Update assignees check to include any writing team and change org sidebar (#18680)

Following the merging of #17811 teams can now have differing write and readonly permissions, however the assignee list will not include teams which have mixed perms.

Further the org sidebar is no longer helpful as it can't describe these mixed permissions situations.

Fix #18572

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2022-02-23 22:07:05 +00:00 committed by GitHub
parent f7085f718b
commit cb41f5cae1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 88 additions and 33 deletions

View file

@ -150,27 +150,56 @@ func getRepoAssignees(ctx context.Context, repo *repo_model.Repository) (_ []*us
} }
e := db.GetEngine(ctx) e := db.GetEngine(ctx)
accesses := make([]*Access, 0, 10) userIDs := make([]int64, 0, 10)
if err = e. if err = e.Table("access").
Where("repo_id = ? AND mode >= ?", repo.ID, perm.AccessModeWrite). Where("repo_id = ? AND mode >= ?", repo.ID, perm.AccessModeWrite).
Find(&accesses); err != nil { Select("id").
Find(&userIDs); err != nil {
return nil, err return nil, err
} }
additionalUserIDs := make([]int64, 0, 10)
if err = e.Table("team_user").
Join("INNER", "team_repo", "`team_repo`.team_id = `team_user`.team_id").
Join("INNER", "team_unit", "`team_unit`.team_id = `team_user`.team_id").
Where("`team_repo`.repo_id = ? AND `team_unit`.access_mode >= ?", repo.ID, perm.AccessModeWrite).
Distinct("`team_user`.uid").
Select("`team_user`.uid").
Find(&additionalUserIDs); err != nil {
return nil, err
}
uidMap := map[int64]bool{}
i := 0
for _, uid := range userIDs {
if uidMap[uid] {
continue
}
uidMap[uid] = true
userIDs[i] = uid
i++
}
userIDs = userIDs[:i]
userIDs = append(userIDs, additionalUserIDs...)
for _, uid := range additionalUserIDs {
if uidMap[uid] {
continue
}
userIDs[i] = uid
i++
}
userIDs = userIDs[:i]
// Leave a seat for owner itself to append later, but if owner is an organization // Leave a seat for owner itself to append later, but if owner is an organization
// and just waste 1 unit is cheaper than re-allocate memory once. // and just waste 1 unit is cheaper than re-allocate memory once.
users := make([]*user_model.User, 0, len(accesses)+1) users := make([]*user_model.User, 0, len(userIDs)+1)
if len(accesses) > 0 { if len(userIDs) > 0 {
userIDs := make([]int64, len(accesses))
for i := 0; i < len(accesses); i++ {
userIDs[i] = accesses[i].UserID
}
if err = e.In("id", userIDs).Find(&users); err != nil { if err = e.In("id", userIDs).Find(&users); err != nil {
return nil, err return nil, err
} }
} }
if !repo.Owner.IsOrganization() { if !repo.Owner.IsOrganization() && !uidMap[repo.OwnerID] {
users = append(users, repo.Owner) users = append(users, repo.Owner)
} }

View file

@ -311,6 +311,7 @@ func TeamMembers(ctx *context.Context) {
ctx.ServerError("GetMembers", err) ctx.ServerError("GetMembers", err)
return return
} }
ctx.Data["Units"] = unit_model.Units
ctx.HTML(http.StatusOK, tplTeamMembers) ctx.HTML(http.StatusOK, tplTeamMembers)
} }
@ -323,6 +324,7 @@ func TeamRepositories(ctx *context.Context) {
ctx.ServerError("GetRepositories", err) ctx.ServerError("GetRepositories", err)
return return
} }
ctx.Data["Units"] = unit_model.Units
ctx.HTML(http.StatusOK, tplTeamRepositories) ctx.HTML(http.StatusOK, tplTeamRepositories)
} }

View file

@ -25,31 +25,55 @@
<span class="text grey italic">{{.i18n.Tr "org.teams.no_desc"}}</span> <span class="text grey italic">{{.i18n.Tr "org.teams.no_desc"}}</span>
{{end}} {{end}}
</div> </div>
{{if eq .Team.LowerName "owners"}}
<div class="item"> <div class="item">
{{if eq .Team.LowerName "owners"}}
{{.i18n.Tr "org.teams.owners_permission_desc" | Str2html}} {{.i18n.Tr "org.teams.owners_permission_desc" | Str2html}}
{{else if (eq .Team.AccessMode 1)}} </div>
{{if .Team.IncludesAllRepositories}} {{else}}
{{.i18n.Tr "org.teams.all_repositories_read_permission_desc" | Str2html}} <div class="item">
<h3>{{.i18n.Tr "org.team_access_desc"}}</h3>
<ul>
{{if .Team.IncludesAllRepositories}}
<li>{{.i18n.Tr "org.teams.all_repositories" | Str2html}}
{{else}}
<li>{{.i18n.Tr "org.teams.specific_repositories" | Str2html}}
{{end}}
{{if .Team.CanCreateOrgRepo}}
<li>{{.i18n.Tr "org.teams.can_create_org_repo"}}
{{end}}
</ul>
{{if (eq .Team.AccessMode 2)}}
<h3>{{.i18n.Tr "org.settings.permission"}}</h3>
{{.i18n.Tr "org.teams.write_permission_desc"}}
{{else if (eq .Team.AccessMode 3)}}
<h3>{{.i18n.Tr "org.settings.permission"}}</h3>
{{.i18n.Tr "org.teams.admin_permission_desc"}}
{{else}} {{else}}
{{.i18n.Tr "org.teams.read_permission_desc" | Str2html}} <table class="ui table">
<thead>
<tr>
<th>{{.i18n.Tr "units.unit"}}</th>
<th>{{.i18n.Tr "org.team_permission_desc"}}</th>
</tr>
</thead>
<tbody>
{{range $t, $unit := $.Units}}
{{if and (lt $unit.MaxPerm 2) (not $unit.Type.UnitGlobalDisabled)}}
<tr>
<td><strong>{{$.i18n.Tr $unit.NameKey}}</strong></td>
<td>{{if eq ($.Team.UnitAccessMode $unit.Type) 0 -}}
{{$.i18n.Tr "org.teams.none_access"}}
{{- else if or (eq $.Team.ID 0) (eq ($.Team.UnitAccessMode $unit.Type) 1) -}}
{{$.i18n.Tr "org.teams.read_access"}}
{{- else if eq ($.Team.UnitAccessMode $unit.Type) 2 -}}
{{$.i18n.Tr "org.teams.write_access"}}
{{- end}}</td>
</tr>
{{end}}
{{end}}
</tbody>
</table>
{{end}} {{end}}
{{else if (eq .Team.AccessMode 2)}}
{{if .Team.IncludesAllRepositories}}
{{.i18n.Tr "org.teams.all_repositories_write_permission_desc" | Str2html}}
{{else}}
{{.i18n.Tr "org.teams.write_permission_desc" | Str2html}}
{{end}}
{{else if (eq .Team.AccessMode 3)}}
{{if .Team.IncludesAllRepositories}}
{{.i18n.Tr "org.teams.all_repositories_admin_permission_desc" | Str2html}}
{{else}}
{{.i18n.Tr "org.teams.admin_permission_desc" | Str2html}}
{{end}}
{{end}}
{{if .Team.CanCreateOrgRepo}}
<br><br>{{.i18n.Tr "org.teams.create_repo_permission_desc" | Str2html}}
{{end}} {{end}}
</div> </div>
</div> </div>