From fffe57a211d0d853dd72b3eb527ca67ce785456c Mon Sep 17 00:00:00 2001 From: "vilet.yy" Date: Thu, 29 Apr 2021 17:36:36 +0800 Subject: [PATCH] fix: mirror project permission error --- app/controllers/users_controller.rb | 1 + app/models/concerns/project_operable.rb | 8 ++++++++ app/models/organization.rb | 7 +++++++ app/services/projects/migrate_service.rb | 2 ++ app/services/projects/transfer_service.rb | 5 ++--- app/services/repositories/create_service.rb | 11 +---------- lib/tasks/sync_org_project_permission.rake | 8 ++++++++ 7 files changed, 29 insertions(+), 13 deletions(-) create mode 100644 lib/tasks/sync_org_project_permission.rake diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 395a5a6d9..6d95e350a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -41,6 +41,7 @@ class UsersController < ApplicationController @user_composes_count = 0 user_organizations = User.current.logged? ? @user.organizations.with_visibility(%w(common limited)) + @user.organizations.with_visibility("privacy").joins(:team_users).where(team_users: {user_id: current_user.id}) : @user.organizations.with_visibility("common") @user_org_count = user_organizations.size + normal_projects = @user.projects user_projects = User.current.logged? && (User.current.admin? || User.current.login == @user.login) ? @user.projects : @user.projects.visible @projects_common_count = user_projects.common.size @projects_mirrior_count = user_projects.mirror.size diff --git a/app/models/concerns/project_operable.rb b/app/models/concerns/project_operable.rb index a4646f9ee..739ddf27c 100644 --- a/app/models/concerns/project_operable.rb +++ b/app/models/concerns/project_operable.rb @@ -11,6 +11,14 @@ module ProjectOperable has_many :team_projects, dependent: :destroy end + def set_owner_permission(creator) + return unless owner.is_a?(Organization) + owner.build_permit_team_projects!(id) + # 避免自己创建的项目,却无法拥有访问权,因为该用户所在团队暂未获得项目访问权 + return if creator.nil? || owner.is_owner?(creator.id) + add_member!(creator.id, "Manager") + end + def add_member!(user_id, role_name='Developer') member = members.create!(user_id: user_id) set_developer_role(member, role_name) diff --git a/app/models/organization.rb b/app/models/organization.rb index fbf3def79..1d7c24b8e 100644 --- a/app/models/organization.rb +++ b/app/models/organization.rb @@ -114,6 +114,13 @@ class Organization < Owner owner_team_users.pluck(:user_id).include?(user_id) && owner_team_users.size == 1 end + # 为包含组织所有项目的团队创建项目访问权限 + def build_permit_team_projects!(project_id) + teams.where(includes_all_project: true).each do |team| + TeamProject.build(id, team.id, project_id) + end + end + def real_name name = lastname + firstname name = name.blank? ? (nickname.blank? ? login : nickname) : name diff --git a/app/services/projects/migrate_service.rb b/app/services/projects/migrate_service.rb index d1e14088f..1eba03788 100644 --- a/app/services/projects/migrate_service.rb +++ b/app/services/projects/migrate_service.rb @@ -1,5 +1,6 @@ class Projects::MigrateService < ApplicationService attr_reader :user, :params + attr_accessor :project def initialize(user, params) @user = user @@ -11,6 +12,7 @@ class Projects::MigrateService < ApplicationService if @project.save! ProjectUnit.init_types(@project.id) Project.update_mirror_projects_count! + @project.set_owner_permission(user) Repositories::MigrateService.new(user, @project, repository_params).call else # diff --git a/app/services/projects/transfer_service.rb b/app/services/projects/transfer_service.rb index 4582a2103..a2da34f09 100644 --- a/app/services/projects/transfer_service.rb +++ b/app/services/projects/transfer_service.rb @@ -33,9 +33,8 @@ class Projects::TransferService < ApplicationService def update_visit_teams if new_owner.is_a?(Organization) - new_owner.teams.where(includes_all_project: true).each do |team| - TeamProject.build(new_owner.id, team.id, project.id) - end + # 为包含组织所有项目的团队创建项目访问权限 + new_owner.build_permit_team_projects(project.id) else project.team_projects.each(&:destroy!) end diff --git a/app/services/repositories/create_service.rb b/app/services/repositories/create_service.rb index 18e726440..c341429fe 100644 --- a/app/services/repositories/create_service.rb +++ b/app/services/repositories/create_service.rb @@ -15,6 +15,7 @@ class Repositories::CreateService < ApplicationService create_gitea_repository sync_project sync_repository + set_owner_permission(user) # if project.project_type == "common" # chain_params = { # type: "create", @@ -44,19 +45,9 @@ class Repositories::CreateService < ApplicationService @gitea_repository = Gitea::Repository::CreateService.new(user.gitea_token, gitea_repository_params).call elsif project.owner.is_a?(Organization) @gitea_repository = Gitea::Organization::Repository::CreateService.call(user.gitea_token, project.owner.login, gitea_repository_params) - project.owner.teams.each do |team| - next unless team.includes_all_project - TeamProject.build(project.user_id, team.id, project.id) - end - create_manager_member end end - def create_manager_member - return if project.owner.is_owner?(user.id) - project.add_member!(user.id, "Manager") - end - def sync_project if gitea_repository project.update_columns( diff --git a/lib/tasks/sync_org_project_permission.rake b/lib/tasks/sync_org_project_permission.rake new file mode 100644 index 000000000..5828d1c8a --- /dev/null +++ b/lib/tasks/sync_org_project_permission.rake @@ -0,0 +1,8 @@ +namespace :sync_org_project_permission do + desc "sync organization project team permissions" + task mirror: :environment do + Project.mirror.includes(:team_projects,:owner).where(team_projects: {id: nil}, users: {type: 'Organization'}).find_each do |project| + project.set_owner_permission(nil) + end + end +end \ No newline at end of file