summaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
authorPeter Smit <peter@smitmail.eu>2015-02-13 13:58:19 +0200
committerPeter Smit <peter@smitmail.eu>2015-02-13 13:58:19 +0200
commitddf7014b9b16e571e86c87962be9f9cbe140a93b (patch)
treee8a98a3a3eb5377f17dc102e340875e82716ddcd /models
parent25f5a8d7986a710cef01d02725071d2de0a6b143 (diff)
downloadgitea-ddf7014b9b16e571e86c87962be9f9cbe140a93b.tar.gz
gitea-ddf7014b9b16e571e86c87962be9f9cbe140a93b.zip
Rewrite of access migration
The old migration had a few issues: - It left old column names around - It did not give the right access levels for owners and admins Also, this includes a migration that fixes the authorization of owner teams, which was previously ORG_ADMIN (instead of ORG_OWNER)
Diffstat (limited to 'models')
-rw-r--r--models/migrations/migrations.go138
1 files changed, 78 insertions, 60 deletions
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
index e69b0a1f5e..f6ef513207 100644
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -51,7 +51,8 @@ type Version struct {
// update _MIN_VER_DB accordingly
var migrations = []Migration{
NewMigration("generate collaboration from access", accessToCollaboration), // V0 -> V1
- NewMigration("refactor access table to use id's", accessRefactor), // V1 -> V2
+ NewMigration("make authorize 4 if team is owners", ownerTeamUpdate), // V1 -> V2
+ NewMigration("refactor access table to use id's", accessRefactor), // V2 -> V3
}
// Migrate database to current version
@@ -212,90 +213,107 @@ func accessToCollaboration(x *xorm.Engine) (err error) {
return sess.Commit()
}
+func ownerTeamUpdate(x *xorm.Engine) (err error) {
+ if _, err := x.Exec("UPDATE team SET authorize=4 WHERE lower_name=?", "owners"); err != nil {
+ return fmt.Errorf("drop table: %v", err)
+ }
+ return nil
+}
+
func accessRefactor(x *xorm.Engine) (err error) {
type (
AccessMode int
Access struct {
- ID int64 `xorm:"pk autoincr"`
- UserName string
- RepoName string
- UserID int64 `xorm:"UNIQUE(s)"`
- RepoID int64 `xorm:"UNIQUE(s)"`
- Mode AccessMode
+ ID int64 `xorm:"pk autoincr"`
+ UserID int64 `xorm:"UNIQUE(s)"`
+ RepoID int64 `xorm:"UNIQUE(s)"`
+ Mode AccessMode
+ }
+ UserRepo struct {
+ UserID int64
+ RepoID int64
}
)
- var rawSQL string
- switch {
- case setting.UseSQLite3, setting.UsePostgreSQL:
- rawSQL = "DROP INDEX IF EXISTS `UQE_access_S`"
- case setting.UseMySQL:
- rawSQL = "DROP INDEX `UQE_access_S` ON `access`"
- }
- if _, err = x.Exec(rawSQL); err != nil &&
- !strings.Contains(err.Error(), "check that column/key exists") {
- return fmt.Errorf("drop index: %v", err)
- }
+ // We consiously don't start a session yet as we make only reads for now, no writes
- sess := x.NewSession()
- defer sessionRelease(sess)
- if err = sess.Begin(); err != nil {
+ accessMap := make(map[UserRepo]AccessMode, 50)
+
+ results, err := x.Query("SELECT r.id as `repo_id`, r.is_private as `is_private`, r.owner_id as `owner_id`, u.type as `owner_type` FROM `repository` r LEFT JOIN user u ON r.owner_id=u.id")
+ if err != nil {
return err
}
+ for _, repo := range results {
+ repoID := com.StrTo(repo["repo_id"]).MustInt64()
+ isPrivate := com.StrTo(repo["is_private"]).MustInt() > 0
+ ownerID := com.StrTo(repo["owner_id"]).MustInt64()
+ ownerIsOrganization := com.StrTo(repo["owner_type"]).MustInt() > 0
- if err = sess.Sync2(new(Access)); err != nil {
- return fmt.Errorf("sync: %v", err)
- }
+ results, err := x.Query("SELECT user_id FROM collaboration WHERE repo_id=?", repoID)
+ if err != nil {
+ return fmt.Errorf("select repos: %v", err)
+ }
+ for _, user := range results {
+ userID := com.StrTo(user["user_id"]).MustInt64()
+ accessMap[UserRepo{userID, repoID}] = 2 // WRITE ACCESS
+ }
- accesses := make([]*Access, 0, 50)
- if err = sess.Iterate(new(Access), func(idx int, bean interface{}) error {
- a := bean.(*Access)
+ if !ownerIsOrganization {
+ continue
+ }
- // Update username to user ID.
- users, err := sess.Query("SELECT `id` FROM `user` WHERE lower_name=?", a.UserName)
+ minAccessLevel := AccessMode(0)
+ if !isPrivate {
+ minAccessLevel = 1
+ }
+
+ repoString := "$" + string(repo["repo_id"]) + "|"
+
+ results, err = x.Query("SELECT id, authorize, repo_ids FROM team WHERE org_id=? AND authorize > ? ORDER BY authorize ASC", ownerID, int(minAccessLevel))
if err != nil {
- return fmt.Errorf("query user: %v", err)
- } else if len(users) < 1 {
- return nil
+ return fmt.Errorf("select teams from org: %v", err)
}
- a.UserID = com.StrTo(users[0]["id"]).MustInt64()
- // Update repository name(username/reponame) to repository ID.
- names := strings.Split(a.RepoName, "/")
- ownerName := names[0]
- repoName := names[1]
+ for _, team := range results {
+ if !strings.Contains(string(team["repo_ids"]), repoString) {
+ continue
+ }
+ teamID := com.StrTo(team["id"]).MustInt64()
+ mode := AccessMode(com.StrTo(team["authorize"]).MustInt())
- // Check if user is the owner of the repository.
- ownerID := a.UserID
- if ownerName != a.UserName {
- users, err := sess.Query("SELECT `id` FROM `user` WHERE lower_name=?", ownerName)
+ results, err := x.Query("SELECT uid FROM team_user WHERE team_id=?", teamID)
if err != nil {
- return fmt.Errorf("query owner: %v", err)
- } else if len(users) < 1 {
- return nil
+ return fmt.Errorf("select users from team: %v", err)
+ }
+ for _, user := range results {
+ userID := com.StrTo(user["uid"]).MustInt64()
+ accessMap[UserRepo{userID, repoID}] = mode
}
- ownerID = com.StrTo(users[0]["id"]).MustInt64()
}
+ }
- repos, err := sess.Query("SELECT `id` FROM `repository` WHERE owner_id=? AND lower_name=?", ownerID, repoName)
- if err != nil {
- return fmt.Errorf("query repository: %v", err)
- } else if len(repos) < 1 {
- return nil
- }
- a.RepoID = com.StrTo(repos[0]["id"]).MustInt64()
+ // Drop table can't be in a session (at least not in sqlite)
+ if _, err = x.Exec("DROP TABLE access"); err != nil {
+ return fmt.Errorf("drop table: %v", err)
+ }
- accesses = append(accesses, a)
- return nil
- }); err != nil {
- return fmt.Errorf("iterate: %v", err)
+ // Now we start writing so we make a session
+ sess := x.NewSession()
+ defer sessionRelease(sess)
+ if err = sess.Begin(); err != nil {
+ return err
}
- for i := range accesses {
- if _, err = sess.Id(accesses[i].ID).Update(accesses[i]); err != nil {
- return fmt.Errorf("update: %v", err)
- }
+ if err = sess.Sync2(new(Access)); err != nil {
+ return fmt.Errorf("sync: %v", err)
+ }
+
+ accesses := make([]*Access, 0, len(accessMap))
+ for ur, mode := range accessMap {
+ accesses = append(accesses, &Access{UserID: ur.UserID, RepoID: ur.RepoID, Mode: mode})
}
+ _, err = sess.Insert(accesses)
+
return sess.Commit()
}