func roleDescriptor(repo *repo_model.Repository, poster *user_model.User, issue *models.Issue) (models.RoleDescriptor, error) {
- perm, err := models.GetUserRepoPermission(repo, poster)
+func roleDescriptor(ctx stdCtx.Context, repo *repo_model.Repository, poster *user_model.User, issue *models.Issue) (models.RoleDescriptor, error) {
+ perm, err := models.GetUserRepoPermission(ctx, repo, poster)
if err != nil {
return models.RoleDescriptorNone, err
}
// check if dependencies can be created across repositories
ctx.Data["AllowCrossRepositoryDependencies"] = setting.Service.AllowCrossRepositoryDependencies
- if issue.ShowRole, err = roleDescriptor(repo, issue.Poster, issue); err != nil {
+ if issue.ShowRole, err = roleDescriptor(ctx, repo, issue.Poster, issue); err != nil {
ctx.ServerError("roleDescriptor", err)
return
}
continue
}
- comment.ShowRole, err = roleDescriptor(repo, comment.Poster, issue)
+ comment.ShowRole, err = roleDescriptor(ctx, repo, comment.Poster, issue)
if err != nil {
ctx.ServerError("roleDescriptor", err)
return
continue
}
- c.ShowRole, err = roleDescriptor(repo, c.Poster, issue)
+ c.ShowRole, err = roleDescriptor(ctx, repo, c.Poster, issue)
if err != nil {
ctx.ServerError("roleDescriptor", err)
return
ctx.Data["AllowMerge"] = false
if ctx.IsSigned {
- if err := pull.LoadHeadRepo(); err != nil {
+ if err := pull.LoadHeadRepoCtx(ctx); err != nil {
log.Error("LoadHeadRepo: %v", err)
} else if pull.HeadRepo != nil && pull.HeadBranch != pull.HeadRepo.DefaultBranch {
- perm, err := models.GetUserRepoPermission(pull.HeadRepo, ctx.Doer)
+ perm, err := models.GetUserRepoPermission(ctx, pull.HeadRepo, ctx.Doer)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return
}
}
- if err := pull.LoadBaseRepo(); err != nil {
+ if err := pull.LoadBaseRepoCtx(ctx); err != nil {
log.Error("LoadBaseRepo: %v", err)
}
- perm, err := models.GetUserRepoPermission(pull.BaseRepo, ctx.Doer)
+ perm, err := models.GetUserRepoPermission(ctx, pull.BaseRepo, ctx.Doer)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return
return
}
- err = issue_service.IsValidTeamReviewRequest(team, ctx.Doer, action == "attach", issue)
+ err = issue_service.IsValidTeamReviewRequest(ctx, team, ctx.Doer, action == "attach", issue)
if err != nil {
if models.IsErrNotValidReviewRequest(err) {
log.Warn(
return
}
- err = issue_service.IsValidReviewRequest(reviewer, ctx.Doer, action == "attach", issue, nil)
+ err = issue_service.IsValidReviewRequest(ctx, reviewer, ctx.Doer, action == "attach", issue, nil)
if err != nil {
if models.IsErrNotValidReviewRequest(err) {
log.Warn(
if err != nil {
return err
}
- perm, err := models.GetUserRepoPermission(c.RefRepo, ctx.Doer)
+ perm, err := models.GetUserRepoPermission(ctx, c.RefRepo, ctx.Doer)
if err != nil {
return err
}
return nil
}
- perm, err := models.GetUserRepoPermission(repo, ctx.Doer)
+ perm, err := models.GetUserRepoPermission(ctx, repo, ctx.Doer)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return nil
return nil
}
- if err = issue.PullRequest.LoadHeadRepo(); err != nil {
+ if err = issue.PullRequest.LoadHeadRepoCtx(ctx); err != nil {
ctx.ServerError("LoadHeadRepo", err)
return nil
}
repo := ctx.Repo.Repository
pull := issue.PullRequest
- if err := pull.LoadHeadRepo(); err != nil {
+ if err := pull.LoadHeadRepoCtx(ctx); err != nil {
ctx.ServerError("LoadHeadRepo", err)
return nil
}
- if err := pull.LoadBaseRepo(); err != nil {
+ if err := pull.LoadBaseRepoCtx(ctx); err != nil {
ctx.ServerError("LoadBaseRepo", err)
return nil
}
if headBranchExist {
var err error
- ctx.Data["UpdateAllowed"], ctx.Data["UpdateByRebaseAllowed"], err = pull_service.IsUserAllowedToUpdate(pull, ctx.Doer)
+ ctx.Data["UpdateAllowed"], ctx.Data["UpdateByRebaseAllowed"], err = pull_service.IsUserAllowedToUpdate(ctx, pull, ctx.Doer)
if err != nil {
ctx.ServerError("IsUserAllowedToUpdate", err)
return nil
rebase := ctx.FormString("style") == "rebase"
- if err := issue.PullRequest.LoadBaseRepo(); err != nil {
+ if err := issue.PullRequest.LoadBaseRepoCtx(ctx); err != nil {
ctx.ServerError("LoadBaseRepo", err)
return
}
- if err := issue.PullRequest.LoadHeadRepo(); err != nil {
+ if err := issue.PullRequest.LoadHeadRepoCtx(ctx); err != nil {
ctx.ServerError("LoadHeadRepo", err)
return
}
- allowedUpdateByMerge, allowedUpdateByRebase, err := pull_service.IsUserAllowedToUpdate(issue.PullRequest, ctx.Doer)
+ allowedUpdateByMerge, allowedUpdateByRebase, err := pull_service.IsUserAllowedToUpdate(ctx, issue.PullRequest, ctx.Doer)
if err != nil {
ctx.ServerError("IsUserAllowedToMerge", err)
return
return
}
- if err := pr.LoadHeadRepo(); err != nil {
+ if err := pr.LoadHeadRepoCtx(ctx); err != nil {
ctx.ServerError("LoadHeadRepo", err)
return
} else if pr.HeadRepo == nil {
// Forked repository has already been deleted
ctx.NotFound("CleanUpPullRequest", nil)
return
- } else if err = pr.LoadBaseRepo(); err != nil {
+ } else if err = pr.LoadBaseRepoCtx(ctx); err != nil {
ctx.ServerError("LoadBaseRepo", err)
return
} else if err = pr.HeadRepo.GetOwner(ctx); err != nil {
return
}
- perm, err := models.GetUserRepoPermission(pr.HeadRepo, ctx.Doer)
+ perm, err := models.GetUserRepoPermission(ctx, pr.HeadRepo, ctx.Doer)
if err != nil {
ctx.ServerError("GetUserRepoPermission", err)
return
protectBranch.UnprotectedFilePatterns = f.UnprotectedFilePatterns
protectBranch.BlockOnOutdatedBranch = f.BlockOnOutdatedBranch
- err = models.UpdateProtectBranch(ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
+ err = models.UpdateProtectBranch(ctx, ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
UserIDs: whitelistUsers,
TeamIDs: whitelistTeams,
MergeUserIDs: mergeWhitelistUsers,
}
// update exist pull request
- if err := pr.LoadBaseRepo(); err != nil {
+ if err := pr.LoadBaseRepoCtx(ctx); err != nil {
log.Error("Unable to load base repository for PR[%d] Error: %v", pr.ID, err)
ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
"Err": fmt.Sprintf("Unable to load base repository for PR[%d] Error: %v", pr.ID, err),
// SignMerge determines if we should sign a PR merge commit to the base repository
func SignMerge(ctx context.Context, pr *models.PullRequest, u *user_model.User, tmpBasePath, baseCommit, headCommit string) (bool, string, *git.Signature, error) {
- if err := pr.LoadBaseRepo(); err != nil {
+ if err := pr.LoadBaseRepoCtx(ctx); err != nil {
log.Error("Unable to get Base Repo for pull request")
return false, "", nil, err
}
package issue
import (
+ "context"
+
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/organization"
}
// IsValidReviewRequest Check permission for ReviewRequest
-func IsValidReviewRequest(reviewer, doer *user_model.User, isAdd bool, issue *models.Issue, permDoer *models.Permission) error {
+func IsValidReviewRequest(ctx context.Context, reviewer, doer *user_model.User, isAdd bool, issue *models.Issue, permDoer *models.Permission) error {
if reviewer.IsOrganization() {
return models.ErrNotValidReviewRequest{
Reason: "Organization can't be added as reviewer",
}
}
- permReviewer, err := models.GetUserRepoPermission(issue.Repo, reviewer)
+ permReviewer, err := models.GetUserRepoPermission(ctx, issue.Repo, reviewer)
if err != nil {
return err
}
if permDoer == nil {
permDoer = new(models.Permission)
- *permDoer, err = models.GetUserRepoPermission(issue.Repo, doer)
+ *permDoer, err = models.GetUserRepoPermission(ctx, issue.Repo, doer)
if err != nil {
return err
}
}
// IsValidTeamReviewRequest Check permission for ReviewRequest Team
-func IsValidTeamReviewRequest(reviewer *organization.Team, doer *user_model.User, isAdd bool, issue *models.Issue) error {
+func IsValidTeamReviewRequest(ctx context.Context, reviewer *organization.Team, doer *user_model.User, isAdd bool, issue *models.Issue) error {
if doer.IsOrganization() {
return models.ErrNotValidReviewRequest{
Reason: "Organization can't be doer to add reviewer",
}
}
- permission, err := models.GetUserRepoPermission(issue.Repo, doer)
+ permission, err := models.GetUserRepoPermission(ctx, issue.Repo, doer)
if err != nil {
log.Error("Unable to GetUserRepoPermission for %-v in %-v#%d", doer, issue.Repo, issue.Index)
return err
if isAdd {
if issue.Repo.IsPrivate {
- hasTeam := organization.HasTeamRepo(db.DefaultContext, reviewer.OrgID, reviewer.ID, issue.RepoID)
+ hasTeam := organization.HasTeamRepo(ctx, reviewer.OrgID, reviewer.ID, issue.RepoID)
if !hasTeam {
return models.ErrNotValidReviewRequest{
"time"
"code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/db"
repo_model "code.gitea.io/gitea/models/repo"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/references"
continue
}
- perm, err := models.GetUserRepoPermission(refRepo, doer)
+ perm, err := models.GetUserRepoPermission(db.DefaultContext, refRepo, doer)
if err != nil {
return err
}
// RemoveLabel removes a label from issue by given ID.
func RemoveLabel(issue *models.Issue, doer *user_model.User, label *models.Label) error {
- if err := issue.LoadRepo(db.DefaultContext); err != nil {
+ ctx, committer, err := db.TxContext()
+ if err != nil {
+ return err
+ }
+ defer committer.Close()
+
+ if err := issue.LoadRepo(ctx); err != nil {
return err
}
- perm, err := models.GetUserRepoPermission(issue.Repo, doer)
+ perm, err := models.GetUserRepoPermission(ctx, issue.Repo, doer)
if err != nil {
return err
}
return models.ErrRepoLabelNotExist{}
}
- if err := models.DeleteIssueLabel(issue, label, doer); err != nil {
+ if err := models.DeleteIssueLabel(ctx, issue, label, doer); err != nil {
+ return err
+ }
+
+ if err := committer.Commit(); err != nil {
return err
}
})
return
}
- lock, err := models.GetLFSLockByID(v)
+ lock, err := models.GetLFSLockByID(ctx, v)
if err != nil && !models.IsErrLFSLockNotExist(err) {
log.Error("Unable to get lock with ID[%s]: Error: %v", v, err)
}
path := ctx.FormString("path")
if path != "" { // Case where we request a specific id
- lock, err := models.GetLFSLock(repository, path)
+ lock, err := models.GetLFSLock(ctx, repository, path)
if err != nil && !models.IsErrLFSLockNotExist(err) {
log.Error("Unable to get lock for repository %-v with path %s: Error: %v", repository, path, err)
}
}
// ctx.IsSigned is unnecessary here, this will be checked in perm.CanAccess
- perm, err := models.GetUserRepoPermission(repository, ctx.Doer)
+ perm, err := models.GetUserRepoPermission(ctx, repository, ctx.Doer)
if err != nil {
log.Error("Unable to GetUserRepoPermission for user %-v in repo %-v Error: %v", ctx.Doer, repository)
return false
// manuallyMerged checks if a pull request got manually merged
// When a pull request got manually merged mark the pull request as merged
func manuallyMerged(ctx context.Context, pr *models.PullRequest) bool {
- if err := pr.LoadBaseRepo(); err != nil {
+ if err := pr.LoadBaseRepoCtx(ctx); err != nil {
log.Error("PullRequest[%d].LoadBaseRepo: %v", pr.ID, err)
return false
}
ctx, _, finished := process.GetManager().AddContext(graceful.GetManager().HammerContext(), fmt.Sprintf("Test PR[%d] from patch checking queue", id))
defer finished()
- pr, err := models.GetPullRequestByID(id)
+ pr, err := models.GetPullRequestByID(ctx, id)
if err != nil {
log.Error("GetPullRequestByID[%d]: %v", id, err)
return
// IsPullCommitStatusPass returns if all required status checks PASS
func IsPullCommitStatusPass(ctx context.Context, pr *models.PullRequest) (bool, error) {
- if err := pr.LoadProtectedBranch(); err != nil {
+ if err := pr.LoadProtectedBranchCtx(ctx); err != nil {
return false, errors.Wrap(err, "GetLatestCommitStatus")
}
if pr.ProtectedBranch == nil || !pr.ProtectedBranch.EnableStatusCheck {
// GetPullRequestCommitStatusState returns pull request merged commit status state
func GetPullRequestCommitStatusState(ctx context.Context, pr *models.PullRequest) (structs.CommitStatusState, error) {
// Ensure HeadRepo is loaded
- if err := pr.LoadHeadRepo(); err != nil {
+ if err := pr.LoadHeadRepoCtx(ctx); err != nil {
return "", errors.Wrap(err, "LoadHeadRepo")
}
if pr.Flow == models.PullRequestFlowGithub && !headGitRepo.IsBranchExist(pr.HeadBranch) {
return "", errors.New("Head branch does not exist, can not merge")
}
- if pr.Flow == models.PullRequestFlowAGit && !git.IsReferenceExist(headGitRepo.Ctx, headGitRepo.Path, pr.GetGitRefName()) {
+ if pr.Flow == models.PullRequestFlowAGit && !git.IsReferenceExist(ctx, headGitRepo.Path, pr.GetGitRefName()) {
return "", errors.New("Head branch does not exist, can not merge")
}
return "", err
}
- if err := pr.LoadBaseRepo(); err != nil {
+ if err := pr.LoadBaseRepoCtx(ctx); err != nil {
return "", errors.Wrap(err, "LoadBaseRepo")
}
- commitStatuses, _, err := models.GetLatestCommitStatus(pr.BaseRepo.ID, sha, db.ListOptions{})
+ commitStatuses, _, err := models.GetLatestCommitStatusCtx(ctx, pr.BaseRepo.ID, sha, db.ListOptions{})
if err != nil {
return "", errors.Wrap(err, "GetLatestCommitStatus")
}
// Caller should check PR is ready to be merged (review and status checks)
// FIXME: add repoWorkingPull make sure two merges does not happen at same time.
func Merge(ctx context.Context, pr *models.PullRequest, doer *user_model.User, baseGitRepo *git.Repository, mergeStyle repo_model.MergeStyle, expectedHeadCommitID, message string) (err error) {
- if err = pr.LoadHeadRepo(); err != nil {
+ if err = pr.LoadHeadRepoCtx(ctx); err != nil {
log.Error("LoadHeadRepo: %v", err)
return fmt.Errorf("LoadHeadRepo: %v", err)
- } else if err = pr.LoadBaseRepo(); err != nil {
+ } else if err = pr.LoadBaseRepoCtx(ctx); err != nil {
log.Error("LoadBaseRepo: %v", err)
return fmt.Errorf("LoadBaseRepo: %v", err)
}
// CheckPRReadyToMerge checks whether the PR is ready to be merged (reviews and status checks)
func CheckPRReadyToMerge(ctx context.Context, pr *models.PullRequest, skipProtectedFilesCheck bool) (err error) {
- if err = pr.LoadBaseRepo(); err != nil {
+ if err = pr.LoadBaseRepoCtx(ctx); err != nil {
return fmt.Errorf("LoadBaseRepo: %v", err)
}
// DownloadDiffOrPatch will write the patch for the pr to the writer
func DownloadDiffOrPatch(ctx context.Context, pr *models.PullRequest, w io.Writer, patch, binary bool) error {
- if err := pr.LoadBaseRepo(); err != nil {
+ if err := pr.LoadBaseRepoCtx(ctx); err != nil {
log.Error("Unable to load base repository ID %d for pr #%d [%d]", pr.BaseRepoID, pr.Index, pr.ID)
return err
}
}
go func() {
// FIXME: graceful: We need to tell the manager we're doing something...
- err := requests.InvalidateCodeComments(doer, gitRepo, branch)
+ err := requests.InvalidateCodeComments(ctx, doer, gitRepo, branch)
if err != nil {
log.Error("PullRequestList.InvalidateCodeComments: %v", err)
}
// checkIfPRContentChanged checks if diff to target branch has changed by push
// A commit can be considered to leave the PR untouched if the patch/diff with its merge base is unchanged
func checkIfPRContentChanged(ctx context.Context, pr *models.PullRequest, oldCommitID, newCommitID string) (hasChanged bool, err error) {
- if err = pr.LoadHeadRepo(); err != nil {
+ if err = pr.LoadHeadRepoCtx(ctx); err != nil {
return false, fmt.Errorf("LoadHeadRepo: %v", err)
} else if pr.HeadRepo == nil {
// corrupt data assumed changed
return true, nil
}
- if err = pr.LoadBaseRepo(); err != nil {
+ if err = pr.LoadBaseRepoCtx(ctx); err != nil {
return false, fmt.Errorf("LoadBaseRepo: %v", err)
}
func pushToBaseRepoHelper(ctx context.Context, pr *models.PullRequest, prefixHeadBranch string) (err error) {
log.Trace("PushToBaseRepo[%d]: pushing commits to base repo '%s'", pr.BaseRepoID, pr.GetGitRefName())
- if err := pr.LoadHeadRepo(); err != nil {
+ if err := pr.LoadHeadRepoCtx(ctx); err != nil {
log.Error("Unable to load head repository for PR[%d] Error: %v", pr.ID, err)
return err
}
headRepoPath := pr.HeadRepo.RepoPath()
- if err := pr.LoadBaseRepo(); err != nil {
+ if err := pr.LoadBaseRepoCtx(ctx); err != nil {
log.Error("Unable to load base repository for PR[%d] Error: %v", pr.ID, err)
return err
}
// UpdateRef update refs/pull/id/head directly for agit flow pull request
func UpdateRef(ctx context.Context, pr *models.PullRequest) (err error) {
log.Trace("UpdateRef[%d]: upgate pull request ref in base repo '%s'", pr.ID, pr.GetGitRefName())
- if err := pr.LoadBaseRepo(); err != nil {
+ if err := pr.LoadBaseRepoCtx(ctx); err != nil {
log.Error("Unable to load base repository for PR[%d] Error: %v", pr.ID, err)
return err
}
// IsHeadEqualWithBranch returns if the commits of branchName are available in pull request head
func IsHeadEqualWithBranch(ctx context.Context, pr *models.PullRequest, branchName string) (bool, error) {
var err error
- if err = pr.LoadBaseRepo(); err != nil {
+ if err = pr.LoadBaseRepoCtx(ctx); err != nil {
return false, err
}
baseGitRepo, closer, err := git.RepositoryFromContextOrOpen(ctx, pr.BaseRepo.RepoPath())
return false, err
}
- if err = pr.LoadHeadRepo(); err != nil {
+ if err = pr.LoadHeadRepoCtx(ctx); err != nil {
return false, err
}
var headGitRepo *git.Repository
return nil, fmt.Errorf("GetPullRequestByIssueID: %v", err)
}
pr := issue.PullRequest
- if err := pr.LoadBaseRepo(); err != nil {
+ if err := pr.LoadBaseRepoCtx(ctx); err != nil {
return nil, fmt.Errorf("LoadHeadRepo: %v", err)
}
gitRepo, closer, err := git.RepositoryFromContextOrOpen(ctx, pr.BaseRepo.RepoPath())
// createTemporaryRepo creates a temporary repo with "base" for pr.BaseBranch and "tracking" for pr.HeadBranch
// it also create a second base branch called "original_base"
func createTemporaryRepo(ctx context.Context, pr *models.PullRequest) (string, error) {
- if err := pr.LoadHeadRepo(); err != nil {
+ if err := pr.LoadHeadRepoCtx(ctx); err != nil {
log.Error("LoadHeadRepo: %v", err)
return "", fmt.Errorf("LoadHeadRepo: %v", err)
} else if pr.HeadRepo == nil {
return "", &repo_model.ErrRepoNotExist{
ID: pr.HeadRepoID,
}
- } else if err := pr.LoadBaseRepo(); err != nil {
+ } else if err := pr.LoadBaseRepoCtx(ctx); err != nil {
log.Error("LoadBaseRepo: %v", err)
return "", fmt.Errorf("LoadBaseRepo: %v", err)
} else if pr.BaseRepo == nil {
return fmt.Errorf("Not support update agit flow pull request's head branch")
}
- if err := pr.LoadHeadRepo(); err != nil {
+ if err := pr.LoadHeadRepoCtx(ctx); err != nil {
log.Error("LoadHeadRepo: %v", err)
return fmt.Errorf("LoadHeadRepo: %v", err)
- } else if err = pr.LoadBaseRepo(); err != nil {
+ } else if err = pr.LoadBaseRepoCtx(ctx); err != nil {
log.Error("LoadBaseRepo: %v", err)
return fmt.Errorf("LoadBaseRepo: %v", err)
}
}
// IsUserAllowedToUpdate check if user is allowed to update PR with given permissions and branch protections
-func IsUserAllowedToUpdate(pull *models.PullRequest, user *user_model.User) (mergeAllowed, rebaseAllowed bool, err error) {
+func IsUserAllowedToUpdate(ctx context.Context, pull *models.PullRequest, user *user_model.User) (mergeAllowed, rebaseAllowed bool, err error) {
if pull.Flow == models.PullRequestFlowAGit {
return false, false, nil
}
if user == nil {
return false, false, nil
}
- headRepoPerm, err := models.GetUserRepoPermission(pull.HeadRepo, user)
+ headRepoPerm, err := models.GetUserRepoPermission(ctx, pull.HeadRepo, user)
if err != nil {
return false, false, err
}
// GetDiverging determines how many commits a PR is ahead or behind the PR base branch
func GetDiverging(ctx context.Context, pr *models.PullRequest) (*git.DivergeObject, error) {
log.Trace("GetDiverging[%d]: compare commits", pr.ID)
- if err := pr.LoadBaseRepo(); err != nil {
+ if err := pr.LoadBaseRepoCtx(ctx); err != nil {
return nil, err
}
- if err := pr.LoadHeadRepo(); err != nil {
+ if err := pr.LoadHeadRepoCtx(ctx); err != nil {
return nil, err
}
projects / gitea.git / commitdiff