Team permission to create repository in organization (#8312)

* Add team permission setting to allow creating repo in organization. Signed-off-by: David Svantesson <davidsvantesson@gmail.com> * Add test case for creating repo when have team creation access. Signed-off-by: David Svantesson <davidsvantesson@gmail.com> * build error: should omit comparison to bool constant Signed-off-by: David Svantesson <davidsvantesson@gmail.com> * Add comment on exported functions * Fix fixture consistency, fix existing unit tests * Fix boolean comparison in xorm query. * addCollaborator and changeCollaborationAccessMode separate steps More clear to use different if-cases. * Create and commit xorm session * fix * Add information of create repo permission in team sidebar * Add migration step * Clarify that repository creator will be administrator. * Fix some things after merge * Fix language text that use html * migrations file * Create repository permission -> Create repositories * fix merge * fix review comments
2019-11-20 12:27:49 +01:00
parent 35c3ea952a
commit 69a255defb
27 changed files with 252 additions and 63 deletions
--- a/models/org.go
+++ b/models/org.go
@ -29,6 +29,11 @@ func (org *User) IsOrgMember(uid int64) (bool, error) {
 	return IsOrganizationMember(org.ID, uid)
 }

+// CanCreateOrgRepo returns true if given user can create repo in organization
+func (org *User) CanCreateOrgRepo(uid int64) (bool, error) {
+	return CanCreateOrgRepo(org.ID, uid)
+}
+
 func (org *User) getTeam(e Engine, name string) (*Team, error) {
 	return getTeam(e, org.ID, name)
 }
@ -158,6 +163,7 @@ func CreateOrganization(org, owner *User) (err error) {
 		Authorize:               AccessModeOwner,
 		NumMembers:              1,
 		IncludesAllRepositories: true,
+		CanCreateOrgRepo:        true,
 	}
 	if _, err = sess.Insert(t); err != nil {
 		return fmt.Errorf("insert owner team: %v", err)
@ -339,6 +345,19 @@ func IsPublicMembership(orgID, uid int64) (bool, error) {
 		Exist()
 }

+// CanCreateOrgRepo returns true if user can create repo in organization
+func CanCreateOrgRepo(orgID, uid int64) (bool, error) {
+	if owner, err := IsOrganizationOwner(orgID, uid); owner || err != nil {
+		return owner, err
+	}
+	return x.
+		Where(builder.Eq{"team.can_create_org_repo": true}).
+		Join("INNER", "team_user", "team_user.team_id = team.id").
+		And("team_user.uid = ?", uid).
+		And("team_user.org_id = ?", orgID).
+		Exist(new(Team))
+}
+
 func getOrgsByUserID(sess *xorm.Session, userID int64, showAll bool) ([]*User, error) {
 	orgs := make([]*User, 0, 10)
 	if !showAll {
@ -418,6 +437,19 @@ func GetOwnedOrgsByUserIDDesc(userID int64, desc string) ([]*User, error) {
 	return getOwnedOrgsByUserID(x.Desc(desc), userID)
 }

+// GetOrgsCanCreateRepoByUserID returns a list of organizations where given user ID
+// are allowed to create repos.
+func GetOrgsCanCreateRepoByUserID(userID int64) ([]*User, error) {
+	orgs := make([]*User, 0, 10)
+
+	return orgs, x.Join("INNER", "`team_user`", "`team_user`.org_id=`user`.id").
+		Join("INNER", "`team`", "`team`.id=`team_user`.team_id").
+		Where("`team_user`.uid=?", userID).
+		And(builder.Eq{"`team`.authorize": AccessModeOwner}.Or(builder.Eq{"`team`.can_create_org_repo": true})).
+		Desc("`user`.updated_unix").
+		Find(&orgs)
+}
+
 // GetOrgUsersByUserID returns all organization-user relations by user ID.
 func GetOrgUsersByUserID(uid int64, all bool) ([]*OrgUser, error) {
 	ous := make([]*OrgUser, 0, 10)