From cb41f5cae16c5c11cad717c0d19333c2aa4e3b55 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Wed, 23 Feb 2022 22:07:05 +0000
Subject: [PATCH] Update assignees check to include any writing team and change
org sidebar (#18680)
Following the merging of #17811 teams can now have differing write and readonly permissions, however the assignee list will not include teams which have mixed perms.
Further the org sidebar is no longer helpful as it can't describe these mixed permissions situations.
Fix #18572
Signed-off-by: Andrew Thornton <art27@cantab.net>
---
models/repo.go | 51 +++++++++++++++++++------
routers/web/org/teams.go | 2 +
templates/org/team/sidebar.tmpl | 68 ++++++++++++++++++++++-----------
3 files changed, 88 insertions(+), 33 deletions(-)
diff --git a/models/repo.go b/models/repo.go
index 7b0635074..02e1a3325 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -150,27 +150,56 @@ func getRepoAssignees(ctx context.Context, repo *repo_model.Repository) (_ []*us
}
e := db.GetEngine(ctx)
- accesses := make([]*Access, 0, 10)
- if err = e.
+ userIDs := make([]int64, 0, 10)
+ if err = e.Table("access").
Where("repo_id = ? AND mode >= ?", repo.ID, perm.AccessModeWrite).
- Find(&accesses); err != nil {
+ Select("id").
+ Find(&userIDs); err != nil {
return nil, err
}
+ additionalUserIDs := make([]int64, 0, 10)
+ if err = e.Table("team_user").
+ Join("INNER", "team_repo", "`team_repo`.team_id = `team_user`.team_id").
+ Join("INNER", "team_unit", "`team_unit`.team_id = `team_user`.team_id").
+ Where("`team_repo`.repo_id = ? AND `team_unit`.access_mode >= ?", repo.ID, perm.AccessModeWrite).
+ Distinct("`team_user`.uid").
+ Select("`team_user`.uid").
+ Find(&additionalUserIDs); err != nil {
+ return nil, err
+ }
+
+ uidMap := map[int64]bool{}
+ i := 0
+ for _, uid := range userIDs {
+ if uidMap[uid] {
+ continue
+ }
+ uidMap[uid] = true
+ userIDs[i] = uid
+ i++
+ }
+ userIDs = userIDs[:i]
+ userIDs = append(userIDs, additionalUserIDs...)
+
+ for _, uid := range additionalUserIDs {
+ if uidMap[uid] {
+ continue
+ }
+ userIDs[i] = uid
+ i++
+ }
+ userIDs = userIDs[:i]
+
// Leave a seat for owner itself to append later, but if owner is an organization
// and just waste 1 unit is cheaper than re-allocate memory once.
- users := make([]*user_model.User, 0, len(accesses)+1)
- if len(accesses) > 0 {
- userIDs := make([]int64, len(accesses))
- for i := 0; i < len(accesses); i++ {
- userIDs[i] = accesses[i].UserID
- }
-
+ users := make([]*user_model.User, 0, len(userIDs)+1)
+ if len(userIDs) > 0 {
if err = e.In("id", userIDs).Find(&users); err != nil {
return nil, err
}
}
- if !repo.Owner.IsOrganization() {
+ if !repo.Owner.IsOrganization() && !uidMap[repo.OwnerID] {
users = append(users, repo.Owner)
}
diff --git a/routers/web/org/teams.go b/routers/web/org/teams.go
index 9b0212e56..f6e09eb4c 100644
--- a/routers/web/org/teams.go
+++ b/routers/web/org/teams.go
@@ -311,6 +311,7 @@ func TeamMembers(ctx *context.Context) {
ctx.ServerError("GetMembers", err)
return
}
+ ctx.Data["Units"] = unit_model.Units
ctx.HTML(http.StatusOK, tplTeamMembers)
}
@@ -323,6 +324,7 @@ func TeamRepositories(ctx *context.Context) {
ctx.ServerError("GetRepositories", err)
return
}
+ ctx.Data["Units"] = unit_model.Units
ctx.HTML(http.StatusOK, tplTeamRepositories)
}
diff --git a/templates/org/team/sidebar.tmpl b/templates/org/team/sidebar.tmpl
index 6ea08740f..2dec681b4 100644
--- a/templates/org/team/sidebar.tmpl
+++ b/templates/org/team/sidebar.tmpl
@@ -25,31 +25,55 @@
<span class="text grey italic">{{.i18n.Tr "org.teams.no_desc"}}</span>
{{end}}
</div>
-
- <div class="item">
- {{if eq .Team.LowerName "owners"}}
+ {{if eq .Team.LowerName "owners"}}
+ <div class="item">
{{.i18n.Tr "org.teams.owners_permission_desc" | Str2html}}
- {{else if (eq .Team.AccessMode 1)}}
- {{if .Team.IncludesAllRepositories}}
- {{.i18n.Tr "org.teams.all_repositories_read_permission_desc" | Str2html}}
+ </div>
+ {{else}}
+ <div class="item">
+ <h3>{{.i18n.Tr "org.team_access_desc"}}</h3>
+ <ul>
+ {{if .Team.IncludesAllRepositories}}
+ <li>{{.i18n.Tr "org.teams.all_repositories" | Str2html}}
+ {{else}}
+ <li>{{.i18n.Tr "org.teams.specific_repositories" | Str2html}}
+ {{end}}
+ {{if .Team.CanCreateOrgRepo}}
+ <li>{{.i18n.Tr "org.teams.can_create_org_repo"}}
+ {{end}}
+ </ul>
+ {{if (eq .Team.AccessMode 2)}}
+ <h3>{{.i18n.Tr "org.settings.permission"}}</h3>
+ {{.i18n.Tr "org.teams.write_permission_desc"}}
+ {{else if (eq .Team.AccessMode 3)}}
+ <h3>{{.i18n.Tr "org.settings.permission"}}</h3>
+ {{.i18n.Tr "org.teams.admin_permission_desc"}}
{{else}}
- {{.i18n.Tr "org.teams.read_permission_desc" | Str2html}}
+ <table class="ui table">
+ <thead>
+ <tr>
+ <th>{{.i18n.Tr "units.unit"}}</th>
+ <th>{{.i18n.Tr "org.team_permission_desc"}}</th>
+ </tr>
+ </thead>
+ <tbody>
+ {{range $t, $unit := $.Units}}
+ {{if and (lt $unit.MaxPerm 2) (not $unit.Type.UnitGlobalDisabled)}}
+ <tr>
+ <td><strong>{{$.i18n.Tr $unit.NameKey}}</strong></td>
+ <td>{{if eq ($.Team.UnitAccessMode $unit.Type) 0 -}}
+ {{$.i18n.Tr "org.teams.none_access"}}
+ {{- else if or (eq $.Team.ID 0) (eq ($.Team.UnitAccessMode $unit.Type) 1) -}}
+ {{$.i18n.Tr "org.teams.read_access"}}
+ {{- else if eq ($.Team.UnitAccessMode $unit.Type) 2 -}}
+ {{$.i18n.Tr "org.teams.write_access"}}
+ {{- end}}</td>
+ </tr>
+ {{end}}
+ {{end}}
+ </tbody>
+ </table>
{{end}}
- {{else if (eq .Team.AccessMode 2)}}
- {{if .Team.IncludesAllRepositories}}
- {{.i18n.Tr "org.teams.all_repositories_write_permission_desc" | Str2html}}
- {{else}}
- {{.i18n.Tr "org.teams.write_permission_desc" | Str2html}}
- {{end}}
- {{else if (eq .Team.AccessMode 3)}}
- {{if .Team.IncludesAllRepositories}}
- {{.i18n.Tr "org.teams.all_repositories_admin_permission_desc" | Str2html}}
- {{else}}
- {{.i18n.Tr "org.teams.admin_permission_desc" | Str2html}}
- {{end}}
- {{end}}
- {{if .Team.CanCreateOrgRepo}}
- <br><br>{{.i18n.Tr "org.teams.create_repo_permission_desc" | Str2html}}
{{end}}
</div>
</div>