Add team option to grant rights for all organization repositories

integrations/api_team_test.go

@@ -55,55 +55,63 @@ func TestAPITeam(t *testing.T) {
 
 	// Create team.
 	teamToCreate := &api.CreateTeamOption{
-		Name:        "team1",
-		Description: "team one",
-		Permission:  "write",
-		Units:       []string{"repo.code", "repo.issues"},
+		Name:              "team1",
+		Description:       "team one",
+		IsAllRepositories: true,
+		Permission:        "write",
+		Units:             []string{"repo.code", "repo.issues"},
 	}
 	req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/teams?token=%s", org.Name, token), teamToCreate)
 	resp = session.MakeRequest(t, req, http.StatusCreated)
 	DecodeJSON(t, resp, &apiTeam)
-	checkTeamResponse(t, &apiTeam, teamToCreate.Name, teamToCreate.Description, teamToCreate.Permission, teamToCreate.Units)
-	checkTeamBean(t, apiTeam.ID, teamToCreate.Name, teamToCreate.Description, teamToCreate.Permission, teamToCreate.Units)
+	checkTeamResponse(t, &apiTeam, teamToCreate.Name, teamToCreate.Description, teamToCreate.IsAllRepositories,
+		teamToCreate.Permission, teamToCreate.Units)
+	checkTeamBean(t, apiTeam.ID, teamToCreate.Name, teamToCreate.Description, teamToCreate.IsAllRepositories,
+		teamToCreate.Permission, teamToCreate.Units)
 	teamID := apiTeam.ID
 
 	// Edit team.
 	teamToEdit := &api.EditTeamOption{
-		Name:        "teamone",
-		Description: "team 1",
-		Permission:  "admin",
-		Units:       []string{"repo.code", "repo.pulls", "repo.releases"},
+		Name:              "teamone",
+		Description:       "team 1",
+		IsAllRepositories: false,
+		Permission:        "admin",
+		Units:             []string{"repo.code", "repo.pulls", "repo.releases"},
 	}
 	req = NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/teams/%d?token=%s", teamID, token), teamToEdit)
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiTeam)
-	checkTeamResponse(t, &apiTeam, teamToEdit.Name, teamToEdit.Description, teamToEdit.Permission, teamToEdit.Units)
-	checkTeamBean(t, apiTeam.ID, teamToEdit.Name, teamToEdit.Description, teamToEdit.Permission, teamToEdit.Units)
+	checkTeamResponse(t, &apiTeam, teamToEdit.Name, teamToEdit.Description, teamToEdit.IsAllRepositories,
+		teamToEdit.Permission, teamToEdit.Units)
+	checkTeamBean(t, apiTeam.ID, teamToEdit.Name, teamToEdit.Description, teamToEdit.IsAllRepositories,
+		teamToEdit.Permission, teamToEdit.Units)
 
 	// Read team.
 	teamRead := models.AssertExistsAndLoadBean(t, &models.Team{ID: teamID}).(*models.Team)
 	req = NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamID)
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiTeam)
-	checkTeamResponse(t, &apiTeam, teamRead.Name, teamRead.Description, teamRead.Authorize.String(), teamRead.GetUnitNames())
+	checkTeamResponse(t, &apiTeam, teamRead.Name, teamRead.Description, teamRead.IsAllRepositories,
+		teamRead.Authorize.String(), teamRead.GetUnitNames())
 
 	// Delete team.
 	req = NewRequestf(t, "DELETE", "/api/v1/teams/%d?token="+token, teamID)
 	session.MakeRequest(t, req, http.StatusNoContent)
 	models.AssertNotExistsBean(t, &models.Team{ID: teamID})
 }
 
-func checkTeamResponse(t *testing.T, apiTeam *api.Team, name, description string, permission string, units []string) {
+func checkTeamResponse(t *testing.T, apiTeam *api.Team, name, description string, isAllRepositories bool, permission string, units []string) {
 	assert.Equal(t, name, apiTeam.Name, "name")
 	assert.Equal(t, description, apiTeam.Description, "description")
+	assert.Equal(t, isAllRepositories, apiTeam.IsAllRepositories, "isAllRepositories")
 	assert.Equal(t, permission, apiTeam.Permission, "permission")
 	sort.StringSlice(units).Sort()
 	sort.StringSlice(apiTeam.Units).Sort()
 	assert.EqualValues(t, units, apiTeam.Units, "units")
 }
 
-func checkTeamBean(t *testing.T, id int64, name, description string, permission string, units []string) {
+func checkTeamBean(t *testing.T, id int64, name, description string, isAllRepositories bool, permission string, units []string) {
 	team := models.AssertExistsAndLoadBean(t, &models.Team{ID: id}).(*models.Team)
 	assert.NoError(t, team.GetUnits(), "GetUnits")
-	checkTeamResponse(t, convert.ToTeam(team), name, description, permission, units)
+	checkTeamResponse(t, convert.ToTeam(team), name, description, isAllRepositories, permission, units)
 }

models/migrations/migrations.go

@@ -223,6 +223,8 @@ var migrations = []Migration{
 	NewMigration("add uploader id for table attachment", addUploaderIDForAttachment),
 	// v84 -> v85
 	NewMigration("add table to store original imported gpg keys", addGPGKeyImport),
+	// v85 -> v86
+	NewMigration("add is_all_repositories to teams", addTeamIsAllRepositories),
 }
 
 // Migrate database to current version

models/migrations/v85.go

@@ -0,0 +1,25 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"github.com/go-xorm/xorm"
+)
+
+func addTeamIsAllRepositories(x *xorm.Engine) error {
+
+	type Team struct {
+		ID                int64 `xorm:"pk autoincr"`
+		IsAllRepositories bool  `xorm:"NOT NULL DEFAULT false"`
+	}
+
+	if err := x.Sync2(new(Team)); err != nil {
+		return err
+	}
+
+	_, err := x.Exec("UPDATE team SET is_all_repositories = ? WHERE name=?",
+		true, "Owners")
+	return err
+}

models/org.go

@@ -53,6 +53,7 @@ func (org *User) GetOwnerTeam() (*Team, error) {
 }
 
 func (org *User) getTeams(e Engine) error {
+	org.Teams = nil
 	return e.
 		Where("org_id=?", org.ID).
 		OrderBy("CASE WHEN name LIKE '" + ownerTeamName + "' THEN '' ELSE name END").
@@ -151,11 +152,12 @@ func CreateOrganization(org, owner *User) (err error) {
 
 	// Create default owner team.
 	t := &Team{
-		OrgID:      org.ID,
-		LowerName:  strings.ToLower(ownerTeamName),
-		Name:       ownerTeamName,
-		Authorize:  AccessModeOwner,
-		NumMembers: 1,
+		OrgID:             org.ID,
+		LowerName:         strings.ToLower(ownerTeamName),
+		Name:              ownerTeamName,
+		Authorize:         AccessModeOwner,
+		NumMembers:        1,
+		IsAllRepositories: true,
 	}
 	if _, err = sess.Insert(t); err != nil {
 		return fmt.Errorf("insert owner team: %v", err)

models/org_team.go

@@ -21,17 +21,18 @@ const ownerTeamName = "Owners"
 
 // Team represents a organization team.
 type Team struct {
-	ID          int64 `xorm:"pk autoincr"`
-	OrgID       int64 `xorm:"INDEX"`
-	LowerName   string
-	Name        string
-	Description string
-	Authorize   AccessMode
-	Repos       []*Repository `xorm:"-"`
-	Members     []*User       `xorm:"-"`
-	NumRepos    int
-	NumMembers  int
-	Units       []*TeamUnit `xorm:"-"`
+	ID                int64 `xorm:"pk autoincr"`
+	OrgID             int64 `xorm:"INDEX"`
+	LowerName         string
+	Name              string
+	Description       string
+	Authorize         AccessMode
+	Repos             []*Repository `xorm:"-"`
+	Members           []*User       `xorm:"-"`
+	NumRepos          int
+	NumMembers        int
+	Units             []*TeamUnit `xorm:"-"`
+	IsAllRepositories bool        `xorm:"NOT NULL DEFAULT false"`
 }
 
 // ColorFormat provides a basic color format for a Team
@@ -87,6 +88,7 @@ func (t *Team) IsMember(userID int64) bool {
 }
 
 func (t *Team) getRepositories(e Engine) error {
+	t.Repos = nil
 	return e.Join("INNER", "team_repo", "repository.id = team_repo.repo_id").
 		Where("team_repo.team_id=?", t.ID).
 		OrderBy("repository.name").
@@ -158,6 +160,24 @@ func (t *Team) addRepository(e Engine, repo *Repository) (err error) {
 	return nil
 }
 
+// addAllRepositories adds all repositories to the team.
+// If the team already has some repositories they will be left unchanged.
+func (t *Team) addAllRepositories(e Engine) error {
+	err := e.Iterate(&Repository{OwnerID: t.OrgID}, func(i int, bean interface{}) error {
+		repo := bean.(*Repository)
+		if !t.hasRepository(e, repo.ID) {
+			if err := t.addRepository(e, repo); err != nil {
+				return fmt.Errorf("addRepository: %v", err)
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		return fmt.Errorf("Iterate organization repositories: %v", err)
+	}
+	return nil
+}
+
 // AddRepository adds new repository to team of organization.
 func (t *Team) AddRepository(repo *Repository) (err error) {
 	if repo.OwnerID != t.OrgID {
@@ -227,6 +247,10 @@ func (t *Team) RemoveRepository(repoID int64) error {
 		return nil
 	}
 
+	if t.IsAllRepositories {
+		return nil
+	}
+
 	repo, err := GetRepositoryByID(repoID)
 	if err != nil {
 		return err
@@ -324,6 +348,14 @@ func NewTeam(t *Team) (err error) {
 		}
 	}
 
+	// Add all repositories to the team if it has access to all of them.
+	if t.IsAllRepositories {
+		err = t.addAllRepositories(sess)
+		if err != nil {
+			return fmt.Errorf("addAllRepositories: %v", err)
+		}
+	}
+
 	// Update organization number of teams.
 	if _, err = sess.Exec("UPDATE `user` SET num_teams=num_teams+1 WHERE id = ?", t.OrgID); err != nil {
 		sess.Rollback()
@@ -430,6 +462,14 @@ func UpdateTeam(t *Team, authChanged bool) (err error) {
 		}
 	}
 
+	// Add all repositories to the team if it has access to all of them.
+	if t.IsAllRepositories {
+		err = t.addAllRepositories(sess)
+		if err != nil {
+			return fmt.Errorf("addAllRepositories: %v", err)
+		}
+	}
+
 	return sess.Commit()
 }
 

models/org_team_test.go

@@ -5,9 +5,12 @@
 package models
 
 import (
+	"fmt"
 	"strings"
 	"testing"
 
+	"code.gitea.io/gitea/modules/structs"
+
 	"github.com/stretchr/testify/assert"
 )
 
@@ -374,3 +377,115 @@ func TestUsersInTeamsCount(t *testing.T) {
 	test([]int64{1, 2, 3, 4, 5}, []int64{2, 5}, 2)
 	test([]int64{1, 2, 3, 4, 5}, []int64{2, 3, 5}, 3)
 }
+
+func TestAllRepositoriesTeams(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	// Get an admin user.
+	user, err := GetUserByID(1)
+	assert.NoError(t, err, "GetUserByID")
+
+	// Create org.
+	org := &User{
+		Name:       "All repo",
+		IsActive:   true,
+		Type:       UserTypeOrganization,
+		Visibility: structs.VisibleTypePublic,
+	}
+	assert.NoError(t, CreateOrganization(org, user), "CreateOrganization")
+
+	// Check Owner team.
+	ownerTeam, err := org.GetOwnerTeam()
+	assert.NoError(t, err, "GetOwnerTeam")
+	assert.True(t, ownerTeam.IsAllRepositories, "Owner team is all repositories")
+
+	// Create repos.
+	repoIds := make([]int64, 0)
+	for i := 1; i <= 3; i++ {
+		r, err := CreateRepository(user, org, CreateRepoOptions{Name: fmt.Sprintf("repo-%d", i)})
+		assert.NoError(t, err, "CreateRepository %d", i)
+		if r != nil {
+			repoIds = append(repoIds, r.ID)
+		}
+	}
+
+	// Create teams and check repo count.
+	teams := []*Team{
+		ownerTeam,
+		{
+			OrgID:             org.ID,
+			Name:              "team one",
+			Authorize:         AccessModeRead,
+			IsAllRepositories: true,
+		},
+		{
+			OrgID:             org.ID,
+			Name:              "team 2",
+			Authorize:         AccessModeRead,
+			IsAllRepositories: false,
+		},
+		{
+			OrgID:             org.ID,
+			Name:              "team three",
+			Authorize:         AccessModeWrite,
+			IsAllRepositories: true,
+		},
+		{
+			OrgID:             org.ID,
+			Name:              "team 4",
+			Authorize:         AccessModeWrite,
+			IsAllRepositories: false,
+		},
+	}
+	repoCounts := []int{3, 3, 0, 3, 0}
+	for i, team := range teams {
+		if i > 0 { // first team is Owner.
+			assert.NoError(t, NewTeam(team), "team %d: NewTeam", i)
+		}
+		assert.NoError(t, team.GetRepositories(), "team %d: GetRepositories", i)
+		assert.Equal(t, repoCounts[i], len(team.Repos), "team %d: repo count", i)
+	}
+
+	// Update teams and check repo count.
+	teams[3].IsAllRepositories = false
+	teams[4].IsAllRepositories = true
+	repoCounts[4] = 3
+	for i, team := range teams {
+		assert.NoError(t, UpdateTeam(team, false), "team %d: UpdateTeam", i)
+		assert.NoError(t, team.GetRepositories(), "team %d: GetRepositories", i)
+		assert.Equal(t, repoCounts[i], len(team.Repos), "team %d: repo count", i)
+	}
+
+	// Create repo and check teams repo count.
+	r, err := CreateRepository(user, org, CreateRepoOptions{Name: "repo-last"})
+	assert.NoError(t, err, "CreateRepository last")
+	if r != nil {
+		repoIds = append(repoIds, r.ID)
+	}
+	repoCounts[0] = 4
+	repoCounts[1] = 4
+	repoCounts[4] = 4
+	for i, team := range teams {
+		assert.NoError(t, team.GetRepositories(), "team %d: GetRepositories", i)
+		assert.Equal(t, repoCounts[i], len(team.Repos), "team %d: repo count", i)
+	}
+
+	// Remove repo and check teams repo count.
+	assert.NoError(t, DeleteRepository(user, org.ID, repoIds[0]), "DeleteRepository")
+	repoCounts[0] = 3
+	repoCounts[1] = 3
+	repoCounts[3] = 2
+	repoCounts[4] = 3
+	for i, team := range teams {
+		assert.NoError(t, team.GetRepositories(), "team %d: GetRepositories", i)
+		assert.Equal(t, repoCounts[i], len(team.Repos), "team %d: repo count", i)
+	}
+
+	// Wipe created items.
+	for i, rid := range repoIds {
+		if i > 0 { // first repo already deleted.
+			assert.NoError(t, DeleteRepository(user, org.ID, rid), "DeleteRepository %d", i)
+		}
+	}
+	assert.NoError(t, DeleteOrganization(org), "DeleteOrganization")
+}