12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112 |
- // Copyright 2014 The Gogs Authors. All rights reserved.
- // Use of this source code is governed by a MIT-style
- // license that can be found in the LICENSE file.
- package models
- import (
- "errors"
- "fmt"
- "os"
- "path"
- "strings"
- "github.com/Unknwon/com"
- "github.com/gogits/gogs/modules/base"
- )
- var (
- ErrOrgNotExist = errors.New("Organization does not exist")
- ErrTeamAlreadyExist = errors.New("Team already exist")
- ErrTeamNotExist = errors.New("Team does not exist")
- ErrTeamNameIllegal = errors.New("Team name contains illegal characters")
- ErrLastOrgOwner = errors.New("The user to remove is the last member in owner team")
- )
- // IsOwnedBy returns true if given user is in the owner team.
- func (org *User) IsOwnedBy(uid int64) bool {
- return IsOrganizationOwner(org.Id, uid)
- }
- // IsOrgMember returns true if given user is member of organization.
- func (org *User) IsOrgMember(uid int64) bool {
- return IsOrganizationMember(org.Id, uid)
- }
- // GetTeam returns named team of organization.
- func (org *User) GetTeam(name string) (*Team, error) {
- return GetTeam(org.Id, name)
- }
- // GetOwnerTeam returns owner team of organization.
- func (org *User) GetOwnerTeam() (*Team, error) {
- return org.GetTeam(OWNER_TEAM)
- }
- // GetTeams returns all teams that belong to organization.
- func (org *User) GetTeams() error {
- return x.Where("org_id=?", org.Id).Find(&org.Teams)
- }
- // GetMembers returns all members of organization.
- func (org *User) GetMembers() error {
- ous, err := GetOrgUsersByOrgId(org.Id)
- if err != nil {
- return err
- }
- org.Members = make([]*User, len(ous))
- for i, ou := range ous {
- org.Members[i], err = GetUserById(ou.Uid)
- if err != nil {
- return err
- }
- }
- return nil
- }
- // AddMember adds new member to organization.
- func (org *User) AddMember(uid int64) error {
- return AddOrgUser(org.Id, uid)
- }
- // RemoveMember removes member from organization.
- func (org *User) RemoveMember(uid int64) error {
- return RemoveOrgUser(org.Id, uid)
- }
- // IsOrgEmailUsed returns true if the e-mail has been used in organization account.
- func IsOrgEmailUsed(email string) (bool, error) {
- if len(email) == 0 {
- return false, nil
- }
- return x.Get(&User{
- Email: email,
- Type: ORGANIZATION,
- })
- }
- // CreateOrganization creates record of a new organization.
- func CreateOrganization(org, owner *User) (*User, error) {
- if !IsLegalName(org.Name) {
- return nil, ErrUserNameIllegal
- }
- isExist, err := IsUserExist(org.Name)
- if err != nil {
- return nil, err
- } else if isExist {
- return nil, ErrUserAlreadyExist
- }
- isExist, err = IsOrgEmailUsed(org.Email)
- if err != nil {
- return nil, err
- } else if isExist {
- return nil, ErrEmailAlreadyUsed
- }
- org.LowerName = strings.ToLower(org.Name)
- org.FullName = org.Name
- org.Avatar = base.EncodeMd5(org.Email)
- org.AvatarEmail = org.Email
- // No password for organization.
- org.NumTeams = 1
- org.NumMembers = 1
- sess := x.NewSession()
- defer sess.Close()
- if err = sess.Begin(); err != nil {
- return nil, err
- }
- if _, err = sess.Insert(org); err != nil {
- sess.Rollback()
- return nil, err
- }
- if err = os.MkdirAll(UserPath(org.Name), os.ModePerm); err != nil {
- sess.Rollback()
- return nil, err
- }
- // Create default owner team.
- t := &Team{
- OrgId: org.Id,
- LowerName: strings.ToLower(OWNER_TEAM),
- Name: OWNER_TEAM,
- Authorize: ORG_ADMIN,
- NumMembers: 1,
- }
- if _, err = sess.Insert(t); err != nil {
- sess.Rollback()
- return nil, err
- }
- // Add initial creator to organization and owner team.
- ou := &OrgUser{
- Uid: owner.Id,
- OrgId: org.Id,
- IsOwner: true,
- NumTeams: 1,
- }
- if _, err = sess.Insert(ou); err != nil {
- sess.Rollback()
- return nil, err
- }
- tu := &TeamUser{
- Uid: owner.Id,
- OrgId: org.Id,
- TeamId: t.Id,
- }
- if _, err = sess.Insert(tu); err != nil {
- sess.Rollback()
- return nil, err
- }
- return org, sess.Commit()
- }
- // GetOrgByName returns organization by given name.
- func GetOrgByName(name string) (*User, error) {
- if len(name) == 0 {
- return nil, ErrOrgNotExist
- }
- u := &User{
- LowerName: strings.ToLower(name),
- Type: ORGANIZATION,
- }
- has, err := x.Get(u)
- if err != nil {
- return nil, err
- } else if !has {
- return nil, ErrOrgNotExist
- }
- return u, nil
- }
- // CountOrganizations returns number of organizations.
- func CountOrganizations() int64 {
- count, _ := x.Where("type=1").Count(new(User))
- return count
- }
- // GetOrganizations returns given number of organizations with offset.
- func GetOrganizations(num, offset int) ([]*User, error) {
- orgs := make([]*User, 0, num)
- err := x.Limit(num, offset).Where("type=1").Asc("id").Find(&orgs)
- return orgs, err
- }
- // TODO: need some kind of mechanism to record failure.
- // DeleteOrganization completely and permanently deletes everything of organization.
- func DeleteOrganization(org *User) (err error) {
- if err := DeleteUser(org); err != nil {
- return err
- }
- sess := x.NewSession()
- defer sess.Close()
- if err = sess.Begin(); err != nil {
- return err
- }
- if _, err = sess.Delete(&Team{OrgId: org.Id}); err != nil {
- sess.Rollback()
- return err
- }
- if _, err = sess.Delete(&OrgUser{OrgId: org.Id}); err != nil {
- sess.Rollback()
- return err
- }
- if _, err = sess.Delete(&TeamUser{OrgId: org.Id}); err != nil {
- sess.Rollback()
- return err
- }
- return sess.Commit()
- }
- // ________ ____ ___
- // \_____ \_______ ____ | | \______ ___________
- // / | \_ __ \/ ___\| | / ___// __ \_ __ \
- // / | \ | \/ /_/ > | /\___ \\ ___/| | \/
- // \_______ /__| \___ /|______//____ >\___ >__|
- // \/ /_____/ \/ \/
- // OrgUser represents an organization-user relation.
- type OrgUser struct {
- Id int64
- Uid int64 `xorm:"INDEX UNIQUE(s)"`
- OrgId int64 `xorm:"INDEX UNIQUE(s)"`
- IsPublic bool
- IsOwner bool
- NumTeams int
- }
- // IsOrganizationOwner returns true if given user is in the owner team.
- func IsOrganizationOwner(orgId, uid int64) bool {
- has, _ := x.Where("is_owner=?", true).And("uid=?", uid).And("org_id=?", orgId).Get(new(OrgUser))
- return has
- }
- // IsOrganizationMember returns true if given user is member of organization.
- func IsOrganizationMember(orgId, uid int64) bool {
- has, _ := x.Where("uid=?", uid).And("org_id=?", orgId).Get(new(OrgUser))
- return has
- }
- // IsPublicMembership returns true if given user public his/her membership.
- func IsPublicMembership(orgId, uid int64) bool {
- has, _ := x.Where("uid=?", uid).And("org_id=?", orgId).And("is_public=?", true).Get(new(OrgUser))
- return has
- }
- // GetOrgUsersByUserId returns all organization-user relations by user ID.
- func GetOrgUsersByUserId(uid int64) ([]*OrgUser, error) {
- ous := make([]*OrgUser, 0, 10)
- err := x.Where("uid=?", uid).Find(&ous)
- return ous, err
- }
- // GetOrgUsersByOrgId returns all organization-user relations by organization ID.
- func GetOrgUsersByOrgId(orgId int64) ([]*OrgUser, error) {
- ous := make([]*OrgUser, 0, 10)
- err := x.Where("org_id=?", orgId).Find(&ous)
- return ous, err
- }
- // ChangeOrgUserStatus changes public or private membership status.
- func ChangeOrgUserStatus(orgId, uid int64, public bool) error {
- ou := new(OrgUser)
- has, err := x.Where("uid=?", uid).And("org_id=?", orgId).Get(ou)
- if err != nil {
- return err
- } else if !has {
- return nil
- }
- ou.IsPublic = public
- _, err = x.Id(ou.Id).AllCols().Update(ou)
- return err
- }
- // AddOrgUser adds new user to given organization.
- func AddOrgUser(orgId, uid int64) error {
- if IsOrganizationMember(orgId, uid) {
- return nil
- }
- sess := x.NewSession()
- defer sess.Close()
- if err := sess.Begin(); err != nil {
- return err
- }
- ou := &OrgUser{
- Uid: uid,
- OrgId: orgId,
- }
- if _, err := sess.Insert(ou); err != nil {
- sess.Rollback()
- return err
- } else if _, err = sess.Exec("UPDATE `user` SET num_members = num_members + 1 WHERE id = ?", orgId); err != nil {
- sess.Rollback()
- return err
- }
- return sess.Commit()
- }
- // RemoveOrgUser removes user from given organization.
- func RemoveOrgUser(orgId, uid int64) error {
- ou := new(OrgUser)
- has, err := x.Where("uid=?", uid).And("org_id=?", orgId).Get(ou)
- if err != nil {
- return err
- } else if !has {
- return nil
- }
- u, err := GetUserById(uid)
- if err != nil {
- return err
- }
- org, err := GetUserById(orgId)
- if err != nil {
- return err
- }
- // Check if the user to delete is the last member in owner team.
- if IsOrganizationOwner(orgId, uid) {
- t, err := org.GetOwnerTeam()
- if err != nil {
- return err
- }
- if t.NumMembers == 1 {
- return ErrLastOrgOwner
- }
- }
- sess := x.NewSession()
- defer sess.Close()
- if err := sess.Begin(); err != nil {
- return err
- }
- if _, err := sess.Id(ou.Id).Delete(ou); err != nil {
- sess.Rollback()
- return err
- } else if _, err = sess.Exec("UPDATE `user` SET num_members = num_members - 1 WHERE id = ?", orgId); err != nil {
- sess.Rollback()
- return err
- }
- // Delete all repository accesses.
- if err = org.GetRepositories(); err != nil {
- sess.Rollback()
- return err
- }
- access := &Access{
- UserName: u.LowerName,
- }
- for _, repo := range org.Repos {
- access.RepoName = path.Join(org.LowerName, repo.LowerName)
- if _, err = sess.Delete(access); err != nil {
- sess.Rollback()
- return err
- } else if err = WatchRepo(u.Id, repo.Id, false); err != nil {
- sess.Rollback()
- return err
- }
- }
- // Delete member in his/her teams.
- ts, err := GetUserTeams(org.Id, u.Id)
- if err != nil {
- return err
- }
- for _, t := range ts {
- if err = removeTeamMember(sess, org.Id, t.Id, u.Id); err != nil {
- return err
- }
- }
- return sess.Commit()
- }
- // ___________
- // \__ ___/___ _____ _____
- // | |_/ __ \\__ \ / \
- // | |\ ___/ / __ \| Y Y \
- // |____| \___ >____ /__|_| /
- // \/ \/ \/
- type AuthorizeType int
- const (
- ORG_READABLE AuthorizeType = iota + 1
- ORG_WRITABLE
- ORG_ADMIN
- )
- func AuthorizeToAccessType(auth AuthorizeType) AccessType {
- if auth == ORG_READABLE {
- return READABLE
- }
- return WRITABLE
- }
- const OWNER_TEAM = "Owners"
- // Team represents a organization team.
- type Team struct {
- Id int64
- OrgId int64 `xorm:"INDEX"`
- LowerName string
- Name string
- Description string
- Authorize AuthorizeType
- RepoIds string `xorm:"TEXT"`
- Repos []*Repository `xorm:"-"`
- Members []*User `xorm:"-"`
- NumRepos int
- NumMembers int
- }
- // IsOwnerTeam returns true if team is owner team.
- func (t *Team) IsOwnerTeam() bool {
- return t.Name == OWNER_TEAM
- }
- // IsTeamMember returns true if given user is a member of team.
- func (t *Team) IsMember(uid int64) bool {
- return IsTeamMember(t.OrgId, t.Id, uid)
- }
- // GetRepositories returns all repositories in team of organization.
- func (t *Team) GetRepositories() error {
- idStrs := strings.Split(t.RepoIds, "|")
- t.Repos = make([]*Repository, 0, len(idStrs))
- for _, str := range idStrs {
- if len(str) == 0 {
- continue
- }
- id := com.StrTo(str[1:]).MustInt64()
- if id == 0 {
- continue
- }
- repo, err := GetRepositoryById(id)
- if err != nil {
- return err
- }
- t.Repos = append(t.Repos, repo)
- }
- return nil
- }
- // GetMembers returns all members in team of organization.
- func (t *Team) GetMembers() (err error) {
- t.Members, err = GetTeamMembers(t.OrgId, t.Id)
- return err
- }
- // AddMember adds new member to team of organization.
- func (t *Team) AddMember(uid int64) error {
- return AddTeamMember(t.OrgId, t.Id, uid)
- }
- // RemoveMember removes member from team of organization.
- func (t *Team) RemoveMember(uid int64) error {
- return RemoveTeamMember(t.OrgId, t.Id, uid)
- }
- // addAccessWithAuthorize inserts or updates access with given mode.
- func addAccessWithAuthorize(e Engine, access *Access, mode AccessType) error {
- has, err := e.Get(access)
- if err != nil {
- return fmt.Errorf("fail to get access: %v", err)
- }
- access.Mode = mode
- if has {
- if _, err = e.Id(access.Id).Update(access); err != nil {
- return fmt.Errorf("fail to update access: %v", err)
- }
- } else {
- if _, err = e.Insert(access); err != nil {
- return fmt.Errorf("fail to insert access: %v", err)
- }
- }
- return nil
- }
- // AddRepository adds new repository to team of organization.
- func (t *Team) AddRepository(repo *Repository) (err error) {
- idStr := "$" + com.ToStr(repo.Id) + "|"
- if repo.OwnerId != t.OrgId {
- return errors.New("Repository not belong to organization")
- } else if strings.Contains(t.RepoIds, idStr) {
- return nil
- }
- if err = repo.GetOwner(); err != nil {
- return err
- } else if err = t.GetMembers(); err != nil {
- return err
- }
- sess := x.NewSession()
- defer sess.Close()
- if err = sess.Begin(); err != nil {
- return err
- }
- t.NumRepos++
- t.RepoIds += idStr
- if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {
- sess.Rollback()
- return err
- }
- // Give access to team members.
- mode := AuthorizeToAccessType(t.Authorize)
- for _, u := range t.Members {
- auth, err := getHighestAuthorize(sess, t.OrgId, u.Id, repo.Id, t.Id)
- if err != nil {
- sess.Rollback()
- return err
- }
- access := &Access{
- UserName: u.LowerName,
- RepoName: path.Join(repo.Owner.LowerName, repo.LowerName),
- }
- if auth < t.Authorize {
- if err = addAccessWithAuthorize(sess, access, mode); err != nil {
- sess.Rollback()
- return err
- }
- }
- if err = watchRepo(sess, u.Id, repo.Id, true); err != nil {
- sess.Rollback()
- return err
- }
- }
- return sess.Commit()
- }
- // RemoveRepository removes repository from team of organization.
- func (t *Team) RemoveRepository(repoId int64) error {
- idStr := "$" + com.ToStr(repoId) + "|"
- if !strings.Contains(t.RepoIds, idStr) {
- return nil
- }
- repo, err := GetRepositoryById(repoId)
- if err != nil {
- return err
- }
- if err = repo.GetOwner(); err != nil {
- return err
- } else if err = t.GetMembers(); err != nil {
- return err
- }
- sess := x.NewSession()
- defer sess.Close()
- if err = sess.Begin(); err != nil {
- return err
- }
- t.NumRepos--
- t.RepoIds = strings.Replace(t.RepoIds, idStr, "", 1)
- if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {
- sess.Rollback()
- return err
- }
- // Remove access to team members.
- for _, u := range t.Members {
- auth, err := getHighestAuthorize(sess, t.OrgId, u.Id, repo.Id, t.Id)
- if err != nil {
- sess.Rollback()
- return err
- }
- access := &Access{
- UserName: u.LowerName,
- RepoName: path.Join(repo.Owner.LowerName, repo.LowerName),
- }
- if auth == 0 {
- if _, err = sess.Delete(access); err != nil {
- sess.Rollback()
- return fmt.Errorf("fail to delete access: %v", err)
- } else if err = watchRepo(sess, u.Id, repo.Id, false); err != nil {
- sess.Rollback()
- return err
- }
- } else if auth < t.Authorize {
- if err = addAccessWithAuthorize(sess, access, AuthorizeToAccessType(auth)); err != nil {
- sess.Rollback()
- return err
- }
- }
- }
- return sess.Commit()
- }
- // NewTeam creates a record of new team.
- // It's caller's responsibility to assign organization ID.
- func NewTeam(t *Team) error {
- if !IsLegalName(t.Name) {
- return ErrTeamNameIllegal
- }
- has, err := x.Id(t.OrgId).Get(new(User))
- if err != nil {
- return err
- } else if !has {
- return ErrOrgNotExist
- }
- t.LowerName = strings.ToLower(t.Name)
- has, err = x.Where("org_id=?", t.OrgId).And("lower_name=?", t.LowerName).Get(new(Team))
- if err != nil {
- return err
- } else if has {
- return ErrTeamAlreadyExist
- }
- sess := x.NewSession()
- defer sess.Close()
- if err = sess.Begin(); err != nil {
- return err
- }
- if _, err = sess.Insert(t); err != nil {
- sess.Rollback()
- return err
- }
- // Update organization number of teams.
- if _, err = sess.Exec("UPDATE `user` SET num_teams = num_teams + 1 WHERE id = ?", t.OrgId); err != nil {
- sess.Rollback()
- return err
- }
- return sess.Commit()
- }
- // GetTeam returns team by given team name and organization.
- func GetTeam(orgId int64, name string) (*Team, error) {
- t := &Team{
- OrgId: orgId,
- LowerName: strings.ToLower(name),
- }
- has, err := x.Get(t)
- if err != nil {
- return nil, err
- } else if !has {
- return nil, ErrTeamNotExist
- }
- return t, nil
- }
- func getTeamById(e Engine, teamId int64) (*Team, error) {
- t := new(Team)
- has, err := e.Id(teamId).Get(t)
- if err != nil {
- return nil, err
- } else if !has {
- return nil, ErrTeamNotExist
- }
- return t, nil
- }
- // GetTeamById returns team by given ID.
- func GetTeamById(teamId int64) (*Team, error) {
- return getTeamById(x, teamId)
- }
- func getHighestAuthorize(e Engine, orgId, uid, repoId, teamId int64) (AuthorizeType, error) {
- ts, err := getUserTeams(e, orgId, uid)
- if err != nil {
- return 0, err
- }
- var auth AuthorizeType = 0
- for _, t := range ts {
- // Not current team and has given repository.
- if t.Id != teamId && strings.Contains(t.RepoIds, "$"+com.ToStr(repoId)+"|") {
- // Fast return.
- if t.Authorize == ORG_WRITABLE {
- return ORG_WRITABLE, nil
- }
- if t.Authorize > auth {
- auth = t.Authorize
- }
- }
- }
- return auth, nil
- }
- // GetHighestAuthorize returns highest repository authorize level for given user and team.
- func GetHighestAuthorize(orgId, uid, repoId, teamId int64) (AuthorizeType, error) {
- return getHighestAuthorize(x, orgId, uid, repoId, teamId)
- }
- // UpdateTeam updates information of team.
- func UpdateTeam(t *Team, authChanged bool) (err error) {
- if !IsLegalName(t.Name) {
- return ErrTeamNameIllegal
- }
- if len(t.Description) > 255 {
- t.Description = t.Description[:255]
- }
- sess := x.NewSession()
- defer sess.Close()
- if err = sess.Begin(); err != nil {
- return err
- }
- // Update access for team members if needed.
- if authChanged && !t.IsOwnerTeam() {
- if err = t.GetRepositories(); err != nil {
- return err
- } else if err = t.GetMembers(); err != nil {
- return err
- }
- // Get organization.
- org, err := GetUserById(t.OrgId)
- if err != nil {
- return err
- }
- // Update access.
- mode := AuthorizeToAccessType(t.Authorize)
- for _, repo := range t.Repos {
- for _, u := range t.Members {
- // ORG_WRITABLE is the highest authorize level for now.
- // Skip checking others if current team has this level.
- if t.Authorize < ORG_WRITABLE {
- auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, t.Id)
- if err != nil {
- sess.Rollback()
- return err
- }
- if auth >= t.Authorize {
- continue // Other team has higher or same authorize level.
- }
- }
- access := &Access{
- UserName: u.LowerName,
- RepoName: path.Join(org.LowerName, repo.LowerName),
- }
- if err = addAccessWithAuthorize(sess, access, mode); err != nil {
- sess.Rollback()
- return err
- }
- }
- }
- }
- t.LowerName = strings.ToLower(t.Name)
- if _, err = sess.Id(t.Id).AllCols().Update(t); err != nil {
- sess.Rollback()
- return err
- }
- return sess.Commit()
- }
- // DeleteTeam deletes given team.
- // It's caller's responsibility to assign organization ID.
- func DeleteTeam(t *Team) error {
- if err := t.GetRepositories(); err != nil {
- return err
- } else if err = t.GetMembers(); err != nil {
- return err
- }
- // Get organization.
- org, err := GetUserById(t.OrgId)
- if err != nil {
- return err
- }
- sess := x.NewSession()
- defer sess.Close()
- if err = sess.Begin(); err != nil {
- return err
- }
- // Delete all accesses.
- for _, repo := range t.Repos {
- for _, u := range t.Members {
- auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, t.Id)
- if err != nil {
- sess.Rollback()
- return err
- }
- access := &Access{
- UserName: u.LowerName,
- RepoName: path.Join(org.LowerName, repo.LowerName),
- }
- if auth == 0 {
- if _, err = sess.Delete(access); err != nil {
- sess.Rollback()
- return fmt.Errorf("fail to delete access: %v", err)
- }
- } else if auth < t.Authorize {
- // Downgrade authorize level.
- if err = addAccessWithAuthorize(sess, access, AuthorizeToAccessType(auth)); err != nil {
- sess.Rollback()
- return err
- }
- }
- }
- }
- // Delete team-user.
- if _, err = sess.Where("org_id=?", org.Id).Where("team_id=?", t.Id).Delete(new(TeamUser)); err != nil {
- sess.Rollback()
- return err
- }
- // Delete team.
- if _, err = sess.Id(t.Id).Delete(new(Team)); err != nil {
- sess.Rollback()
- return err
- }
- // Update organization number of teams.
- if _, err = sess.Exec("UPDATE `user` SET num_teams = num_teams - 1 WHERE id = ?", t.OrgId); err != nil {
- sess.Rollback()
- return err
- }
- return sess.Commit()
- }
- // ___________ ____ ___
- // \__ ___/___ _____ _____ | | \______ ___________
- // | |_/ __ \\__ \ / \| | / ___// __ \_ __ \
- // | |\ ___/ / __ \| Y Y \ | /\___ \\ ___/| | \/
- // |____| \___ >____ /__|_| /______//____ >\___ >__|
- // \/ \/ \/ \/ \/
- // TeamUser represents an team-user relation.
- type TeamUser struct {
- Id int64
- Uid int64
- OrgId int64 `xorm:"INDEX"`
- TeamId int64
- }
- func isTeamMember(e Engine, orgId, teamId, uid int64) bool {
- has, _ := e.Where("uid=?", uid).And("org_id=?", orgId).And("team_id=?", teamId).Get(new(TeamUser))
- return has
- }
- // IsTeamMember returns true if given user is a member of team.
- func IsTeamMember(orgId, teamId, uid int64) bool {
- return isTeamMember(x, orgId, teamId, uid)
- }
- // GetTeamMembers returns all members in given team of organization.
- func GetTeamMembers(orgId, teamId int64) ([]*User, error) {
- us := make([]*User, 0, 10)
- err := x.Sql("SELECT * FROM `user` JOIN `team_user` ON `team_user`.`team_id` = ? AND `team_user`.`uid` = `user`.`id`", teamId).Find(&us)
- return us, err
- }
- func getUserTeams(e Engine, orgId, uid int64) ([]*Team, error) {
- tus := make([]*TeamUser, 0, 5)
- if err := e.Where("uid=?", uid).And("org_id=?", orgId).Find(&tus); err != nil {
- return nil, err
- }
- ts := make([]*Team, len(tus))
- for i, tu := range tus {
- t := new(Team)
- has, err := e.Id(tu.TeamId).Get(t)
- if err != nil {
- return nil, err
- } else if !has {
- return nil, ErrTeamNotExist
- }
- ts[i] = t
- }
- return ts, nil
- }
- // GetUserTeams returns all teams that user belongs to in given organization.
- func GetUserTeams(orgId, uid int64) ([]*Team, error) {
- return getUserTeams(x, orgId, uid)
- }
- // AddTeamMember adds new member to given team of given organization.
- func AddTeamMember(orgId, teamId, uid int64) error {
- if IsTeamMember(orgId, teamId, uid) {
- return nil
- }
- if err := AddOrgUser(orgId, uid); err != nil {
- return err
- }
- // Get team and its repositories.
- t, err := GetTeamById(teamId)
- if err != nil {
- return err
- }
- t.NumMembers++
- if err = t.GetRepositories(); err != nil {
- return err
- }
- // Get organization.
- org, err := GetUserById(orgId)
- if err != nil {
- return err
- }
- // Get user.
- u, err := GetUserById(uid)
- if err != nil {
- return err
- }
- sess := x.NewSession()
- defer sess.Close()
- if err = sess.Begin(); err != nil {
- return err
- }
- tu := &TeamUser{
- Uid: uid,
- OrgId: orgId,
- TeamId: teamId,
- }
- if _, err = sess.Insert(tu); err != nil {
- sess.Rollback()
- return err
- } else if _, err = sess.Id(t.Id).Update(t); err != nil {
- sess.Rollback()
- return err
- }
- // Give access to team repositories.
- mode := AuthorizeToAccessType(t.Authorize)
- for _, repo := range t.Repos {
- auth, err := getHighestAuthorize(sess, t.OrgId, u.Id, repo.Id, teamId)
- if err != nil {
- sess.Rollback()
- return err
- }
- access := &Access{
- UserName: u.LowerName,
- RepoName: path.Join(org.LowerName, repo.LowerName),
- }
- if auth < t.Authorize {
- if err = addAccessWithAuthorize(sess, access, mode); err != nil {
- sess.Rollback()
- return err
- }
- }
- }
- // We make sure it exists before.
- ou := new(OrgUser)
- _, err = sess.Where("uid=?", uid).And("org_id=?", orgId).Get(ou)
- if err != nil {
- sess.Rollback()
- return err
- }
- ou.NumTeams++
- if t.IsOwnerTeam() {
- ou.IsOwner = true
- }
- if _, err = sess.Id(ou.Id).AllCols().Update(ou); err != nil {
- sess.Rollback()
- return err
- }
- return sess.Commit()
- }
- func removeTeamMember(e Engine, orgId, teamId, uid int64) error {
- if !isTeamMember(e, orgId, teamId, uid) {
- return nil
- }
- // Get team and its repositories.
- t, err := getTeamById(e, teamId)
- if err != nil {
- return err
- }
- // Check if the user to delete is the last member in owner team.
- if t.IsOwnerTeam() && t.NumMembers == 1 {
- return ErrLastOrgOwner
- }
- t.NumMembers--
- if err = t.GetRepositories(); err != nil {
- return err
- }
- // Get organization.
- org, err := GetUserById(orgId)
- if err != nil {
- return err
- }
- // Get user.
- u, err := GetUserById(uid)
- if err != nil {
- return err
- }
- tu := &TeamUser{
- Uid: uid,
- OrgId: orgId,
- TeamId: teamId,
- }
- if _, err := e.Delete(tu); err != nil {
- return err
- } else if _, err = e.Id(t.Id).AllCols().Update(t); err != nil {
- return err
- }
- // Delete access to team repositories.
- for _, repo := range t.Repos {
- auth, err := getHighestAuthorize(e, t.OrgId, u.Id, repo.Id, teamId)
- if err != nil {
- return err
- }
- access := &Access{
- UserName: u.LowerName,
- RepoName: path.Join(org.LowerName, repo.LowerName),
- }
- // Delete access if this is the last team user belongs to.
- if auth == 0 {
- if _, err = e.Delete(access); err != nil {
- return fmt.Errorf("fail to delete access: %v", err)
- } else if err = watchRepo(e, u.Id, repo.Id, false); err != nil {
- return err
- }
- } else if auth < t.Authorize {
- // Downgrade authorize level.
- if err = addAccessWithAuthorize(e, access, AuthorizeToAccessType(auth)); err != nil {
- return err
- }
- }
- }
- // This must exist.
- ou := new(OrgUser)
- _, err = e.Where("uid=?", uid).And("org_id=?", org.Id).Get(ou)
- if err != nil {
- return err
- }
- ou.NumTeams--
- if t.IsOwnerTeam() {
- ou.IsOwner = false
- }
- if _, err = e.Id(ou.Id).AllCols().Update(ou); err != nil {
- return err
- }
- return nil
- }
- // RemoveTeamMember removes member from given team of given organization.
- func RemoveTeamMember(orgId, teamId, uid int64) error {
- sess := x.NewSession()
- defer sess.Close()
- if err := sess.Begin(); err != nil {
- return err
- }
- if err := removeTeamMember(sess, orgId, teamId, uid); err != nil {
- sess.Rollback()
- return err
- }
- return sess.Commit()
- }
|