Merge pull request #2530 from fnkr/hide-other-teams-repos-from-org-page

Hide other teams & repos from organization page

cmd/web.go

@@ -350,11 +350,14 @@ func runWeb(ctx *cli.Context) {
 			m.Get("/members/action/:action", org.MembersAction)
 
 			m.Get("/teams", org.Teams)
+		}, middleware.OrgAssignment(true))
+
+		m.Group("/:org", func() {
 			m.Get("/teams/:team", org.TeamMembers)
 			m.Get("/teams/:team/repositories", org.TeamRepositories)
 			m.Route("/teams/:team/action/:action", "GET,POST", org.TeamsAction)
 			m.Route("/teams/:team/action/repo/:action", "GET,POST", org.TeamsRepoAction)
-		}, middleware.OrgAssignment(true))
+		}, middleware.OrgAssignment(true, false, true))
 
 		m.Group("/:org", func() {
 			m.Get("/teams/new", org.NewTeam)

models/org.go

@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"os"
 	"strings"
+	"strconv"
 
 	"github.com/go-xorm/xorm"
 )
@@ -1048,3 +1049,59 @@ func removeOrgRepo(e Engine, orgID, repoID int64) error {
 func RemoveOrgRepo(orgID, repoID int64) error {
 	return removeOrgRepo(x, orgID, repoID)
 }
+
+// GetUserRepositories gets all repositories of an organization,
+// that the user with the given userID has access to.
+func (org *User) GetUserRepositories(userID int64) (err error) {
+	teams := make([]*Team, 0, 10)
+	if err := x.Cols("`team`.id").
+				Where("`team_user`.org_id=?", org.Id).
+				And("`team_user`.uid=?", userID).
+				Join("INNER", "`team_user`", "`team_user`.team_id=`team`.id").
+				Find(&teams); err != nil {
+		return fmt.Errorf("getUserRepositories: get teams: %v", err)
+	}
+
+	var teamIDs []string
+	for _, team := range teams {
+		teamIDs = append(teamIDs, strconv.FormatInt(team.ID, 10))
+	}
+	if len(teamIDs) == 0 {
+		// user has no team but "IN ()" is invalid SQL
+		teamIDs = append(teamIDs, "-1")  // there is no repo with id=-1
+	}
+
+	// Due to a bug in xorm using IN() together with OR() is impossible.
+	// As a workaround, we have to build the IN statement on our own, until this is fixed.
+	// https://github.com/go-xorm/xorm/issues/342
+
+	if err := x.Cols("`repository`.*").
+				Join("INNER", "`team_repo`", "`team_repo`.repo_id=`repository`.id").
+				Where("`repository`.owner_id=?", org.Id).
+				And("`repository`.is_private=?", false).
+				Or("`team_repo`.team_id=(?)", strings.Join(teamIDs, ",")).
+				GroupBy("`repository`.id").
+				Find(&org.Repos); err != nil {
+		return fmt.Errorf("getUserRepositories: get repositories: %v", err)
+	}
+
+	org.NumRepos = len(org.Repos)
+
+	return
+}
+
+// GetTeams returns all teams that belong to organization,
+// and that the user has joined.
+func (org *User) GetUserTeams(userID int64) (err error) {
+	if err := x.Cols("`team`.*").
+				Where("`team_user`.org_id=?", org.Id).
+				And("`team_user`.uid=?", userID).
+				Join("INNER", "`team_user`", "`team_user`.team_id=`team`.id").
+				Find(&org.Teams); err != nil {
+		return fmt.Errorf("getUserTeams: %v", err)
+	}
+
+	org.NumTeams = len(org.Teams)
+
+	return
+}

modules/middleware/context.go

@@ -65,7 +65,8 @@ type Context struct {
 	Org struct {
 		IsOwner      bool
 		IsMember     bool
-		IsAdminTeam  bool // In owner team or team that has admin permission level.
+		IsTeamMember bool // Is member of team.
+		IsTeamAdmin  bool // In owner team or team that has admin permission level.
 		Organization *models.User
 		OrgLink      string
 

modules/middleware/org.go

@@ -5,6 +5,8 @@
 package middleware
 
 import (
+	"strings"
+
 	"gopkg.in/macaron.v1"
 
 	"github.com/gogits/gogs/models"
@@ -13,9 +15,10 @@ import (
 
 func HandleOrgAssignment(ctx *Context, args ...bool) {
 	var (
-		requireMember    bool
-		requireOwner     bool
-		requireAdminTeam bool
+		requireMember     bool
+		requireOwner      bool
+		requireTeamMember bool
+		requireTeamAdmin  bool
 	)
 	if len(args) >= 1 {
 		requireMember = args[0]
@@ -24,7 +27,10 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 		requireOwner = args[1]
 	}
 	if len(args) >= 3 {
-		requireAdminTeam = args[2]
+		requireTeamMember = args[2]
+	}
+	if len(args) >= 4 {
+		requireTeamAdmin = args[3]
 	}
 
 	orgName := ctx.Params(":org")
@@ -52,12 +58,14 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 	if ctx.IsSigned && ctx.User.IsAdmin {
 		ctx.Org.IsOwner = true
 		ctx.Org.IsMember = true
-		ctx.Org.IsAdminTeam = true
+		ctx.Org.IsTeamMember = true
+		ctx.Org.IsTeamAdmin = true
 	} else if ctx.IsSigned {
 		ctx.Org.IsOwner = org.IsOwnedBy(ctx.User.Id)
 		if ctx.Org.IsOwner {
 			ctx.Org.IsMember = true
-			ctx.Org.IsAdminTeam = true
+			ctx.Org.IsTeamMember = true
+			ctx.Org.IsTeamAdmin = true
 		} else {
 			if org.IsOrgMember(ctx.User.Id) {
 				ctx.Org.IsMember = true
@@ -79,24 +87,51 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 	ctx.Data["OrgLink"] = ctx.Org.OrgLink
 
 	// Team.
+	if ctx.Org.IsMember {
+		if ctx.Org.IsOwner {
+			if err := org.GetTeams(); err != nil {
+				ctx.Handle(500, "GetUserTeams", err)
+				return
+			}
+		} else {
+			if err := org.GetUserTeams(ctx.User.Id); err != nil {
+				ctx.Handle(500, "GetUserTeams", err)
+				return
+			}
+		}
+	}
+
 	teamName := ctx.Params(":team")
 	if len(teamName) > 0 {
-		ctx.Org.Team, err = org.GetTeam(teamName)
-		if err != nil {
-			if err == models.ErrTeamNotExist {
-				ctx.Handle(404, "GetTeam", err)
-			} else {
-				ctx.Handle(500, "GetTeam", err)
+		teamExists := false
+		for _, team := range org.Teams {
+
+			if strings.ToLower(team.Name) == strings.ToLower(teamName) {
+				teamExists = true
+				ctx.Org.Team = team
+				ctx.Org.IsTeamMember = true
+				ctx.Data["Team"] = ctx.Org.Team
+				break
 			}
+		}
+
+		if !teamExists {
+			ctx.Handle(404, "OrgAssignment", err)
+			return
+		}
+
+		ctx.Data["IsTeamMember"] = ctx.Org.IsTeamMember
+		if requireTeamMember && !ctx.Org.IsTeamMember {
+			ctx.Handle(404, "OrgAssignment", err)
+			return
+		}
+
+		ctx.Org.IsTeamAdmin = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.ACCESS_MODE_ADMIN
+		ctx.Data["IsTeamAdmin"] = ctx.Org.IsTeamAdmin
+		if requireTeamAdmin && !ctx.Org.IsTeamAdmin {
+			ctx.Handle(404, "OrgAssignment", err)
 			return
 		}
-		ctx.Data["Team"] = ctx.Org.Team
-		ctx.Org.IsAdminTeam = ctx.Org.Team.IsOwnerTeam() || ctx.Org.Team.Authorize >= models.ACCESS_MODE_ADMIN
-	}
-	ctx.Data["IsAdminTeam"] = ctx.Org.IsAdminTeam
-	if requireAdminTeam && !ctx.Org.IsAdminTeam {
-		ctx.Handle(404, "OrgAssignment", err)
-		return
 	}
 }
 

routers/org/teams.go

@@ -28,10 +28,6 @@ func Teams(ctx *middleware.Context) {
 	ctx.Data["Title"] = org.FullName
 	ctx.Data["PageIsOrgTeams"] = true
 
-	if err := org.GetTeams(); err != nil {
-		ctx.Handle(500, "GetTeams", err)
-		return
-	}
 	for _, t := range org.Teams {
 		if err := t.GetMembers(); err != nil {
 			ctx.Handle(500, "GetMembers", err)

routers/user/home.go

@@ -183,11 +183,18 @@ func Issues(ctx *middleware.Context) {
 	isShowClosed := ctx.Query("state") == "closed"
 
 	// Get repositories.
-	repos, err := models.GetRepositories(ctxUser.Id, true)
-	if err != nil {
-		ctx.Handle(500, "GetRepositories", err)
-		return
+	if ctxUser.IsOrganization() {
+		if err := ctxUser.GetUserRepositories(ctx.User.Id); err != nil {
+			ctx.Handle(500, "GetRepositories", err)
+			return
+		}
+	} else {
+		if err := ctxUser.GetRepositories(); err != nil {
+			ctx.Handle(500, "GetRepositories", err)
+			return
+		}
 	}
+	repos := ctxUser.Repos
 
 	allCount := 0
 	repoIDs := make([]int64, 0, len(repos))
@@ -314,23 +321,27 @@ func showOrgProfile(ctx *middleware.Context) {
 	org := ctx.Org.Organization
 	ctx.Data["Title"] = org.FullName
 
-	repos, err := models.GetRepositories(org.Id, ctx.IsSigned && (ctx.User.IsAdmin || org.IsOrgMember(ctx.User.Id)))
-	if err != nil {
-		ctx.Handle(500, "GetRepositories", err)
-		return
+	if ctx.IsSigned {
+		if err := org.GetUserRepositories(ctx.User.Id); err != nil {
+			ctx.Handle(500, "GetUserRepositories", err)
+			return
+		}
+		ctx.Data["Repos"] = org.Repos
+	} else {
+		repos, err := models.GetRepositories(org.Id, false)
+		if err != nil {
+			ctx.Handle(500, "GetRepositories", err)
+			return
+		}
+		ctx.Data["Repos"] = repos
 	}
-	ctx.Data["Repos"] = repos
 
-	if err = org.GetMembers(); err != nil {
+	if err := org.GetMembers(); err != nil {
 		ctx.Handle(500, "GetMembers", err)
 		return
 	}
 	ctx.Data["Members"] = org.Members
 
-	if err = org.GetTeams(); err != nil {
-		ctx.Handle(500, "GetTeams", err)
-		return
-	}
 	ctx.Data["Teams"] = org.Teams
 
 	ctx.HTML(200, ORG_HOME)