mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1384 Commits
17 Branches
Tree: 74b31566cf
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '74b31566cf'
${ noResults }
gitea/models/org.go

org.go 24KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"errors"

  9. 	"fmt"

  10. 	"os"

  11. 	"path"

  12. 	"strings"

  13. 

  14. 	"github.com/Unknwon/com"

  15. 	"github.com/go-xorm/xorm"

  16. 

  17. 	"github.com/gogits/gogs/modules/base"

  18. )

  19. 

  20. var (

  21. 	ErrOrgNotExist      = errors.New("Organization does not exist")

  22. 	ErrTeamAlreadyExist = errors.New("Team already exist")

  23. 	ErrTeamNotExist     = errors.New("Team does not exist")

  24. 	ErrTeamNameIllegal  = errors.New("Team name contains illegal characters")

  25. 	ErrLastOrgOwner     = errors.New("The user to remove is the last member in owner team")

  26. )

  27. 

  28. // IsOrgOwner returns true if given user is in the owner team.

  29. func (org *User) IsOrgOwner(uid int64) bool {

  30. 	return IsOrganizationOwner(org.Id, uid)

  31. }

  32. 

  33. // IsOrgMember returns true if given user is member of organization.

  34. func (org *User) IsOrgMember(uid int64) bool {

  35. 	return IsOrganizationMember(org.Id, uid)

  36. }

  37. 

  38. // GetTeam returns named team of organization.

  39. func (org *User) GetTeam(name string) (*Team, error) {

  40. 	return GetTeam(org.Id, name)

  41. }

  42. 

  43. // GetOwnerTeam returns owner team of organization.

  44. func (org *User) GetOwnerTeam() (*Team, error) {

  45. 	return org.GetTeam(OWNER_TEAM)

  46. }

  47. 

  48. // GetTeams returns all teams that belong to organization.

  49. func (org *User) GetTeams() error {

  50. 	return x.Where("org_id=?", org.Id).Find(&org.Teams)

  51. }

  52. 

  53. // GetMembers returns all members of organization.

  54. func (org *User) GetMembers() error {

  55. 	ous, err := GetOrgUsersByOrgId(org.Id)

  56. 	if err != nil {

  57. 		return err

  58. 	}

  59. 

  60. 	org.Members = make([]*User, len(ous))

  61. 	for i, ou := range ous {

  62. 		org.Members[i], err = GetUserById(ou.Uid)

  63. 		if err != nil {

  64. 			return err

  65. 		}

  66. 	}

  67. 	return nil

  68. }

  69. 

  70. // AddMember adds new member to organization.

  71. func (org *User) AddMember(uid int64) error {

  72. 	return AddOrgUser(org.Id, uid)

  73. }

  74. 

  75. // RemoveMember removes member from organization.

  76. func (org *User) RemoveMember(uid int64) error {

  77. 	return RemoveOrgUser(org.Id, uid)

  78. }

  79. 

  80. // CreateOrganization creates record of a new organization.

  81. func CreateOrganization(org, owner *User) (*User, error) {

  82. 	if !IsLegalName(org.Name) {

  83. 		return nil, ErrUserNameIllegal

  84. 	}

  85. 

  86. 	isExist, err := IsUserExist(org.Name)

  87. 	if err != nil {

  88. 		return nil, err

  89. 	} else if isExist {

  90. 		return nil, ErrUserAlreadyExist

  91. 	}

  92. 

  93. 	isExist, err = IsEmailUsed(org.Email)

  94. 	if err != nil {

  95. 		return nil, err

  96. 	} else if isExist {

  97. 		return nil, ErrEmailAlreadyUsed

  98. 	}

  99. 

  100. 	org.LowerName = strings.ToLower(org.Name)

  101. 	org.FullName = org.Name

  102. 	org.Avatar = base.EncodeMd5(org.Email)

  103. 	org.AvatarEmail = org.Email

  104. 	// No password for organization.

  105. 	org.NumTeams = 1

  106. 	org.NumMembers = 1

  107. 

  108. 	sess := x.NewSession()

  109. 	defer sess.Close()

  110. 	if err = sess.Begin(); err != nil {

  111. 		return nil, err

  112. 	}

  113. 

  114. 	if _, err = sess.Insert(org); err != nil {

  115. 		sess.Rollback()

  116. 		return nil, err

  117. 	}

  118. 

  119. 	if err = os.MkdirAll(UserPath(org.Name), os.ModePerm); err != nil {

  120. 		sess.Rollback()

  121. 		return nil, err

  122. 	}

  123. 

  124. 	// Create default owner team.

  125. 	t := &Team{

  126. 		OrgId:      org.Id,

  127. 		LowerName:  strings.ToLower(OWNER_TEAM),

  128. 		Name:       OWNER_TEAM,

  129. 		Authorize:  ORG_ADMIN,

  130. 		NumMembers: 1,

  131. 	}

  132. 	if _, err = sess.Insert(t); err != nil {

  133. 		sess.Rollback()

  134. 		return nil, err

  135. 	}

  136. 

  137. 	// Add initial creator to organization and owner team.

  138. 	ou := &OrgUser{

  139. 		Uid:      owner.Id,

  140. 		OrgId:    org.Id,

  141. 		IsOwner:  true,

  142. 		NumTeams: 1,

  143. 	}

  144. 	if _, err = sess.Insert(ou); err != nil {

  145. 		sess.Rollback()

  146. 		return nil, err

  147. 	}

  148. 

  149. 	tu := &TeamUser{

  150. 		Uid:    owner.Id,

  151. 		OrgId:  org.Id,

  152. 		TeamId: t.Id,

  153. 	}

  154. 	if _, err = sess.Insert(tu); err != nil {

  155. 		sess.Rollback()

  156. 		return nil, err

  157. 	}

  158. 

  159. 	return org, sess.Commit()

  160. }

  161. 

  162. // TODO: need some kind of mechanism to record failure.

  163. // DeleteOrganization completely and permanently deletes everything of organization.

  164. func DeleteOrganization(org *User) (err error) {

  165. 	if err := DeleteUser(org); err != nil {

  166. 		return err

  167. 	}

  168. 

  169. 	sess := x.NewSession()

  170. 	defer sess.Close()

  171. 	if err = sess.Begin(); err != nil {

  172. 		return err

  173. 	}

  174. 

  175. 	if _, err = sess.Delete(&Team{OrgId: org.Id}); err != nil {

  176. 		sess.Rollback()

  177. 		return err

  178. 	}

  179. 	if _, err = sess.Delete(&OrgUser{OrgId: org.Id}); err != nil {

  180. 		sess.Rollback()

  181. 		return err

  182. 	}

  183. 	if _, err = sess.Delete(&TeamUser{OrgId: org.Id}); err != nil {

  184. 		sess.Rollback()

  185. 		return err

  186. 	}

  187. 	return sess.Commit()

  188. }

  189. 

  190. // ________                ____ ___

  191. // \_____  \_______  ____ |    |   \______ ___________

  192. //  /   |   \_  __ \/ ___\|    |   /  ___// __ \_  __ \

  193. // /    |    \  | \/ /_/  >    |  /\___ \\  ___/|  | \/

  194. // \_______  /__|  \___  /|______//____  >\___  >__|

  195. //         \/     /_____/              \/     \/

  196. 

  197. // OrgUser represents an organization-user relation.

  198. type OrgUser struct {

  199. 	Id       int64

  200. 	Uid      int64 `xorm:"INDEX UNIQUE(s)"`

  201. 	OrgId    int64 `xorm:"INDEX UNIQUE(s)"`

  202. 	IsPublic bool

  203. 	IsOwner  bool

  204. 	NumTeams int

  205. }

  206. 

  207. // IsOrganizationOwner returns true if given user is in the owner team.

  208. func IsOrganizationOwner(orgId, uid int64) bool {

  209. 	has, _ := x.Where("is_owner=?", true).And("uid=?", uid).And("org_id=?", orgId).Get(new(OrgUser))

  210. 	return has

  211. }

  212. 

  213. // IsOrganizationMember returns true if given user is member of organization.

  214. func IsOrganizationMember(orgId, uid int64) bool {

  215. 	has, _ := x.Where("uid=?", uid).And("org_id=?", orgId).Get(new(OrgUser))

  216. 	return has

  217. }

  218. 

  219. // IsPublicMembership returns ture if given user public his/her membership.

  220. func IsPublicMembership(orgId, uid int64) bool {

  221. 	has, _ := x.Where("uid=?", uid).And("org_id=?", orgId).And("is_public=?", true).Get(new(OrgUser))

  222. 	return has

  223. }

  224. 

  225. // GetOrgUsersByUserId returns all organization-user relations by user ID.

  226. func GetOrgUsersByUserId(uid int64) ([]*OrgUser, error) {

  227. 	ous := make([]*OrgUser, 0, 10)

  228. 	err := x.Where("uid=?", uid).Find(&ous)

  229. 	return ous, err

  230. }

  231. 

  232. // GetOrgUsersByOrgId returns all organization-user relations by organization ID.

  233. func GetOrgUsersByOrgId(orgId int64) ([]*OrgUser, error) {

  234. 	ous := make([]*OrgUser, 0, 10)

  235. 	err := x.Where("org_id=?", orgId).Find(&ous)

  236. 	return ous, err

  237. }

  238. 

  239. // ChangeOrgUserStatus changes public or private membership status.

  240. func ChangeOrgUserStatus(orgId, uid int64, public bool) error {

  241. 	ou := new(OrgUser)

  242. 	has, err := x.Where("uid=?", uid).And("org_id=?", orgId).Get(ou)

  243. 	if err != nil {

  244. 		return err

  245. 	} else if !has {

  246. 		return nil

  247. 	}

  248. 

  249. 	ou.IsPublic = public

  250. 	_, err = x.Id(ou.Id).AllCols().Update(ou)

  251. 	return err

  252. }

  253. 

  254. // AddOrgUser adds new user to given organization.

  255. func AddOrgUser(orgId, uid int64) error {

  256. 	if IsOrganizationMember(orgId, uid) {

  257. 		return nil

  258. 	}

  259. 

  260. 	sess := x.NewSession()

  261. 	defer sess.Close()

  262. 	if err := sess.Begin(); err != nil {

  263. 		return err

  264. 	}

  265. 

  266. 	ou := &OrgUser{

  267. 		Uid:   uid,

  268. 		OrgId: orgId,

  269. 	}

  270. 

  271. 	if _, err := sess.Insert(ou); err != nil {

  272. 		sess.Rollback()

  273. 		return err

  274. 	} else if _, err = sess.Exec("UPDATE `user` SET num_members = num_members + 1 WHERE id = ?", orgId); err != nil {

  275. 		sess.Rollback()

  276. 		return err

  277. 	}

  278. 

  279. 	return sess.Commit()

  280. }

  281. 

  282. // RemoveOrgUser removes user from given organization.

  283. func RemoveOrgUser(orgId, uid int64) error {

  284. 	ou := new(OrgUser)

  285. 

  286. 	has, err := x.Where("uid=?", uid).And("org_id=?", orgId).Get(ou)

  287. 	if err != nil {

  288. 		return err

  289. 	} else if !has {

  290. 		return nil

  291. 	}

  292. 

  293. 	u, err := GetUserById(uid)

  294. 	if err != nil {

  295. 		return err

  296. 	}

  297. 	org, err := GetUserById(orgId)

  298. 	if err != nil {

  299. 		return err

  300. 	}

  301. 

  302. 	// Check if the user to delete is the last member in owner team.

  303. 	if IsOrganizationOwner(orgId, uid) {

  304. 		t, err := org.GetOwnerTeam()

  305. 		if err != nil {

  306. 			return err

  307. 		}

  308. 		if t.NumMembers == 1 {

  309. 			return ErrLastOrgOwner

  310. 		}

  311. 	}

  312. 

  313. 	sess := x.NewSession()

  314. 	defer sess.Close()

  315. 	if err := sess.Begin(); err != nil {

  316. 		return err

  317. 	}

  318. 

  319. 	if _, err := sess.Id(ou.Id).Delete(ou); err != nil {

  320. 		sess.Rollback()

  321. 		return err

  322. 	} else if _, err = sess.Exec("UPDATE `user` SET num_members = num_members - 1 WHERE id = ?", orgId); err != nil {

  323. 		sess.Rollback()

  324. 		return err

  325. 	}

  326. 

  327. 	// Delete all repository accesses.

  328. 	if err = org.GetRepositories(); err != nil {

  329. 		sess.Rollback()

  330. 		return err

  331. 	}

  332. 	access := &Access{

  333. 		UserName: u.LowerName,

  334. 	}

  335. 	for _, repo := range org.Repos {

  336. 		access.RepoName = path.Join(org.LowerName, repo.LowerName)

  337. 		if _, err = sess.Delete(access); err != nil {

  338. 			sess.Rollback()

  339. 			return err

  340. 		}

  341. 	}

  342. 

  343. 	// Delete member in his/her teams.

  344. 	ts, err := GetUserTeams(org.Id, u.Id)

  345. 	if err != nil {

  346. 		return err

  347. 	}

  348. 	for _, t := range ts {

  349. 		if err = removeTeamMemberWithSess(org.Id, t.Id, u.Id, sess); err != nil {

  350. 			return err

  351. 		}

  352. 	}

  353. 

  354. 	return sess.Commit()

  355. }

  356. 

  357. // ___________

  358. // \__    ___/___ _____    _____

  359. //   |    |_/ __ \\__  \  /     \

  360. //   |    |\  ___/ / __ \|  Y Y  \

  361. //   |____| \___  >____  /__|_|  /

  362. //              \/     \/      \/

  363. 

  364. type AuthorizeType int

  365. 

  366. const (

  367. 	ORG_READABLE AuthorizeType = iota + 1

  368. 	ORG_WRITABLE

  369. 	ORG_ADMIN

  370. )

  371. 

  372. func AuthorizeToAccessType(auth AuthorizeType) AccessType {

  373. 	if auth == ORG_READABLE {

  374. 		return READABLE

  375. 	}

  376. 	return WRITABLE

  377. }

  378. 

  379. const OWNER_TEAM = "Owners"

  380. 

  381. // Team represents a organization team.

  382. type Team struct {

  383. 	Id          int64

  384. 	OrgId       int64 `xorm:"INDEX"`

  385. 	LowerName   string

  386. 	Name        string

  387. 	Description string

  388. 	Authorize   AuthorizeType

  389. 	RepoIds     string        `xorm:"TEXT"`

  390. 	Repos       []*Repository `xorm:"-"`

  391. 	Members     []*User       `xorm:"-"`

  392. 	NumRepos    int

  393. 	NumMembers  int

  394. }

  395. 

  396. // IsOwnerTeam returns true if team is owner team.

  397. func (t *Team) IsOwnerTeam() bool {

  398. 	return t.Name == OWNER_TEAM

  399. }

  400. 

  401. // IsTeamMember returns true if given user is a member of team.

  402. func (t *Team) IsMember(uid int64) bool {

  403. 	return IsTeamMember(t.OrgId, t.Id, uid)

  404. }

  405. 

  406. // GetRepositories returns all repositories in team of organization.

  407. func (t *Team) GetRepositories() error {

  408. 	idStrs := strings.Split(t.RepoIds, "|")

  409. 	t.Repos = make([]*Repository, 0, len(idStrs))

  410. 	for _, str := range idStrs {

  411. 		if len(str) == 0 {

  412. 			continue

  413. 		}

  414. 		id := com.StrTo(str[1:]).MustInt64()

  415. 		if id == 0 {

  416. 			continue

  417. 		}

  418. 		repo, err := GetRepositoryById(id)

  419. 		if err != nil {

  420. 			return err

  421. 		}

  422. 		t.Repos = append(t.Repos, repo)

  423. 	}

  424. 	return nil

  425. }

  426. 

  427. // GetMembers returns all members in team of organization.

  428. func (t *Team) GetMembers() (err error) {

  429. 	t.Members, err = GetTeamMembers(t.OrgId, t.Id)

  430. 	return err

  431. }

  432. 

  433. // AddMember adds new member to team of organization.

  434. func (t *Team) AddMember(uid int64) error {

  435. 	return AddTeamMember(t.OrgId, t.Id, uid)

  436. }

  437. 

  438. // RemoveMember removes member from team of organization.

  439. func (t *Team) RemoveMember(uid int64) error {

  440. 	return RemoveTeamMember(t.OrgId, t.Id, uid)

  441. }

  442. 

  443. // addAccessWithAuthorize inserts or updates access with given mode.

  444. func addAccessWithAuthorize(sess *xorm.Session, access *Access, mode AccessType) error {

  445. 	has, err := x.Get(access)

  446. 	if err != nil {

  447. 		return fmt.Errorf("fail to get access: %v", err)

  448. 	}

  449. 	access.Mode = mode

  450. 	if has {

  451. 		if _, err = sess.Id(access.Id).Update(access); err != nil {

  452. 			return fmt.Errorf("fail to update access: %v", err)

  453. 		}

  454. 	} else {

  455. 		if _, err = sess.Insert(access); err != nil {

  456. 			return fmt.Errorf("fail to insert access: %v", err)

  457. 		}

  458. 	}

  459. 	return nil

  460. }

  461. 

  462. // AddRepository adds new repository to team of organization.

  463. func (t *Team) AddRepository(repo *Repository) (err error) {

  464. 	idStr := "$" + com.ToStr(repo.Id) + "|"

  465. 	if repo.OwnerId != t.OrgId {

  466. 		return errors.New("Repository not belong to organization")

  467. 	} else if strings.Contains(t.RepoIds, idStr) {

  468. 		return nil

  469. 	}

  470. 

  471. 	if err = repo.GetOwner(); err != nil {

  472. 		return err

  473. 	} else if err = t.GetMembers(); err != nil {

  474. 		return err

  475. 	}

  476. 

  477. 	sess := x.NewSession()

  478. 	defer sess.Close()

  479. 	if err = sess.Begin(); err != nil {

  480. 		return err

  481. 	}

  482. 

  483. 	t.NumRepos++

  484. 	t.RepoIds += idStr

  485. 	if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {

  486. 		sess.Rollback()

  487. 		return err

  488. 	}

  489. 

  490. 	// Give access to team members.

  491. 	mode := AuthorizeToAccessType(t.Authorize)

  492. 

  493. 	for _, u := range t.Members {

  494. 		auth, err := GetHighestAuthorize(t.OrgId, u.Id, t.Id, repo.Id)

  495. 		if err != nil {

  496. 			sess.Rollback()

  497. 			return err

  498. 		}

  499. 

  500. 		access := &Access{

  501. 			UserName: u.LowerName,

  502. 			RepoName: path.Join(repo.Owner.LowerName, repo.LowerName),

  503. 		}

  504. 		if auth == 0 {

  505. 			access.Mode = mode

  506. 			if _, err = sess.Insert(access); err != nil {

  507. 				sess.Rollback()

  508. 				return fmt.Errorf("fail to insert access: %v", err)

  509. 			}

  510. 		} else if auth < t.Authorize {

  511. 			if err = addAccessWithAuthorize(sess, access, mode); err != nil {

  512. 				sess.Rollback()

  513. 				return err

  514. 			}

  515. 		}

  516. 	}

  517. 	return sess.Commit()

  518. }

  519. 

  520. // RemoveRepository removes repository from team of organization.

  521. func (t *Team) RemoveRepository(repoId int64) error {

  522. 	idStr := "$" + com.ToStr(repoId) + "|"

  523. 	if !strings.Contains(t.RepoIds, idStr) {

  524. 		return nil

  525. 	}

  526. 

  527. 	repo, err := GetRepositoryById(repoId)

  528. 	if err != nil {

  529. 		return err

  530. 	}

  531. 

  532. 	if err = repo.GetOwner(); err != nil {

  533. 		return err

  534. 	} else if err = t.GetMembers(); err != nil {

  535. 		return err

  536. 	}

  537. 

  538. 	sess := x.NewSession()

  539. 	defer sess.Close()

  540. 	if err = sess.Begin(); err != nil {

  541. 		return err

  542. 	}

  543. 

  544. 	t.NumRepos--

  545. 	t.RepoIds = strings.Replace(t.RepoIds, idStr, "", 1)

  546. 	if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {

  547. 		sess.Rollback()

  548. 		return err

  549. 	}

  550. 

  551. 	// Remove access to team members.

  552. 	for _, u := range t.Members {

  553. 		auth, err := GetHighestAuthorize(t.OrgId, u.Id, t.Id, repo.Id)

  554. 		if err != nil {

  555. 			sess.Rollback()

  556. 			return err

  557. 		}

  558. 

  559. 		access := &Access{

  560. 			UserName: u.LowerName,

  561. 			RepoName: path.Join(repo.Owner.LowerName, repo.LowerName),

  562. 		}

  563. 		if auth == 0 {

  564. 			if _, err = sess.Delete(access); err != nil {

  565. 				sess.Rollback()

  566. 				return fmt.Errorf("fail to delete access: %v", err)

  567. 			}

  568. 		} else if auth < t.Authorize {

  569. 			if err = addAccessWithAuthorize(sess, access, AuthorizeToAccessType(auth)); err != nil {

  570. 				sess.Rollback()

  571. 				return err

  572. 			}

  573. 		}

  574. 	}

  575. 

  576. 	return sess.Commit()

  577. }

  578. 

  579. // NewTeam creates a record of new team.

  580. // It's caller's responsibility to assign organization ID.

  581. func NewTeam(t *Team) error {

  582. 	if !IsLegalName(t.Name) {

  583. 		return ErrTeamNameIllegal

  584. 	}

  585. 

  586. 	has, err := x.Id(t.OrgId).Get(new(User))

  587. 	if err != nil {

  588. 		return err

  589. 	} else if !has {

  590. 		return ErrOrgNotExist

  591. 	}

  592. 

  593. 	t.LowerName = strings.ToLower(t.Name)

  594. 	has, err = x.Where("org_id=?", t.OrgId).And("lower_name=?", t.LowerName).Get(new(Team))

  595. 	if err != nil {

  596. 		return err

  597. 	} else if has {

  598. 		return ErrTeamAlreadyExist

  599. 	}

  600. 

  601. 	sess := x.NewSession()

  602. 	defer sess.Close()

  603. 	if err = sess.Begin(); err != nil {

  604. 		return err

  605. 	}

  606. 

  607. 	if _, err = sess.Insert(t); err != nil {

  608. 		sess.Rollback()

  609. 		return err

  610. 	}

  611. 

  612. 	// Update organization number of teams.

  613. 	if _, err = sess.Exec("UPDATE `user` SET num_teams = num_teams + 1 WHERE id = ?", t.OrgId); err != nil {

  614. 		sess.Rollback()

  615. 		return err

  616. 	}

  617. 	return sess.Commit()

  618. }

  619. 

  620. // GetTeam returns team by given team name and organization.

  621. func GetTeam(orgId int64, name string) (*Team, error) {

  622. 	t := &Team{

  623. 		OrgId:     orgId,

  624. 		LowerName: strings.ToLower(name),

  625. 	}

  626. 	has, err := x.Get(t)

  627. 	if err != nil {

  628. 		return nil, err

  629. 	} else if !has {

  630. 		return nil, ErrTeamNotExist

  631. 	}

  632. 	return t, nil

  633. }

  634. 

  635. // GetTeamById returns team by given ID.

  636. func GetTeamById(teamId int64) (*Team, error) {

  637. 	t := new(Team)

  638. 	has, err := x.Id(teamId).Get(t)

  639. 	if err != nil {

  640. 		return nil, err

  641. 	} else if !has {

  642. 		return nil, ErrTeamNotExist

  643. 	}

  644. 	return t, nil

  645. }

  646. 

  647. // GetHighestAuthorize returns highest repository authorize level for given user and team.

  648. func GetHighestAuthorize(orgId, uid, teamId, repoId int64) (AuthorizeType, error) {

  649. 	ts, err := GetUserTeams(orgId, uid)

  650. 	if err != nil {

  651. 		return 0, err

  652. 	}

  653. 

  654. 	var auth AuthorizeType = 0

  655. 	for _, t := range ts {

  656. 		// Not current team and has given repository.

  657. 		if t.Id != teamId && strings.Contains(t.RepoIds, "$"+com.ToStr(repoId)+"|") {

  658. 			// Fast return.

  659. 			if t.Authorize == ORG_WRITABLE {

  660. 				return ORG_WRITABLE, nil

  661. 			}

  662. 			if t.Authorize > auth {

  663. 				auth = t.Authorize

  664. 			}

  665. 		}

  666. 	}

  667. 	return auth, nil

  668. }

  669. 

  670. // UpdateTeam updates information of team.

  671. func UpdateTeam(t *Team, authChanged bool) (err error) {

  672. 	if !IsLegalName(t.Name) {

  673. 		return ErrTeamNameIllegal

  674. 	}

  675. 

  676. 	if len(t.Description) > 255 {

  677. 		t.Description = t.Description[:255]

  678. 	}

  679. 

  680. 	sess := x.NewSession()

  681. 	defer sess.Close()

  682. 	if err = sess.Begin(); err != nil {

  683. 		return err

  684. 	}

  685. 

  686. 	// Update access for team members if needed.

  687. 	if authChanged && !t.IsOwnerTeam() {

  688. 		if err = t.GetRepositories(); err != nil {

  689. 			return err

  690. 		} else if err = t.GetMembers(); err != nil {

  691. 			return err

  692. 		}

  693. 

  694. 		// Get organization.

  695. 		org, err := GetUserById(t.OrgId)

  696. 		if err != nil {

  697. 			return err

  698. 		}

  699. 

  700. 		// Update access.

  701. 		mode := AuthorizeToAccessType(t.Authorize)

  702. 

  703. 		for _, repo := range t.Repos {

  704. 			for _, u := range t.Members {

  705. 				// ORG_WRITABLE is the highest authorize level for now.

  706. 				// Skip checking others if current team has this level.

  707. 				if t.Authorize < ORG_WRITABLE {

  708. 					auth, err := GetHighestAuthorize(org.Id, u.Id, t.Id, repo.Id)

  709. 					if err != nil {

  710. 						sess.Rollback()

  711. 						return err

  712. 					}

  713. 					if auth >= t.Authorize {

  714. 						continue // Other team has higher or same authorize level.

  715. 					}

  716. 				}

  717. 

  718. 				access := &Access{

  719. 					UserName: u.LowerName,

  720. 					RepoName: path.Join(org.LowerName, repo.LowerName),

  721. 				}

  722. 				if err = addAccessWithAuthorize(sess, access, mode); err != nil {

  723. 					sess.Rollback()

  724. 					return err

  725. 				}

  726. 			}

  727. 		}

  728. 	}

  729. 

  730. 	t.LowerName = strings.ToLower(t.Name)

  731. 	if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {

  732. 		sess.Rollback()

  733. 		return err

  734. 	}

  735. 	return sess.Commit()

  736. }

  737. 

  738. // DeleteTeam deletes given team.

  739. // It's caller's responsibility to assign organization ID.

  740. func DeleteTeam(t *Team) error {

  741. 	if err := t.GetRepositories(); err != nil {

  742. 		return err

  743. 	} else if err = t.GetMembers(); err != nil {

  744. 		return err

  745. 	}

  746. 

  747. 	// Get organization.

  748. 	org, err := GetUserById(t.OrgId)

  749. 	if err != nil {

  750. 		return err

  751. 	}

  752. 

  753. 	sess := x.NewSession()

  754. 	defer sess.Close()

  755. 	if err = sess.Begin(); err != nil {

  756. 		return err

  757. 	}

  758. 

  759. 	// Delete all accesses.

  760. 	for _, repo := range t.Repos {

  761. 		for _, u := range t.Members {

  762. 			auth, err := GetHighestAuthorize(org.Id, u.Id, t.Id, repo.Id)

  763. 			if err != nil {

  764. 				sess.Rollback()

  765. 				return err

  766. 			}

  767. 

  768. 			access := &Access{

  769. 				UserName: u.LowerName,

  770. 				RepoName: path.Join(org.LowerName, repo.LowerName),

  771. 			}

  772. 			if auth == 0 {

  773. 				if _, err = sess.Delete(access); err != nil {

  774. 					sess.Rollback()

  775. 					return fmt.Errorf("fail to delete access: %v", err)

  776. 				}

  777. 			} else if auth < t.Authorize {

  778. 				// Downgrade authorize level.

  779. 				if err = addAccessWithAuthorize(sess, access, AuthorizeToAccessType(auth)); err != nil {

  780. 					sess.Rollback()

  781. 					return err

  782. 				}

  783. 			}

  784. 		}

  785. 	}

  786. 

  787. 	// Delete team-user.

  788. 	if _, err = sess.Where("org_id=?", org.Id).Where("team_id=?", t.Id).Delete(new(TeamUser)); err != nil {

  789. 		sess.Rollback()

  790. 		return err

  791. 	}

  792. 

  793. 	// Delete team.

  794. 	if _, err = sess.Id(t.Id).Delete(new(Team)); err != nil {

  795. 		sess.Rollback()

  796. 		return err

  797. 	}

  798. 	// Update organization number of teams.

  799. 	if _, err = sess.Exec("UPDATE `user` SET num_teams = num_teams - 1 WHERE id = ?", t.OrgId); err != nil {

  800. 		sess.Rollback()

  801. 		return err

  802. 	}

  803. 

  804. 	return sess.Commit()

  805. }

  806. 

  807. // ___________                    ____ ___

  808. // \__    ___/___ _____    _____ |    |   \______ ___________

  809. //   |    |_/ __ \\__  \  /     \|    |   /  ___// __ \_  __ \

  810. //   |    |\  ___/ / __ \|  Y Y  \    |  /\___ \\  ___/|  | \/

  811. //   |____| \___  >____  /__|_|  /______//____  >\___  >__|

  812. //              \/     \/      \/             \/     \/

  813. 

  814. // TeamUser represents an team-user relation.

  815. type TeamUser struct {

  816. 	Id     int64

  817. 	Uid    int64

  818. 	OrgId  int64 `xorm:"INDEX"`

  819. 	TeamId int64

  820. }

  821. 

  822. // IsTeamMember returns true if given user is a member of team.

  823. func IsTeamMember(orgId, teamId, uid int64) bool {

  824. 	has, _ := x.Where("uid=?", uid).And("org_id=?", orgId).And("team_id=?", teamId).Get(new(TeamUser))

  825. 	return has

  826. }

  827. 

  828. // GetTeamMembers returns all members in given team of organization.

  829. func GetTeamMembers(orgId, teamId int64) ([]*User, error) {

  830. 	tus := make([]*TeamUser, 0, 10)

  831. 	err := x.Where("org_id=?", orgId).And("team_id=?", teamId).Find(&tus)

  832. 	if err != nil {

  833. 		return nil, err

  834. 	}

  835. 

  836. 	us := make([]*User, len(tus))

  837. 	for i, tu := range tus {

  838. 		us[i], err = GetUserById(tu.Uid)

  839. 		if err != nil {

  840. 			return nil, err

  841. 		}

  842. 	}

  843. 	return us, nil

  844. }

  845. 

  846. // GetUserTeams returns all teams that user belongs to in given origanization.

  847. func GetUserTeams(orgId, uid int64) ([]*Team, error) {

  848. 	tus := make([]*TeamUser, 0, 5)

  849. 	if err := x.Where("uid=?", uid).And("org_id=?", orgId).Find(&tus); err != nil {

  850. 		return nil, err

  851. 	}

  852. 

  853. 	ts := make([]*Team, len(tus))

  854. 	for i, tu := range tus {

  855. 		t := new(Team)

  856. 		has, err := x.Id(tu.TeamId).Get(t)

  857. 		if err != nil {

  858. 			return nil, err

  859. 		} else if !has {

  860. 			return nil, ErrTeamNotExist

  861. 		}

  862. 		ts[i] = t

  863. 	}

  864. 	return ts, nil

  865. }

  866. 

  867. // AddTeamMember adds new member to given team of given organization.

  868. func AddTeamMember(orgId, teamId, uid int64) error {

  869. 	if IsTeamMember(orgId, teamId, uid) {

  870. 		return nil

  871. 	}

  872. 

  873. 	if err := AddOrgUser(orgId, uid); err != nil {

  874. 		return err

  875. 	}

  876. 

  877. 	// Get team and its repositories.

  878. 	t, err := GetTeamById(teamId)

  879. 	if err != nil {

  880. 		return err

  881. 	}

  882. 	t.NumMembers++

  883. 

  884. 	if err = t.GetRepositories(); err != nil {

  885. 		return err

  886. 	}

  887. 

  888. 	// Get organization.

  889. 	org, err := GetUserById(orgId)

  890. 	if err != nil {

  891. 		return err

  892. 	}

  893. 

  894. 	// Get user.

  895. 	u, err := GetUserById(uid)

  896. 	if err != nil {

  897. 		return err

  898. 	}

  899. 

  900. 	sess := x.NewSession()

  901. 	defer sess.Close()

  902. 	if err = sess.Begin(); err != nil {

  903. 		return err

  904. 	}

  905. 

  906. 	tu := &TeamUser{

  907. 		Uid:    uid,

  908. 		OrgId:  orgId,

  909. 		TeamId: teamId,

  910. 	}

  911. 

  912. 	if _, err = sess.Insert(tu); err != nil {

  913. 		sess.Rollback()

  914. 		return err

  915. 	} else if _, err = sess.Id(t.Id).Update(t); err != nil {

  916. 		sess.Rollback()

  917. 		return err

  918. 	}

  919. 

  920. 	// Give access to team repositories.

  921. 	mode := AuthorizeToAccessType(t.Authorize)

  922. 	for _, repo := range t.Repos {

  923. 		auth, err := GetHighestAuthorize(orgId, uid, teamId, repo.Id)

  924. 		if err != nil {

  925. 			sess.Rollback()

  926. 			return err

  927. 		}

  928. 

  929. 		access := &Access{

  930. 			UserName: u.LowerName,

  931. 			RepoName: path.Join(org.LowerName, repo.LowerName),

  932. 		}

  933. 		// Equal 0 means given access doesn't exist.

  934. 		if auth == 0 {

  935. 			access.Mode = mode

  936. 			if _, err = sess.Insert(access); err != nil {

  937. 				sess.Rollback()

  938. 				return fmt.Errorf("fail to insert access: %v", err)

  939. 			}

  940. 		} else if auth < t.Authorize {

  941. 			if err = addAccessWithAuthorize(sess, access, mode); err != nil {

  942. 				sess.Rollback()

  943. 				return err

  944. 			}

  945. 		}

  946. 	}

  947. 

  948. 	// We make sure it exists before.

  949. 	ou := new(OrgUser)

  950. 	_, err = sess.Where("uid=?", uid).And("org_id=?", orgId).Get(ou)

  951. 	if err != nil {

  952. 		sess.Rollback()

  953. 		return err

  954. 	}

  955. 	ou.NumTeams++

  956. 	if t.IsOwnerTeam() {

  957. 		ou.IsOwner = true

  958. 	}

  959. 	if _, err = sess.Id(ou.Id).AllCols().Update(ou); err != nil {

  960. 		sess.Rollback()

  961. 		return err

  962. 	}

  963. 

  964. 	return sess.Commit()

  965. }

  966. 

  967. func removeTeamMemberWithSess(orgId, teamId, uid int64, sess *xorm.Session) error {

  968. 	if !IsTeamMember(orgId, teamId, uid) {

  969. 		return nil

  970. 	}

  971. 

  972. 	// Get team and its repositories.

  973. 	t, err := GetTeamById(teamId)

  974. 	if err != nil {

  975. 		return err

  976. 	}

  977. 

  978. 	// Check if the user to delete is the last member in owner team.

  979. 	if t.IsOwnerTeam() && t.NumMembers == 1 {

  980. 		return ErrLastOrgOwner

  981. 	}

  982. 

  983. 	t.NumMembers--

  984. 

  985. 	if err = t.GetRepositories(); err != nil {

  986. 		return err

  987. 	}

  988. 

  989. 	// Get organization.

  990. 	org, err := GetUserById(orgId)

  991. 	if err != nil {

  992. 		return err

  993. 	}

  994. 

  995. 	// Get user.

  996. 	u, err := GetUserById(uid)

  997. 	if err != nil {

  998. 		return err

  999. 	}

  1000. 

  1001. 	tu := &TeamUser{

  1002. 		Uid:    uid,

  1003. 		OrgId:  orgId,

  1004. 		TeamId: teamId,

  1005. 	}

  1006. 

  1007. 	if _, err := sess.Delete(tu); err != nil {

  1008. 		sess.Rollback()

  1009. 		return err

  1010. 	} else if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {

  1011. 		sess.Rollback()

  1012. 		return err

  1013. 	}

  1014. 

  1015. 	// Delete access to team repositories.

  1016. 	for _, repo := range t.Repos {

  1017. 		auth, err := GetHighestAuthorize(orgId, uid, teamId, repo.Id)

  1018. 		if err != nil {

  1019. 			sess.Rollback()

  1020. 			return err

  1021. 		}

  1022. 

  1023. 		access := &Access{

  1024. 			UserName: u.LowerName,

  1025. 			RepoName: path.Join(org.LowerName, repo.LowerName),

  1026. 		}

  1027. 		// Delete access if this is the last team user belongs to.

  1028. 		if auth == 0 {

  1029. 			if _, err = sess.Delete(access); err != nil {

  1030. 				sess.Rollback()

  1031. 				return fmt.Errorf("fail to delete access: %v", err)

  1032. 			}

  1033. 		} else if auth < t.Authorize {

  1034. 			// Downgrade authorize level.

  1035. 			if err = addAccessWithAuthorize(sess, access, AuthorizeToAccessType(auth)); err != nil {

  1036. 				sess.Rollback()

  1037. 				return err

  1038. 			}

  1039. 		}

  1040. 	}

  1041. 

  1042. 	// This must exist.

  1043. 	ou := new(OrgUser)

  1044. 	_, err = sess.Where("uid=?", uid).And("org_id=?", org.Id).Get(ou)

  1045. 	if err != nil {

  1046. 		sess.Rollback()

  1047. 		return err

  1048. 	}

  1049. 	ou.NumTeams--

  1050. 	if t.IsOwnerTeam() {

  1051. 		ou.IsOwner = false

  1052. 	}

  1053. 	if _, err = sess.Id(ou.Id).AllCols().Update(ou); err != nil {

  1054. 		sess.Rollback()

  1055. 		return err

  1056. 	}

  1057. 	return nil

  1058. }

  1059. 

  1060. // RemoveTeamMember removes member from given team of given organization.

  1061. func RemoveTeamMember(orgId, teamId, uid int64) error {

  1062. 	sess := x.NewSession()

  1063. 	defer sess.Close()

  1064. 	if err := sess.Begin(); err != nil {

  1065. 		return err

  1066. 	}

  1067. 	if err := removeTeamMemberWithSess(orgId, teamId, uid, sess); err != nil {

  1068. 		return err

  1069. 	}

  1070. 	return sess.Commit()

  1071. }