You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

439 lines
11 KiB

  1. // Copyright 2019 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package migrations
  5. import (
  6. "fmt"
  7. "xorm.io/xorm"
  8. )
  9. func addBranchProtectionCanPushAndEnableWhitelist(x *xorm.Engine) error {
  10. type ProtectedBranch struct {
  11. CanPush bool `xorm:"NOT NULL DEFAULT false"`
  12. EnableApprovalsWhitelist bool `xorm:"NOT NULL DEFAULT false"`
  13. ApprovalsWhitelistUserIDs []int64 `xorm:"JSON TEXT"`
  14. ApprovalsWhitelistTeamIDs []int64 `xorm:"JSON TEXT"`
  15. RequiredApprovals int64 `xorm:"NOT NULL DEFAULT 0"`
  16. }
  17. type User struct {
  18. ID int64 `xorm:"pk autoincr"`
  19. Type int
  20. // Permissions
  21. IsAdmin bool
  22. IsRestricted bool `xorm:"NOT NULL DEFAULT false"`
  23. Visibility int `xorm:"NOT NULL DEFAULT 0"`
  24. }
  25. type Review struct {
  26. ID int64 `xorm:"pk autoincr"`
  27. Official bool `xorm:"NOT NULL DEFAULT false"`
  28. ReviewerID int64 `xorm:"index"`
  29. IssueID int64 `xorm:"index"`
  30. }
  31. if err := x.Sync2(new(ProtectedBranch)); err != nil {
  32. return err
  33. }
  34. if err := x.Sync2(new(Review)); err != nil {
  35. return err
  36. }
  37. const (
  38. // ReviewTypeApprove approves changes
  39. ReviewTypeApprove int = 1
  40. // ReviewTypeReject gives feedback blocking merge
  41. ReviewTypeReject int = 3
  42. // VisibleTypePublic Visible for everyone
  43. VisibleTypePublic int = 0
  44. // VisibleTypePrivate Visible only for organization's members
  45. VisibleTypePrivate int = 2
  46. // UnitTypeCode is unit type code
  47. UnitTypeCode int = 1
  48. // AccessModeNone no access
  49. AccessModeNone int = 0
  50. // AccessModeRead read access
  51. AccessModeRead int = 1
  52. // AccessModeWrite write access
  53. AccessModeWrite int = 2
  54. // AccessModeOwner owner access
  55. AccessModeOwner int = 4
  56. )
  57. // Repository represents a git repository.
  58. type Repository struct {
  59. ID int64 `xorm:"pk autoincr"`
  60. OwnerID int64 `xorm:"UNIQUE(s) index"`
  61. IsPrivate bool `xorm:"INDEX"`
  62. }
  63. type PullRequest struct {
  64. ID int64 `xorm:"pk autoincr"`
  65. BaseRepoID int64 `xorm:"INDEX"`
  66. BaseBranch string
  67. }
  68. // RepoUnit describes all units of a repository
  69. type RepoUnit struct {
  70. ID int64
  71. RepoID int64 `xorm:"INDEX(s)"`
  72. Type int `xorm:"INDEX(s)"`
  73. }
  74. type Permission struct {
  75. AccessMode int
  76. Units []*RepoUnit
  77. UnitsMode map[int]int
  78. }
  79. type TeamUser struct {
  80. ID int64 `xorm:"pk autoincr"`
  81. TeamID int64 `xorm:"UNIQUE(s)"`
  82. UID int64 `xorm:"UNIQUE(s)"`
  83. }
  84. type Collaboration struct {
  85. ID int64 `xorm:"pk autoincr"`
  86. RepoID int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
  87. UserID int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
  88. Mode int `xorm:"DEFAULT 2 NOT NULL"`
  89. }
  90. type Access struct {
  91. ID int64 `xorm:"pk autoincr"`
  92. UserID int64 `xorm:"UNIQUE(s)"`
  93. RepoID int64 `xorm:"UNIQUE(s)"`
  94. Mode int
  95. }
  96. type TeamUnit struct {
  97. ID int64 `xorm:"pk autoincr"`
  98. OrgID int64 `xorm:"INDEX"`
  99. TeamID int64 `xorm:"UNIQUE(s)"`
  100. Type int `xorm:"UNIQUE(s)"`
  101. }
  102. // Team represents a organization team.
  103. type Team struct {
  104. ID int64 `xorm:"pk autoincr"`
  105. OrgID int64 `xorm:"INDEX"`
  106. Authorize int
  107. }
  108. // getUserRepoPermission static function based on models.IsOfficialReviewer at 5d78792385
  109. getUserRepoPermission := func(sess *xorm.Session, repo *Repository, user *User) (Permission, error) {
  110. var perm Permission
  111. repoOwner := new(User)
  112. has, err := sess.ID(repo.OwnerID).Get(repoOwner)
  113. if err != nil || !has {
  114. return perm, err
  115. }
  116. // Prevent strangers from checking out public repo of private orginization
  117. // Allow user if they are collaborator of a repo within a private orginization but not a member of the orginization itself
  118. hasOrgVisible := true
  119. // Not SignedUser
  120. if user == nil {
  121. hasOrgVisible = repoOwner.Visibility == VisibleTypePublic
  122. } else if !user.IsAdmin {
  123. hasMemberWithUserID, err := sess.
  124. Where("uid=?", user.ID).
  125. And("org_id=?", repoOwner.ID).
  126. Table("org_user").
  127. Exist()
  128. if err != nil {
  129. hasOrgVisible = false
  130. }
  131. if (repoOwner.Visibility == VisibleTypePrivate || user.IsRestricted) && !hasMemberWithUserID {
  132. hasOrgVisible = false
  133. }
  134. }
  135. isCollaborator, err := sess.Get(&Collaboration{RepoID: repo.ID, UserID: user.ID})
  136. if err != nil {
  137. return perm, err
  138. }
  139. if repoOwner.Type == 1 && !hasOrgVisible && !isCollaborator {
  140. perm.AccessMode = AccessModeNone
  141. return perm, err
  142. }
  143. var units []*RepoUnit
  144. if err := sess.Where("repo_id = ?", repo.ID).Find(&units); err != nil {
  145. return perm, err
  146. }
  147. perm.Units = units
  148. // anonymous visit public repo
  149. if user == nil {
  150. perm.AccessMode = AccessModeRead
  151. return perm, err
  152. }
  153. // Admin or the owner has super access to the repository
  154. if user.IsAdmin || user.ID == repo.OwnerID {
  155. perm.AccessMode = AccessModeOwner
  156. return perm, err
  157. }
  158. accessLevel := func(user *User, repo *Repository) (int, error) {
  159. mode := AccessModeNone
  160. var userID int64
  161. restricted := false
  162. if user != nil {
  163. userID = user.ID
  164. restricted = user.IsRestricted
  165. }
  166. if !restricted && !repo.IsPrivate {
  167. mode = AccessModeRead
  168. }
  169. if userID == 0 {
  170. return mode, nil
  171. }
  172. if userID == repo.OwnerID {
  173. return AccessModeOwner, nil
  174. }
  175. a := &Access{UserID: userID, RepoID: repo.ID}
  176. if has, err := sess.Get(a); !has || err != nil {
  177. return mode, err
  178. }
  179. return a.Mode, nil
  180. }
  181. // plain user
  182. perm.AccessMode, err = accessLevel(user, repo)
  183. if err != nil {
  184. return perm, err
  185. }
  186. // If Owner is no Org
  187. if repoOwner.Type != 1 {
  188. return perm, err
  189. }
  190. perm.UnitsMode = make(map[int]int)
  191. // Collaborators on organization
  192. if isCollaborator {
  193. for _, u := range units {
  194. perm.UnitsMode[u.Type] = perm.AccessMode
  195. }
  196. }
  197. // get units mode from teams
  198. var teams []*Team
  199. err = sess.
  200. Join("INNER", "team_user", "team_user.team_id = team.id").
  201. Join("INNER", "team_repo", "team_repo.team_id = team.id").
  202. Where("team.org_id = ?", repo.OwnerID).
  203. And("team_user.uid=?", user.ID).
  204. And("team_repo.repo_id=?", repo.ID).
  205. Find(&teams)
  206. if err != nil {
  207. return perm, err
  208. }
  209. // if user in an owner team
  210. for _, team := range teams {
  211. if team.Authorize >= AccessModeOwner {
  212. perm.AccessMode = AccessModeOwner
  213. perm.UnitsMode = nil
  214. return perm, err
  215. }
  216. }
  217. for _, u := range units {
  218. var found bool
  219. for _, team := range teams {
  220. var teamU []*TeamUnit
  221. var unitEnabled bool
  222. err = sess.Where("team_id = ?", team.ID).Find(&teamU)
  223. for _, tu := range teamU {
  224. if tu.Type == u.Type {
  225. unitEnabled = true
  226. break
  227. }
  228. }
  229. if unitEnabled {
  230. m := perm.UnitsMode[u.Type]
  231. if m < team.Authorize {
  232. perm.UnitsMode[u.Type] = team.Authorize
  233. }
  234. found = true
  235. }
  236. }
  237. // for a public repo on an organization, a non-restricted user has read permission on non-team defined units.
  238. if !found && !repo.IsPrivate && !user.IsRestricted {
  239. if _, ok := perm.UnitsMode[u.Type]; !ok {
  240. perm.UnitsMode[u.Type] = AccessModeRead
  241. }
  242. }
  243. }
  244. // remove no permission units
  245. perm.Units = make([]*RepoUnit, 0, len(units))
  246. for t := range perm.UnitsMode {
  247. for _, u := range units {
  248. if u.Type == t {
  249. perm.Units = append(perm.Units, u)
  250. }
  251. }
  252. }
  253. return perm, err
  254. }
  255. // isOfficialReviewer static function based on 5d78792385
  256. isOfficialReviewer := func(sess *xorm.Session, issueID int64, reviewer *User) (bool, error) {
  257. pr := new(PullRequest)
  258. has, err := sess.ID(issueID).Get(pr)
  259. if err != nil {
  260. return false, err
  261. } else if !has {
  262. return false, fmt.Errorf("PullRequest for issueID %d not exist", issueID)
  263. }
  264. baseRepo := new(Repository)
  265. has, err = sess.ID(pr.BaseRepoID).Get(baseRepo)
  266. if err != nil {
  267. return false, err
  268. } else if !has {
  269. return false, fmt.Errorf("baseRepo with id %d not exist", pr.BaseRepoID)
  270. }
  271. protectedBranch := new(ProtectedBranch)
  272. has, err = sess.Where("repo_id=? AND branch_name=?", baseRepo.ID, pr.BaseBranch).Get(protectedBranch)
  273. if err != nil {
  274. return false, err
  275. }
  276. if !has {
  277. return false, nil
  278. }
  279. if !protectedBranch.EnableApprovalsWhitelist {
  280. perm, err := getUserRepoPermission(sess, baseRepo, reviewer)
  281. if err != nil {
  282. return false, err
  283. }
  284. if perm.UnitsMode == nil {
  285. for _, u := range perm.Units {
  286. if u.Type == UnitTypeCode {
  287. return AccessModeWrite <= perm.AccessMode, nil
  288. }
  289. }
  290. return false, nil
  291. }
  292. return AccessModeWrite <= perm.UnitsMode[UnitTypeCode], nil
  293. }
  294. for _, id := range protectedBranch.ApprovalsWhitelistUserIDs {
  295. if id == reviewer.ID {
  296. return true, nil
  297. }
  298. }
  299. // isUserInTeams
  300. return sess.Where("uid=?", reviewer.ID).In("team_id", protectedBranch.ApprovalsWhitelistTeamIDs).Exist(new(TeamUser))
  301. }
  302. if _, err := x.Exec("UPDATE `protected_branch` SET `enable_whitelist` = ? WHERE enable_whitelist IS NULL", false); err != nil {
  303. return err
  304. }
  305. if _, err := x.Exec("UPDATE `protected_branch` SET `can_push` = `enable_whitelist`"); err != nil {
  306. return err
  307. }
  308. if _, err := x.Exec("UPDATE `protected_branch` SET `enable_approvals_whitelist` = ? WHERE `required_approvals` > ?", true, 0); err != nil {
  309. return err
  310. }
  311. var pageSize int64 = 20
  312. qresult, err := x.QueryInterface("SELECT max(id) as max_id FROM issue")
  313. if err != nil {
  314. return err
  315. }
  316. var totalIssues int64
  317. totalIssues, ok := qresult[0]["max_id"].(int64)
  318. if !ok {
  319. // If there are no issues at all we ignore it
  320. return nil
  321. }
  322. totalPages := totalIssues / pageSize
  323. var executeBody = func(page, pageSize int64) error {
  324. // Find latest review of each user in each pull request, and set official field if appropriate
  325. reviews := []*Review{}
  326. if err := x.SQL("SELECT * FROM review WHERE id IN (SELECT max(id) as id FROM review WHERE issue_id > ? AND issue_id <= ? AND type in (?, ?) GROUP BY issue_id, reviewer_id)",
  327. page*pageSize, (page+1)*pageSize, ReviewTypeApprove, ReviewTypeReject).
  328. Find(&reviews); err != nil {
  329. return err
  330. }
  331. if len(reviews) == 0 {
  332. return nil
  333. }
  334. sess := x.NewSession()
  335. defer sess.Close()
  336. if err := sess.Begin(); err != nil {
  337. return err
  338. }
  339. var updated int
  340. for _, review := range reviews {
  341. reviewer := new(User)
  342. has, err := sess.ID(review.ReviewerID).Get(reviewer)
  343. if err != nil || !has {
  344. // Error might occur if user doesn't exist, ignore it.
  345. continue
  346. }
  347. official, err := isOfficialReviewer(sess, review.IssueID, reviewer)
  348. if err != nil {
  349. // Branch might not be proteced or other error, ignore it.
  350. continue
  351. }
  352. review.Official = official
  353. updated++
  354. if _, err := sess.ID(review.ID).Cols("official").Update(review); err != nil {
  355. return err
  356. }
  357. }
  358. if updated > 0 {
  359. return sess.Commit()
  360. }
  361. return nil
  362. }
  363. var page int64
  364. for page = 0; page <= totalPages; page++ {
  365. if err := executeBody(page, pageSize); err != nil {
  366. return err
  367. }
  368. }
  369. return nil
  370. }