mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14398 Commits
17 Branches
Tree: a1fcb1cfb8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a1fcb1cfb8'
${ noResults }
gitea/models/org_team.go

org_team.go 15KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594 
  1. // Copyright 2018 The Gitea Authors. All rights reserved.

  2. // Copyright 2016 The Gogs Authors. All rights reserved.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package models

  6. 

  7. import (

  8. 	"context"

  9. 	"fmt"

  10. 	"strings"

  11. 

  12. 	"code.gitea.io/gitea/models/db"

  13. 	git_model "code.gitea.io/gitea/models/git"

  14. 	issues_model "code.gitea.io/gitea/models/issues"

  15. 	"code.gitea.io/gitea/models/organization"

  16. 	access_model "code.gitea.io/gitea/models/perm/access"

  17. 	repo_model "code.gitea.io/gitea/models/repo"

  18. 	user_model "code.gitea.io/gitea/models/user"

  19. 	"code.gitea.io/gitea/modules/log"

  20. 	"code.gitea.io/gitea/modules/setting"

  21. 	"code.gitea.io/gitea/modules/util"

  22. 

  23. 	"xorm.io/builder"

  24. )

  25. 

  26. func AddRepository(ctx context.Context, t *organization.Team, repo *repo_model.Repository) (err error) {

  27. 	if err = organization.AddTeamRepo(ctx, t.OrgID, t.ID, repo.ID); err != nil {

  28. 		return err

  29. 	}

  30. 

  31. 	if err = organization.IncrTeamRepoNum(ctx, t.ID); err != nil {

  32. 		return fmt.Errorf("update team: %w", err)

  33. 	}

  34. 

  35. 	t.NumRepos++

  36. 

  37. 	if err = access_model.RecalculateTeamAccesses(ctx, repo, 0); err != nil {

  38. 		return fmt.Errorf("recalculateAccesses: %w", err)

  39. 	}

  40. 

  41. 	// Make all team members watch this repo if enabled in global settings

  42. 	if setting.Service.AutoWatchNewRepos {

  43. 		if err = t.LoadMembers(ctx); err != nil {

  44. 			return fmt.Errorf("getMembers: %w", err)

  45. 		}

  46. 		for _, u := range t.Members {

  47. 			if err = repo_model.WatchRepo(ctx, u.ID, repo.ID, true); err != nil {

  48. 				return fmt.Errorf("watchRepo: %w", err)

  49. 			}

  50. 		}

  51. 	}

  52. 

  53. 	return nil

  54. }

  55. 

  56. // addAllRepositories adds all repositories to the team.

  57. // If the team already has some repositories they will be left unchanged.

  58. func addAllRepositories(ctx context.Context, t *organization.Team) error {

  59. 	orgRepos, err := organization.GetOrgRepositories(ctx, t.OrgID)

  60. 	if err != nil {

  61. 		return fmt.Errorf("get org repos: %w", err)

  62. 	}

  63. 

  64. 	for _, repo := range orgRepos {

  65. 		if !organization.HasTeamRepo(ctx, t.OrgID, t.ID, repo.ID) {

  66. 			if err := AddRepository(ctx, t, repo); err != nil {

  67. 				return fmt.Errorf("AddRepository: %w", err)

  68. 			}

  69. 		}

  70. 	}

  71. 

  72. 	return nil

  73. }

  74. 

  75. // AddAllRepositories adds all repositories to the team

  76. func AddAllRepositories(t *organization.Team) (err error) {

  77. 	ctx, committer, err := db.TxContext(db.DefaultContext)

  78. 	if err != nil {

  79. 		return err

  80. 	}

  81. 	defer committer.Close()

  82. 

  83. 	if err = addAllRepositories(ctx, t); err != nil {

  84. 		return err

  85. 	}

  86. 

  87. 	return committer.Commit()

  88. }

  89. 

  90. // RemoveAllRepositories removes all repositories from team and recalculates access

  91. func RemoveAllRepositories(t *organization.Team) (err error) {

  92. 	if t.IncludesAllRepositories {

  93. 		return nil

  94. 	}

  95. 

  96. 	ctx, committer, err := db.TxContext(db.DefaultContext)

  97. 	if err != nil {

  98. 		return err

  99. 	}

  100. 	defer committer.Close()

  101. 

  102. 	if err = removeAllRepositories(ctx, t); err != nil {

  103. 		return err

  104. 	}

  105. 

  106. 	return committer.Commit()

  107. }

  108. 

  109. // removeAllRepositories removes all repositories from team and recalculates access

  110. // Note: Shall not be called if team includes all repositories

  111. func removeAllRepositories(ctx context.Context, t *organization.Team) (err error) {

  112. 	e := db.GetEngine(ctx)

  113. 	// Delete all accesses.

  114. 	for _, repo := range t.Repos {

  115. 		if err := access_model.RecalculateTeamAccesses(ctx, repo, t.ID); err != nil {

  116. 			return err

  117. 		}

  118. 

  119. 		// Remove watches from all users and now unaccessible repos

  120. 		for _, user := range t.Members {

  121. 			has, err := access_model.HasAccess(ctx, user.ID, repo)

  122. 			if err != nil {

  123. 				return err

  124. 			} else if has {

  125. 				continue

  126. 			}

  127. 

  128. 			if err = repo_model.WatchRepo(ctx, user.ID, repo.ID, false); err != nil {

  129. 				return err

  130. 			}

  131. 

  132. 			// Remove all IssueWatches a user has subscribed to in the repositories

  133. 			if err = issues_model.RemoveIssueWatchersByRepoID(ctx, user.ID, repo.ID); err != nil {

  134. 				return err

  135. 			}

  136. 		}

  137. 	}

  138. 

  139. 	// Delete team-repo

  140. 	if _, err := e.

  141. 		Where("team_id=?", t.ID).

  142. 		Delete(new(organization.TeamRepo)); err != nil {

  143. 		return err

  144. 	}

  145. 

  146. 	t.NumRepos = 0

  147. 	if _, err = e.ID(t.ID).Cols("num_repos").Update(t); err != nil {

  148. 		return err

  149. 	}

  150. 

  151. 	return nil

  152. }

  153. 

  154. // HasRepository returns true if given repository belong to team.

  155. func HasRepository(t *organization.Team, repoID int64) bool {

  156. 	return organization.HasTeamRepo(db.DefaultContext, t.OrgID, t.ID, repoID)

  157. }

  158. 

  159. // removeRepository removes a repository from a team and recalculates access

  160. // Note: Repository shall not be removed from team if it includes all repositories (unless the repository is deleted)

  161. func removeRepository(ctx context.Context, t *organization.Team, repo *repo_model.Repository, recalculate bool) (err error) {

  162. 	e := db.GetEngine(ctx)

  163. 	if err = organization.RemoveTeamRepo(ctx, t.ID, repo.ID); err != nil {

  164. 		return err

  165. 	}

  166. 

  167. 	t.NumRepos--

  168. 	if _, err = e.ID(t.ID).Cols("num_repos").Update(t); err != nil {

  169. 		return err

  170. 	}

  171. 

  172. 	// Don't need to recalculate when delete a repository from organization.

  173. 	if recalculate {

  174. 		if err = access_model.RecalculateTeamAccesses(ctx, repo, t.ID); err != nil {

  175. 			return err

  176. 		}

  177. 	}

  178. 

  179. 	teamUsers, err := organization.GetTeamUsersByTeamID(ctx, t.ID)

  180. 	if err != nil {

  181. 		return fmt.Errorf("getTeamUsersByTeamID: %w", err)

  182. 	}

  183. 	for _, teamUser := range teamUsers {

  184. 		has, err := access_model.HasAccess(ctx, teamUser.UID, repo)

  185. 		if err != nil {

  186. 			return err

  187. 		} else if has {

  188. 			continue

  189. 		}

  190. 

  191. 		if err = repo_model.WatchRepo(ctx, teamUser.UID, repo.ID, false); err != nil {

  192. 			return err

  193. 		}

  194. 

  195. 		// Remove all IssueWatches a user has subscribed to in the repositories

  196. 		if err := issues_model.RemoveIssueWatchersByRepoID(ctx, teamUser.UID, repo.ID); err != nil {

  197. 			return err

  198. 		}

  199. 	}

  200. 

  201. 	return nil

  202. }

  203. 

  204. // RemoveRepository removes repository from team of organization.

  205. // If the team shall include all repositories the request is ignored.

  206. func RemoveRepository(t *organization.Team, repoID int64) error {

  207. 	if !HasRepository(t, repoID) {

  208. 		return nil

  209. 	}

  210. 

  211. 	if t.IncludesAllRepositories {

  212. 		return nil

  213. 	}

  214. 

  215. 	repo, err := repo_model.GetRepositoryByID(db.DefaultContext, repoID)

  216. 	if err != nil {

  217. 		return err

  218. 	}

  219. 

  220. 	ctx, committer, err := db.TxContext(db.DefaultContext)

  221. 	if err != nil {

  222. 		return err

  223. 	}

  224. 	defer committer.Close()

  225. 

  226. 	if err = removeRepository(ctx, t, repo, true); err != nil {

  227. 		return err

  228. 	}

  229. 

  230. 	return committer.Commit()

  231. }

  232. 

  233. // NewTeam creates a record of new team.

  234. // It's caller's responsibility to assign organization ID.

  235. func NewTeam(t *organization.Team) (err error) {

  236. 	if len(t.Name) == 0 {

  237. 		return util.NewInvalidArgumentErrorf("empty team name")

  238. 	}

  239. 

  240. 	if err = organization.IsUsableTeamName(t.Name); err != nil {

  241. 		return err

  242. 	}

  243. 

  244. 	has, err := db.GetEngine(db.DefaultContext).ID(t.OrgID).Get(new(user_model.User))

  245. 	if err != nil {

  246. 		return err

  247. 	}

  248. 	if !has {

  249. 		return organization.ErrOrgNotExist{ID: t.OrgID}

  250. 	}

  251. 

  252. 	t.LowerName = strings.ToLower(t.Name)

  253. 	has, err = db.GetEngine(db.DefaultContext).

  254. 		Where("org_id=?", t.OrgID).

  255. 		And("lower_name=?", t.LowerName).

  256. 		Get(new(organization.Team))

  257. 	if err != nil {

  258. 		return err

  259. 	}

  260. 	if has {

  261. 		return organization.ErrTeamAlreadyExist{OrgID: t.OrgID, Name: t.LowerName}

  262. 	}

  263. 

  264. 	ctx, committer, err := db.TxContext(db.DefaultContext)

  265. 	if err != nil {

  266. 		return err

  267. 	}

  268. 	defer committer.Close()

  269. 

  270. 	if err = db.Insert(ctx, t); err != nil {

  271. 		return err

  272. 	}

  273. 

  274. 	// insert units for team

  275. 	if len(t.Units) > 0 {

  276. 		for _, unit := range t.Units {

  277. 			unit.TeamID = t.ID

  278. 		}

  279. 		if err = db.Insert(ctx, &t.Units); err != nil {

  280. 			return err

  281. 		}

  282. 	}

  283. 

  284. 	// Add all repositories to the team if it has access to all of them.

  285. 	if t.IncludesAllRepositories {

  286. 		err = addAllRepositories(ctx, t)

  287. 		if err != nil {

  288. 			return fmt.Errorf("addAllRepositories: %w", err)

  289. 		}

  290. 	}

  291. 

  292. 	// Update organization number of teams.

  293. 	if _, err = db.Exec(ctx, "UPDATE `user` SET num_teams=num_teams+1 WHERE id = ?", t.OrgID); err != nil {

  294. 		return err

  295. 	}

  296. 	return committer.Commit()

  297. }

  298. 

  299. // UpdateTeam updates information of team.

  300. func UpdateTeam(t *organization.Team, authChanged, includeAllChanged bool) (err error) {

  301. 	if len(t.Name) == 0 {

  302. 		return util.NewInvalidArgumentErrorf("empty team name")

  303. 	}

  304. 

  305. 	if len(t.Description) > 255 {

  306. 		t.Description = t.Description[:255]

  307. 	}

  308. 

  309. 	ctx, committer, err := db.TxContext(db.DefaultContext)

  310. 	if err != nil {

  311. 		return err

  312. 	}

  313. 	defer committer.Close()

  314. 	sess := db.GetEngine(ctx)

  315. 

  316. 	t.LowerName = strings.ToLower(t.Name)

  317. 	has, err := sess.

  318. 		Where("org_id=?", t.OrgID).

  319. 		And("lower_name=?", t.LowerName).

  320. 		And("id!=?", t.ID).

  321. 		Get(new(organization.Team))

  322. 	if err != nil {

  323. 		return err

  324. 	} else if has {

  325. 		return organization.ErrTeamAlreadyExist{OrgID: t.OrgID, Name: t.LowerName}

  326. 	}

  327. 

  328. 	if _, err = sess.ID(t.ID).Cols("name", "lower_name", "description",

  329. 		"can_create_org_repo", "authorize", "includes_all_repositories").Update(t); err != nil {

  330. 		return fmt.Errorf("update: %w", err)

  331. 	}

  332. 

  333. 	// update units for team

  334. 	if len(t.Units) > 0 {

  335. 		for _, unit := range t.Units {

  336. 			unit.TeamID = t.ID

  337. 		}

  338. 		// Delete team-unit.

  339. 		if _, err := sess.

  340. 			Where("team_id=?", t.ID).

  341. 			Delete(new(organization.TeamUnit)); err != nil {

  342. 			return err

  343. 		}

  344. 		if _, err = sess.Cols("org_id", "team_id", "type", "access_mode").Insert(&t.Units); err != nil {

  345. 			return err

  346. 		}

  347. 	}

  348. 

  349. 	// Update access for team members if needed.

  350. 	if authChanged {

  351. 		if err = t.LoadRepositories(ctx); err != nil {

  352. 			return fmt.Errorf("LoadRepositories: %w", err)

  353. 		}

  354. 

  355. 		for _, repo := range t.Repos {

  356. 			if err = access_model.RecalculateTeamAccesses(ctx, repo, 0); err != nil {

  357. 				return fmt.Errorf("recalculateTeamAccesses: %w", err)

  358. 			}

  359. 		}

  360. 	}

  361. 

  362. 	// Add all repositories to the team if it has access to all of them.

  363. 	if includeAllChanged && t.IncludesAllRepositories {

  364. 		err = addAllRepositories(ctx, t)

  365. 		if err != nil {

  366. 			return fmt.Errorf("addAllRepositories: %w", err)

  367. 		}

  368. 	}

  369. 

  370. 	return committer.Commit()

  371. }

  372. 

  373. // DeleteTeam deletes given team.

  374. // It's caller's responsibility to assign organization ID.

  375. func DeleteTeam(t *organization.Team) error {

  376. 	ctx, committer, err := db.TxContext(db.DefaultContext)

  377. 	if err != nil {

  378. 		return err

  379. 	}

  380. 	defer committer.Close()

  381. 

  382. 	if err := t.LoadRepositories(ctx); err != nil {

  383. 		return err

  384. 	}

  385. 

  386. 	if err := t.LoadMembers(ctx); err != nil {

  387. 		return err

  388. 	}

  389. 

  390. 	// update branch protections

  391. 	{

  392. 		protections := make([]*git_model.ProtectedBranch, 0, 10)

  393. 		err := db.GetEngine(ctx).In("repo_id",

  394. 			builder.Select("id").From("repository").Where(builder.Eq{"owner_id": t.OrgID})).

  395. 			Find(&protections)

  396. 		if err != nil {

  397. 			return fmt.Errorf("findProtectedBranches: %w", err)

  398. 		}

  399. 		for _, p := range protections {

  400. 			if err := git_model.RemoveTeamIDFromProtectedBranch(ctx, p, t.ID); err != nil {

  401. 				return err

  402. 			}

  403. 		}

  404. 	}

  405. 

  406. 	if !t.IncludesAllRepositories {

  407. 		if err := removeAllRepositories(ctx, t); err != nil {

  408. 			return err

  409. 		}

  410. 	}

  411. 

  412. 	if err := db.DeleteBeans(ctx,

  413. 		&organization.Team{ID: t.ID},

  414. 		&organization.TeamUser{OrgID: t.OrgID, TeamID: t.ID},

  415. 		&organization.TeamUnit{TeamID: t.ID},

  416. 		&organization.TeamInvite{TeamID: t.ID},

  417. 	); err != nil {

  418. 		return err

  419. 	}

  420. 

  421. 	// Update organization number of teams.

  422. 	if _, err := db.Exec(ctx, "UPDATE `user` SET num_teams=num_teams-1 WHERE id=?", t.OrgID); err != nil {

  423. 		return err

  424. 	}

  425. 

  426. 	return committer.Commit()

  427. }

  428. 

  429. // AddTeamMember adds new membership of given team to given organization,

  430. // the user will have membership to given organization automatically when needed.

  431. func AddTeamMember(team *organization.Team, userID int64) error {

  432. 	isAlreadyMember, err := organization.IsTeamMember(db.DefaultContext, team.OrgID, team.ID, userID)

  433. 	if err != nil || isAlreadyMember {

  434. 		return err

  435. 	}

  436. 

  437. 	if err := organization.AddOrgUser(team.OrgID, userID); err != nil {

  438. 		return err

  439. 	}

  440. 

  441. 	ctx, committer, err := db.TxContext(db.DefaultContext)

  442. 	if err != nil {

  443. 		return err

  444. 	}

  445. 	defer committer.Close()

  446. 

  447. 	// check in transaction

  448. 	isAlreadyMember, err = organization.IsTeamMember(ctx, team.OrgID, team.ID, userID)

  449. 	if err != nil || isAlreadyMember {

  450. 		return err

  451. 	}

  452. 

  453. 	sess := db.GetEngine(ctx)

  454. 

  455. 	if err := db.Insert(ctx, &organization.TeamUser{

  456. 		UID:    userID,

  457. 		OrgID:  team.OrgID,

  458. 		TeamID: team.ID,

  459. 	}); err != nil {

  460. 		return err

  461. 	} else if _, err := sess.Incr("num_members").ID(team.ID).Update(new(organization.Team)); err != nil {

  462. 		return err

  463. 	}

  464. 

  465. 	team.NumMembers++

  466. 

  467. 	// Give access to team repositories.

  468. 	// update exist access if mode become bigger

  469. 	subQuery := builder.Select("repo_id").From("team_repo").

  470. 		Where(builder.Eq{"team_id": team.ID})

  471. 

  472. 	if _, err := sess.Where("user_id=?", userID).

  473. 		In("repo_id", subQuery).

  474. 		And("mode < ?", team.AccessMode).

  475. 		SetExpr("mode", team.AccessMode).

  476. 		Update(new(access_model.Access)); err != nil {

  477. 		return fmt.Errorf("update user accesses: %w", err)

  478. 	}

  479. 

  480. 	// for not exist access

  481. 	var repoIDs []int64

  482. 	accessSubQuery := builder.Select("repo_id").From("access").Where(builder.Eq{"user_id": userID})

  483. 	if err := sess.SQL(subQuery.And(builder.NotIn("repo_id", accessSubQuery))).Find(&repoIDs); err != nil {

  484. 		return fmt.Errorf("select id accesses: %w", err)

  485. 	}

  486. 

  487. 	accesses := make([]*access_model.Access, 0, 100)

  488. 	for i, repoID := range repoIDs {

  489. 		accesses = append(accesses, &access_model.Access{RepoID: repoID, UserID: userID, Mode: team.AccessMode})

  490. 		if (i%100 == 0 || i == len(repoIDs)-1) && len(accesses) > 0 {

  491. 			if err = db.Insert(ctx, accesses); err != nil {

  492. 				return fmt.Errorf("insert new user accesses: %w", err)

  493. 			}

  494. 			accesses = accesses[:0]

  495. 		}

  496. 	}

  497. 

  498. 	if err := committer.Commit(); err != nil {

  499. 		return err

  500. 	}

  501. 	committer.Close()

  502. 

  503. 	// this behaviour may spend much time so run it in a goroutine

  504. 	// FIXME: Update watch repos batchly

  505. 	if setting.Service.AutoWatchNewRepos {

  506. 		// Get team and its repositories.

  507. 		if err := team.LoadRepositories(db.DefaultContext); err != nil {

  508. 			log.Error("getRepositories failed: %v", err)

  509. 		}

  510. 		go func(repos []*repo_model.Repository) {

  511. 			for _, repo := range repos {

  512. 				if err = repo_model.WatchRepo(db.DefaultContext, userID, repo.ID, true); err != nil {

  513. 					log.Error("watch repo failed: %v", err)

  514. 				}

  515. 			}

  516. 		}(team.Repos)

  517. 	}

  518. 

  519. 	return nil

  520. }

  521. 

  522. func removeTeamMember(ctx context.Context, team *organization.Team, userID int64) error {

  523. 	e := db.GetEngine(ctx)

  524. 	isMember, err := organization.IsTeamMember(ctx, team.OrgID, team.ID, userID)

  525. 	if err != nil || !isMember {

  526. 		return err

  527. 	}

  528. 

  529. 	// Check if the user to delete is the last member in owner team.

  530. 	if team.IsOwnerTeam() && team.NumMembers == 1 {

  531. 		return organization.ErrLastOrgOwner{UID: userID}

  532. 	}

  533. 

  534. 	team.NumMembers--

  535. 

  536. 	if err := team.LoadRepositories(ctx); err != nil {

  537. 		return err

  538. 	}

  539. 

  540. 	if _, err := e.Delete(&organization.TeamUser{

  541. 		UID:    userID,

  542. 		OrgID:  team.OrgID,

  543. 		TeamID: team.ID,

  544. 	}); err != nil {

  545. 		return err

  546. 	} else if _, err = e.

  547. 		ID(team.ID).

  548. 		Cols("num_members").

  549. 		Update(team); err != nil {

  550. 		return err

  551. 	}

  552. 

  553. 	// Delete access to team repositories.

  554. 	for _, repo := range team.Repos {

  555. 		if err := access_model.RecalculateUserAccess(ctx, repo, userID); err != nil {

  556. 			return err

  557. 		}

  558. 

  559. 		// Remove watches from now unaccessible

  560. 		if err := reconsiderWatches(ctx, repo, userID); err != nil {

  561. 			return err

  562. 		}

  563. 

  564. 		// Remove issue assignments from now unaccessible

  565. 		if err := reconsiderRepoIssuesAssignee(ctx, repo, userID); err != nil {

  566. 			return err

  567. 		}

  568. 	}

  569. 

  570. 	// Check if the user is a member of any team in the organization.

  571. 	if count, err := e.Count(&organization.TeamUser{

  572. 		UID:   userID,

  573. 		OrgID: team.OrgID,

  574. 	}); err != nil {

  575. 		return err

  576. 	} else if count == 0 {

  577. 		return removeOrgUser(ctx, team.OrgID, userID)

  578. 	}

  579. 

  580. 	return nil

  581. }

  582. 

  583. // RemoveTeamMember removes member from given team of given organization.

  584. func RemoveTeamMember(team *organization.Team, userID int64) error {

  585. 	ctx, committer, err := db.TxContext(db.DefaultContext)

  586. 	if err != nil {

  587. 		return err

  588. 	}

  589. 	defer committer.Close()

  590. 	if err := removeTeamMember(ctx, team, userID); err != nil {

  591. 		return err

  592. 	}

  593. 	return committer.Commit()

  594. }