In code search, get code unit accessible repos in one (main) query (#19764)
* When non-admin users use code search, get code unit accessible repos in one main query * Modified some comments to match the changes * Removed unnecessary check for Access Mode in Collaboration table Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
parent
881646520e
commit
6473bd333a
5 changed files with 113 additions and 114 deletions
|
@ -12,6 +12,7 @@ import (
|
||||||
"code.gitea.io/gitea/models/db"
|
"code.gitea.io/gitea/models/db"
|
||||||
"code.gitea.io/gitea/models/perm"
|
"code.gitea.io/gitea/models/perm"
|
||||||
repo_model "code.gitea.io/gitea/models/repo"
|
repo_model "code.gitea.io/gitea/models/repo"
|
||||||
|
"code.gitea.io/gitea/models/unit"
|
||||||
user_model "code.gitea.io/gitea/models/user"
|
user_model "code.gitea.io/gitea/models/user"
|
||||||
"code.gitea.io/gitea/modules/lfs"
|
"code.gitea.io/gitea/modules/lfs"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
|
@ -213,7 +214,7 @@ func LFSObjectAccessible(user *user_model.User, oid string) (bool, error) {
|
||||||
count, err := db.GetEngine(db.DefaultContext).Count(&LFSMetaObject{Pointer: lfs.Pointer{Oid: oid}})
|
count, err := db.GetEngine(db.DefaultContext).Count(&LFSMetaObject{Pointer: lfs.Pointer{Oid: oid}})
|
||||||
return count > 0, err
|
return count > 0, err
|
||||||
}
|
}
|
||||||
cond := repo_model.AccessibleRepositoryCondition(user)
|
cond := repo_model.AccessibleRepositoryCondition(user, unit.TypeInvalid)
|
||||||
count, err := db.GetEngine(db.DefaultContext).Where(cond).Join("INNER", "repository", "`lfs_meta_object`.repository_id = `repository`.id").Count(&LFSMetaObject{Pointer: lfs.Pointer{Oid: oid}})
|
count, err := db.GetEngine(db.DefaultContext).Where(cond).Join("INNER", "repository", "`lfs_meta_object`.repository_id = `repository`.id").Count(&LFSMetaObject{Pointer: lfs.Pointer{Oid: oid}})
|
||||||
return count > 0, err
|
return count > 0, err
|
||||||
}
|
}
|
||||||
|
@ -244,7 +245,7 @@ func LFSAutoAssociate(metas []*LFSMetaObject, user *user_model.User, repoID int6
|
||||||
newMetas := make([]*LFSMetaObject, 0, len(metas))
|
newMetas := make([]*LFSMetaObject, 0, len(metas))
|
||||||
cond := builder.In(
|
cond := builder.In(
|
||||||
"`lfs_meta_object`.repository_id",
|
"`lfs_meta_object`.repository_id",
|
||||||
builder.Select("`repository`.id").From("repository").Where(repo_model.AccessibleRepositoryCondition(user)),
|
builder.Select("`repository`.id").From("repository").Where(repo_model.AccessibleRepositoryCondition(user, unit.TypeInvalid)),
|
||||||
)
|
)
|
||||||
err = sess.Cols("oid").Where(cond).In("oid", oids...).GroupBy("oid").Find(&newMetas)
|
err = sess.Cols("oid").Where(cond).In("oid", oids...).GroupBy("oid").Find(&newMetas)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -1430,7 +1430,7 @@ func issuePullAccessibleRepoCond(repoIDstr string, userID int64, org *organizati
|
||||||
cond = cond.And(
|
cond = cond.And(
|
||||||
builder.Or(
|
builder.Or(
|
||||||
repo_model.UserOwnedRepoCond(userID), // owned repos
|
repo_model.UserOwnedRepoCond(userID), // owned repos
|
||||||
repo_model.UserCollaborationRepoCond(repoIDstr, userID), // collaboration repos
|
repo_model.UserAccessRepoCond(repoIDstr, userID), // user can access repo in a unit independent way
|
||||||
repo_model.UserAssignedRepoCond(repoIDstr, userID), // user has been assigned accessible public repos
|
repo_model.UserAssignedRepoCond(repoIDstr, userID), // user has been assigned accessible public repos
|
||||||
repo_model.UserMentionedRepoCond(repoIDstr, userID), // user has been mentioned accessible public repos
|
repo_model.UserMentionedRepoCond(repoIDstr, userID), // user has been mentioned accessible public repos
|
||||||
repo_model.UserCreateIssueRepoCond(repoIDstr, userID, isPull), // user has created issue/pr accessible public repos
|
repo_model.UserCreateIssueRepoCond(repoIDstr, userID, isPull), // user has created issue/pr accessible public repos
|
||||||
|
@ -1499,7 +1499,7 @@ func GetRepoIDsForIssuesOptions(opts *IssuesOptions, user *user_model.User) ([]i
|
||||||
|
|
||||||
opts.setupSessionNoLimit(sess)
|
opts.setupSessionNoLimit(sess)
|
||||||
|
|
||||||
accessCond := repo_model.AccessibleRepositoryCondition(user)
|
accessCond := repo_model.AccessibleRepositoryCondition(user, unit.TypeInvalid)
|
||||||
if err := sess.Where(accessCond).
|
if err := sess.Where(accessCond).
|
||||||
Distinct("issue.repo_id").
|
Distinct("issue.repo_id").
|
||||||
Table("issue").
|
Table("issue").
|
||||||
|
|
|
@ -14,6 +14,7 @@ import (
|
||||||
"code.gitea.io/gitea/models/organization"
|
"code.gitea.io/gitea/models/organization"
|
||||||
access_model "code.gitea.io/gitea/models/perm/access"
|
access_model "code.gitea.io/gitea/models/perm/access"
|
||||||
repo_model "code.gitea.io/gitea/models/repo"
|
repo_model "code.gitea.io/gitea/models/repo"
|
||||||
|
"code.gitea.io/gitea/models/unit"
|
||||||
user_model "code.gitea.io/gitea/models/user"
|
user_model "code.gitea.io/gitea/models/user"
|
||||||
|
|
||||||
"xorm.io/builder"
|
"xorm.io/builder"
|
||||||
|
@ -54,7 +55,7 @@ func GetUserOrgsList(user *user_model.User) ([]*MinimalOrg, error) {
|
||||||
Join("LEFT", builder.
|
Join("LEFT", builder.
|
||||||
Select("id as repo_id, owner_id as repo_owner_id").
|
Select("id as repo_id, owner_id as repo_owner_id").
|
||||||
From("repository").
|
From("repository").
|
||||||
Where(repo_model.AccessibleRepositoryCondition(user)), "`repository`.repo_owner_id = `team`.org_id").
|
Where(repo_model.AccessibleRepositoryCondition(user, unit.TypeInvalid)), "`repository`.repo_owner_id = `team`.org_id").
|
||||||
Where("`team_user`.uid = ?", user.ID).
|
Where("`team_user`.uid = ?", user.ID).
|
||||||
GroupBy(groupByStr)
|
GroupBy(groupByStr)
|
||||||
|
|
||||||
|
|
|
@ -269,8 +269,8 @@ func UserMentionedRepoCond(id string, userID int64) builder.Cond {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
// UserCollaborationRepoCond returns user as collabrators repositories list
|
// UserAccessRepoCond returns a condition for selecting all repositories a user has unit independent access to
|
||||||
func UserCollaborationRepoCond(idStr string, userID int64) builder.Cond {
|
func UserAccessRepoCond(idStr string, userID int64) builder.Cond {
|
||||||
return builder.In(idStr, builder.Select("repo_id").
|
return builder.In(idStr, builder.Select("repo_id").
|
||||||
From("`access`").
|
From("`access`").
|
||||||
Where(builder.And(
|
Where(builder.And(
|
||||||
|
@ -280,8 +280,18 @@ func UserCollaborationRepoCond(idStr string, userID int64) builder.Cond {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
// userOrgTeamRepoCond selects repos that the given user has access to through team membership
|
// userCollaborationRepoCond returns a condition for selecting all repositories a user is collaborator in
|
||||||
func userOrgTeamRepoCond(idStr string, userID int64) builder.Cond {
|
func UserCollaborationRepoCond(idStr string, userID int64) builder.Cond {
|
||||||
|
return builder.In(idStr, builder.Select("repo_id").
|
||||||
|
From("`collaboration`").
|
||||||
|
Where(builder.And(
|
||||||
|
builder.Eq{"`collaboration`.user_id": userID},
|
||||||
|
)),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// UserOrgTeamRepoCond selects repos that the given user has access to through team membership
|
||||||
|
func UserOrgTeamRepoCond(idStr string, userID int64) builder.Cond {
|
||||||
return builder.In(idStr, userOrgTeamRepoBuilder(userID))
|
return builder.In(idStr, userOrgTeamRepoBuilder(userID))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -297,7 +307,13 @@ func userOrgTeamRepoBuilder(userID int64) *builder.Builder {
|
||||||
func userOrgTeamUnitRepoBuilder(userID int64, unitType unit.Type) *builder.Builder {
|
func userOrgTeamUnitRepoBuilder(userID int64, unitType unit.Type) *builder.Builder {
|
||||||
return userOrgTeamRepoBuilder(userID).
|
return userOrgTeamRepoBuilder(userID).
|
||||||
Join("INNER", "team_unit", "`team_unit`.team_id = `team_repo`.team_id").
|
Join("INNER", "team_unit", "`team_unit`.team_id = `team_repo`.team_id").
|
||||||
Where(builder.Eq{"`team_unit`.`type`": unitType})
|
Where(builder.Eq{"`team_unit`.`type`": unitType}).
|
||||||
|
And(builder.Gt{"`team_unit`.`access_mode`": int(perm.AccessModeNone)})
|
||||||
|
}
|
||||||
|
|
||||||
|
// userOrgTeamUnitRepoCond returns a condition to select repo ids where user's teams can access the special unit.
|
||||||
|
func userOrgTeamUnitRepoCond(idStr string, userID int64, unitType unit.Type) builder.Cond {
|
||||||
|
return builder.In(idStr, userOrgTeamUnitRepoBuilder(userID, unitType))
|
||||||
}
|
}
|
||||||
|
|
||||||
// UserOrgUnitRepoCond selects repos that the given user has access to through org and the special unit
|
// UserOrgUnitRepoCond selects repos that the given user has access to through org and the special unit
|
||||||
|
@ -350,7 +366,7 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
|
||||||
if opts.Private {
|
if opts.Private {
|
||||||
if opts.Actor != nil && !opts.Actor.IsAdmin && opts.Actor.ID != opts.OwnerID {
|
if opts.Actor != nil && !opts.Actor.IsAdmin && opts.Actor.ID != opts.OwnerID {
|
||||||
// OK we're in the context of a User
|
// OK we're in the context of a User
|
||||||
cond = cond.And(AccessibleRepositoryCondition(opts.Actor))
|
cond = cond.And(AccessibleRepositoryCondition(opts.Actor, unit.TypeInvalid))
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// Not looking at private organisations and users
|
// Not looking at private organisations and users
|
||||||
|
@ -395,10 +411,10 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
|
||||||
builder.Neq{"owner_id": opts.OwnerID},
|
builder.Neq{"owner_id": opts.OwnerID},
|
||||||
// 2. But we can see because of:
|
// 2. But we can see because of:
|
||||||
builder.Or(
|
builder.Or(
|
||||||
// A. We have access
|
// A. We have unit independent access
|
||||||
UserCollaborationRepoCond("`repository`.id", opts.OwnerID),
|
UserAccessRepoCond("`repository`.id", opts.OwnerID),
|
||||||
// B. We are in a team for
|
// B. We are in a team for
|
||||||
userOrgTeamRepoCond("`repository`.id", opts.OwnerID),
|
UserOrgTeamRepoCond("`repository`.id", opts.OwnerID),
|
||||||
// C. Public repositories in organizations that we are member of
|
// C. Public repositories in organizations that we are member of
|
||||||
userOrgPublicRepoCondPrivate(opts.OwnerID),
|
userOrgPublicRepoCondPrivate(opts.OwnerID),
|
||||||
),
|
),
|
||||||
|
@ -479,7 +495,7 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
|
||||||
}
|
}
|
||||||
|
|
||||||
if opts.Actor != nil && opts.Actor.IsRestricted {
|
if opts.Actor != nil && opts.Actor.IsRestricted {
|
||||||
cond = cond.And(AccessibleRepositoryCondition(opts.Actor))
|
cond = cond.And(AccessibleRepositoryCondition(opts.Actor, unit.TypeInvalid))
|
||||||
}
|
}
|
||||||
|
|
||||||
if opts.Archived != util.OptionalBoolNone {
|
if opts.Archived != util.OptionalBoolNone {
|
||||||
|
@ -574,7 +590,7 @@ func searchRepositoryByCondition(ctx context.Context, opts *SearchRepoOptions, c
|
||||||
}
|
}
|
||||||
|
|
||||||
// AccessibleRepositoryCondition takes a user a returns a condition for checking if a repository is accessible
|
// AccessibleRepositoryCondition takes a user a returns a condition for checking if a repository is accessible
|
||||||
func AccessibleRepositoryCondition(user *user_model.User) builder.Cond {
|
func AccessibleRepositoryCondition(user *user_model.User, unitType unit.Type) builder.Cond {
|
||||||
cond := builder.NewCond()
|
cond := builder.NewCond()
|
||||||
|
|
||||||
if user == nil || !user.IsRestricted || user.ID <= 0 {
|
if user == nil || !user.IsRestricted || user.ID <= 0 {
|
||||||
|
@ -594,13 +610,24 @@ func AccessibleRepositoryCondition(user *user_model.User) builder.Cond {
|
||||||
}
|
}
|
||||||
|
|
||||||
if user != nil {
|
if user != nil {
|
||||||
|
// 2. Be able to see all repositories that we have unit independent access to
|
||||||
|
// 3. Be able to see all repositories through team membership(s)
|
||||||
|
if unitType == unit.TypeInvalid {
|
||||||
|
// Regardless of UnitType
|
||||||
|
cond = cond.Or(
|
||||||
|
UserAccessRepoCond("`repository`.id", user.ID),
|
||||||
|
UserOrgTeamRepoCond("`repository`.id", user.ID),
|
||||||
|
)
|
||||||
|
} else {
|
||||||
|
// For a specific UnitType
|
||||||
cond = cond.Or(
|
cond = cond.Or(
|
||||||
// 2. Be able to see all repositories that we have access to
|
|
||||||
UserCollaborationRepoCond("`repository`.id", user.ID),
|
UserCollaborationRepoCond("`repository`.id", user.ID),
|
||||||
// 3. Repositories that we directly own
|
userOrgTeamUnitRepoCond("`repository`.id", user.ID, unitType),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
cond = cond.Or(
|
||||||
|
// 4. Repositories that we directly own
|
||||||
builder.Eq{"`repository`.owner_id": user.ID},
|
builder.Eq{"`repository`.owner_id": user.ID},
|
||||||
// 4. Be able to see all repositories that we are in a team
|
|
||||||
userOrgTeamRepoCond("`repository`.id", user.ID),
|
|
||||||
// 5. Be able to see all public repos in private organizations that we are an org_user of
|
// 5. Be able to see all public repos in private organizations that we are an org_user of
|
||||||
userOrgPublicRepoCond(user.ID),
|
userOrgPublicRepoCond(user.ID),
|
||||||
)
|
)
|
||||||
|
@ -645,18 +672,18 @@ func SearchRepositoryIDs(opts *SearchRepoOptions) ([]int64, int64, error) {
|
||||||
// AccessibleRepoIDsQuery queries accessible repository ids. Usable as a subquery wherever repo ids need to be filtered.
|
// AccessibleRepoIDsQuery queries accessible repository ids. Usable as a subquery wherever repo ids need to be filtered.
|
||||||
func AccessibleRepoIDsQuery(user *user_model.User) *builder.Builder {
|
func AccessibleRepoIDsQuery(user *user_model.User) *builder.Builder {
|
||||||
// NB: Please note this code needs to still work if user is nil
|
// NB: Please note this code needs to still work if user is nil
|
||||||
return builder.Select("id").From("repository").Where(AccessibleRepositoryCondition(user))
|
return builder.Select("id").From("repository").Where(AccessibleRepositoryCondition(user, unit.TypeInvalid))
|
||||||
}
|
}
|
||||||
|
|
||||||
// FindUserAccessibleRepoIDs find all accessible repositories' ID by user's id
|
// FindUserCodeAccessibleRepoIDs finds all at Code level accessible repositories' ID by the user's id
|
||||||
func FindUserAccessibleRepoIDs(user *user_model.User) ([]int64, error) {
|
func FindUserCodeAccessibleRepoIDs(user *user_model.User) ([]int64, error) {
|
||||||
repoIDs := make([]int64, 0, 10)
|
repoIDs := make([]int64, 0, 10)
|
||||||
if err := db.GetEngine(db.DefaultContext).
|
if err := db.GetEngine(db.DefaultContext).
|
||||||
Table("repository").
|
Table("repository").
|
||||||
Cols("id").
|
Cols("id").
|
||||||
Where(AccessibleRepositoryCondition(user)).
|
Where(AccessibleRepositoryCondition(user, unit.TypeCode)).
|
||||||
Find(&repoIDs); err != nil {
|
Find(&repoIDs); err != nil {
|
||||||
return nil, fmt.Errorf("FindUserAccesibleRepoIDs: %v", err)
|
return nil, fmt.Errorf("FindUserCodeAccesibleRepoIDs: %v", err)
|
||||||
}
|
}
|
||||||
return repoIDs, nil
|
return repoIDs, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,9 +7,7 @@ package explore
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"code.gitea.io/gitea/models"
|
|
||||||
repo_model "code.gitea.io/gitea/models/repo"
|
repo_model "code.gitea.io/gitea/models/repo"
|
||||||
"code.gitea.io/gitea/models/unit"
|
|
||||||
"code.gitea.io/gitea/modules/base"
|
"code.gitea.io/gitea/modules/base"
|
||||||
"code.gitea.io/gitea/modules/context"
|
"code.gitea.io/gitea/modules/context"
|
||||||
code_indexer "code.gitea.io/gitea/modules/indexer/code"
|
code_indexer "code.gitea.io/gitea/modules/indexer/code"
|
||||||
|
@ -44,6 +42,7 @@ func Code(ctx *context.Context) {
|
||||||
queryType := ctx.FormTrim("t")
|
queryType := ctx.FormTrim("t")
|
||||||
isMatch := queryType == "match"
|
isMatch := queryType == "match"
|
||||||
|
|
||||||
|
if keyword != "" {
|
||||||
var (
|
var (
|
||||||
repoIDs []int64
|
repoIDs []int64
|
||||||
err error
|
err error
|
||||||
|
@ -55,7 +54,7 @@ func Code(ctx *context.Context) {
|
||||||
|
|
||||||
// guest user or non-admin user
|
// guest user or non-admin user
|
||||||
if ctx.Doer == nil || !isAdmin {
|
if ctx.Doer == nil || !isAdmin {
|
||||||
repoIDs, err = repo_model.FindUserAccessibleRepoIDs(ctx.Doer)
|
repoIDs, err = repo_model.FindUserCodeAccessibleRepoIDs(ctx.Doer)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.ServerError("SearchResults", err)
|
ctx.ServerError("SearchResults", err)
|
||||||
return
|
return
|
||||||
|
@ -68,37 +67,7 @@ func Code(ctx *context.Context) {
|
||||||
searchResultLanguages []*code_indexer.SearchResultLanguages
|
searchResultLanguages []*code_indexer.SearchResultLanguages
|
||||||
)
|
)
|
||||||
|
|
||||||
// if non-admin login user, we need check UnitTypeCode at first
|
if (len(repoIDs) > 0) || isAdmin {
|
||||||
if ctx.Doer != nil && len(repoIDs) > 0 {
|
|
||||||
repoMaps, err := repo_model.GetRepositoriesMapByIDs(repoIDs)
|
|
||||||
if err != nil {
|
|
||||||
ctx.ServerError("SearchResults", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
rightRepoMap := make(map[int64]*repo_model.Repository, len(repoMaps))
|
|
||||||
repoIDs = make([]int64, 0, len(repoMaps))
|
|
||||||
for id, repo := range repoMaps {
|
|
||||||
if models.CheckRepoUnitUser(ctx, repo, ctx.Doer, unit.TypeCode) {
|
|
||||||
rightRepoMap[id] = repo
|
|
||||||
repoIDs = append(repoIDs, id)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx.Data["RepoMaps"] = rightRepoMap
|
|
||||||
|
|
||||||
total, searchResults, searchResultLanguages, err = code_indexer.PerformSearch(ctx, repoIDs, language, keyword, page, setting.UI.RepoSearchPagingNum, isMatch)
|
|
||||||
if err != nil {
|
|
||||||
if code_indexer.IsAvailable() {
|
|
||||||
ctx.ServerError("SearchResults", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
ctx.Data["CodeIndexerUnavailable"] = true
|
|
||||||
} else {
|
|
||||||
ctx.Data["CodeIndexerUnavailable"] = !code_indexer.IsAvailable()
|
|
||||||
}
|
|
||||||
// if non-login user or isAdmin, no need to check UnitTypeCode
|
|
||||||
} else if (ctx.Doer == nil && len(repoIDs) > 0) || isAdmin {
|
|
||||||
total, searchResults, searchResultLanguages, err = code_indexer.PerformSearch(ctx, repoIDs, language, keyword, page, setting.UI.RepoSearchPagingNum, isMatch)
|
total, searchResults, searchResultLanguages, err = code_indexer.PerformSearch(ctx, repoIDs, language, keyword, page, setting.UI.RepoSearchPagingNum, isMatch)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if code_indexer.IsAvailable() {
|
if code_indexer.IsAvailable() {
|
||||||
|
@ -144,6 +113,7 @@ func Code(ctx *context.Context) {
|
||||||
pager.SetDefaultParams(ctx)
|
pager.SetDefaultParams(ctx)
|
||||||
pager.AddParam(ctx, "l", "Language")
|
pager.AddParam(ctx, "l", "Language")
|
||||||
ctx.Data["Page"] = pager
|
ctx.Data["Page"] = pager
|
||||||
|
}
|
||||||
|
|
||||||
ctx.HTML(http.StatusOK, tplExploreCode)
|
ctx.HTML(http.StatusOK, tplExploreCode)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue