package database import ( "context" "os" "strings" "github.com/cockroachdb/errors" "gorm.io/gorm" "gogs.io/gogs/internal/errutil" "gogs.io/gogs/internal/repoutil" "gogs.io/gogs/internal/userutil" ) var ErrOrgNotExist = errors.New("Organization does not exist") // IsOwnedBy returns true if given user is in the owner team. func (org *User) IsOwnedBy(userID int64) bool { return IsOrganizationOwner(org.ID, userID) } // IsOrgMember returns true if given user is member of organization. func (org *User) IsOrgMember(uid int64) bool { return org.IsOrganization() && IsOrganizationMember(org.ID, uid) } func (org *User) getTeam(tx *gorm.DB, name string) (*Team, error) { return getTeamOfOrgByName(tx, org.ID, name) } // GetTeamOfOrgByName returns named team of organization. func (org *User) GetTeam(name string) (*Team, error) { return org.getTeam(db, name) } func (org *User) getOwnerTeam(tx *gorm.DB) (*Team, error) { return org.getTeam(tx, ownerTeamName) } // GetOwnerTeam returns owner team of organization. func (org *User) GetOwnerTeam() (*Team, error) { return org.getOwnerTeam(db) } func (org *User) getTeams(tx *gorm.DB) (err error) { org.Teams, err = getTeamsByOrgID(tx, org.ID) return err } // GetTeams returns all teams that belong to organization. func (org *User) GetTeams() error { return org.getTeams(db) } // TeamsHaveAccessToRepo returns all teams that have given access level to the repository. func (org *User) TeamsHaveAccessToRepo(repoID int64, mode AccessMode) ([]*Team, error) { return GetTeamsHaveAccessToRepo(org.ID, repoID, mode) } // GetMembers returns all members of organization. func (org *User) GetMembers(limit int) error { ous, err := GetOrgUsersByOrgID(org.ID, limit) if err != nil { return err } org.Members = make([]*User, len(ous)) for i, ou := range ous { org.Members[i], err = Handle.Users().GetByID(context.TODO(), ou.UID) if err != nil { return err } } return nil } // AddMember adds new member to organization. func (org *User) AddMember(uid int64) error { return AddOrgUser(org.ID, uid) } // RemoveMember removes member from organization. func (org *User) RemoveMember(uid int64) error { return RemoveOrgUser(org.ID, uid) } func (org *User) removeOrgRepo(tx *gorm.DB, repoID int64) error { return removeOrgRepo(tx, org.ID, repoID) } // RemoveOrgRepo removes all team-repository relations of organization. func (org *User) RemoveOrgRepo(repoID int64) error { return org.removeOrgRepo(db, repoID) } // CreateOrganization creates record of a new organization. func CreateOrganization(org, owner *User) (err error) { if err = isUsernameAllowed(org.Name); err != nil { return err } if Handle.Users().IsUsernameUsed(context.TODO(), org.Name, 0) { return ErrUserAlreadyExist{ args: errutil.Args{ "name": org.Name, }, } } org.LowerName = strings.ToLower(org.Name) if org.Rands, err = userutil.RandomSalt(); err != nil { return err } if org.Salt, err = userutil.RandomSalt(); err != nil { return err } org.UseCustomAvatar = true org.MaxRepoCreation = -1 org.NumTeams = 1 org.NumMembers = 1 return db.Transaction(func(tx *gorm.DB) error { if err := tx.Create(org).Error; err != nil { return errors.Newf("insert organization: %v", err) } _ = userutil.GenerateRandomAvatar(org.ID, org.Name, org.Email) // Add initial creator to organization and owner team. if err := tx.Create(&OrgUser{ UID: owner.ID, OrgID: org.ID, IsOwner: true, NumTeams: 1, }).Error; err != nil { return errors.Newf("insert org-user relation: %v", err) } // Create default owner team. t := &Team{ OrgID: org.ID, LowerName: strings.ToLower(ownerTeamName), Name: ownerTeamName, Authorize: AccessModeOwner, NumMembers: 1, } if err := tx.Create(t).Error; err != nil { return errors.Newf("insert owner team: %v", err) } if err := tx.Create(&TeamUser{ UID: owner.ID, OrgID: org.ID, TeamID: t.ID, }).Error; err != nil { return errors.Newf("insert team-user relation: %v", err) } if err := os.MkdirAll(repoutil.UserPath(org.Name), os.ModePerm); err != nil { return errors.Newf("create directory: %v", err) } return nil }) } // GetOrgByName returns organization by given name. func GetOrgByName(name string) (*User, error) { if name == "" { return nil, ErrOrgNotExist } u := &User{} err := db.Where("lower_name = ? AND type = ?", strings.ToLower(name), UserTypeOrganization).First(u).Error if err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { return nil, ErrOrgNotExist } return nil, err } return u, nil } // CountOrganizations returns number of organizations. func CountOrganizations() int64 { var count int64 db.Model(new(User)).Where("type = ?", UserTypeOrganization).Count(&count) return count } // Organizations returns number of organizations in given page. func Organizations(page, pageSize int) ([]*User, error) { orgs := make([]*User, 0, pageSize) return orgs, db.Where("type = ?", UserTypeOrganization). Offset((page - 1) * pageSize).Limit(pageSize). Order("id ASC").Find(&orgs).Error } // deleteBeans deletes all given beans, beans should contain delete conditions. func deleteBeans(tx *gorm.DB, beans ...any) (err error) { for i := range beans { if err = tx.Delete(beans[i]).Error; err != nil { return err } } return nil } // DeleteOrganization completely and permanently deletes everything of organization. func DeleteOrganization(org *User) error { err := Handle.Users().DeleteByID(context.TODO(), org.ID, false) if err != nil { return err } return db.Transaction(func(tx *gorm.DB) error { return deleteBeans(tx, &Team{OrgID: org.ID}, &OrgUser{OrgID: org.ID}, &TeamUser{OrgID: org.ID}, ) }) } // ________ ____ ___ // \_____ \_______ ____ | | \______ ___________ // / | \_ __ \/ ___\| | / ___// __ \_ __ \ // / | \ | \/ /_/ > | /\___ \\ ___/| | \/ // \_______ /__| \___ /|______//____ >\___ >__| // \/ /_____/ \/ \/ // OrgUser represents relations of organizations and their members. type OrgUser struct { ID int64 `gorm:"primaryKey"` UID int64 `xorm:"uid INDEX UNIQUE(s)" gorm:"column:uid;uniqueIndex:org_user_user_org_unique;index;not null"` OrgID int64 `xorm:"INDEX UNIQUE(s)" gorm:"uniqueIndex:org_user_user_org_unique;index;not null"` IsPublic bool `gorm:"not null;default:FALSE"` IsOwner bool `gorm:"not null;default:FALSE"` NumTeams int `gorm:"not null;default:0"` } // IsOrganizationOwner returns true if given user is in the owner team. func IsOrganizationOwner(orgID, userID int64) bool { var count int64 db.Model(new(OrgUser)).Where("is_owner = ? AND uid = ? AND org_id = ?", true, userID, orgID).Count(&count) return count > 0 } // IsOrganizationMember returns true if given user is member of organization. func IsOrganizationMember(orgID, uid int64) bool { var count int64 db.Model(new(OrgUser)).Where("uid = ? AND org_id = ?", uid, orgID).Count(&count) return count > 0 } // IsPublicMembership returns true if given user public his/her membership. func IsPublicMembership(orgID, uid int64) bool { var count int64 db.Model(new(OrgUser)).Where("uid = ? AND org_id = ? AND is_public = ?", uid, orgID, true).Count(&count) return count > 0 } func getOrgsByUserID(tx *gorm.DB, userID int64, showAll bool) ([]*User, error) { orgs := make([]*User, 0, 10) query := tx.Table("`user`"). Joins("INNER JOIN `org_user` ON `org_user`.org_id = `user`.id"). Where("`org_user`.uid = ?", userID) if !showAll { query = query.Where("`org_user`.is_public = ?", true) } return orgs, query.Find(&orgs).Error } // GetOrgsByUserID returns a list of organizations that the given user ID // has joined. func GetOrgsByUserID(userID int64, showAll bool) ([]*User, error) { return getOrgsByUserID(db, userID, showAll) } func getOwnedOrgsByUserID(tx *gorm.DB, userID int64) ([]*User, error) { orgs := make([]*User, 0, 10) return orgs, tx.Table("`user`"). Joins("INNER JOIN `org_user` ON `org_user`.org_id = `user`.id"). Where("`org_user`.uid = ? AND `org_user`.is_owner = ?", userID, true). Find(&orgs).Error } // GetOwnedOrgsByUserID returns a list of organizations are owned by given user ID. func GetOwnedOrgsByUserID(userID int64) ([]*User, error) { return getOwnedOrgsByUserID(db, userID) } // GetOwnedOrganizationsByUserIDDesc returns a list of organizations are owned by // given user ID, ordered descending by the given condition. func GetOwnedOrgsByUserIDDesc(userID int64, desc string) ([]*User, error) { orgs := make([]*User, 0, 10) return orgs, db.Table("`user`"). Joins("INNER JOIN `org_user` ON `org_user`.org_id = `user`.id"). Where("`org_user`.uid = ? AND `org_user`.is_owner = ?", userID, true). Order(desc + " DESC"). Find(&orgs).Error } func getOrgUsersByOrgID(tx *gorm.DB, orgID int64, limit int) ([]*OrgUser, error) { orgUsers := make([]*OrgUser, 0, 10) query := tx.Where("org_id = ?", orgID) if limit > 0 { query = query.Limit(limit) } return orgUsers, query.Find(&orgUsers).Error } // GetOrgUsersByOrgID returns all organization-user relations by organization ID. func GetOrgUsersByOrgID(orgID int64, limit int) ([]*OrgUser, error) { return getOrgUsersByOrgID(db, orgID, limit) } // ChangeOrgUserStatus changes public or private membership status. func ChangeOrgUserStatus(orgID, uid int64, public bool) error { ou := new(OrgUser) err := db.Where("uid = ? AND org_id = ?", uid, orgID).First(ou).Error if err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { return nil } return err } ou.IsPublic = public return db.Model(ou).Where("id = ?", ou.ID).Updates(ou).Error } // AddOrgUser adds new user to given organization. func AddOrgUser(orgID, uid int64) error { if IsOrganizationMember(orgID, uid) { return nil } return db.Transaction(func(tx *gorm.DB) error { ou := &OrgUser{ UID: uid, OrgID: orgID, } if err := tx.Create(ou).Error; err != nil { return err } if err := tx.Exec("UPDATE `user` SET num_members = num_members + 1 WHERE id = ?", orgID).Error; err != nil { return err } return nil }) } // RemoveOrgUser removes user from given organization. func RemoveOrgUser(orgID, userID int64) error { ou := new(OrgUser) err := db.Where("uid = ? AND org_id = ?", userID, orgID).First(ou).Error if err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { return nil } return errors.Newf("get org-user: %v", err) } user, err := Handle.Users().GetByID(context.TODO(), userID) if err != nil { return errors.Newf("GetUserByID [%d]: %v", userID, err) } org, err := Handle.Users().GetByID(context.TODO(), orgID) if err != nil { return errors.Newf("GetUserByID [%d]: %v", orgID, err) } // FIXME: only need to get IDs here, not all fields of repository. repos, _, err := org.GetUserRepositories(user.ID, 1, org.NumRepos) if err != nil { return errors.Newf("GetUserRepositories [%d]: %v", user.ID, err) } // Check if the user to delete is the last member in owner team. if IsOrganizationOwner(orgID, userID) { t, err := org.GetOwnerTeam() if err != nil { return err } if t.NumMembers == 1 { return ErrLastOrgOwner{UID: userID} } } return db.Transaction(func(tx *gorm.DB) error { if err := tx.Where("id = ?", ou.ID).Delete(ou).Error; err != nil { return err } if err := tx.Exec("UPDATE `user` SET num_members = num_members - 1 WHERE id = ?", orgID).Error; err != nil { return err } // Delete all repository accesses and unwatch them. repoIDs := make([]int64, 0, len(repos)) for i := range repos { repoIDs = append(repoIDs, repos[i].ID) if err = watchRepo(tx, user.ID, repos[i].ID, false); err != nil { return err } } if len(repoIDs) > 0 { if err := tx.Where("user_id = ? AND repo_id IN ?", user.ID, repoIDs).Delete(new(Access)).Error; err != nil { return err } } // Delete member in his/her teams. teams, err := getUserTeams(tx, org.ID, user.ID) if err != nil { return err } for _, t := range teams { if err = removeTeamMember(tx, org.ID, t.ID, user.ID); err != nil { return err } } return nil }) } func removeOrgRepo(tx *gorm.DB, orgID, repoID int64) error { return tx.Where("org_id = ? AND repo_id = ?", orgID, repoID).Delete(&TeamRepo{}).Error } // RemoveOrgRepo removes all team-repository relations of given organization. func RemoveOrgRepo(orgID, repoID int64) error { return removeOrgRepo(db, orgID, repoID) } func (org *User) getUserTeams(tx *gorm.DB, userID int64, cols ...string) ([]*Team, error) { teams := make([]*Team, 0, org.NumTeams) query := tx.Table("team"). Joins("INNER JOIN team_user ON team_user.team_id = team.id"). Where("team_user.org_id = ? AND team_user.uid = ?", org.ID, userID) if len(cols) > 0 { query = query.Select(cols) } return teams, query.Find(&teams).Error } // GetUserTeamIDs returns of all team IDs of the organization that user is member of. func (org *User) GetUserTeamIDs(userID int64) ([]int64, error) { teams, err := org.getUserTeams(db, userID, "team.id") if err != nil { return nil, errors.Newf("getUserTeams [%d]: %v", userID, err) } teamIDs := make([]int64, len(teams)) for i := range teams { teamIDs[i] = teams[i].ID } return teamIDs, nil } // GetTeams returns all teams that belong to organization, // and that the user has joined. func (org *User) GetUserTeams(userID int64) ([]*Team, error) { return org.getUserTeams(db, userID) } // GetUserRepositories returns a range of repositories in organization which the user has access to, // and total number of records based on given condition. func (org *User) GetUserRepositories(userID int64, page, pageSize int) ([]*Repository, int64, error) { teamIDs, err := org.GetUserTeamIDs(userID) if err != nil { return nil, 0, errors.Newf("GetUserTeamIDs: %v", err) } if len(teamIDs) == 0 { // user has no team but "IN ()" is invalid SQL teamIDs = []int64{-1} // there is no team with id=-1 } var teamRepoIDs []int64 if err = x.Table("team_repo").In("team_id", teamIDs).Distinct("repo_id").Find(&teamRepoIDs); err != nil { return nil, 0, errors.Newf("get team repository IDs: %v", err) } if len(teamRepoIDs) == 0 { // team has no repo but "IN ()" is invalid SQL teamRepoIDs = []int64{-1} // there is no repo with id=-1 } if page <= 0 { page = 1 } repos := make([]*Repository, 0, pageSize) if err = x.Where("owner_id = ?", org.ID). And(builder.Or( builder.And(builder.Expr("is_private = ?", false), builder.Expr("is_unlisted = ?", false)), builder.In("id", teamRepoIDs))). Desc("updated_unix"). Limit(pageSize, (page-1)*pageSize). Find(&repos); err != nil { return nil, 0, errors.Newf("get user repositories: %v", err) } repoCount, err := x.Where("owner_id = ?", org.ID). And(builder.Or( builder.Expr("is_private = ?", false), builder.In("id", teamRepoIDs))). Count(new(Repository)) if err != nil { return nil, 0, errors.Newf("count user repositories: %v", err) } return repos, repoCount, nil } // GetUserMirrorRepositories returns mirror repositories of the organization which the user has access to. func (org *User) GetUserMirrorRepositories(userID int64) ([]*Repository, error) { teamIDs, err := org.GetUserTeamIDs(userID) if err != nil { return nil, errors.Newf("GetUserTeamIDs: %v", err) } if len(teamIDs) == 0 { teamIDs = []int64{-1} } var teamRepoIDs []int64 err = x.Table("team_repo").In("team_id", teamIDs).Distinct("repo_id").Find(&teamRepoIDs) if err != nil { return nil, errors.Newf("get team repository ids: %v", err) } if len(teamRepoIDs) == 0 { // team has no repo but "IN ()" is invalid SQL teamRepoIDs = []int64{-1} // there is no repo with id=-1 } repos := make([]*Repository, 0, 10) if err = x.Where("owner_id = ?", org.ID). And("is_private = ?", false). Or(builder.In("id", teamRepoIDs)). And("is_mirror = ?", true). // Don't move up because it's an independent condition Desc("updated_unix"). Find(&repos); err != nil { return nil, errors.Newf("get user repositories: %v", err) } return repos, nil }