mirror of
				https://codeberg.org/forgejo/forgejo.git
				synced 2025-10-26 20:11:02 +00:00 
			
		
		
		
	* Restricted users (#4334): initial implementation * Add User.IsRestricted & UI to edit it * Pass user object instead of user id to places where IsRestricted flag matters * Restricted users: maintain access rows for all referenced repos (incl public) * Take logged in user & IsRestricted flag into account in org/repo listings, searches and accesses * Add basic repo access tests for restricted users Signed-off-by: Manush Dodunekov <manush@stendahls.se> * Mention restricted users in the faq Signed-off-by: Manush Dodunekov <manush@stendahls.se> * Revert unnecessary change `.isUserPartOfOrg` -> `.IsUserPartOfOrg` Signed-off-by: Manush Dodunekov <manush@stendahls.se> * Remove unnecessary `org.IsOrganization()` call Signed-off-by: Manush Dodunekov <manush@stendahls.se> * Revert to an `int64` keyed `accessMap` * Add type `userAccess` * Add convenience func updateUserAccess() * Turn accessMap into a `map[int64]userAccess` Signed-off-by: Manush Dodunekov <manush@stendahls.se> * or even better: `map[int64]*userAccess` * updateUserAccess(): use tighter syntax as suggested by lafriks * even tighter * Avoid extra loop * Don't disclose limited orgs to unauthenticated users * Don't assume block only applies to orgs * Use an array of `VisibleType` for filtering * fix yet another thinko * Ok - no need for u * Revert "Ok - no need for u" This reverts commit 5c3e886aabd5acd997a3b35687d322439732c200. Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com> Co-authored-by: Lauris BH <lauris@nix.lv>
		
			
				
	
	
		
			343 lines
		
	
	
	
		
			9.5 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			343 lines
		
	
	
	
		
			9.5 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2014 The Gogs Authors. All rights reserved.
 | |
| // Copyright 2019 The Gitea Authors. All rights reserved.
 | |
| // Use of this source code is governed by a MIT-style
 | |
| // license that can be found in the LICENSE file.
 | |
| 
 | |
| package models
 | |
| 
 | |
| import (
 | |
| 	"fmt"
 | |
| 	"path"
 | |
| 	"strconv"
 | |
| 	"strings"
 | |
| 	"time"
 | |
| 
 | |
| 	"code.gitea.io/gitea/modules/base"
 | |
| 	"code.gitea.io/gitea/modules/log"
 | |
| 	"code.gitea.io/gitea/modules/setting"
 | |
| 	"code.gitea.io/gitea/modules/timeutil"
 | |
| 
 | |
| 	"github.com/unknwon/com"
 | |
| 	"xorm.io/builder"
 | |
| )
 | |
| 
 | |
| // ActionType represents the type of an action.
 | |
| type ActionType int
 | |
| 
 | |
| // Possible action types.
 | |
| const (
 | |
| 	ActionCreateRepo         ActionType = iota + 1 // 1
 | |
| 	ActionRenameRepo                               // 2
 | |
| 	ActionStarRepo                                 // 3
 | |
| 	ActionWatchRepo                                // 4
 | |
| 	ActionCommitRepo                               // 5
 | |
| 	ActionCreateIssue                              // 6
 | |
| 	ActionCreatePullRequest                        // 7
 | |
| 	ActionTransferRepo                             // 8
 | |
| 	ActionPushTag                                  // 9
 | |
| 	ActionCommentIssue                             // 10
 | |
| 	ActionMergePullRequest                         // 11
 | |
| 	ActionCloseIssue                               // 12
 | |
| 	ActionReopenIssue                              // 13
 | |
| 	ActionClosePullRequest                         // 14
 | |
| 	ActionReopenPullRequest                        // 15
 | |
| 	ActionDeleteTag                                // 16
 | |
| 	ActionDeleteBranch                             // 17
 | |
| 	ActionMirrorSyncPush                           // 18
 | |
| 	ActionMirrorSyncCreate                         // 19
 | |
| 	ActionMirrorSyncDelete                         // 20
 | |
| 	ActionApprovePullRequest                       // 21
 | |
| 	ActionRejectPullRequest                        // 22
 | |
| 	ActionCommentPull                              // 23
 | |
| )
 | |
| 
 | |
| // Action represents user operation type and other information to
 | |
| // repository. It implemented interface base.Actioner so that can be
 | |
| // used in template render.
 | |
| type Action struct {
 | |
| 	ID          int64 `xorm:"pk autoincr"`
 | |
| 	UserID      int64 `xorm:"INDEX"` // Receiver user id.
 | |
| 	OpType      ActionType
 | |
| 	ActUserID   int64       `xorm:"INDEX"` // Action user id.
 | |
| 	ActUser     *User       `xorm:"-"`
 | |
| 	RepoID      int64       `xorm:"INDEX"`
 | |
| 	Repo        *Repository `xorm:"-"`
 | |
| 	CommentID   int64       `xorm:"INDEX"`
 | |
| 	Comment     *Comment    `xorm:"-"`
 | |
| 	IsDeleted   bool        `xorm:"INDEX NOT NULL DEFAULT false"`
 | |
| 	RefName     string
 | |
| 	IsPrivate   bool               `xorm:"INDEX NOT NULL DEFAULT false"`
 | |
| 	Content     string             `xorm:"TEXT"`
 | |
| 	CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
 | |
| }
 | |
| 
 | |
| // GetOpType gets the ActionType of this action.
 | |
| func (a *Action) GetOpType() ActionType {
 | |
| 	return a.OpType
 | |
| }
 | |
| 
 | |
| func (a *Action) loadActUser() {
 | |
| 	if a.ActUser != nil {
 | |
| 		return
 | |
| 	}
 | |
| 	var err error
 | |
| 	a.ActUser, err = GetUserByID(a.ActUserID)
 | |
| 	if err == nil {
 | |
| 		return
 | |
| 	} else if IsErrUserNotExist(err) {
 | |
| 		a.ActUser = NewGhostUser()
 | |
| 	} else {
 | |
| 		log.Error("GetUserByID(%d): %v", a.ActUserID, err)
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func (a *Action) loadRepo() {
 | |
| 	if a.Repo != nil {
 | |
| 		return
 | |
| 	}
 | |
| 	var err error
 | |
| 	a.Repo, err = GetRepositoryByID(a.RepoID)
 | |
| 	if err != nil {
 | |
| 		log.Error("GetRepositoryByID(%d): %v", a.RepoID, err)
 | |
| 	}
 | |
| }
 | |
| 
 | |
| // GetActFullName gets the action's user full name.
 | |
| func (a *Action) GetActFullName() string {
 | |
| 	a.loadActUser()
 | |
| 	return a.ActUser.FullName
 | |
| }
 | |
| 
 | |
| // GetActUserName gets the action's user name.
 | |
| func (a *Action) GetActUserName() string {
 | |
| 	a.loadActUser()
 | |
| 	return a.ActUser.Name
 | |
| }
 | |
| 
 | |
| // ShortActUserName gets the action's user name trimmed to max 20
 | |
| // chars.
 | |
| func (a *Action) ShortActUserName() string {
 | |
| 	return base.EllipsisString(a.GetActUserName(), 20)
 | |
| }
 | |
| 
 | |
| // GetDisplayName gets the action's display name based on DEFAULT_SHOW_FULL_NAME
 | |
| func (a *Action) GetDisplayName() string {
 | |
| 	if setting.UI.DefaultShowFullName {
 | |
| 		return a.GetActFullName()
 | |
| 	}
 | |
| 	return a.ShortActUserName()
 | |
| }
 | |
| 
 | |
| // GetDisplayNameTitle gets the action's display name used for the title (tooltip) based on DEFAULT_SHOW_FULL_NAME
 | |
| func (a *Action) GetDisplayNameTitle() string {
 | |
| 	if setting.UI.DefaultShowFullName {
 | |
| 		return a.ShortActUserName()
 | |
| 	}
 | |
| 	return a.GetActFullName()
 | |
| }
 | |
| 
 | |
| // GetActAvatar the action's user's avatar link
 | |
| func (a *Action) GetActAvatar() string {
 | |
| 	a.loadActUser()
 | |
| 	return a.ActUser.RelAvatarLink()
 | |
| }
 | |
| 
 | |
| // GetRepoUserName returns the name of the action repository owner.
 | |
| func (a *Action) GetRepoUserName() string {
 | |
| 	a.loadRepo()
 | |
| 	return a.Repo.OwnerName
 | |
| }
 | |
| 
 | |
| // ShortRepoUserName returns the name of the action repository owner
 | |
| // trimmed to max 20 chars.
 | |
| func (a *Action) ShortRepoUserName() string {
 | |
| 	return base.EllipsisString(a.GetRepoUserName(), 20)
 | |
| }
 | |
| 
 | |
| // GetRepoName returns the name of the action repository.
 | |
| func (a *Action) GetRepoName() string {
 | |
| 	a.loadRepo()
 | |
| 	return a.Repo.Name
 | |
| }
 | |
| 
 | |
| // ShortRepoName returns the name of the action repository
 | |
| // trimmed to max 33 chars.
 | |
| func (a *Action) ShortRepoName() string {
 | |
| 	return base.EllipsisString(a.GetRepoName(), 33)
 | |
| }
 | |
| 
 | |
| // GetRepoPath returns the virtual path to the action repository.
 | |
| func (a *Action) GetRepoPath() string {
 | |
| 	return path.Join(a.GetRepoUserName(), a.GetRepoName())
 | |
| }
 | |
| 
 | |
| // ShortRepoPath returns the virtual path to the action repository
 | |
| // trimmed to max 20 + 1 + 33 chars.
 | |
| func (a *Action) ShortRepoPath() string {
 | |
| 	return path.Join(a.ShortRepoUserName(), a.ShortRepoName())
 | |
| }
 | |
| 
 | |
| // GetRepoLink returns relative link to action repository.
 | |
| func (a *Action) GetRepoLink() string {
 | |
| 	if len(setting.AppSubURL) > 0 {
 | |
| 		return path.Join(setting.AppSubURL, a.GetRepoPath())
 | |
| 	}
 | |
| 	return "/" + a.GetRepoPath()
 | |
| }
 | |
| 
 | |
| // GetRepositoryFromMatch returns a *Repository from a username and repo strings
 | |
| func GetRepositoryFromMatch(ownerName string, repoName string) (*Repository, error) {
 | |
| 	var err error
 | |
| 	refRepo, err := GetRepositoryByOwnerAndName(ownerName, repoName)
 | |
| 	if err != nil {
 | |
| 		if IsErrRepoNotExist(err) {
 | |
| 			log.Warn("Repository referenced in commit but does not exist: %v", err)
 | |
| 			return nil, err
 | |
| 		}
 | |
| 		log.Error("GetRepositoryByOwnerAndName: %v", err)
 | |
| 		return nil, err
 | |
| 	}
 | |
| 	return refRepo, nil
 | |
| }
 | |
| 
 | |
| // GetCommentLink returns link to action comment.
 | |
| func (a *Action) GetCommentLink() string {
 | |
| 	return a.getCommentLink(x)
 | |
| }
 | |
| 
 | |
| func (a *Action) getCommentLink(e Engine) string {
 | |
| 	if a == nil {
 | |
| 		return "#"
 | |
| 	}
 | |
| 	if a.Comment == nil && a.CommentID != 0 {
 | |
| 		a.Comment, _ = GetCommentByID(a.CommentID)
 | |
| 	}
 | |
| 	if a.Comment != nil {
 | |
| 		return a.Comment.HTMLURL()
 | |
| 	}
 | |
| 	if len(a.GetIssueInfos()) == 0 {
 | |
| 		return "#"
 | |
| 	}
 | |
| 	//Return link to issue
 | |
| 	issueIDString := a.GetIssueInfos()[0]
 | |
| 	issueID, err := strconv.ParseInt(issueIDString, 10, 64)
 | |
| 	if err != nil {
 | |
| 		return "#"
 | |
| 	}
 | |
| 
 | |
| 	issue, err := getIssueByID(e, issueID)
 | |
| 	if err != nil {
 | |
| 		return "#"
 | |
| 	}
 | |
| 
 | |
| 	if err = issue.loadRepo(e); err != nil {
 | |
| 		return "#"
 | |
| 	}
 | |
| 
 | |
| 	return issue.HTMLURL()
 | |
| }
 | |
| 
 | |
| // GetBranch returns the action's repository branch.
 | |
| func (a *Action) GetBranch() string {
 | |
| 	return a.RefName
 | |
| }
 | |
| 
 | |
| // GetContent returns the action's content.
 | |
| func (a *Action) GetContent() string {
 | |
| 	return a.Content
 | |
| }
 | |
| 
 | |
| // GetCreate returns the action creation time.
 | |
| func (a *Action) GetCreate() time.Time {
 | |
| 	return a.CreatedUnix.AsTime()
 | |
| }
 | |
| 
 | |
| // GetIssueInfos returns a list of issues associated with
 | |
| // the action.
 | |
| func (a *Action) GetIssueInfos() []string {
 | |
| 	return strings.SplitN(a.Content, "|", 2)
 | |
| }
 | |
| 
 | |
| // GetIssueTitle returns the title of first issue associated
 | |
| // with the action.
 | |
| func (a *Action) GetIssueTitle() string {
 | |
| 	index := com.StrTo(a.GetIssueInfos()[0]).MustInt64()
 | |
| 	issue, err := GetIssueByIndex(a.RepoID, index)
 | |
| 	if err != nil {
 | |
| 		log.Error("GetIssueByIndex: %v", err)
 | |
| 		return "500 when get issue"
 | |
| 	}
 | |
| 	return issue.Title
 | |
| }
 | |
| 
 | |
| // GetIssueContent returns the content of first issue associated with
 | |
| // this action.
 | |
| func (a *Action) GetIssueContent() string {
 | |
| 	index := com.StrTo(a.GetIssueInfos()[0]).MustInt64()
 | |
| 	issue, err := GetIssueByIndex(a.RepoID, index)
 | |
| 	if err != nil {
 | |
| 		log.Error("GetIssueByIndex: %v", err)
 | |
| 		return "500 when get issue"
 | |
| 	}
 | |
| 	return issue.Content
 | |
| }
 | |
| 
 | |
| // GetFeedsOptions options for retrieving feeds
 | |
| type GetFeedsOptions struct {
 | |
| 	RequestedUser   *User // the user we want activity for
 | |
| 	Actor           *User // the user viewing the activity
 | |
| 	IncludePrivate  bool  // include private actions
 | |
| 	OnlyPerformedBy bool  // only actions performed by requested user
 | |
| 	IncludeDeleted  bool  // include deleted actions
 | |
| }
 | |
| 
 | |
| // GetFeeds returns actions according to the provided options
 | |
| func GetFeeds(opts GetFeedsOptions) ([]*Action, error) {
 | |
| 	cond := builder.NewCond()
 | |
| 
 | |
| 	var repoIDs []int64
 | |
| 	var actorID int64
 | |
| 
 | |
| 	if opts.Actor != nil {
 | |
| 		actorID = opts.Actor.ID
 | |
| 	}
 | |
| 
 | |
| 	if opts.RequestedUser.IsOrganization() {
 | |
| 		env, err := opts.RequestedUser.AccessibleReposEnv(actorID)
 | |
| 		if err != nil {
 | |
| 			return nil, fmt.Errorf("AccessibleReposEnv: %v", err)
 | |
| 		}
 | |
| 		if repoIDs, err = env.RepoIDs(1, opts.RequestedUser.NumRepos); err != nil {
 | |
| 			return nil, fmt.Errorf("GetUserRepositories: %v", err)
 | |
| 		}
 | |
| 
 | |
| 		cond = cond.And(builder.In("repo_id", repoIDs))
 | |
| 	} else if opts.Actor != nil {
 | |
| 		cond = cond.And(builder.In("repo_id", opts.Actor.AccessibleRepoIDsQuery()))
 | |
| 	}
 | |
| 
 | |
| 	cond = cond.And(builder.Eq{"user_id": opts.RequestedUser.ID})
 | |
| 
 | |
| 	if opts.OnlyPerformedBy {
 | |
| 		cond = cond.And(builder.Eq{"act_user_id": opts.RequestedUser.ID})
 | |
| 	}
 | |
| 	if !opts.IncludePrivate {
 | |
| 		cond = cond.And(builder.Eq{"is_private": false})
 | |
| 	}
 | |
| 
 | |
| 	if !opts.IncludeDeleted {
 | |
| 		cond = cond.And(builder.Eq{"is_deleted": false})
 | |
| 	}
 | |
| 
 | |
| 	actions := make([]*Action, 0, 20)
 | |
| 
 | |
| 	if err := x.Limit(20).Desc("id").Where(cond).Find(&actions); err != nil {
 | |
| 		return nil, fmt.Errorf("Find: %v", err)
 | |
| 	}
 | |
| 
 | |
| 	if err := ActionList(actions).LoadAttributes(); err != nil {
 | |
| 		return nil, fmt.Errorf("LoadAttributes: %v", err)
 | |
| 	}
 | |
| 
 | |
| 	return actions, nil
 | |
| }
 |