diff options
| author | Unknwon <joe2010xtmf@163.com> | 2014-08-26 18:11:15 +0800 |
|---|---|---|
| committer | Unknwon <joe2010xtmf@163.com> | 2014-08-26 18:11:15 +0800 |
| commit | 74b31566cf5caaf6bf73584e621d56ca99c048d1 (patch) | |
| tree | 078a8428e5241d13600482301444684720a77283 /models/org.go | |
| parent | f2c263c54facdcbc9375a47535c0389fd7d05875 (diff) | |
| download | gitea-74b31566cf5caaf6bf73584e621d56ca99c048d1.tar.gz gitea-74b31566cf5caaf6bf73584e621d56ca99c048d1.zip | |
Finsih add/remove repo in organization
Diffstat (limited to 'models/org.go')
| -rw-r--r-- | models/org.go | 230 |
1 files changed, 175 insertions, 55 deletions
diff --git a/models/org.go b/models/org.go index 27228382d3..5d73cf3ff2 100644 --- a/models/org.go +++ b/models/org.go @@ -369,6 +369,13 @@ const ( ORG_ADMIN ) +func AuthorizeToAccessType(auth AuthorizeType) AccessType { + if auth == ORG_READABLE { + return READABLE + } + return WRITABLE +} + const OWNER_TEAM = "Owners" // Team represents a organization team. @@ -433,6 +440,142 @@ func (t *Team) RemoveMember(uid int64) error { return RemoveTeamMember(t.OrgId, t.Id, uid) } +// addAccessWithAuthorize inserts or updates access with given mode. +func addAccessWithAuthorize(sess *xorm.Session, access *Access, mode AccessType) error { + has, err := x.Get(access) + if err != nil { + return fmt.Errorf("fail to get access: %v", err) + } + access.Mode = mode + if has { + if _, err = sess.Id(access.Id).Update(access); err != nil { + return fmt.Errorf("fail to update access: %v", err) + } + } else { + if _, err = sess.Insert(access); err != nil { + return fmt.Errorf("fail to insert access: %v", err) + } + } + return nil +} + +// AddRepository adds new repository to team of organization. +func (t *Team) AddRepository(repo *Repository) (err error) { + idStr := "$" + com.ToStr(repo.Id) + "|" + if repo.OwnerId != t.OrgId { + return errors.New("Repository not belong to organization") + } else if strings.Contains(t.RepoIds, idStr) { + return nil + } + + if err = repo.GetOwner(); err != nil { + return err + } else if err = t.GetMembers(); err != nil { + return err + } + + sess := x.NewSession() + defer sess.Close() + if err = sess.Begin(); err != nil { + return err + } + + t.NumRepos++ + t.RepoIds += idStr + if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil { + sess.Rollback() + return err + } + + // Give access to team members. + mode := AuthorizeToAccessType(t.Authorize) + + for _, u := range t.Members { + auth, err := GetHighestAuthorize(t.OrgId, u.Id, t.Id, repo.Id) + if err != nil { + sess.Rollback() + return err + } + + access := &Access{ + UserName: u.LowerName, + RepoName: path.Join(repo.Owner.LowerName, repo.LowerName), + } + if auth == 0 { + access.Mode = mode + if _, err = sess.Insert(access); err != nil { + sess.Rollback() + return fmt.Errorf("fail to insert access: %v", err) + } + } else if auth < t.Authorize { + if err = addAccessWithAuthorize(sess, access, mode); err != nil { + sess.Rollback() + return err + } + } + } + return sess.Commit() +} + +// RemoveRepository removes repository from team of organization. +func (t *Team) RemoveRepository(repoId int64) error { + idStr := "$" + com.ToStr(repoId) + "|" + if !strings.Contains(t.RepoIds, idStr) { + return nil + } + + repo, err := GetRepositoryById(repoId) + if err != nil { + return err + } + + if err = repo.GetOwner(); err != nil { + return err + } else if err = t.GetMembers(); err != nil { + return err + } + + sess := x.NewSession() + defer sess.Close() + if err = sess.Begin(); err != nil { + return err + } + + t.NumRepos-- + t.RepoIds = strings.Replace(t.RepoIds, idStr, "", 1) + if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil { + sess.Rollback() + return err + } + + // Remove access to team members. + for _, u := range t.Members { + auth, err := GetHighestAuthorize(t.OrgId, u.Id, t.Id, repo.Id) + if err != nil { + sess.Rollback() + return err + } + + access := &Access{ + UserName: u.LowerName, + RepoName: path.Join(repo.Owner.LowerName, repo.LowerName), + } + if auth == 0 { + if _, err = sess.Delete(access); err != nil { + sess.Rollback() + return fmt.Errorf("fail to delete access: %v", err) + } + } else if auth < t.Authorize { + if err = addAccessWithAuthorize(sess, access, AuthorizeToAccessType(auth)); err != nil { + sess.Rollback() + return err + } + } + } + + return sess.Commit() +} + // NewTeam creates a record of new team. // It's caller's responsibility to assign organization ID. func NewTeam(t *Team) error { @@ -554,16 +697,10 @@ func UpdateTeam(t *Team, authChanged bool) (err error) { return err } - mode := READABLE - if t.Authorize > ORG_READABLE { - mode = WRITABLE - } - access := &Access{ - Mode: mode, - } + // Update access. + mode := AuthorizeToAccessType(t.Authorize) for _, repo := range t.Repos { - access.RepoName = path.Join(org.LowerName, repo.LowerName) for _, u := range t.Members { // ORG_WRITABLE is the highest authorize level for now. // Skip checking others if current team has this level. @@ -578,8 +715,11 @@ func UpdateTeam(t *Team, authChanged bool) (err error) { } } - access.UserName = u.LowerName - if _, err = sess.Update(access); err != nil { + access := &Access{ + UserName: u.LowerName, + RepoName: path.Join(org.LowerName, repo.LowerName), + } + if err = addAccessWithAuthorize(sess, access, mode); err != nil { sess.Rollback() return err } @@ -617,36 +757,26 @@ func DeleteTeam(t *Team) error { } // Delete all accesses. - mode := READABLE - if t.Authorize > ORG_READABLE { - mode = WRITABLE - } - access := new(Access) - for _, repo := range t.Repos { - access.RepoName = path.Join(org.LowerName, repo.LowerName) for _, u := range t.Members { - access.UserName = u.LowerName - access.Mode = mode auth, err := GetHighestAuthorize(org.Id, u.Id, t.Id, repo.Id) if err != nil { sess.Rollback() return err } + access := &Access{ + UserName: u.LowerName, + RepoName: path.Join(org.LowerName, repo.LowerName), + } if auth == 0 { if _, err = sess.Delete(access); err != nil { sess.Rollback() - return err + return fmt.Errorf("fail to delete access: %v", err) } } else if auth < t.Authorize { // Downgrade authorize level. - mode := READABLE - if auth > ORG_READABLE { - mode = WRITABLE - } - access.Mode = mode - if _, err = sess.Update(access); err != nil { + if err = addAccessWithAuthorize(sess, access, AuthorizeToAccessType(auth)); err != nil { sess.Rollback() return err } @@ -779,15 +909,6 @@ func AddTeamMember(orgId, teamId, uid int64) error { TeamId: teamId, } - mode := READABLE - if t.Authorize > ORG_READABLE { - mode = WRITABLE - } - access := &Access{ - UserName: u.LowerName, - Mode: mode, - } - if _, err = sess.Insert(tu); err != nil { sess.Rollback() return err @@ -797,6 +918,7 @@ func AddTeamMember(orgId, teamId, uid int64) error { } // Give access to team repositories. + mode := AuthorizeToAccessType(t.Authorize) for _, repo := range t.Repos { auth, err := GetHighestAuthorize(orgId, uid, teamId, repo.Id) if err != nil { @@ -804,22 +926,24 @@ func AddTeamMember(orgId, teamId, uid int64) error { return err } - access.Id = 0 - access.RepoName = path.Join(org.LowerName, repo.LowerName) + access := &Access{ + UserName: u.LowerName, + RepoName: path.Join(org.LowerName, repo.LowerName), + } // Equal 0 means given access doesn't exist. if auth == 0 { + access.Mode = mode if _, err = sess.Insert(access); err != nil { sess.Rollback() - return err + return fmt.Errorf("fail to insert access: %v", err) } } else if auth < t.Authorize { - if _, err = sess.Update(access); err != nil { + if err = addAccessWithAuthorize(sess, access, mode); err != nil { sess.Rollback() return err } } } - fmt.Println("kao") // We make sure it exists before. ou := new(OrgUser) @@ -889,10 +1013,6 @@ func removeTeamMemberWithSess(orgId, teamId, uid int64, sess *xorm.Session) erro } // Delete access to team repositories. - access := &Access{ - UserName: u.LowerName, - } - for _, repo := range t.Repos { auth, err := GetHighestAuthorize(orgId, uid, teamId, repo.Id) if err != nil { @@ -900,22 +1020,22 @@ func removeTeamMemberWithSess(orgId, teamId, uid int64, sess *xorm.Session) erro return err } + access := &Access{ + UserName: u.LowerName, + RepoName: path.Join(org.LowerName, repo.LowerName), + } // Delete access if this is the last team user belongs to. if auth == 0 { - access.RepoName = path.Join(org.LowerName, repo.LowerName) - _, err = sess.Delete(access) + if _, err = sess.Delete(access); err != nil { + sess.Rollback() + return fmt.Errorf("fail to delete access: %v", err) + } } else if auth < t.Authorize { // Downgrade authorize level. - mode := READABLE - if auth > ORG_READABLE { - mode = WRITABLE + if err = addAccessWithAuthorize(sess, access, AuthorizeToAccessType(auth)); err != nil { + sess.Rollback() + return err } - access.Mode = mode - _, err = sess.Update(access) - } - if err != nil { - sess.Rollback() - return err } } |