mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-06-01 04:12:10 +00:00
Merge pull request '[BUG] Don't allow owner team with incorrect unit access' (#5529) from gusted/forgejo-owners-team-description into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5529 Reviewed-by: Otto <otto@codeberg.org>
This commit is contained in:
Otto
commit
1d13249e17
7 changed files with 199 additions and 10 deletions
10
models/organization/TestInconsistentOwnerTeam/team.yml
Normal file
10
models/organization/TestInconsistentOwnerTeam/team.yml
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
-
|
||||
id: 1000
|
||||
org_id: 1000
|
||||
lower_name: owners
|
||||
name: Owners
|
||||
authorize: 4 # owner
|
||||
num_repos: 0
|
||||
num_members: 0
|
||||
includes_all_repositories: true
|
||||
can_create_org_repo: true
|
||||
59
models/organization/TestInconsistentOwnerTeam/team_unit.yml
Normal file
59
models/organization/TestInconsistentOwnerTeam/team_unit.yml
Normal file
|
|
@ -0,0 +1,59 @@
|
|||
-
|
||||
id: 1000
|
||||
team_id: 1000
|
||||
type: 1
|
||||
access_mode: 0 # None
|
||||
|
||||
-
|
||||
id: 1001
|
||||
team_id: 1000
|
||||
type: 2
|
||||
access_mode: 0
|
||||
|
||||
-
|
||||
id: 1002
|
||||
team_id: 1000
|
||||
type: 3
|
||||
access_mode: 0
|
||||
|
||||
-
|
||||
id: 1003
|
||||
team_id: 1000
|
||||
type: 4
|
||||
access_mode: 0
|
||||
|
||||
-
|
||||
id: 1004
|
||||
team_id: 1000
|
||||
type: 5
|
||||
access_mode: 0
|
||||
|
||||
-
|
||||
id: 1005
|
||||
team_id: 1000
|
||||
type: 6
|
||||
access_mode: 0
|
||||
|
||||
-
|
||||
id: 1006
|
||||
team_id: 1000
|
||||
type: 7
|
||||
access_mode: 0
|
||||
|
||||
-
|
||||
id: 1007
|
||||
team_id: 1000
|
||||
type: 8
|
||||
access_mode: 0
|
||||
|
||||
-
|
||||
id: 1008
|
||||
team_id: 1000
|
||||
type: 9
|
||||
access_mode: 0
|
||||
|
||||
-
|
||||
id: 1009
|
||||
team_id: 1000
|
||||
type: 10
|
||||
access_mode: 0
|
||||
|
|
@ -268,3 +268,43 @@ func IncrTeamRepoNum(ctx context.Context, teamID int64) error {
|
|||
_, err := db.GetEngine(ctx).Incr("num_repos").ID(teamID).Update(new(Team))
|
||||
return err
|
||||
}
|
||||
|
||||
// CountInconsistentOwnerTeams returns the amount of owner teams that have all of
|
||||
// their access modes set to "None".
|
||||
func CountInconsistentOwnerTeams(ctx context.Context) (int64, error) {
|
||||
return db.GetEngine(ctx).Table("team").
|
||||
Join("INNER", "team_unit", "`team`.id = `team_unit`.team_id").
|
||||
Where("`team`.lower_name = ?", strings.ToLower(OwnerTeamName)).
|
||||
GroupBy("`team_unit`.team_id").
|
||||
Having("SUM(`team_unit`.access_mode) = 0").
|
||||
Count()
|
||||
}
|
||||
|
||||
// FixInconsistentOwnerTeams fixes inconsistent owner teams that have all of
|
||||
// their access modes set to "None", it sets it back to "Owner".
|
||||
func FixInconsistentOwnerTeams(ctx context.Context) (int64, error) {
|
||||
teamIDs := []int64{}
|
||||
if err := db.GetEngine(ctx).Table("team").
|
||||
Select("`team`.id").
|
||||
Join("INNER", "team_unit", "`team`.id = `team_unit`.team_id").
|
||||
Where("`team`.lower_name = ?", strings.ToLower(OwnerTeamName)).
|
||||
GroupBy("`team_unit`.team_id").
|
||||
Having("SUM(`team_unit`.access_mode) = 0").
|
||||
Find(&teamIDs); err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
if err := db.Iterate(ctx, builder.In("team_id", teamIDs), func(ctx context.Context, bean *TeamUnit) error {
|
||||
if bean.Type == unit.TypeExternalTracker || bean.Type == unit.TypeExternalWiki {
|
||||
bean.AccessMode = perm.AccessModeRead
|
||||
} else {
|
||||
bean.AccessMode = perm.AccessModeOwner
|
||||
}
|
||||
_, err := db.GetEngine(ctx).ID(bean.ID).Table("team_unit").Cols("access_mode").Update(bean)
|
||||
return err
|
||||
}); err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
return int64(len(teamIDs)), nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,11 +4,14 @@
|
|||
package organization_test
|
||||
|
||||
import (
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/organization"
|
||||
"code.gitea.io/gitea/models/perm"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
|
@ -198,3 +201,50 @@ func TestUsersInTeamsCount(t *testing.T) {
|
|||
test([]int64{1, 2, 3, 4, 5}, []int64{2, 5}, 2) // userid 2,4
|
||||
test([]int64{1, 2, 3, 4, 5}, []int64{2, 3, 5}, 3) // userid 2,4,5
|
||||
}
|
||||
|
||||
func TestInconsistentOwnerTeam(t *testing.T) {
|
||||
defer unittest.OverrideFixtures(
|
||||
unittest.FixturesOptions{
|
||||
Dir: filepath.Join(setting.AppWorkPath, "models/fixtures/"),
|
||||
Base: setting.AppWorkPath,
|
||||
Dirs: []string{"models/organization/TestInconsistentOwnerTeam/"},
|
||||
},
|
||||
)()
|
||||
require.NoError(t, unittest.PrepareTestDatabase())
|
||||
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1000, TeamID: 1000, AccessMode: perm.AccessModeNone})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1001, TeamID: 1000, AccessMode: perm.AccessModeNone})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1002, TeamID: 1000, AccessMode: perm.AccessModeNone})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1003, TeamID: 1000, AccessMode: perm.AccessModeNone})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1004, TeamID: 1000, AccessMode: perm.AccessModeNone})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1005, TeamID: 1000, AccessMode: perm.AccessModeNone})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1006, TeamID: 1000, AccessMode: perm.AccessModeNone})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1007, TeamID: 1000, AccessMode: perm.AccessModeNone})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1008, TeamID: 1000, AccessMode: perm.AccessModeNone})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1009, TeamID: 1000, AccessMode: perm.AccessModeNone})
|
||||
|
||||
count, err := organization.CountInconsistentOwnerTeams(db.DefaultContext)
|
||||
require.NoError(t, err)
|
||||
require.EqualValues(t, 1, count)
|
||||
|
||||
count, err = organization.FixInconsistentOwnerTeams(db.DefaultContext)
|
||||
require.NoError(t, err)
|
||||
require.EqualValues(t, 1, count)
|
||||
|
||||
count, err = organization.CountInconsistentOwnerTeams(db.DefaultContext)
|
||||
require.NoError(t, err)
|
||||
require.EqualValues(t, 0, count)
|
||||
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1000, AccessMode: perm.AccessModeOwner})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1001, AccessMode: perm.AccessModeOwner})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1002, AccessMode: perm.AccessModeOwner})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1003, AccessMode: perm.AccessModeOwner})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1004, AccessMode: perm.AccessModeOwner})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1007, AccessMode: perm.AccessModeOwner})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1008, AccessMode: perm.AccessModeOwner})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1009, AccessMode: perm.AccessModeOwner})
|
||||
|
||||
// External wiki and issue
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1005, AccessMode: perm.AccessModeRead})
|
||||
unittest.AssertExistsAndLoadBean(t, &organization.TeamUnit{ID: 1006, AccessMode: perm.AccessModeRead})
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue