fix: mirror project permission error

2021-04-29 17:36:36 +08:00 · 2021-04-29 17:36:36 +08:00 · fffe57a211
parent b673747475
commit fffe57a211
7 changed files with 29 additions and 13 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -41,6 +41,7 @@ class UsersController < ApplicationController
      @user_composes_count = 0
      user_organizations =  User.current.logged? ? @user.organizations.with_visibility(%w(common limited)) + @user.organizations.with_visibility("privacy").joins(:team_users).where(team_users: {user_id: current_user.id}) : @user.organizations.with_visibility("common")
      @user_org_count = user_organizations.size
+      normal_projects = @user.projects
      user_projects = User.current.logged? && (User.current.admin? ||  User.current.login == @user.login) ? @user.projects : @user.projects.visible
      @projects_common_count = user_projects.common.size
      @projects_mirrior_count = user_projects.mirror.size
--- a/app/models/concerns/project_operable.rb
+++ b/app/models/concerns/project_operable.rb
@ -11,6 +11,14 @@ module ProjectOperable
    has_many :team_projects, dependent: :destroy
  end

+  def set_owner_permission(creator)
+    return unless owner.is_a?(Organization)
+    owner.build_permit_team_projects!(id)
+    # 避免自己创建的项目，却无法拥有访问权，因为该用户所在团队暂未获得项目访问权
+    return if creator.nil? || owner.is_owner?(creator.id)
+    add_member!(creator.id, "Manager")
+  end
+
  def add_member!(user_id, role_name='Developer')
    member = members.create!(user_id: user_id)
    set_developer_role(member, role_name)
--- a/app/models/organization.rb
+++ b/app/models/organization.rb
@ -114,6 +114,13 @@ class Organization < Owner
    owner_team_users.pluck(:user_id).include?(user_id) && owner_team_users.size == 1
  end

+  # 为包含组织所有项目的团队创建项目访问权限
+  def build_permit_team_projects!(project_id)
+    teams.where(includes_all_project: true).each do |team|
+      TeamProject.build(id, team.id, project_id)
+    end
+  end
+
  def real_name
    name = lastname + firstname
    name = name.blank? ? (nickname.blank? ? login : nickname) : name
--- a/app/services/projects/migrate_service.rb
+++ b/app/services/projects/migrate_service.rb
@ -1,5 +1,6 @@
 class Projects::MigrateService < ApplicationService
  attr_reader :user, :params
+  attr_accessor :project

  def initialize(user, params)
    @user    = user
@ -11,6 +12,7 @@ class Projects::MigrateService < ApplicationService
    if @project.save!
      ProjectUnit.init_types(@project.id)
      Project.update_mirror_projects_count!
+      @project.set_owner_permission(user)
      Repositories::MigrateService.new(user, @project, repository_params).call
    else
      #
--- a/app/services/projects/transfer_service.rb
+++ b/app/services/projects/transfer_service.rb
@ -33,9 +33,8 @@ class Projects::TransferService < ApplicationService

  def update_visit_teams
    if new_owner.is_a?(Organization)
-      new_owner.teams.where(includes_all_project: true).each do |team|
-        TeamProject.build(new_owner.id, team.id, project.id)
-      end
+      # 为包含组织所有项目的团队创建项目访问权限
+      new_owner.build_permit_team_projects(project.id)
    else
      project.team_projects.each(&:destroy!)
    end
--- a/app/services/repositories/create_service.rb
+++ b/app/services/repositories/create_service.rb
@ -15,6 +15,7 @@ class Repositories::CreateService < ApplicationService
        create_gitea_repository
        sync_project
        sync_repository
+        set_owner_permission(user)
        # if project.project_type == "common"
        #   chain_params = {
        #     type: "create",
@ -44,19 +45,9 @@ class Repositories::CreateService < ApplicationService
      @gitea_repository = Gitea::Repository::CreateService.new(user.gitea_token, gitea_repository_params).call
    elsif project.owner.is_a?(Organization)
      @gitea_repository = Gitea::Organization::Repository::CreateService.call(user.gitea_token, project.owner.login, gitea_repository_params)
-      project.owner.teams.each do |team|
-        next unless team.includes_all_project
-        TeamProject.build(project.user_id, team.id, project.id)
-      end
-      create_manager_member
    end
  end

-  def create_manager_member
-    return if project.owner.is_owner?(user.id)
-    project.add_member!(user.id, "Manager")
-  end
-
  def sync_project
    if gitea_repository
      project.update_columns(
--- a/lib/tasks/sync_org_project_permission.rake
+++ b/lib/tasks/sync_org_project_permission.rake
@ -0,0 +1,8 @@
+namespace :sync_org_project_permission do 
+  desc "sync organization project team permissions"
+  task mirror: :environment do 
+    Project.mirror.includes(:team_projects,:owner).where(team_projects: {id: nil}, users: {type: 'Organization'}).find_each do |project| 
+      project.set_owner_permission(nil)
+    end
+  end
+end