59a17e5a34
user, topic, project, label, milestone, repository, pull_request, release, asset, comment, reaction, review providers Signed-off-by: Earl Warren <contact@earl-warren.org> Preserve file size when creating attachments Introduced inc6f5029708
repoList.LoadAttributes has a ctx argument now Rename `repo.GetOwner` to `repo.LoadOwner`bd66fa586a
upgrade to the latest gof3 (cherry picked from commitc770713656
) [F3] ID remapping logic is in place, remove workaround (cherry picked from commitd0fee30167
) [F3] it is experimental, do not enable by default (cherry picked from commitde325b21d0
) (cherry picked from commit547e7b3c40
) (cherry picked from commit820df3a56b
) (cherry picked from commiteaba87689b
) (cherry picked from commit1b86896b3b
) (cherry picked from commit0046aac1c6
) (cherry picked from commitf14220df8f
) (cherry picked from commit559b731001
) (cherry picked from commit801f7d600d
) (cherry picked from commit6aa76e9bcf
) (cherry picked from commita8757dcb07
) [F3] promote F3 users to matching OAuth2 users on first sign-in (cherry picked from commitbd7fef7496
) (cherry picked from commit07412698e8
) (cherry picked from commitd143e5b2a3
) [F3] upgrade to gof3 50a6e740ac04 Add new methods GetIDString() & SetIDString() & ToFormatInterface() Change the prototype of the fixture function (cherry picked from commitd7b263ff8b
) (cherry picked from commitb3eaf2249d
) (cherry picked from commitd492ddd9bb
) [F3] add GetLocalMatchingRemote with a default implementation (cherry picked from commit0a22015039
) (cherry picked from commitf1310c38fb
) (cherry picked from commitdeb68552f2
) [F3] GetLocalMatchingRemote for user (cherry picked from commite73cb837f5
) (cherry picked from commita24bc0b85e
) (cherry picked from commit846a522ecc
) [F3] GetAdminUser now has a ctx argument (cherry picked from commit37357a92af
) (cherry picked from commit660bc1673c
) (cherry picked from commit72d692a767
) [F3] introduce UserTypeF3 To avoid conflicts should UserTypeRemoteUser be used differently by Gitea (cherry picked from commit6de2701bb3
) [F3] user.Put: idempotency (cherry picked from commit821e38573c
) (cherry picked from commitf7638f5414
) [F3] upgrade to urfave v2 (cherry picked from commitcc3dbdfd1d
) [F3] update gof3 (cherry picked from commit2eee960751
) [F3] move f3 under forgejo-cli * simplify the tests by re-using the forgejo-cli helpers to capture the output * unify CmdF3 to be structured in the same way CmdActions is (cherry picked from commit4c9fe58b74
) [F3] replace f3 with forgejo-cli f3 (cherry picked from commit7ba7ceef1b
) [F3] s/ListOptions/Paginator/ [F3] user: add unit tests [F3] user comparison of F3 managed users is on content [F3] issue: add unit tests [F3] gof3 now has one more argument to Put() [F3] re-use gof3 unit tests for the driver (cherry picked from commitaf7ee6200c
) Conflicts: tests/integration/integration_test.go because of some code removed in forgejo-development, trivial context conflict resolution [F3] more idempotent tests (#1275) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1275 Co-authored-by: Loïc Dachary <loic@dachary.org> Co-committed-by: Loïc Dachary <loic@dachary.org> [F3] tests: do SQL update if nothing changes [F3] tests comment idempotence [F3] tests milestone idempotence [F3] tests pull_request idempotence [F3] tests release idempotence [F3] tests asset idempotence [F3] tests project idempotence [F3] tests review idempotence (cherry picked from commit91038bb4e8
) (cherry picked from commita7d2a65214
)
161 lines
4.9 KiB
Go
161 lines
4.9 KiB
Go
// Copyright 2021 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package user
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"code.gitea.io/gitea/models/db"
|
|
"code.gitea.io/gitea/modules/structs"
|
|
"code.gitea.io/gitea/modules/util"
|
|
|
|
"xorm.io/builder"
|
|
"xorm.io/xorm"
|
|
)
|
|
|
|
// SearchUserOptions contains the options for searching
|
|
type SearchUserOptions struct {
|
|
db.ListOptions
|
|
|
|
Keyword string
|
|
Type UserType
|
|
UID int64
|
|
LoginName string // this option should be used only for admin user
|
|
SourceID int64 // this option should be used only for admin user
|
|
OrderBy db.SearchOrderBy
|
|
Visible []structs.VisibleType
|
|
Actor *User // The user doing the search
|
|
SearchByEmail bool // Search by email as well as username/full name
|
|
|
|
IsActive util.OptionalBool
|
|
IsAdmin util.OptionalBool
|
|
IsRestricted util.OptionalBool
|
|
IsTwoFactorEnabled util.OptionalBool
|
|
IsProhibitLogin util.OptionalBool
|
|
|
|
ExtraParamStrings map[string]string
|
|
}
|
|
|
|
func (opts *SearchUserOptions) toSearchQueryBase() *xorm.Session {
|
|
var cond builder.Cond
|
|
if opts.Type == UserTypeIndividual {
|
|
cond = builder.In("type", UserTypeIndividual, UserTypeF3)
|
|
} else {
|
|
cond = builder.Eq{"type": opts.Type}
|
|
}
|
|
if len(opts.Keyword) > 0 {
|
|
lowerKeyword := strings.ToLower(opts.Keyword)
|
|
keywordCond := builder.Or(
|
|
builder.Like{"lower_name", lowerKeyword},
|
|
builder.Like{"LOWER(full_name)", lowerKeyword},
|
|
)
|
|
if opts.SearchByEmail {
|
|
keywordCond = keywordCond.Or(builder.Like{"LOWER(email)", lowerKeyword})
|
|
}
|
|
|
|
cond = cond.And(keywordCond)
|
|
}
|
|
|
|
// If visibility filtered
|
|
if len(opts.Visible) > 0 {
|
|
cond = cond.And(builder.In("visibility", opts.Visible))
|
|
}
|
|
|
|
cond = cond.And(BuildCanSeeUserCondition(opts.Actor))
|
|
|
|
if opts.UID > 0 {
|
|
cond = cond.And(builder.Eq{"id": opts.UID})
|
|
}
|
|
|
|
if opts.SourceID > 0 {
|
|
cond = cond.And(builder.Eq{"login_source": opts.SourceID})
|
|
}
|
|
if opts.LoginName != "" {
|
|
cond = cond.And(builder.Eq{"login_name": opts.LoginName})
|
|
}
|
|
|
|
if !opts.IsActive.IsNone() {
|
|
cond = cond.And(builder.Eq{"is_active": opts.IsActive.IsTrue()})
|
|
}
|
|
|
|
if !opts.IsAdmin.IsNone() {
|
|
cond = cond.And(builder.Eq{"is_admin": opts.IsAdmin.IsTrue()})
|
|
}
|
|
|
|
if !opts.IsRestricted.IsNone() {
|
|
cond = cond.And(builder.Eq{"is_restricted": opts.IsRestricted.IsTrue()})
|
|
}
|
|
|
|
if !opts.IsProhibitLogin.IsNone() {
|
|
cond = cond.And(builder.Eq{"prohibit_login": opts.IsProhibitLogin.IsTrue()})
|
|
}
|
|
|
|
e := db.GetEngine(db.DefaultContext)
|
|
if opts.IsTwoFactorEnabled.IsNone() {
|
|
return e.Where(cond)
|
|
}
|
|
|
|
// 2fa filter uses LEFT JOIN to check whether a user has a 2fa record
|
|
// While using LEFT JOIN, sometimes the performance might not be good, but it won't be a problem now, such SQL is seldom executed.
|
|
// There are some possible methods to refactor this SQL in future when we really need to optimize the performance (but not now):
|
|
// (1) add a column in user table (2) add a setting value in user_setting table (3) use search engines (bleve/elasticsearch)
|
|
if opts.IsTwoFactorEnabled.IsTrue() {
|
|
cond = cond.And(builder.Expr("two_factor.uid IS NOT NULL"))
|
|
} else {
|
|
cond = cond.And(builder.Expr("two_factor.uid IS NULL"))
|
|
}
|
|
|
|
return e.Join("LEFT OUTER", "two_factor", "two_factor.uid = `user`.id").
|
|
Where(cond)
|
|
}
|
|
|
|
// SearchUsers takes options i.e. keyword and part of user name to search,
|
|
// it returns results in given range and number of total results.
|
|
func SearchUsers(opts *SearchUserOptions) (users []*User, _ int64, _ error) {
|
|
sessCount := opts.toSearchQueryBase()
|
|
defer sessCount.Close()
|
|
count, err := sessCount.Count(new(User))
|
|
if err != nil {
|
|
return nil, 0, fmt.Errorf("Count: %w", err)
|
|
}
|
|
|
|
if len(opts.OrderBy) == 0 {
|
|
opts.OrderBy = db.SearchOrderByAlphabetically
|
|
}
|
|
|
|
sessQuery := opts.toSearchQueryBase().OrderBy(opts.OrderBy.String())
|
|
defer sessQuery.Close()
|
|
if opts.Page != 0 {
|
|
sessQuery = db.SetSessionPagination(sessQuery, opts)
|
|
}
|
|
|
|
// the sql may contain JOIN, so we must only select User related columns
|
|
sessQuery = sessQuery.Select("`user`.*")
|
|
users = make([]*User, 0, opts.PageSize)
|
|
return users, count, sessQuery.Find(&users)
|
|
}
|
|
|
|
// BuildCanSeeUserCondition creates a condition which can be used to restrict results to users/orgs the actor can see
|
|
func BuildCanSeeUserCondition(actor *User) builder.Cond {
|
|
if actor != nil {
|
|
// If Admin - they see all users!
|
|
if !actor.IsAdmin {
|
|
// Users can see an organization they are a member of
|
|
cond := builder.In("`user`.id", builder.Select("org_id").From("org_user").Where(builder.Eq{"uid": actor.ID}))
|
|
if !actor.IsRestricted {
|
|
// Not-Restricted users can see public and limited users/organizations
|
|
cond = cond.Or(builder.In("`user`.visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))
|
|
}
|
|
// Don't forget about self
|
|
return cond.Or(builder.Eq{"`user`.id": actor.ID})
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Force visibility for privacy
|
|
// Not logged in - only public users
|
|
return builder.In("`user`.visibility", structs.VisibleTypePublic)
|
|
}
|