2014-02-17 18:38:50 -05:00
// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2014-02-17 23:57:23 +08:00
package models
2015-02-24 00:27:22 -05:00
import (
"fmt"
2015-03-16 04:04:27 -04:00
"github.com/gogits/gogs/modules/log"
2015-02-24 00:27:22 -05:00
)
2015-02-05 15:29:08 +02:00
type AccessMode int
2014-06-25 00:44:48 -04:00
2014-02-17 23:57:23 +08:00
const (
2015-02-09 13:36:33 +02:00
ACCESS_MODE_NONE AccessMode = iota
ACCESS_MODE_READ
ACCESS_MODE_WRITE
ACCESS_MODE_ADMIN
ACCESS_MODE_OWNER
2014-02-17 23:57:23 +08:00
)
2015-02-05 15:29:08 +02:00
// Access represents the highest access level of a user to the repository. The only access type
// that is not in this table is the real owner of a repository. In case of an organization
// repository, the members of the owners team are in this table.
type Access struct {
ID int64 ` xorm:"pk autoincr" `
UserID int64 ` xorm:"UNIQUE(s)" `
RepoID int64 ` xorm:"UNIQUE(s)" `
Mode AccessMode
2014-02-17 23:57:23 +08:00
}
2015-02-23 02:15:53 -05:00
func accessLevel ( e Engine , u * User , repo * Repository ) ( AccessMode , error ) {
2015-02-09 13:36:33 +02:00
mode := ACCESS_MODE_NONE
2015-02-23 02:15:53 -05:00
if ! repo . IsPrivate {
2015-02-09 13:36:33 +02:00
mode = ACCESS_MODE_READ
2015-02-11 21:58:37 -05:00
}
2014-05-01 11:32:12 -04:00
2015-11-19 11:40:00 -05:00
if u == nil {
return mode , nil
}
2014-04-04 18:55:17 -04:00
2015-11-19 11:40:00 -05:00
if u . Id == repo . OwnerID {
return ACCESS_MODE_OWNER , nil
2014-04-11 21:47:39 -04:00
}
2015-02-05 15:29:08 +02:00
2015-11-19 11:40:00 -05:00
a := & Access { UserID : u . Id , RepoID : repo . ID }
if has , err := e . Get ( a ) ; ! has || err != nil {
return mode , err
}
return a . Mode , nil
2014-02-17 23:57:23 +08:00
}
2015-01-23 09:54:16 +02:00
2015-02-23 02:15:53 -05:00
// AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
// user does not have access. User can be nil!
func AccessLevel ( u * User , repo * Repository ) ( AccessMode , error ) {
return accessLevel ( x , u , repo )
}
func hasAccess ( e Engine , u * User , repo * Repository , testMode AccessMode ) ( bool , error ) {
mode , err := accessLevel ( e , u , repo )
2015-02-13 00:58:46 -05:00
return testMode <= mode , err
}
2015-02-23 02:15:53 -05:00
// HasAccess returns true if someone has the request access level. User can be nil!
func HasAccess ( u * User , repo * Repository , testMode AccessMode ) ( bool , error ) {
return hasAccess ( x , u , repo , testMode )
}
2015-11-13 17:37:02 -05:00
// GetRepositoryAccesses finds all repositories with their access mode where a user has access but does not own.
func ( u * User ) GetRepositoryAccesses ( ) ( map [ * Repository ] AccessMode , error ) {
2015-01-23 09:54:16 +02:00
accesses := make ( [ ] * Access , 0 , 10 )
2015-02-05 15:29:08 +02:00
if err := x . Find ( & accesses , & Access { UserID : u . Id } ) ; err != nil {
2015-01-23 09:54:16 +02:00
return nil , err
}
2015-02-05 15:29:08 +02:00
repos := make ( map [ * Repository ] AccessMode , len ( accesses ) )
2015-01-23 09:54:16 +02:00
for _ , access := range accesses {
2015-08-08 22:43:14 +08:00
repo , err := GetRepositoryByID ( access . RepoID )
2015-01-23 09:54:16 +02:00
if err != nil {
2015-03-16 04:04:27 -04:00
if IsErrRepoNotExist ( err ) {
2015-11-13 17:37:02 -05:00
log . Error ( 4 , "GetRepositoryByID: %v" , err )
2015-03-16 04:04:27 -04:00
continue
}
2015-01-23 09:54:16 +02:00
return nil , err
}
2015-02-11 21:58:37 -05:00
if err = repo . GetOwner ( ) ; err != nil {
2015-02-04 16:08:55 +02:00
return nil , err
2015-08-08 22:43:14 +08:00
} else if repo . OwnerID == u . Id {
2015-02-11 21:58:37 -05:00
continue
2015-02-04 16:08:55 +02:00
}
2015-01-23 09:54:16 +02:00
repos [ repo ] = access . Mode
}
return repos , nil
}
2015-02-05 15:29:08 +02:00
2015-11-13 17:37:02 -05:00
// GetAccessibleRepositories finds all repositories where a user has access but does not own.
func ( u * User ) GetAccessibleRepositories ( ) ( [ ] * Repository , error ) {
accesses := make ( [ ] * Access , 0 , 10 )
if err := x . Find ( & accesses , & Access { UserID : u . Id } ) ; err != nil {
return nil , err
}
2015-11-15 14:55:12 -05:00
if len ( accesses ) == 0 {
return [ ] * Repository { } , nil
}
2015-11-13 17:37:02 -05:00
repoIDs := make ( [ ] int64 , 0 , len ( accesses ) )
for _ , access := range accesses {
repoIDs = append ( repoIDs , access . RepoID )
}
repos := make ( [ ] * Repository , 0 , len ( repoIDs ) )
return repos , x . Where ( "owner_id != ?" , u . Id ) . In ( "id" , repoIDs ) . Desc ( "updated" ) . Find ( & repos )
}
2015-02-13 00:58:46 -05:00
func maxAccessMode ( modes ... AccessMode ) AccessMode {
max := ACCESS_MODE_NONE
for _ , mode := range modes {
if mode > max {
max = mode
}
}
return max
}
2015-02-28 21:44:09 -05:00
// FIXME: do corss-comparison so reduce deletions and additions to the minimum?
func ( repo * Repository ) refreshAccesses ( e Engine , accessMap map [ int64 ] AccessMode ) ( err error ) {
minMode := ACCESS_MODE_READ
if ! repo . IsPrivate {
minMode = ACCESS_MODE_WRITE
}
newAccesses := make ( [ ] Access , 0 , len ( accessMap ) )
for userID , mode := range accessMap {
if mode < minMode {
continue
}
newAccesses = append ( newAccesses , Access {
UserID : userID ,
2015-08-08 22:43:14 +08:00
RepoID : repo . ID ,
2015-02-28 21:44:09 -05:00
Mode : mode ,
} )
}
2015-02-13 02:56:42 -05:00
2015-02-28 21:44:09 -05:00
// Delete old accesses and insert new ones for repository.
2015-08-08 22:43:14 +08:00
if _ , err = e . Delete ( & Access { RepoID : repo . ID } ) ; err != nil {
2015-02-28 21:44:09 -05:00
return fmt . Errorf ( "delete old accesses: %v" , err )
} else if _ , err = e . Insert ( newAccesses ) ; err != nil {
return fmt . Errorf ( "insert new accesses: %v" , err )
}
2015-02-13 02:56:42 -05:00
return nil
}
2015-02-28 21:44:09 -05:00
// FIXME: should be able to have read-only access.
// Give all collaborators write access.
func ( repo * Repository ) refreshCollaboratorAccesses ( e Engine , accessMap map [ int64 ] AccessMode ) error {
2015-02-13 00:58:46 -05:00
collaborators , err := repo . getCollaborators ( e )
2015-02-05 15:29:08 +02:00
if err != nil {
2015-02-28 21:44:09 -05:00
return fmt . Errorf ( "getCollaborators: %v" , err )
2015-02-05 15:29:08 +02:00
}
for _ , c := range collaborators {
2015-02-09 13:36:33 +02:00
accessMap [ c . Id ] = ACCESS_MODE_WRITE
2015-02-05 15:29:08 +02:00
}
2015-02-28 21:44:09 -05:00
return nil
}
// recalculateTeamAccesses recalculates new accesses for teams of an organization
// except the team whose ID is given. It is used to assign a team ID when
// remove repository from that team.
func ( repo * Repository ) recalculateTeamAccesses ( e Engine , ignTeamID int64 ) ( err error ) {
accessMap := make ( map [ int64 ] AccessMode , 20 )
if err = repo . getOwner ( e ) ; err != nil {
2015-02-05 15:29:08 +02:00
return err
2015-08-28 13:51:15 +08:00
} else if ! repo . Owner . IsOrganization ( ) {
return fmt . Errorf ( "owner is not an organization: %d" , repo . OwnerID )
2015-02-05 15:29:08 +02:00
}
2015-08-28 13:51:15 +08:00
2015-07-24 16:52:01 +08:00
if err = repo . refreshCollaboratorAccesses ( e , accessMap ) ; err != nil {
return fmt . Errorf ( "refreshCollaboratorAccesses: %v" , err )
}
2015-02-05 15:29:08 +02:00
2015-08-28 13:51:15 +08:00
if err = repo . Owner . getTeams ( e ) ; err != nil {
return err
}
2015-03-24 18:14:04 -04:00
2015-08-28 13:51:15 +08:00
for _ , t := range repo . Owner . Teams {
if t . ID == ignTeamID {
continue
}
2015-02-05 15:29:08 +02:00
2015-08-28 13:51:15 +08:00
// Owner team gets owner access, and skip for teams that do not
// have relations with repository.
if t . IsOwnerTeam ( ) {
t . Authorize = ACCESS_MODE_OWNER
} else if ! t . hasRepository ( e , repo . ID ) {
continue
}
if err = t . getMembers ( e ) ; err != nil {
return fmt . Errorf ( "getMembers '%d': %v" , t . ID , err )
}
for _ , m := range t . Members {
accessMap [ m . Id ] = maxAccessMode ( accessMap [ m . Id ] , t . Authorize )
2015-02-05 15:29:08 +02:00
}
}
2015-02-28 21:44:09 -05:00
return repo . refreshAccesses ( e , accessMap )
}
2015-02-05 15:29:08 +02:00
2015-02-28 21:44:09 -05:00
func ( repo * Repository ) recalculateAccesses ( e Engine ) error {
2015-08-28 13:51:15 +08:00
if repo . Owner . IsOrganization ( ) {
return repo . recalculateTeamAccesses ( e , 0 )
}
2015-02-28 21:44:09 -05:00
accessMap := make ( map [ int64 ] AccessMode , 20 )
if err := repo . refreshCollaboratorAccesses ( e , accessMap ) ; err != nil {
return fmt . Errorf ( "refreshCollaboratorAccesses: %v" , err )
2015-02-05 15:29:08 +02:00
}
2015-02-28 21:44:09 -05:00
return repo . refreshAccesses ( e , accessMap )
2015-02-13 00:58:46 -05:00
}
2015-02-05 15:29:08 +02:00
2015-02-13 00:58:46 -05:00
// RecalculateAccesses recalculates all accesses for repository.
func ( r * Repository ) RecalculateAccesses ( ) error {
return r . recalculateAccesses ( x )
2015-02-05 15:29:08 +02:00
}