Move user/org deletion to services (#17673)
parent
55be5fe339
commit
f34151bdb2
@ -0,0 +1,61 @@
|
||||
// Copyright 2021 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package org
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/modules/storage"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
)
|
||||
|
||||
// DeleteOrganization completely and permanently deletes everything of organization.
|
||||
func DeleteOrganization(org *models.User) error {
|
||||
if !org.IsOrganization() {
|
||||
return fmt.Errorf("%s is a user not an organization", org.Name)
|
||||
}
|
||||
|
||||
ctx, commiter, err := db.TxContext()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer commiter.Close()
|
||||
|
||||
// Check ownership of repository.
|
||||
count, err := models.GetRepositoryCount(ctx, org)
|
||||
if err != nil {
|
||||
return fmt.Errorf("GetRepositoryCount: %v", err)
|
||||
} else if count > 0 {
|
||||
return models.ErrUserOwnRepos{UID: org.ID}
|
||||
}
|
||||
|
||||
if err := models.DeleteOrganization(ctx, org); err != nil {
|
||||
return fmt.Errorf("DeleteOrganization: %v", err)
|
||||
}
|
||||
|
||||
if err := commiter.Commit(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// FIXME: system notice
|
||||
// Note: There are something just cannot be roll back,
|
||||
// so just keep error logs of those operations.
|
||||
path := models.UserPath(org.Name)
|
||||
|
||||
if err := util.RemoveAll(path); err != nil {
|
||||
return fmt.Errorf("Failed to RemoveAll %s: %v", path, err)
|
||||
}
|
||||
|
||||
if len(org.Avatar) > 0 {
|
||||
avatarPath := org.CustomAvatarRelativePath()
|
||||
if err := storage.Avatars.Delete(avatarPath); err != nil {
|
||||
return fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
@ -0,0 +1,37 @@
|
||||
// Copyright 2021 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package org
|
||||
|
||||
import (
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
unittest.MainTest(m, filepath.Join("..", ".."))
|
||||
}
|
||||
|
||||
func TestDeleteOrganization(t *testing.T) {
|
||||
assert.NoError(t, unittest.PrepareTestDatabase())
|
||||
org := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 6}).(*models.User)
|
||||
assert.NoError(t, DeleteOrganization(org))
|
||||
unittest.AssertNotExistsBean(t, &models.User{ID: 6})
|
||||
unittest.AssertNotExistsBean(t, &models.OrgUser{OrgID: 6})
|
||||
unittest.AssertNotExistsBean(t, &models.Team{OrgID: 6})
|
||||
|
||||
org = unittest.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)
|
||||
err := DeleteOrganization(org)
|
||||
assert.Error(t, err)
|
||||
assert.True(t, models.IsErrUserOwnRepos(err))
|
||||
|
||||
user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 5}).(*models.User)
|
||||
assert.Error(t, DeleteOrganization(user))
|
||||
unittest.CheckConsistencyFor(t, &models.User{}, &models.Team{})
|
||||
}
|
@ -0,0 +1,106 @@
|
||||
// Copyright 2021 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package user
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
admin_model "code.gitea.io/gitea/models/admin"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/storage"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
)
|
||||
|
||||
// DeleteUser completely and permanently deletes everything of a user,
|
||||
// but issues/comments/pulls will be kept and shown as someone has been deleted,
|
||||
// unless the user is younger than USER_DELETE_WITH_COMMENTS_MAX_DAYS.
|
||||
func DeleteUser(u *models.User) error {
|
||||
if u.IsOrganization() {
|
||||
return fmt.Errorf("%s is an organization not a user", u.Name)
|
||||
}
|
||||
|
||||
ctx, commiter, err := db.TxContext()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer commiter.Close()
|
||||
|
||||
// Note: A user owns any repository or belongs to any organization
|
||||
// cannot perform delete operation.
|
||||
|
||||
// Check ownership of repository.
|
||||
count, err := models.GetRepositoryCount(ctx, u)
|
||||
if err != nil {
|
||||
return fmt.Errorf("GetRepositoryCount: %v", err)
|
||||
} else if count > 0 {
|
||||
return models.ErrUserOwnRepos{UID: u.ID}
|
||||
}
|
||||
|
||||
// Check membership of organization.
|
||||
count, err = models.GetOrganizationCount(ctx, u)
|
||||
if err != nil {
|
||||
return fmt.Errorf("GetOrganizationCount: %v", err)
|
||||
} else if count > 0 {
|
||||
return models.ErrUserHasOrgs{UID: u.ID}
|
||||
}
|
||||
|
||||
if err := models.DeleteUser(ctx, u); err != nil {
|
||||
return fmt.Errorf("DeleteUser: %v", err)
|
||||
}
|
||||
|
||||
if err := commiter.Commit(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Note: There are something just cannot be roll back,
|
||||
// so just keep error logs of those operations.
|
||||
path := models.UserPath(u.Name)
|
||||
if err := util.RemoveAll(path); err != nil {
|
||||
err = fmt.Errorf("Failed to RemoveAll %s: %v", path, err)
|
||||
_ = admin_model.CreateNotice(db.DefaultContext, admin_model.NoticeTask, fmt.Sprintf("delete user '%s': %v", u.Name, err))
|
||||
return err
|
||||
}
|
||||
|
||||
if u.Avatar != "" {
|
||||
avatarPath := u.CustomAvatarRelativePath()
|
||||
if err := storage.Avatars.Delete(avatarPath); err != nil {
|
||||
err = fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
|
||||
_ = admin_model.CreateNotice(db.DefaultContext, admin_model.NoticeTask, fmt.Sprintf("delete user '%s': %v", u.Name, err))
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeleteInactiveUsers deletes all inactive users and email addresses.
|
||||
func DeleteInactiveUsers(ctx context.Context, olderThan time.Duration) error {
|
||||
users, err := models.GetInactiveUsers(ctx, olderThan)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// FIXME: should only update authorized_keys file once after all deletions.
|
||||
for _, u := range users {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return db.ErrCancelledf("Before delete inactive user %s", u.Name)
|
||||
default:
|
||||
}
|
||||
if err := DeleteUser(u); err != nil {
|
||||
// Ignore users that were set inactive by admin.
|
||||
if models.IsErrUserOwnRepos(err) || models.IsErrUserHasOrgs(err) {
|
||||
continue
|
||||
}
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return user_model.DeleteInactiveEmailAddresses(ctx)
|
||||
}
|
@ -0,0 +1,101 @@
|
||||
// Copyright 2021 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package user
|
||||
|
||||
import (
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
unittest.MainTest(m, filepath.Join("..", ".."))
|
||||
}
|
||||
|
||||
func TestDeleteUser(t *testing.T) {
|
||||
test := func(userID int64) {
|
||||
assert.NoError(t, unittest.PrepareTestDatabase())
|
||||
user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: userID}).(*models.User)
|
||||
|
||||
ownedRepos := make([]*models.Repository, 0, 10)
|
||||
assert.NoError(t, db.GetEngine(db.DefaultContext).Find(&ownedRepos, &models.Repository{OwnerID: userID}))
|
||||
if len(ownedRepos) > 0 {
|
||||
err := DeleteUser(user)
|
||||
assert.Error(t, err)
|
||||
assert.True(t, models.IsErrUserOwnRepos(err))
|
||||
return
|
||||
}
|
||||
|
||||
orgUsers := make([]*models.OrgUser, 0, 10)
|
||||
assert.NoError(t, db.GetEngine(db.DefaultContext).Find(&orgUsers, &models.OrgUser{UID: userID}))
|
||||
for _, orgUser := range orgUsers {
|
||||
if err := models.RemoveOrgUser(orgUser.OrgID, orgUser.UID); err != nil {
|
||||
assert.True(t, models.IsErrLastOrgOwner(err))
|
||||
return
|
||||
}
|
||||
}
|
||||
assert.NoError(t, DeleteUser(user))
|
||||
unittest.AssertNotExistsBean(t, &models.User{ID: userID})
|
||||
unittest.CheckConsistencyFor(t, &models.User{}, &models.Repository{})
|
||||
}
|
||||
test(2)
|
||||
test(4)
|
||||
test(8)
|
||||
test(11)
|
||||
|
||||
org := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)
|
||||
assert.Error(t, DeleteUser(org))
|
||||
}
|
||||
|
||||
func TestCreateUser(t *testing.T) {
|
||||
user := &models.User{
|
||||
Name: "GiteaBot",
|
||||
Email: "GiteaBot@gitea.io",
|
||||
Passwd: ";p['////..-++']",
|
||||
IsAdmin: false,
|
||||
Theme: setting.UI.DefaultTheme,
|
||||
MustChangePassword: false,
|
||||
}
|
||||
|
||||
assert.NoError(t, models.CreateUser(user))
|
||||
|
||||
assert.NoError(t, DeleteUser(user))
|
||||
}
|
||||
|
||||
func TestCreateUser_Issue5882(t *testing.T) {
|
||||
// Init settings
|
||||
_ = setting.Admin
|
||||
|
||||
passwd := ".//.;1;;//.,-=_"
|
||||
|
||||
tt := []struct {
|
||||
user *models.User
|
||||
disableOrgCreation bool
|
||||
}{
|
||||
{&models.User{Name: "GiteaBot", Email: "GiteaBot@gitea.io", Passwd: passwd, MustChangePassword: false}, false},
|
||||
{&models.User{Name: "GiteaBot2", Email: "GiteaBot2@gitea.io", Passwd: passwd, MustChangePassword: false}, true},
|
||||
}
|
||||
|
||||
setting.Service.DefaultAllowCreateOrganization = true
|
||||
|
||||
for _, v := range tt {
|
||||
setting.Admin.DisableRegularOrgCreation = v.disableOrgCreation
|
||||
|
||||
assert.NoError(t, models.CreateUser(v.user))
|
||||
|
||||
u, err := models.GetUserByEmail(v.user.Email)
|
||||
assert.NoError(t, err)
|
||||
|
||||
assert.Equal(t, !u.AllowCreateOrganization, v.disableOrgCreation)
|
||||
|
||||
assert.NoError(t, DeleteUser(v.user))
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue