Repository transfer has to be confirmed, if user can not create repo for new owner (#14792)

* make repo as "pending transfer" if on transfer start doer has no right to create repo in new destination

* if new pending transfer ocured, create UI & Mail notifications

3 files changed, 94 insertions, 0 deletions

diff --git a/services/mailer/mail.go b/services/mailer/mail.go
index e87d34ab29..7d6214c742 100644
--- a/services/mailer/mail.go
+++ b/services/mailer/mail.go
@@ -34,6 +34,8 @@ const (
 
 	mailNotifyCollaborator base.TplName = "notify/collaborator"
 
+	mailRepoTransferNotify base.TplName = "notify/repo_transfer"
+
 	// There's no actual limit for subject in RFC 5322
 	mailMaxSubjectRunes = 256
 )
diff --git a/services/mailer/mail_repo.go b/services/mailer/mail_repo.go
new file mode 100644
index 0000000000..b9d24f4334
--- /dev/null
+++ b/services/mailer/mail_repo.go
@@ -0,0 +1,57 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package mailer
+
+import (
+	"bytes"
+	"fmt"
+
+	"code.gitea.io/gitea/models"
+)
+
+// SendRepoTransferNotifyMail triggers a notification e-mail when a pending repository transfer was created
+func SendRepoTransferNotifyMail(doer, newOwner *models.User, repo *models.Repository) error {
+	var (
+		emails      []string
+		destination string
+		content     bytes.Buffer
+	)
+
+	if newOwner.IsOrganization() {
+		users, err := models.GetUsersWhoCanCreateOrgRepo(newOwner.ID)
+		if err != nil {
+			return err
+		}
+
+		for i := range users {
+			emails = append(emails, users[i].Email)
+		}
+		destination = newOwner.DisplayName()
+	} else {
+		emails = []string{newOwner.Email}
+		destination = "you"
+	}
+
+	subject := fmt.Sprintf("%s would like to transfer \"%s\" to %s", doer.DisplayName(), repo.FullName(), destination)
+	data := map[string]interface{}{
+		"Doer":    doer,
+		"User":    repo.Owner,
+		"Repo":    repo.FullName(),
+		"Link":    repo.HTMLURL(),
+		"Subject": subject,
+
+		"Destination": destination,
+	}
+
+	if err := bodyTemplates.ExecuteTemplate(&content, string(mailRepoTransferNotify), data); err != nil {
+		return err
+	}
+
+	msg := NewMessage(emails, subject, content.String())
+	msg.Info = fmt.Sprintf("UID: %d, repository pending transfer notification", newOwner.ID)
+
+	SendAsync(msg)
+	return nil
+}
diff --git a/services/repository/transfer.go b/services/repository/transfer.go
index e2416cf8de..ec769190bd 100644
--- a/services/repository/transfer.go
+++ b/services/repository/transfer.go
@@ -70,3 +70,38 @@ func ChangeRepositoryName(doer *models.User, repo *models.Repository, newRepoNam
 
 	return nil
 }
+
+// StartRepositoryTransfer transfer a repo from one owner to a new one.
+// it make repository into pending transfer state, if doer can not create repo for new owner.
+func StartRepositoryTransfer(doer, newOwner *models.User, repo *models.Repository, teams []*models.Team) error {
+	if err := models.TestRepositoryReadyForTransfer(repo.Status); err != nil {
+		return err
+	}
+
+	// Admin is always allowed to transfer || user transfer repo back to his account
+	if doer.IsAdmin || doer.ID == newOwner.ID {
+		return TransferOwnership(doer, newOwner, repo, teams)
+	}
+
+	// If new owner is an org and user can create repos he can transfer directly too
+	if newOwner.IsOrganization() {
+		allowed, err := models.CanCreateOrgRepo(newOwner.ID, doer.ID)
+		if err != nil {
+			return err
+		}
+		if allowed {
+			return TransferOwnership(doer, newOwner, repo, teams)
+		}
+	}
+
+	// Make repo as pending for transfer
+	repo.Status = models.RepositoryPendingTransfer
+	if err := models.CreatePendingRepositoryTransfer(doer, newOwner, repo.ID, teams); err != nil {
+		return err
+	}
+
+	// notify users who are able to accept / reject transfer
+	notification.NotifyRepoPendingTransfer(doer, newOwner, repo)
+
+	return nil
+}