forked from Shiloh/githaven
8760af752a
* Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * fix * gofumpt * Integration test for migration (#18124) integrations: basic test for Gitea {dump,restore}-repo This is a first step for integration testing of DumpRepository and RestoreRepository. It: runs a Gitea server, dumps a repo via DumpRepository to the filesystem, restores the repo via RestoreRepository from the filesystem, dumps the restored repository to the filesystem, compares the first and second dump and expects them to be identical The verification is trivial and the goal is to add more tests for each topic of the dump. Signed-off-by: Loïc Dachary <loic@dachary.org> * Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * Fix bug Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
426 lines
12 KiB
Go
426 lines
12 KiB
Go
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package org
|
|
|
|
import (
|
|
"net/http"
|
|
"net/url"
|
|
"path"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"code.gitea.io/gitea/models"
|
|
"code.gitea.io/gitea/models/perm"
|
|
repo_model "code.gitea.io/gitea/models/repo"
|
|
unit_model "code.gitea.io/gitea/models/unit"
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/base"
|
|
"code.gitea.io/gitea/modules/context"
|
|
"code.gitea.io/gitea/modules/log"
|
|
"code.gitea.io/gitea/modules/web"
|
|
"code.gitea.io/gitea/routers/utils"
|
|
"code.gitea.io/gitea/services/forms"
|
|
)
|
|
|
|
const (
|
|
// tplTeams template path for teams list page
|
|
tplTeams base.TplName = "org/team/teams"
|
|
// tplTeamNew template path for create new team page
|
|
tplTeamNew base.TplName = "org/team/new"
|
|
// tplTeamMembers template path for showing team members page
|
|
tplTeamMembers base.TplName = "org/team/members"
|
|
// tplTeamRepositories template path for showing team repositories page
|
|
tplTeamRepositories base.TplName = "org/team/repositories"
|
|
)
|
|
|
|
// Teams render teams list page
|
|
func Teams(ctx *context.Context) {
|
|
org := ctx.Org.Organization
|
|
ctx.Data["Title"] = org.FullName
|
|
ctx.Data["PageIsOrgTeams"] = true
|
|
|
|
for _, t := range ctx.Org.Teams {
|
|
if err := t.GetMembers(&models.SearchMembersOptions{}); err != nil {
|
|
ctx.ServerError("GetMembers", err)
|
|
return
|
|
}
|
|
}
|
|
ctx.Data["Teams"] = ctx.Org.Teams
|
|
|
|
ctx.HTML(http.StatusOK, tplTeams)
|
|
}
|
|
|
|
// TeamsAction response for join, leave, remove, add operations to team
|
|
func TeamsAction(ctx *context.Context) {
|
|
uid := ctx.FormInt64("uid")
|
|
if uid == 0 {
|
|
ctx.Redirect(ctx.Org.OrgLink + "/teams")
|
|
return
|
|
}
|
|
|
|
page := ctx.FormString("page")
|
|
var err error
|
|
switch ctx.Params(":action") {
|
|
case "join":
|
|
if !ctx.Org.IsOwner {
|
|
ctx.Error(http.StatusNotFound)
|
|
return
|
|
}
|
|
err = ctx.Org.Team.AddMember(ctx.User.ID)
|
|
case "leave":
|
|
err = ctx.Org.Team.RemoveMember(ctx.User.ID)
|
|
if err != nil {
|
|
if models.IsErrLastOrgOwner(err) {
|
|
ctx.Flash.Error(ctx.Tr("form.last_org_owner"))
|
|
} else {
|
|
log.Error("Action(%s): %v", ctx.Params(":action"), err)
|
|
ctx.JSON(http.StatusOK, map[string]interface{}{
|
|
"ok": false,
|
|
"err": err.Error(),
|
|
})
|
|
return
|
|
}
|
|
}
|
|
ctx.JSON(http.StatusOK,
|
|
map[string]interface{}{
|
|
"redirect": ctx.Org.OrgLink + "/teams/",
|
|
})
|
|
return
|
|
case "remove":
|
|
if !ctx.Org.IsOwner {
|
|
ctx.Error(http.StatusNotFound)
|
|
return
|
|
}
|
|
err = ctx.Org.Team.RemoveMember(uid)
|
|
if err != nil {
|
|
if models.IsErrLastOrgOwner(err) {
|
|
ctx.Flash.Error(ctx.Tr("form.last_org_owner"))
|
|
} else {
|
|
log.Error("Action(%s): %v", ctx.Params(":action"), err)
|
|
ctx.JSON(http.StatusOK, map[string]interface{}{
|
|
"ok": false,
|
|
"err": err.Error(),
|
|
})
|
|
return
|
|
}
|
|
}
|
|
ctx.JSON(http.StatusOK,
|
|
map[string]interface{}{
|
|
"redirect": ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName),
|
|
})
|
|
return
|
|
case "add":
|
|
if !ctx.Org.IsOwner {
|
|
ctx.Error(http.StatusNotFound)
|
|
return
|
|
}
|
|
uname := utils.RemoveUsernameParameterSuffix(strings.ToLower(ctx.FormString("uname")))
|
|
var u *user_model.User
|
|
u, err = user_model.GetUserByName(uname)
|
|
if err != nil {
|
|
if user_model.IsErrUserNotExist(err) {
|
|
ctx.Flash.Error(ctx.Tr("form.user_not_exist"))
|
|
ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName))
|
|
} else {
|
|
ctx.ServerError(" GetUserByName", err)
|
|
}
|
|
return
|
|
}
|
|
|
|
if u.IsOrganization() {
|
|
ctx.Flash.Error(ctx.Tr("form.cannot_add_org_to_team"))
|
|
ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName))
|
|
return
|
|
}
|
|
|
|
if ctx.Org.Team.IsMember(u.ID) {
|
|
ctx.Flash.Error(ctx.Tr("org.teams.add_duplicate_users"))
|
|
} else {
|
|
err = ctx.Org.Team.AddMember(u.ID)
|
|
}
|
|
|
|
page = "team"
|
|
}
|
|
|
|
if err != nil {
|
|
if models.IsErrLastOrgOwner(err) {
|
|
ctx.Flash.Error(ctx.Tr("form.last_org_owner"))
|
|
} else {
|
|
log.Error("Action(%s): %v", ctx.Params(":action"), err)
|
|
ctx.JSON(http.StatusOK, map[string]interface{}{
|
|
"ok": false,
|
|
"err": err.Error(),
|
|
})
|
|
return
|
|
}
|
|
}
|
|
|
|
switch page {
|
|
case "team":
|
|
ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName))
|
|
case "home":
|
|
ctx.Redirect(ctx.Org.Organization.AsUser().HomeLink())
|
|
default:
|
|
ctx.Redirect(ctx.Org.OrgLink + "/teams")
|
|
}
|
|
}
|
|
|
|
// TeamsRepoAction operate team's repository
|
|
func TeamsRepoAction(ctx *context.Context) {
|
|
if !ctx.Org.IsOwner {
|
|
ctx.Error(http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
var err error
|
|
action := ctx.Params(":action")
|
|
switch action {
|
|
case "add":
|
|
repoName := path.Base(ctx.FormString("repo_name"))
|
|
var repo *repo_model.Repository
|
|
repo, err = repo_model.GetRepositoryByName(ctx.Org.Organization.ID, repoName)
|
|
if err != nil {
|
|
if repo_model.IsErrRepoNotExist(err) {
|
|
ctx.Flash.Error(ctx.Tr("org.teams.add_nonexistent_repo"))
|
|
ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName) + "/repositories")
|
|
return
|
|
}
|
|
ctx.ServerError("GetRepositoryByName", err)
|
|
return
|
|
}
|
|
err = ctx.Org.Team.AddRepository(repo)
|
|
case "remove":
|
|
err = ctx.Org.Team.RemoveRepository(ctx.FormInt64("repoid"))
|
|
case "addall":
|
|
err = ctx.Org.Team.AddAllRepositories()
|
|
case "removeall":
|
|
err = ctx.Org.Team.RemoveAllRepositories()
|
|
}
|
|
|
|
if err != nil {
|
|
log.Error("Action(%s): '%s' %v", ctx.Params(":action"), ctx.Org.Team.Name, err)
|
|
ctx.ServerError("TeamsRepoAction", err)
|
|
return
|
|
}
|
|
|
|
if action == "addall" || action == "removeall" {
|
|
ctx.JSON(http.StatusOK, map[string]interface{}{
|
|
"redirect": ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName) + "/repositories",
|
|
})
|
|
return
|
|
}
|
|
ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName) + "/repositories")
|
|
}
|
|
|
|
// NewTeam render create new team page
|
|
func NewTeam(ctx *context.Context) {
|
|
ctx.Data["Title"] = ctx.Org.Organization.FullName
|
|
ctx.Data["PageIsOrgTeams"] = true
|
|
ctx.Data["PageIsOrgTeamsNew"] = true
|
|
ctx.Data["Team"] = &models.Team{}
|
|
ctx.Data["Units"] = unit_model.Units
|
|
ctx.HTML(http.StatusOK, tplTeamNew)
|
|
}
|
|
|
|
func getUnitPerms(forms url.Values) map[unit_model.Type]perm.AccessMode {
|
|
unitPerms := make(map[unit_model.Type]perm.AccessMode)
|
|
for k, v := range forms {
|
|
if strings.HasPrefix(k, "unit_") {
|
|
t, _ := strconv.Atoi(k[5:])
|
|
if t > 0 {
|
|
vv, _ := strconv.Atoi(v[0])
|
|
unitPerms[unit_model.Type(t)] = perm.AccessMode(vv)
|
|
}
|
|
}
|
|
}
|
|
return unitPerms
|
|
}
|
|
|
|
// NewTeamPost response for create new team
|
|
func NewTeamPost(ctx *context.Context) {
|
|
form := web.GetForm(ctx).(*forms.CreateTeamForm)
|
|
includesAllRepositories := form.RepoAccess == "all"
|
|
unitPerms := getUnitPerms(ctx.Req.Form)
|
|
p := perm.ParseAccessMode(form.Permission)
|
|
if p < perm.AccessModeAdmin {
|
|
// if p is less than admin accessmode, then it should be general accessmode,
|
|
// so we should calculate the minial accessmode from units accessmodes.
|
|
p = unit_model.MinUnitAccessMode(unitPerms)
|
|
}
|
|
|
|
t := &models.Team{
|
|
OrgID: ctx.Org.Organization.ID,
|
|
Name: form.TeamName,
|
|
Description: form.Description,
|
|
AccessMode: p,
|
|
IncludesAllRepositories: includesAllRepositories,
|
|
CanCreateOrgRepo: form.CanCreateOrgRepo,
|
|
}
|
|
|
|
if t.AccessMode < perm.AccessModeAdmin {
|
|
units := make([]*models.TeamUnit, 0, len(unitPerms))
|
|
for tp, perm := range unitPerms {
|
|
units = append(units, &models.TeamUnit{
|
|
OrgID: ctx.Org.Organization.ID,
|
|
Type: tp,
|
|
AccessMode: perm,
|
|
})
|
|
}
|
|
t.Units = units
|
|
}
|
|
|
|
ctx.Data["Title"] = ctx.Org.Organization.FullName
|
|
ctx.Data["PageIsOrgTeams"] = true
|
|
ctx.Data["PageIsOrgTeamsNew"] = true
|
|
ctx.Data["Units"] = unit_model.Units
|
|
ctx.Data["Team"] = t
|
|
|
|
if ctx.HasError() {
|
|
ctx.HTML(http.StatusOK, tplTeamNew)
|
|
return
|
|
}
|
|
|
|
if t.AccessMode < perm.AccessModeAdmin && len(unitPerms) == 0 {
|
|
ctx.RenderWithErr(ctx.Tr("form.team_no_units_error"), tplTeamNew, &form)
|
|
return
|
|
}
|
|
|
|
if err := models.NewTeam(t); err != nil {
|
|
ctx.Data["Err_TeamName"] = true
|
|
switch {
|
|
case models.IsErrTeamAlreadyExist(err):
|
|
ctx.RenderWithErr(ctx.Tr("form.team_name_been_taken"), tplTeamNew, &form)
|
|
default:
|
|
ctx.ServerError("NewTeam", err)
|
|
}
|
|
return
|
|
}
|
|
log.Trace("Team created: %s/%s", ctx.Org.Organization.Name, t.Name)
|
|
ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(t.LowerName))
|
|
}
|
|
|
|
// TeamMembers render team members page
|
|
func TeamMembers(ctx *context.Context) {
|
|
ctx.Data["Title"] = ctx.Org.Team.Name
|
|
ctx.Data["PageIsOrgTeams"] = true
|
|
ctx.Data["PageIsOrgTeamMembers"] = true
|
|
if err := ctx.Org.Team.GetMembers(&models.SearchMembersOptions{}); err != nil {
|
|
ctx.ServerError("GetMembers", err)
|
|
return
|
|
}
|
|
ctx.HTML(http.StatusOK, tplTeamMembers)
|
|
}
|
|
|
|
// TeamRepositories show the repositories of team
|
|
func TeamRepositories(ctx *context.Context) {
|
|
ctx.Data["Title"] = ctx.Org.Team.Name
|
|
ctx.Data["PageIsOrgTeams"] = true
|
|
ctx.Data["PageIsOrgTeamRepos"] = true
|
|
if err := ctx.Org.Team.GetRepositories(&models.SearchTeamOptions{}); err != nil {
|
|
ctx.ServerError("GetRepositories", err)
|
|
return
|
|
}
|
|
ctx.HTML(http.StatusOK, tplTeamRepositories)
|
|
}
|
|
|
|
// EditTeam render team edit page
|
|
func EditTeam(ctx *context.Context) {
|
|
ctx.Data["Title"] = ctx.Org.Organization.FullName
|
|
ctx.Data["PageIsOrgTeams"] = true
|
|
ctx.Data["team_name"] = ctx.Org.Team.Name
|
|
ctx.Data["desc"] = ctx.Org.Team.Description
|
|
ctx.Data["Units"] = unit_model.Units
|
|
ctx.HTML(http.StatusOK, tplTeamNew)
|
|
}
|
|
|
|
// EditTeamPost response for modify team information
|
|
func EditTeamPost(ctx *context.Context) {
|
|
form := web.GetForm(ctx).(*forms.CreateTeamForm)
|
|
t := ctx.Org.Team
|
|
unitPerms := getUnitPerms(ctx.Req.Form)
|
|
isAuthChanged := false
|
|
isIncludeAllChanged := false
|
|
includesAllRepositories := form.RepoAccess == "all"
|
|
|
|
ctx.Data["Title"] = ctx.Org.Organization.FullName
|
|
ctx.Data["PageIsOrgTeams"] = true
|
|
ctx.Data["Team"] = t
|
|
ctx.Data["Units"] = unit_model.Units
|
|
|
|
if !t.IsOwnerTeam() {
|
|
// Validate permission level.
|
|
newAccessMode := perm.ParseAccessMode(form.Permission)
|
|
if newAccessMode < perm.AccessModeAdmin {
|
|
// if p is less than admin accessmode, then it should be general accessmode,
|
|
// so we should calculate the minial accessmode from units accessmodes.
|
|
newAccessMode = unit_model.MinUnitAccessMode(unitPerms)
|
|
}
|
|
|
|
t.Name = form.TeamName
|
|
if t.AccessMode != newAccessMode {
|
|
isAuthChanged = true
|
|
t.AccessMode = newAccessMode
|
|
}
|
|
|
|
if t.IncludesAllRepositories != includesAllRepositories {
|
|
isIncludeAllChanged = true
|
|
t.IncludesAllRepositories = includesAllRepositories
|
|
}
|
|
}
|
|
t.Description = form.Description
|
|
if t.AccessMode < perm.AccessModeAdmin {
|
|
units := make([]models.TeamUnit, 0, len(unitPerms))
|
|
for tp, perm := range unitPerms {
|
|
units = append(units, models.TeamUnit{
|
|
OrgID: t.OrgID,
|
|
TeamID: t.ID,
|
|
Type: tp,
|
|
AccessMode: perm,
|
|
})
|
|
}
|
|
if err := models.UpdateTeamUnits(t, units); err != nil {
|
|
ctx.Error(http.StatusInternalServerError, "LoadIssue", err.Error())
|
|
return
|
|
}
|
|
}
|
|
t.CanCreateOrgRepo = form.CanCreateOrgRepo
|
|
|
|
if ctx.HasError() {
|
|
ctx.HTML(http.StatusOK, tplTeamNew)
|
|
return
|
|
}
|
|
|
|
if t.AccessMode < perm.AccessModeAdmin && len(unitPerms) == 0 {
|
|
ctx.RenderWithErr(ctx.Tr("form.team_no_units_error"), tplTeamNew, &form)
|
|
return
|
|
}
|
|
|
|
if err := models.UpdateTeam(t, isAuthChanged, isIncludeAllChanged); err != nil {
|
|
ctx.Data["Err_TeamName"] = true
|
|
switch {
|
|
case models.IsErrTeamAlreadyExist(err):
|
|
ctx.RenderWithErr(ctx.Tr("form.team_name_been_taken"), tplTeamNew, &form)
|
|
default:
|
|
ctx.ServerError("UpdateTeam", err)
|
|
}
|
|
return
|
|
}
|
|
ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(t.LowerName))
|
|
}
|
|
|
|
// DeleteTeam response for the delete team request
|
|
func DeleteTeam(ctx *context.Context) {
|
|
if err := models.DeleteTeam(ctx.Org.Team); err != nil {
|
|
ctx.Flash.Error("DeleteTeam: " + err.Error())
|
|
} else {
|
|
ctx.Flash.Success(ctx.Tr("org.teams.delete_team_success"))
|
|
}
|
|
|
|
ctx.JSON(http.StatusOK, map[string]interface{}{
|
|
"redirect": ctx.Org.OrgLink + "/teams",
|
|
})
|
|
}
|