Merge branch 'dev' of github.com:gogits/gogs into access

1 files changed, 51 insertions, 43 deletions

diff --git a/models/org.go b/models/org.go
index 5431a111c3..3d37a37d69 100644
--- a/models/org.go
+++ b/models/org.go
@@ -12,7 +12,6 @@ import (
 	"strings"
 
 	"github.com/Unknwon/com"
-	"github.com/go-xorm/xorm"
 
 	"github.com/gogits/gogs/modules/base"
 )
@@ -391,7 +390,7 @@ func RemoveOrgUser(orgId, uid int64) error {
 		return err
 	}
 	for _, t := range ts {
-		if err = removeTeamMemberWithSess(org.Id, t.Id, u.Id, sess); err != nil {
+		if err = removeTeamMember(sess, org.Id, t.Id, u.Id); err != nil {
 			return err
 		}
 	}
@@ -486,18 +485,18 @@ func (t *Team) RemoveMember(uid int64) error {
 }
 
 // addAccessWithAuthorize inserts or updates access with given mode.
-func addAccessWithAuthorize(sess *xorm.Session, access *Access, mode AccessType) error {
-	has, err := x.Get(access)
+func addAccessWithAuthorize(e Engine, access *Access, mode AccessType) error {
+	has, err := e.Get(access)
 	if err != nil {
 		return fmt.Errorf("fail to get access: %v", err)
 	}
 	access.Mode = mode
 	if has {
-		if _, err = sess.Id(access.Id).Update(access); err != nil {
+		if _, err = e.Id(access.Id).Update(access); err != nil {
 			return fmt.Errorf("fail to update access: %v", err)
 		}
 	} else {
-		if _, err = sess.Insert(access); err != nil {
+		if _, err = e.Insert(access); err != nil {
 			return fmt.Errorf("fail to insert access: %v", err)
 		}
 	}
@@ -536,7 +535,7 @@ func (t *Team) AddRepository(repo *Repository) (err error) {
 	mode := AuthorizeToAccessType(t.Authorize)
 
 	for _, u := range t.Members {
-		auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, t.Id)
+		auth, err := getHighestAuthorize(sess, t.OrgId, u.Id, repo.Id, t.Id)
 		if err != nil {
 			sess.Rollback()
 			return err
@@ -552,7 +551,7 @@ func (t *Team) AddRepository(repo *Repository) (err error) {
 				return err
 			}
 		}
-		if err = WatchRepo(u.Id, repo.Id, true); err != nil {
+		if err = watchRepo(sess, u.Id, repo.Id, true); err != nil {
 			sess.Rollback()
 			return err
 		}
@@ -593,7 +592,7 @@ func (t *Team) RemoveRepository(repoId int64) error {
 
 	// Remove access to team members.
 	for _, u := range t.Members {
-		auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, t.Id)
+		auth, err := getHighestAuthorize(sess, t.OrgId, u.Id, repo.Id, t.Id)
 		if err != nil {
 			sess.Rollback()
 			return err
@@ -607,7 +606,7 @@ func (t *Team) RemoveRepository(repoId int64) error {
 			if _, err = sess.Delete(access); err != nil {
 				sess.Rollback()
 				return fmt.Errorf("fail to delete access: %v", err)
-			} else if err = WatchRepo(u.Id, repo.Id, false); err != nil {
+			} else if err = watchRepo(sess, u.Id, repo.Id, false); err != nil {
 				sess.Rollback()
 				return err
 			}
@@ -678,10 +677,9 @@ func GetTeam(orgId int64, name string) (*Team, error) {
 	return t, nil
 }
 
-// GetTeamById returns team by given ID.
-func GetTeamById(teamId int64) (*Team, error) {
+func getTeamById(e Engine, teamId int64) (*Team, error) {
 	t := new(Team)
-	has, err := x.Id(teamId).Get(t)
+	has, err := e.Id(teamId).Get(t)
 	if err != nil {
 		return nil, err
 	} else if !has {
@@ -690,9 +688,13 @@ func GetTeamById(teamId int64) (*Team, error) {
 	return t, nil
 }
 
-// GetHighestAuthorize returns highest repository authorize level for given user and team.
-func GetHighestAuthorize(orgId, uid, repoId, teamId int64) (AuthorizeType, error) {
-	ts, err := GetUserTeams(orgId, uid)
+// GetTeamById returns team by given ID.
+func GetTeamById(teamId int64) (*Team, error) {
+	return getTeamById(x, teamId)
+}
+
+func getHighestAuthorize(e Engine, orgId, uid, repoId, teamId int64) (AuthorizeType, error) {
+	ts, err := getUserTeams(e, orgId, uid)
 	if err != nil {
 		return 0, err
 	}
@@ -714,6 +716,11 @@ func GetHighestAuthorize(orgId, uid, repoId, teamId int64) (AuthorizeType, error
 	return auth, nil
 }
 
+// GetHighestAuthorize returns highest repository authorize level for given user and team.
+func GetHighestAuthorize(orgId, uid, repoId, teamId int64) (AuthorizeType, error) {
+	return getHighestAuthorize(x, orgId, uid, repoId, teamId)
+}
+
 // UpdateTeam updates information of team.
 func UpdateTeam(t *Team, authChanged bool) (err error) {
 	if !IsLegalName(t.Name) {
@@ -866,10 +873,14 @@ type TeamUser struct {
 	TeamId int64
 }
 
+func isTeamMember(e Engine, orgId, teamId, uid int64) bool {
+	has, _ := e.Where("uid=?", uid).And("org_id=?", orgId).And("team_id=?", teamId).Get(new(TeamUser))
+	return has
+}
+
 // IsTeamMember returns true if given user is a member of team.
 func IsTeamMember(orgId, teamId, uid int64) bool {
-	has, _ := x.Where("uid=?", uid).And("org_id=?", orgId).And("team_id=?", teamId).Get(new(TeamUser))
-	return has
+	return isTeamMember(x, orgId, teamId, uid)
 }
 
 // GetTeamMembers returns all members in given team of organization.
@@ -879,17 +890,16 @@ func GetTeamMembers(orgId, teamId int64) ([]*User, error) {
 	return us, err
 }
 
-// GetUserTeams returns all teams that user belongs to in given organization.
-func GetUserTeams(orgId, uid int64) ([]*Team, error) {
+func getUserTeams(e Engine, orgId, uid int64) ([]*Team, error) {
 	tus := make([]*TeamUser, 0, 5)
-	if err := x.Where("uid=?", uid).And("org_id=?", orgId).Find(&tus); err != nil {
+	if err := e.Where("uid=?", uid).And("org_id=?", orgId).Find(&tus); err != nil {
 		return nil, err
 	}
 
 	ts := make([]*Team, len(tus))
 	for i, tu := range tus {
 		t := new(Team)
-		has, err := x.Id(tu.TeamId).Get(t)
+		has, err := e.Id(tu.TeamId).Get(t)
 		if err != nil {
 			return nil, err
 		} else if !has {
@@ -900,6 +910,11 @@ func GetUserTeams(orgId, uid int64) ([]*Team, error) {
 	return ts, nil
 }
 
+// GetUserTeams returns all teams that user belongs to in given organization.
+func GetUserTeams(orgId, uid int64) ([]*Team, error) {
+	return getUserTeams(x, orgId, uid)
+}
+
 // AddTeamMember adds new member to given team of given organization.
 func AddTeamMember(orgId, teamId, uid int64) error {
 	if IsTeamMember(orgId, teamId, uid) {
@@ -956,7 +971,7 @@ func AddTeamMember(orgId, teamId, uid int64) error {
 	// Give access to team repositories.
 	mode := AuthorizeToAccessType(t.Authorize)
 	for _, repo := range t.Repos {
-		auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, teamId)
+		auth, err := getHighestAuthorize(sess, t.OrgId, u.Id, repo.Id, teamId)
 		if err != nil {
 			sess.Rollback()
 			return err
@@ -993,13 +1008,13 @@ func AddTeamMember(orgId, teamId, uid int64) error {
 	return sess.Commit()
 }
 
-func removeTeamMemberWithSess(orgId, teamId, uid int64, sess *xorm.Session) error {
-	if !IsTeamMember(orgId, teamId, uid) {
+func removeTeamMember(e Engine, orgId, teamId, uid int64) error {
+	if !isTeamMember(e, orgId, teamId, uid) {
 		return nil
 	}
 
 	// Get team and its repositories.
-	t, err := GetTeamById(teamId)
+	t, err := getTeamById(e, teamId)
 	if err != nil {
 		return err
 	}
@@ -1033,19 +1048,16 @@ func removeTeamMemberWithSess(orgId, teamId, uid int64, sess *xorm.Session) erro
 		TeamId: teamId,
 	}
 
-	if _, err := sess.Delete(tu); err != nil {
-		sess.Rollback()
+	if _, err := e.Delete(tu); err != nil {
 		return err
-	} else if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {
-		sess.Rollback()
+	} else if _, err = e.Id(t.Id).AllCols().Update(t); err != nil {
 		return err
 	}
 
 	// Delete access to team repositories.
 	for _, repo := range t.Repos {
-		auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, teamId)
+		auth, err := getHighestAuthorize(e, t.OrgId, u.Id, repo.Id, teamId)
 		if err != nil {
-			sess.Rollback()
 			return err
 		}
 
@@ -1055,17 +1067,14 @@ func removeTeamMemberWithSess(orgId, teamId, uid int64, sess *xorm.Session) erro
 		}
 		// Delete access if this is the last team user belongs to.
 		if auth == 0 {
-			if _, err = sess.Delete(access); err != nil {
-				sess.Rollback()
+			if _, err = e.Delete(access); err != nil {
 				return fmt.Errorf("fail to delete access: %v", err)
-			} else if err = WatchRepo(u.Id, repo.Id, false); err != nil {
-				sess.Rollback()
+			} else if err = watchRepo(e, u.Id, repo.Id, false); err != nil {
 				return err
 			}
 		} else if auth < t.Authorize {
 			// Downgrade authorize level.
-			if err = addAccessWithAuthorize(sess, access, AuthorizeToAccessType(auth)); err != nil {
-				sess.Rollback()
+			if err = addAccessWithAuthorize(e, access, AuthorizeToAccessType(auth)); err != nil {
 				return err
 			}
 		}
@@ -1073,17 +1082,15 @@ func removeTeamMemberWithSess(orgId, teamId, uid int64, sess *xorm.Session) erro
 
 	// This must exist.
 	ou := new(OrgUser)
-	_, err = sess.Where("uid=?", uid).And("org_id=?", org.Id).Get(ou)
+	_, err = e.Where("uid=?", uid).And("org_id=?", org.Id).Get(ou)
 	if err != nil {
-		sess.Rollback()
 		return err
 	}
 	ou.NumTeams--
 	if t.IsOwnerTeam() {
 		ou.IsOwner = false
 	}
-	if _, err = sess.Id(ou.Id).AllCols().Update(ou); err != nil {
-		sess.Rollback()
+	if _, err = e.Id(ou.Id).AllCols().Update(ou); err != nil {
 		return err
 	}
 	return nil
@@ -1096,7 +1103,8 @@ func RemoveTeamMember(orgId, teamId, uid int64) error {
 	if err := sess.Begin(); err != nil {
 		return err
 	}
-	if err := removeTeamMemberWithSess(orgId, teamId, uid, sess); err != nil {
+	if err := removeTeamMember(sess, orgId, teamId, uid); err != nil {
+		sess.Rollback()
 		return err
 	}
 	return sess.Commit()