mirrors
/
gitea
mirror da https://github.com/go-gitea/gitea.git
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Rilasci 211 Wiki Attività
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1394 Commit
17 Rami (Branch)
Albero (Tree): 9baf2b38d0
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '9baf2b38d0'
${ noResults }
gitea/models/org.go

org.go 25KB
Originale Blame Cronologia

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package models

  6. 

  7. import (

  8. 	"errors"

  9. 	"fmt"

  10. 	"os"

  11. 	"path"

  12. 	"strings"

  13. 

  14. 	"github.com/Unknwon/com"

  15. 	"github.com/go-xorm/xorm"

  16. 

  17. 	"github.com/gogits/gogs/modules/base"

  18. )

  19. 

  20. var (

  21. 	ErrOrgNotExist      = errors.New("Organization does not exist")

  22. 	ErrTeamAlreadyExist = errors.New("Team already exist")

  23. 	ErrTeamNotExist     = errors.New("Team does not exist")

  24. 	ErrTeamNameIllegal  = errors.New("Team name contains illegal characters")

  25. 	ErrLastOrgOwner     = errors.New("The user to remove is the last member in owner team")

  26. )

  27. 

  28. // IsOrgOwner returns true if given user is in the owner team.

  29. func (org *User) IsOrgOwner(uid int64) bool {

  30. 	return IsOrganizationOwner(org.Id, uid)

  31. }

  32. 

  33. // IsOrgMember returns true if given user is member of organization.

  34. func (org *User) IsOrgMember(uid int64) bool {

  35. 	return IsOrganizationMember(org.Id, uid)

  36. }

  37. 

  38. // GetTeam returns named team of organization.

  39. func (org *User) GetTeam(name string) (*Team, error) {

  40. 	return GetTeam(org.Id, name)

  41. }

  42. 

  43. // GetOwnerTeam returns owner team of organization.

  44. func (org *User) GetOwnerTeam() (*Team, error) {

  45. 	return org.GetTeam(OWNER_TEAM)

  46. }

  47. 

  48. // GetTeams returns all teams that belong to organization.

  49. func (org *User) GetTeams() error {

  50. 	return x.Where("org_id=?", org.Id).Find(&org.Teams)

  51. }

  52. 

  53. // GetMembers returns all members of organization.

  54. func (org *User) GetMembers() error {

  55. 	ous, err := GetOrgUsersByOrgId(org.Id)

  56. 	if err != nil {

  57. 		return err

  58. 	}

  59. 

  60. 	org.Members = make([]*User, len(ous))

  61. 	for i, ou := range ous {

  62. 		org.Members[i], err = GetUserById(ou.Uid)

  63. 		if err != nil {

  64. 			return err

  65. 		}

  66. 	}

  67. 	return nil

  68. }

  69. 

  70. // AddMember adds new member to organization.

  71. func (org *User) AddMember(uid int64) error {

  72. 	return AddOrgUser(org.Id, uid)

  73. }

  74. 

  75. // RemoveMember removes member from organization.

  76. func (org *User) RemoveMember(uid int64) error {

  77. 	return RemoveOrgUser(org.Id, uid)

  78. }

  79. 

  80. // CreateOrganization creates record of a new organization.

  81. func CreateOrganization(org, owner *User) (*User, error) {

  82. 	if !IsLegalName(org.Name) {

  83. 		return nil, ErrUserNameIllegal

  84. 	}

  85. 

  86. 	isExist, err := IsUserExist(org.Name)

  87. 	if err != nil {

  88. 		return nil, err

  89. 	} else if isExist {

  90. 		return nil, ErrUserAlreadyExist

  91. 	}

  92. 

  93. 	isExist, err = IsEmailUsed(org.Email)

  94. 	if err != nil {

  95. 		return nil, err

  96. 	} else if isExist {

  97. 		return nil, ErrEmailAlreadyUsed

  98. 	}

  99. 

  100. 	org.LowerName = strings.ToLower(org.Name)

  101. 	org.FullName = org.Name

  102. 	org.Avatar = base.EncodeMd5(org.Email)

  103. 	org.AvatarEmail = org.Email

  104. 	// No password for organization.

  105. 	org.NumTeams = 1

  106. 	org.NumMembers = 1

  107. 

  108. 	sess := x.NewSession()

  109. 	defer sess.Close()

  110. 	if err = sess.Begin(); err != nil {

  111. 		return nil, err

  112. 	}

  113. 

  114. 	if _, err = sess.Insert(org); err != nil {

  115. 		sess.Rollback()

  116. 		return nil, err

  117. 	}

  118. 

  119. 	if err = os.MkdirAll(UserPath(org.Name), os.ModePerm); err != nil {

  120. 		sess.Rollback()

  121. 		return nil, err

  122. 	}

  123. 

  124. 	// Create default owner team.

  125. 	t := &Team{

  126. 		OrgId:      org.Id,

  127. 		LowerName:  strings.ToLower(OWNER_TEAM),

  128. 		Name:       OWNER_TEAM,

  129. 		Authorize:  ORG_ADMIN,

  130. 		NumMembers: 1,

  131. 	}

  132. 	if _, err = sess.Insert(t); err != nil {

  133. 		sess.Rollback()

  134. 		return nil, err

  135. 	}

  136. 

  137. 	// Add initial creator to organization and owner team.

  138. 	ou := &OrgUser{

  139. 		Uid:      owner.Id,

  140. 		OrgId:    org.Id,

  141. 		IsOwner:  true,

  142. 		NumTeams: 1,

  143. 	}

  144. 	if _, err = sess.Insert(ou); err != nil {

  145. 		sess.Rollback()

  146. 		return nil, err

  147. 	}

  148. 

  149. 	tu := &TeamUser{

  150. 		Uid:    owner.Id,

  151. 		OrgId:  org.Id,

  152. 		TeamId: t.Id,

  153. 	}

  154. 	if _, err = sess.Insert(tu); err != nil {

  155. 		sess.Rollback()

  156. 		return nil, err

  157. 	}

  158. 

  159. 	return org, sess.Commit()

  160. }

  161. 

  162. // TODO: need some kind of mechanism to record failure.

  163. // DeleteOrganization completely and permanently deletes everything of organization.

  164. func DeleteOrganization(org *User) (err error) {

  165. 	if err := DeleteUser(org); err != nil {

  166. 		return err

  167. 	}

  168. 

  169. 	sess := x.NewSession()

  170. 	defer sess.Close()

  171. 	if err = sess.Begin(); err != nil {

  172. 		return err

  173. 	}

  174. 

  175. 	if _, err = sess.Delete(&Team{OrgId: org.Id}); err != nil {

  176. 		sess.Rollback()

  177. 		return err

  178. 	}

  179. 	if _, err = sess.Delete(&OrgUser{OrgId: org.Id}); err != nil {

  180. 		sess.Rollback()

  181. 		return err

  182. 	}

  183. 	if _, err = sess.Delete(&TeamUser{OrgId: org.Id}); err != nil {

  184. 		sess.Rollback()

  185. 		return err

  186. 	}

  187. 	return sess.Commit()

  188. }

  189. 

  190. // ________                ____ ___

  191. // \_____  \_______  ____ |    |   \______ ___________

  192. //  /   |   \_  __ \/ ___\|    |   /  ___// __ \_  __ \

  193. // /    |    \  | \/ /_/  >    |  /\___ \\  ___/|  | \/

  194. // \_______  /__|  \___  /|______//____  >\___  >__|

  195. //         \/     /_____/              \/     \/

  196. 

  197. // OrgUser represents an organization-user relation.

  198. type OrgUser struct {

  199. 	Id       int64

  200. 	Uid      int64 `xorm:"INDEX UNIQUE(s)"`

  201. 	OrgId    int64 `xorm:"INDEX UNIQUE(s)"`

  202. 	IsPublic bool

  203. 	IsOwner  bool

  204. 	NumTeams int

  205. }

  206. 

  207. // IsOrganizationOwner returns true if given user is in the owner team.

  208. func IsOrganizationOwner(orgId, uid int64) bool {

  209. 	has, _ := x.Where("is_owner=?", true).And("uid=?", uid).And("org_id=?", orgId).Get(new(OrgUser))

  210. 	return has

  211. }

  212. 

  213. // IsOrganizationMember returns true if given user is member of organization.

  214. func IsOrganizationMember(orgId, uid int64) bool {

  215. 	has, _ := x.Where("uid=?", uid).And("org_id=?", orgId).Get(new(OrgUser))

  216. 	return has

  217. }

  218. 

  219. // IsPublicMembership returns ture if given user public his/her membership.

  220. func IsPublicMembership(orgId, uid int64) bool {

  221. 	has, _ := x.Where("uid=?", uid).And("org_id=?", orgId).And("is_public=?", true).Get(new(OrgUser))

  222. 	return has

  223. }

  224. 

  225. // GetOrgUsersByUserId returns all organization-user relations by user ID.

  226. func GetOrgUsersByUserId(uid int64) ([]*OrgUser, error) {

  227. 	ous := make([]*OrgUser, 0, 10)

  228. 	err := x.Where("uid=?", uid).Find(&ous)

  229. 	return ous, err

  230. }

  231. 

  232. // GetOrgUsersByOrgId returns all organization-user relations by organization ID.

  233. func GetOrgUsersByOrgId(orgId int64) ([]*OrgUser, error) {

  234. 	ous := make([]*OrgUser, 0, 10)

  235. 	err := x.Where("org_id=?", orgId).Find(&ous)

  236. 	return ous, err

  237. }

  238. 

  239. // ChangeOrgUserStatus changes public or private membership status.

  240. func ChangeOrgUserStatus(orgId, uid int64, public bool) error {

  241. 	ou := new(OrgUser)

  242. 	has, err := x.Where("uid=?", uid).And("org_id=?", orgId).Get(ou)

  243. 	if err != nil {

  244. 		return err

  245. 	} else if !has {

  246. 		return nil

  247. 	}

  248. 

  249. 	ou.IsPublic = public

  250. 	_, err = x.Id(ou.Id).AllCols().Update(ou)

  251. 	return err

  252. }

  253. 

  254. // AddOrgUser adds new user to given organization.

  255. func AddOrgUser(orgId, uid int64) error {

  256. 	if IsOrganizationMember(orgId, uid) {

  257. 		return nil

  258. 	}

  259. 

  260. 	sess := x.NewSession()

  261. 	defer sess.Close()

  262. 	if err := sess.Begin(); err != nil {

  263. 		return err

  264. 	}

  265. 

  266. 	ou := &OrgUser{

  267. 		Uid:   uid,

  268. 		OrgId: orgId,

  269. 	}

  270. 

  271. 	if _, err := sess.Insert(ou); err != nil {

  272. 		sess.Rollback()

  273. 		return err

  274. 	} else if _, err = sess.Exec("UPDATE `user` SET num_members = num_members + 1 WHERE id = ?", orgId); err != nil {

  275. 		sess.Rollback()

  276. 		return err

  277. 	}

  278. 

  279. 	return sess.Commit()

  280. }

  281. 

  282. // RemoveOrgUser removes user from given organization.

  283. func RemoveOrgUser(orgId, uid int64) error {

  284. 	ou := new(OrgUser)

  285. 

  286. 	has, err := x.Where("uid=?", uid).And("org_id=?", orgId).Get(ou)

  287. 	if err != nil {

  288. 		return err

  289. 	} else if !has {

  290. 		return nil

  291. 	}

  292. 

  293. 	u, err := GetUserById(uid)

  294. 	if err != nil {

  295. 		return err

  296. 	}

  297. 	org, err := GetUserById(orgId)

  298. 	if err != nil {

  299. 		return err

  300. 	}

  301. 

  302. 	// Check if the user to delete is the last member in owner team.

  303. 	if IsOrganizationOwner(orgId, uid) {

  304. 		t, err := org.GetOwnerTeam()

  305. 		if err != nil {

  306. 			return err

  307. 		}

  308. 		if t.NumMembers == 1 {

  309. 			return ErrLastOrgOwner

  310. 		}

  311. 	}

  312. 

  313. 	sess := x.NewSession()

  314. 	defer sess.Close()

  315. 	if err := sess.Begin(); err != nil {

  316. 		return err

  317. 	}

  318. 

  319. 	if _, err := sess.Id(ou.Id).Delete(ou); err != nil {

  320. 		sess.Rollback()

  321. 		return err

  322. 	} else if _, err = sess.Exec("UPDATE `user` SET num_members = num_members - 1 WHERE id = ?", orgId); err != nil {

  323. 		sess.Rollback()

  324. 		return err

  325. 	}

  326. 

  327. 	// Delete all repository accesses.

  328. 	if err = org.GetRepositories(); err != nil {

  329. 		sess.Rollback()

  330. 		return err

  331. 	}

  332. 	access := &Access{

  333. 		UserName: u.LowerName,

  334. 	}

  335. 	for _, repo := range org.Repos {

  336. 		access.RepoName = path.Join(org.LowerName, repo.LowerName)

  337. 		if _, err = sess.Delete(access); err != nil {

  338. 			sess.Rollback()

  339. 			return err

  340. 		} else if err = WatchRepo(u.Id, repo.Id, false); err != nil {

  341. 			sess.Rollback()

  342. 			return err

  343. 		}

  344. 	}

  345. 

  346. 	// Delete member in his/her teams.

  347. 	ts, err := GetUserTeams(org.Id, u.Id)

  348. 	if err != nil {

  349. 		return err

  350. 	}

  351. 	for _, t := range ts {

  352. 		if err = removeTeamMemberWithSess(org.Id, t.Id, u.Id, sess); err != nil {

  353. 			return err

  354. 		}

  355. 	}

  356. 

  357. 	return sess.Commit()

  358. }

  359. 

  360. // ___________

  361. // \__    ___/___ _____    _____

  362. //   |    |_/ __ \\__  \  /     \

  363. //   |    |\  ___/ / __ \|  Y Y  \

  364. //   |____| \___  >____  /__|_|  /

  365. //              \/     \/      \/

  366. 

  367. type AuthorizeType int

  368. 

  369. const (

  370. 	ORG_READABLE AuthorizeType = iota + 1

  371. 	ORG_WRITABLE

  372. 	ORG_ADMIN

  373. )

  374. 

  375. func AuthorizeToAccessType(auth AuthorizeType) AccessType {

  376. 	if auth == ORG_READABLE {

  377. 		return READABLE

  378. 	}

  379. 	return WRITABLE

  380. }

  381. 

  382. const OWNER_TEAM = "Owners"

  383. 

  384. // Team represents a organization team.

  385. type Team struct {

  386. 	Id          int64

  387. 	OrgId       int64 `xorm:"INDEX"`

  388. 	LowerName   string

  389. 	Name        string

  390. 	Description string

  391. 	Authorize   AuthorizeType

  392. 	RepoIds     string        `xorm:"TEXT"`

  393. 	Repos       []*Repository `xorm:"-"`

  394. 	Members     []*User       `xorm:"-"`

  395. 	NumRepos    int

  396. 	NumMembers  int

  397. }

  398. 

  399. // IsOwnerTeam returns true if team is owner team.

  400. func (t *Team) IsOwnerTeam() bool {

  401. 	return t.Name == OWNER_TEAM

  402. }

  403. 

  404. // IsTeamMember returns true if given user is a member of team.

  405. func (t *Team) IsMember(uid int64) bool {

  406. 	return IsTeamMember(t.OrgId, t.Id, uid)

  407. }

  408. 

  409. // GetRepositories returns all repositories in team of organization.

  410. func (t *Team) GetRepositories() error {

  411. 	idStrs := strings.Split(t.RepoIds, "|")

  412. 	t.Repos = make([]*Repository, 0, len(idStrs))

  413. 	for _, str := range idStrs {

  414. 		if len(str) == 0 {

  415. 			continue

  416. 		}

  417. 		id := com.StrTo(str[1:]).MustInt64()

  418. 		if id == 0 {

  419. 			continue

  420. 		}

  421. 		repo, err := GetRepositoryById(id)

  422. 		if err != nil {

  423. 			return err

  424. 		}

  425. 		t.Repos = append(t.Repos, repo)

  426. 	}

  427. 	return nil

  428. }

  429. 

  430. // GetMembers returns all members in team of organization.

  431. func (t *Team) GetMembers() (err error) {

  432. 	t.Members, err = GetTeamMembers(t.OrgId, t.Id)

  433. 	return err

  434. }

  435. 

  436. // AddMember adds new member to team of organization.

  437. func (t *Team) AddMember(uid int64) error {

  438. 	return AddTeamMember(t.OrgId, t.Id, uid)

  439. }

  440. 

  441. // RemoveMember removes member from team of organization.

  442. func (t *Team) RemoveMember(uid int64) error {

  443. 	return RemoveTeamMember(t.OrgId, t.Id, uid)

  444. }

  445. 

  446. // addAccessWithAuthorize inserts or updates access with given mode.

  447. func addAccessWithAuthorize(sess *xorm.Session, access *Access, mode AccessType) error {

  448. 	has, err := x.Get(access)

  449. 	if err != nil {

  450. 		return fmt.Errorf("fail to get access: %v", err)

  451. 	}

  452. 	access.Mode = mode

  453. 	if has {

  454. 		if _, err = sess.Id(access.Id).Update(access); err != nil {

  455. 			return fmt.Errorf("fail to update access: %v", err)

  456. 		}

  457. 	} else {

  458. 		if _, err = sess.Insert(access); err != nil {

  459. 			return fmt.Errorf("fail to insert access: %v", err)

  460. 		}

  461. 	}

  462. 	return nil

  463. }

  464. 

  465. // AddRepository adds new repository to team of organization.

  466. func (t *Team) AddRepository(repo *Repository) (err error) {

  467. 	idStr := "$" + com.ToStr(repo.Id) + "|"

  468. 	if repo.OwnerId != t.OrgId {

  469. 		return errors.New("Repository not belong to organization")

  470. 	} else if strings.Contains(t.RepoIds, idStr) {

  471. 		return nil

  472. 	}

  473. 

  474. 	if err = repo.GetOwner(); err != nil {

  475. 		return err

  476. 	} else if err = t.GetMembers(); err != nil {

  477. 		return err

  478. 	}

  479. 

  480. 	sess := x.NewSession()

  481. 	defer sess.Close()

  482. 	if err = sess.Begin(); err != nil {

  483. 		return err

  484. 	}

  485. 

  486. 	t.NumRepos++

  487. 	t.RepoIds += idStr

  488. 	if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {

  489. 		sess.Rollback()

  490. 		return err

  491. 	}

  492. 

  493. 	// Give access to team members.

  494. 	mode := AuthorizeToAccessType(t.Authorize)

  495. 

  496. 	for _, u := range t.Members {

  497. 		auth, err := GetHighestAuthorize(t.OrgId, u.Id, t.Id, repo.Id)

  498. 		if err != nil {

  499. 			sess.Rollback()

  500. 			return err

  501. 		}

  502. 

  503. 		access := &Access{

  504. 			UserName: u.LowerName,

  505. 			RepoName: path.Join(repo.Owner.LowerName, repo.LowerName),

  506. 		}

  507. 		if auth == 0 {

  508. 			access.Mode = mode

  509. 			if _, err = sess.Insert(access); err != nil {

  510. 				sess.Rollback()

  511. 				return fmt.Errorf("fail to insert access: %v", err)

  512. 			}

  513. 		} else if auth < t.Authorize {

  514. 			if err = addAccessWithAuthorize(sess, access, mode); err != nil {

  515. 				sess.Rollback()

  516. 				return err

  517. 			}

  518. 		}

  519. 		if err = WatchRepo(u.Id, repo.Id, true); err != nil {

  520. 			sess.Rollback()

  521. 			return err

  522. 		}

  523. 	}

  524. 	return sess.Commit()

  525. }

  526. 

  527. // RemoveRepository removes repository from team of organization.

  528. func (t *Team) RemoveRepository(repoId int64) error {

  529. 	idStr := "$" + com.ToStr(repoId) + "|"

  530. 	if !strings.Contains(t.RepoIds, idStr) {

  531. 		return nil

  532. 	}

  533. 

  534. 	repo, err := GetRepositoryById(repoId)

  535. 	if err != nil {

  536. 		return err

  537. 	}

  538. 

  539. 	if err = repo.GetOwner(); err != nil {

  540. 		return err

  541. 	} else if err = t.GetMembers(); err != nil {

  542. 		return err

  543. 	}

  544. 

  545. 	sess := x.NewSession()

  546. 	defer sess.Close()

  547. 	if err = sess.Begin(); err != nil {

  548. 		return err

  549. 	}

  550. 

  551. 	t.NumRepos--

  552. 	t.RepoIds = strings.Replace(t.RepoIds, idStr, "", 1)

  553. 	if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {

  554. 		sess.Rollback()

  555. 		return err

  556. 	}

  557. 

  558. 	// Remove access to team members.

  559. 	for _, u := range t.Members {

  560. 		auth, err := GetHighestAuthorize(t.OrgId, u.Id, t.Id, repo.Id)

  561. 		if err != nil {

  562. 			sess.Rollback()

  563. 			return err

  564. 		}

  565. 

  566. 		access := &Access{

  567. 			UserName: u.LowerName,

  568. 			RepoName: path.Join(repo.Owner.LowerName, repo.LowerName),

  569. 		}

  570. 		if auth == 0 {

  571. 			if _, err = sess.Delete(access); err != nil {

  572. 				sess.Rollback()

  573. 				return fmt.Errorf("fail to delete access: %v", err)

  574. 			} else if err = WatchRepo(u.Id, repo.Id, false); err != nil {

  575. 				sess.Rollback()

  576. 				return err

  577. 			}

  578. 		} else if auth < t.Authorize {

  579. 			if err = addAccessWithAuthorize(sess, access, AuthorizeToAccessType(auth)); err != nil {

  580. 				sess.Rollback()

  581. 				return err

  582. 			}

  583. 		}

  584. 	}

  585. 

  586. 	return sess.Commit()

  587. }

  588. 

  589. // NewTeam creates a record of new team.

  590. // It's caller's responsibility to assign organization ID.

  591. func NewTeam(t *Team) error {

  592. 	if !IsLegalName(t.Name) {

  593. 		return ErrTeamNameIllegal

  594. 	}

  595. 

  596. 	has, err := x.Id(t.OrgId).Get(new(User))

  597. 	if err != nil {

  598. 		return err

  599. 	} else if !has {

  600. 		return ErrOrgNotExist

  601. 	}

  602. 

  603. 	t.LowerName = strings.ToLower(t.Name)

  604. 	has, err = x.Where("org_id=?", t.OrgId).And("lower_name=?", t.LowerName).Get(new(Team))

  605. 	if err != nil {

  606. 		return err

  607. 	} else if has {

  608. 		return ErrTeamAlreadyExist

  609. 	}

  610. 

  611. 	sess := x.NewSession()

  612. 	defer sess.Close()

  613. 	if err = sess.Begin(); err != nil {

  614. 		return err

  615. 	}

  616. 

  617. 	if _, err = sess.Insert(t); err != nil {

  618. 		sess.Rollback()

  619. 		return err

  620. 	}

  621. 

  622. 	// Update organization number of teams.

  623. 	if _, err = sess.Exec("UPDATE `user` SET num_teams = num_teams + 1 WHERE id = ?", t.OrgId); err != nil {

  624. 		sess.Rollback()

  625. 		return err

  626. 	}

  627. 	return sess.Commit()

  628. }

  629. 

  630. // GetTeam returns team by given team name and organization.

  631. func GetTeam(orgId int64, name string) (*Team, error) {

  632. 	t := &Team{

  633. 		OrgId:     orgId,

  634. 		LowerName: strings.ToLower(name),

  635. 	}

  636. 	has, err := x.Get(t)

  637. 	if err != nil {

  638. 		return nil, err

  639. 	} else if !has {

  640. 		return nil, ErrTeamNotExist

  641. 	}

  642. 	return t, nil

  643. }

  644. 

  645. // GetTeamById returns team by given ID.

  646. func GetTeamById(teamId int64) (*Team, error) {

  647. 	t := new(Team)

  648. 	has, err := x.Id(teamId).Get(t)

  649. 	if err != nil {

  650. 		return nil, err

  651. 	} else if !has {

  652. 		return nil, ErrTeamNotExist

  653. 	}

  654. 	return t, nil

  655. }

  656. 

  657. // GetHighestAuthorize returns highest repository authorize level for given user and team.

  658. func GetHighestAuthorize(orgId, uid, teamId, repoId int64) (AuthorizeType, error) {

  659. 	ts, err := GetUserTeams(orgId, uid)

  660. 	if err != nil {

  661. 		return 0, err

  662. 	}

  663. 

  664. 	var auth AuthorizeType = 0

  665. 	for _, t := range ts {

  666. 		// Not current team and has given repository.

  667. 		if t.Id != teamId && strings.Contains(t.RepoIds, "$"+com.ToStr(repoId)+"|") {

  668. 			// Fast return.

  669. 			if t.Authorize == ORG_WRITABLE {

  670. 				return ORG_WRITABLE, nil

  671. 			}

  672. 			if t.Authorize > auth {

  673. 				auth = t.Authorize

  674. 			}

  675. 		}

  676. 	}

  677. 	return auth, nil

  678. }

  679. 

  680. // UpdateTeam updates information of team.

  681. func UpdateTeam(t *Team, authChanged bool) (err error) {

  682. 	if !IsLegalName(t.Name) {

  683. 		return ErrTeamNameIllegal

  684. 	}

  685. 

  686. 	if len(t.Description) > 255 {

  687. 		t.Description = t.Description[:255]

  688. 	}

  689. 

  690. 	sess := x.NewSession()

  691. 	defer sess.Close()

  692. 	if err = sess.Begin(); err != nil {

  693. 		return err

  694. 	}

  695. 

  696. 	// Update access for team members if needed.

  697. 	if authChanged && !t.IsOwnerTeam() {

  698. 		if err = t.GetRepositories(); err != nil {

  699. 			return err

  700. 		} else if err = t.GetMembers(); err != nil {

  701. 			return err

  702. 		}

  703. 

  704. 		// Get organization.

  705. 		org, err := GetUserById(t.OrgId)

  706. 		if err != nil {

  707. 			return err

  708. 		}

  709. 

  710. 		// Update access.

  711. 		mode := AuthorizeToAccessType(t.Authorize)

  712. 

  713. 		for _, repo := range t.Repos {

  714. 			for _, u := range t.Members {

  715. 				// ORG_WRITABLE is the highest authorize level for now.

  716. 				// Skip checking others if current team has this level.

  717. 				if t.Authorize < ORG_WRITABLE {

  718. 					auth, err := GetHighestAuthorize(org.Id, u.Id, t.Id, repo.Id)

  719. 					if err != nil {

  720. 						sess.Rollback()

  721. 						return err

  722. 					}

  723. 					if auth >= t.Authorize {

  724. 						continue // Other team has higher or same authorize level.

  725. 					}

  726. 				}

  727. 

  728. 				access := &Access{

  729. 					UserName: u.LowerName,

  730. 					RepoName: path.Join(org.LowerName, repo.LowerName),

  731. 				}

  732. 				if err = addAccessWithAuthorize(sess, access, mode); err != nil {

  733. 					sess.Rollback()

  734. 					return err

  735. 				}

  736. 			}

  737. 		}

  738. 	}

  739. 

  740. 	t.LowerName = strings.ToLower(t.Name)

  741. 	if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {

  742. 		sess.Rollback()

  743. 		return err

  744. 	}

  745. 	return sess.Commit()

  746. }

  747. 

  748. // DeleteTeam deletes given team.

  749. // It's caller's responsibility to assign organization ID.

  750. func DeleteTeam(t *Team) error {

  751. 	if err := t.GetRepositories(); err != nil {

  752. 		return err

  753. 	} else if err = t.GetMembers(); err != nil {

  754. 		return err

  755. 	}

  756. 

  757. 	// Get organization.

  758. 	org, err := GetUserById(t.OrgId)

  759. 	if err != nil {

  760. 		return err

  761. 	}

  762. 

  763. 	sess := x.NewSession()

  764. 	defer sess.Close()

  765. 	if err = sess.Begin(); err != nil {

  766. 		return err

  767. 	}

  768. 

  769. 	// Delete all accesses.

  770. 	for _, repo := range t.Repos {

  771. 		for _, u := range t.Members {

  772. 			auth, err := GetHighestAuthorize(org.Id, u.Id, t.Id, repo.Id)

  773. 			if err != nil {

  774. 				sess.Rollback()

  775. 				return err

  776. 			}

  777. 

  778. 			access := &Access{

  779. 				UserName: u.LowerName,

  780. 				RepoName: path.Join(org.LowerName, repo.LowerName),

  781. 			}

  782. 			if auth == 0 {

  783. 				if _, err = sess.Delete(access); err != nil {

  784. 					sess.Rollback()

  785. 					return fmt.Errorf("fail to delete access: %v", err)

  786. 				}

  787. 			} else if auth < t.Authorize {

  788. 				// Downgrade authorize level.

  789. 				if err = addAccessWithAuthorize(sess, access, AuthorizeToAccessType(auth)); err != nil {

  790. 					sess.Rollback()

  791. 					return err

  792. 				}

  793. 			}

  794. 		}

  795. 	}

  796. 

  797. 	// Delete team-user.

  798. 	if _, err = sess.Where("org_id=?", org.Id).Where("team_id=?", t.Id).Delete(new(TeamUser)); err != nil {

  799. 		sess.Rollback()

  800. 		return err

  801. 	}

  802. 

  803. 	// Delete team.

  804. 	if _, err = sess.Id(t.Id).Delete(new(Team)); err != nil {

  805. 		sess.Rollback()

  806. 		return err

  807. 	}

  808. 	// Update organization number of teams.

  809. 	if _, err = sess.Exec("UPDATE `user` SET num_teams = num_teams - 1 WHERE id = ?", t.OrgId); err != nil {

  810. 		sess.Rollback()

  811. 		return err

  812. 	}

  813. 

  814. 	return sess.Commit()

  815. }

  816. 

  817. // ___________                    ____ ___

  818. // \__    ___/___ _____    _____ |    |   \______ ___________

  819. //   |    |_/ __ \\__  \  /     \|    |   /  ___// __ \_  __ \

  820. //   |    |\  ___/ / __ \|  Y Y  \    |  /\___ \\  ___/|  | \/

  821. //   |____| \___  >____  /__|_|  /______//____  >\___  >__|

  822. //              \/     \/      \/             \/     \/

  823. 

  824. // TeamUser represents an team-user relation.

  825. type TeamUser struct {

  826. 	Id     int64

  827. 	Uid    int64

  828. 	OrgId  int64 `xorm:"INDEX"`

  829. 	TeamId int64

  830. }

  831. 

  832. // IsTeamMember returns true if given user is a member of team.

  833. func IsTeamMember(orgId, teamId, uid int64) bool {

  834. 	has, _ := x.Where("uid=?", uid).And("org_id=?", orgId).And("team_id=?", teamId).Get(new(TeamUser))

  835. 	return has

  836. }

  837. 

  838. // GetTeamMembers returns all members in given team of organization.

  839. func GetTeamMembers(orgId, teamId int64) ([]*User, error) {

  840. 	tus := make([]*TeamUser, 0, 10)

  841. 	err := x.Where("org_id=?", orgId).And("team_id=?", teamId).Find(&tus)

  842. 	if err != nil {

  843. 		return nil, err

  844. 	}

  845. 

  846. 	us := make([]*User, len(tus))

  847. 	for i, tu := range tus {

  848. 		us[i], err = GetUserById(tu.Uid)

  849. 		if err != nil {

  850. 			return nil, err

  851. 		}

  852. 	}

  853. 	return us, nil

  854. }

  855. 

  856. // GetUserTeams returns all teams that user belongs to in given origanization.

  857. func GetUserTeams(orgId, uid int64) ([]*Team, error) {

  858. 	tus := make([]*TeamUser, 0, 5)

  859. 	if err := x.Where("uid=?", uid).And("org_id=?", orgId).Find(&tus); err != nil {

  860. 		return nil, err

  861. 	}

  862. 

  863. 	ts := make([]*Team, len(tus))

  864. 	for i, tu := range tus {

  865. 		t := new(Team)

  866. 		has, err := x.Id(tu.TeamId).Get(t)

  867. 		if err != nil {

  868. 			return nil, err

  869. 		} else if !has {

  870. 			return nil, ErrTeamNotExist

  871. 		}

  872. 		ts[i] = t

  873. 	}

  874. 	return ts, nil

  875. }

  876. 

  877. // AddTeamMember adds new member to given team of given organization.

  878. func AddTeamMember(orgId, teamId, uid int64) error {

  879. 	if IsTeamMember(orgId, teamId, uid) {

  880. 		return nil

  881. 	}

  882. 

  883. 	if err := AddOrgUser(orgId, uid); err != nil {

  884. 		return err

  885. 	}

  886. 

  887. 	// Get team and its repositories.

  888. 	t, err := GetTeamById(teamId)

  889. 	if err != nil {

  890. 		return err

  891. 	}

  892. 	t.NumMembers++

  893. 

  894. 	if err = t.GetRepositories(); err != nil {

  895. 		return err

  896. 	}

  897. 

  898. 	// Get organization.

  899. 	org, err := GetUserById(orgId)

  900. 	if err != nil {

  901. 		return err

  902. 	}

  903. 

  904. 	// Get user.

  905. 	u, err := GetUserById(uid)

  906. 	if err != nil {

  907. 		return err

  908. 	}

  909. 

  910. 	sess := x.NewSession()

  911. 	defer sess.Close()

  912. 	if err = sess.Begin(); err != nil {

  913. 		return err

  914. 	}

  915. 

  916. 	tu := &TeamUser{

  917. 		Uid:    uid,

  918. 		OrgId:  orgId,

  919. 		TeamId: teamId,

  920. 	}

  921. 

  922. 	if _, err = sess.Insert(tu); err != nil {

  923. 		sess.Rollback()

  924. 		return err

  925. 	} else if _, err = sess.Id(t.Id).Update(t); err != nil {

  926. 		sess.Rollback()

  927. 		return err

  928. 	}

  929. 

  930. 	// Give access to team repositories.

  931. 	mode := AuthorizeToAccessType(t.Authorize)

  932. 	for _, repo := range t.Repos {

  933. 		auth, err := GetHighestAuthorize(orgId, uid, teamId, repo.Id)

  934. 		if err != nil {

  935. 			sess.Rollback()

  936. 			return err

  937. 		}

  938. 

  939. 		access := &Access{

  940. 			UserName: u.LowerName,

  941. 			RepoName: path.Join(org.LowerName, repo.LowerName),

  942. 		}

  943. 		// Equal 0 means given access doesn't exist.

  944. 		if auth == 0 {

  945. 			access.Mode = mode

  946. 			if _, err = sess.Insert(access); err != nil {

  947. 				sess.Rollback()

  948. 				return fmt.Errorf("fail to insert access: %v", err)

  949. 			}

  950. 		} else if auth < t.Authorize {

  951. 			if err = addAccessWithAuthorize(sess, access, mode); err != nil {

  952. 				sess.Rollback()

  953. 				return err

  954. 			}

  955. 		}

  956. 	}

  957. 

  958. 	// We make sure it exists before.

  959. 	ou := new(OrgUser)

  960. 	_, err = sess.Where("uid=?", uid).And("org_id=?", orgId).Get(ou)

  961. 	if err != nil {

  962. 		sess.Rollback()

  963. 		return err

  964. 	}

  965. 	ou.NumTeams++

  966. 	if t.IsOwnerTeam() {

  967. 		ou.IsOwner = true

  968. 	}

  969. 	if _, err = sess.Id(ou.Id).AllCols().Update(ou); err != nil {

  970. 		sess.Rollback()

  971. 		return err

  972. 	}

  973. 

  974. 	return sess.Commit()

  975. }

  976. 

  977. func removeTeamMemberWithSess(orgId, teamId, uid int64, sess *xorm.Session) error {

  978. 	if !IsTeamMember(orgId, teamId, uid) {

  979. 		return nil

  980. 	}

  981. 

  982. 	// Get team and its repositories.

  983. 	t, err := GetTeamById(teamId)

  984. 	if err != nil {

  985. 		return err

  986. 	}

  987. 

  988. 	// Check if the user to delete is the last member in owner team.

  989. 	if t.IsOwnerTeam() && t.NumMembers == 1 {

  990. 		return ErrLastOrgOwner

  991. 	}

  992. 

  993. 	t.NumMembers--

  994. 

  995. 	if err = t.GetRepositories(); err != nil {

  996. 		return err

  997. 	}

  998. 

  999. 	// Get organization.

  1000. 	org, err := GetUserById(orgId)

  1001. 	if err != nil {

  1002. 		return err

  1003. 	}

  1004. 

  1005. 	// Get user.

  1006. 	u, err := GetUserById(uid)

  1007. 	if err != nil {

  1008. 		return err

  1009. 	}

  1010. 

  1011. 	tu := &TeamUser{

  1012. 		Uid:    uid,

  1013. 		OrgId:  orgId,

  1014. 		TeamId: teamId,

  1015. 	}

  1016. 

  1017. 	if _, err := sess.Delete(tu); err != nil {

  1018. 		sess.Rollback()

  1019. 		return err

  1020. 	} else if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {

  1021. 		sess.Rollback()

  1022. 		return err

  1023. 	}

  1024. 

  1025. 	// Delete access to team repositories.

  1026. 	for _, repo := range t.Repos {

  1027. 		auth, err := GetHighestAuthorize(orgId, uid, teamId, repo.Id)

  1028. 		if err != nil {

  1029. 			sess.Rollback()

  1030. 			return err

  1031. 		}

  1032. 

  1033. 		access := &Access{

  1034. 			UserName: u.LowerName,

  1035. 			RepoName: path.Join(org.LowerName, repo.LowerName),

  1036. 		}

  1037. 		// Delete access if this is the last team user belongs to.

  1038. 		if auth == 0 {

  1039. 			if _, err = sess.Delete(access); err != nil {

  1040. 				sess.Rollback()

  1041. 				return fmt.Errorf("fail to delete access: %v", err)

  1042. 			} else if err = WatchRepo(u.Id, repo.Id, false); err != nil {

  1043. 				sess.Rollback()

  1044. 				return err

  1045. 			}

  1046. 		} else if auth < t.Authorize {

  1047. 			// Downgrade authorize level.

  1048. 			if err = addAccessWithAuthorize(sess, access, AuthorizeToAccessType(auth)); err != nil {

  1049. 				sess.Rollback()

  1050. 				return err

  1051. 			}

  1052. 		}

  1053. 	}

  1054. 

  1055. 	// This must exist.

  1056. 	ou := new(OrgUser)

  1057. 	_, err = sess.Where("uid=?", uid).And("org_id=?", org.Id).Get(ou)

  1058. 	if err != nil {

  1059. 		sess.Rollback()

  1060. 		return err

  1061. 	}

  1062. 	ou.NumTeams--

  1063. 	if t.IsOwnerTeam() {

  1064. 		ou.IsOwner = false

  1065. 	}

  1066. 	if _, err = sess.Id(ou.Id).AllCols().Update(ou); err != nil {

  1067. 		sess.Rollback()

  1068. 		return err

  1069. 	}

  1070. 	return nil

  1071. }

  1072. 

  1073. // RemoveTeamMember removes member from given team of given organization.

  1074. func RemoveTeamMember(orgId, teamId, uid int64) error {

  1075. 	sess := x.NewSession()

  1076. 	defer sess.Close()

  1077. 	if err := sess.Begin(); err != nil {

  1078. 		return err

  1079. 	}

  1080. 	if err := removeTeamMemberWithSess(orgId, teamId, uid, sess); err != nil {

  1081. 		return err

  1082. 	}

  1083. 	return sess.Commit()

  1084. }