mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-21 21:08:02 +01:00
463ea8fdd2
Fix #30378 (cherry picked from commit 0fe9f93eb4c94d55e43b18b9c3cc6d513a34c0b5) Conflicts: - models/organization/org.go - services/repository/delete.go - services/user/delete.go In all three cases, conflicts were resolved by manually adding the lines added by the Gitea patch, keeping the Forgejo code surrounding them.
454 lines
14 KiB
Go
454 lines
14 KiB
Go
// Copyright 2023 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package repository
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"code.gitea.io/gitea/models"
|
|
actions_model "code.gitea.io/gitea/models/actions"
|
|
activities_model "code.gitea.io/gitea/models/activities"
|
|
admin_model "code.gitea.io/gitea/models/admin"
|
|
asymkey_model "code.gitea.io/gitea/models/asymkey"
|
|
"code.gitea.io/gitea/models/db"
|
|
git_model "code.gitea.io/gitea/models/git"
|
|
issues_model "code.gitea.io/gitea/models/issues"
|
|
"code.gitea.io/gitea/models/organization"
|
|
access_model "code.gitea.io/gitea/models/perm/access"
|
|
project_model "code.gitea.io/gitea/models/project"
|
|
repo_model "code.gitea.io/gitea/models/repo"
|
|
secret_model "code.gitea.io/gitea/models/secret"
|
|
system_model "code.gitea.io/gitea/models/system"
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/models/webhook"
|
|
actions_module "code.gitea.io/gitea/modules/actions"
|
|
"code.gitea.io/gitea/modules/lfs"
|
|
"code.gitea.io/gitea/modules/log"
|
|
"code.gitea.io/gitea/modules/storage"
|
|
|
|
"xorm.io/builder"
|
|
)
|
|
|
|
// DeleteRepository deletes a repository for a user or organization.
|
|
// make sure if you call this func to close open sessions (sqlite will otherwise get a deadlock)
|
|
func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID int64, ignoreOrgTeams ...bool) error {
|
|
ctx, committer, err := db.TxContext(ctx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer committer.Close()
|
|
sess := db.GetEngine(ctx)
|
|
|
|
repo := &repo_model.Repository{}
|
|
has, err := sess.ID(repoID).Get(repo)
|
|
if err != nil {
|
|
return err
|
|
} else if !has {
|
|
return repo_model.ErrRepoNotExist{
|
|
ID: repoID,
|
|
OwnerName: "",
|
|
Name: "",
|
|
}
|
|
}
|
|
|
|
// Query the action tasks of this repo, they will be needed after they have been deleted to remove the logs
|
|
tasks, err := db.Find[actions_model.ActionTask](ctx, actions_model.FindTaskOptions{RepoID: repoID})
|
|
if err != nil {
|
|
return fmt.Errorf("find actions tasks of repo %v: %w", repoID, err)
|
|
}
|
|
|
|
// Query the artifacts of this repo, they will be needed after they have been deleted to remove artifacts files in ObjectStorage
|
|
artifacts, err := db.Find[actions_model.ActionArtifact](ctx, actions_model.FindArtifactsOptions{RepoID: repoID})
|
|
if err != nil {
|
|
return fmt.Errorf("list actions artifacts of repo %v: %w", repoID, err)
|
|
}
|
|
|
|
// In case owner is a organization, we have to change repo specific teams
|
|
// if ignoreOrgTeams is not true
|
|
var org *user_model.User
|
|
if len(ignoreOrgTeams) == 0 || !ignoreOrgTeams[0] {
|
|
if org, err = user_model.GetUserByID(ctx, repo.OwnerID); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
// Delete Deploy Keys
|
|
deployKeys, err := db.Find[asymkey_model.DeployKey](ctx, asymkey_model.ListDeployKeysOptions{RepoID: repoID})
|
|
if err != nil {
|
|
return fmt.Errorf("listDeployKeys: %w", err)
|
|
}
|
|
needRewriteKeysFile := len(deployKeys) > 0
|
|
for _, dKey := range deployKeys {
|
|
if err := models.DeleteDeployKey(ctx, doer, dKey.ID); err != nil {
|
|
return fmt.Errorf("deleteDeployKeys: %w", err)
|
|
}
|
|
}
|
|
|
|
if cnt, err := sess.ID(repoID).Delete(&repo_model.Repository{}); err != nil {
|
|
return err
|
|
} else if cnt != 1 {
|
|
return repo_model.ErrRepoNotExist{
|
|
ID: repoID,
|
|
OwnerName: "",
|
|
Name: "",
|
|
}
|
|
}
|
|
|
|
if org != nil && org.IsOrganization() {
|
|
teams, err := organization.FindOrgTeams(ctx, org.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for _, t := range teams {
|
|
if !organization.HasTeamRepo(ctx, t.OrgID, t.ID, repoID) {
|
|
continue
|
|
} else if err = removeRepositoryFromTeam(ctx, t, repo, false); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
|
|
attachments := make([]*repo_model.Attachment, 0, 20)
|
|
if err = sess.Join("INNER", "`release`", "`release`.id = `attachment`.release_id").
|
|
Where("`release`.repo_id = ?", repoID).
|
|
Find(&attachments); err != nil {
|
|
return err
|
|
}
|
|
releaseAttachments := make([]string, 0, len(attachments))
|
|
for i := 0; i < len(attachments); i++ {
|
|
releaseAttachments = append(releaseAttachments, attachments[i].RelativePath())
|
|
}
|
|
|
|
if _, err := db.Exec(ctx, "UPDATE `user` SET num_stars=num_stars-1 WHERE id IN (SELECT `uid` FROM `star` WHERE repo_id = ?)", repo.ID); err != nil {
|
|
return err
|
|
}
|
|
|
|
if _, err := db.GetEngine(ctx).In("hook_id", builder.Select("id").From("webhook").Where(builder.Eq{"webhook.repo_id": repo.ID})).
|
|
Delete(&webhook.HookTask{}); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := db.DeleteBeans(ctx,
|
|
&access_model.Access{RepoID: repo.ID},
|
|
&activities_model.Action{RepoID: repo.ID},
|
|
&repo_model.Collaboration{RepoID: repoID},
|
|
&issues_model.Comment{RefRepoID: repoID},
|
|
&git_model.CommitStatus{RepoID: repoID},
|
|
&git_model.Branch{RepoID: repoID},
|
|
&git_model.LFSLock{RepoID: repoID},
|
|
&repo_model.LanguageStat{RepoID: repoID},
|
|
&issues_model.Milestone{RepoID: repoID},
|
|
&repo_model.Mirror{RepoID: repoID},
|
|
&activities_model.Notification{RepoID: repoID},
|
|
&git_model.ProtectedBranch{RepoID: repoID},
|
|
&git_model.ProtectedTag{RepoID: repoID},
|
|
&repo_model.PushMirror{RepoID: repoID},
|
|
&repo_model.Release{RepoID: repoID},
|
|
&repo_model.RepoIndexerStatus{RepoID: repoID},
|
|
&repo_model.Redirect{RedirectRepoID: repoID},
|
|
&repo_model.RepoUnit{RepoID: repoID},
|
|
&repo_model.Star{RepoID: repoID},
|
|
&admin_model.Task{RepoID: repoID},
|
|
&repo_model.Watch{RepoID: repoID},
|
|
&webhook.Webhook{RepoID: repoID},
|
|
&secret_model.Secret{RepoID: repoID},
|
|
&actions_model.ActionTaskStep{RepoID: repoID},
|
|
&actions_model.ActionTask{RepoID: repoID},
|
|
&actions_model.ActionRunJob{RepoID: repoID},
|
|
&actions_model.ActionRun{RepoID: repoID},
|
|
&actions_model.ActionRunner{RepoID: repoID},
|
|
&actions_model.ActionScheduleSpec{RepoID: repoID},
|
|
&actions_model.ActionSchedule{RepoID: repoID},
|
|
&actions_model.ActionArtifact{RepoID: repoID},
|
|
&repo_model.RepoArchiveDownloadCount{RepoID: repoID},
|
|
&actions_model.ActionRunnerToken{RepoID: repoID},
|
|
); err != nil {
|
|
return fmt.Errorf("deleteBeans: %w", err)
|
|
}
|
|
|
|
// Delete Labels and related objects
|
|
if err := issues_model.DeleteLabelsByRepoID(ctx, repoID); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Delete Pulls and related objects
|
|
if err := issues_model.DeletePullsByBaseRepoID(ctx, repoID); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Delete Issues and related objects
|
|
var attachmentPaths []string
|
|
if attachmentPaths, err = issues_model.DeleteIssuesByRepoID(ctx, repoID); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Delete issue index
|
|
if err := db.DeleteResourceIndex(ctx, "issue_index", repoID); err != nil {
|
|
return err
|
|
}
|
|
|
|
if repo.IsFork {
|
|
if _, err := db.Exec(ctx, "UPDATE `repository` SET num_forks=num_forks-1 WHERE id=?", repo.ForkID); err != nil {
|
|
return fmt.Errorf("decrease fork count: %w", err)
|
|
}
|
|
}
|
|
|
|
if _, err := db.Exec(ctx, "UPDATE `user` SET num_repos=num_repos-1 WHERE id=?", repo.OwnerID); err != nil {
|
|
return err
|
|
}
|
|
|
|
if len(repo.Topics) > 0 {
|
|
if err := repo_model.RemoveTopicsFromRepo(ctx, repo.ID); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if err := project_model.DeleteProjectByRepoID(ctx, repoID); err != nil {
|
|
return fmt.Errorf("unable to delete projects for repo[%d]: %w", repoID, err)
|
|
}
|
|
|
|
// Remove LFS objects
|
|
var lfsObjects []*git_model.LFSMetaObject
|
|
if err = sess.Where("repository_id=?", repoID).Find(&lfsObjects); err != nil {
|
|
return err
|
|
}
|
|
|
|
lfsPaths := make([]string, 0, len(lfsObjects))
|
|
for _, v := range lfsObjects {
|
|
count, err := db.CountByBean(ctx, &git_model.LFSMetaObject{Pointer: lfs.Pointer{Oid: v.Oid}})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if count > 1 {
|
|
continue
|
|
}
|
|
|
|
lfsPaths = append(lfsPaths, v.RelativePath())
|
|
}
|
|
|
|
if _, err := db.DeleteByBean(ctx, &git_model.LFSMetaObject{RepositoryID: repoID}); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Remove archives
|
|
var archives []*repo_model.RepoArchiver
|
|
if err = sess.Where("repo_id=?", repoID).Find(&archives); err != nil {
|
|
return err
|
|
}
|
|
|
|
archivePaths := make([]string, 0, len(archives))
|
|
for _, v := range archives {
|
|
archivePaths = append(archivePaths, v.RelativePath())
|
|
}
|
|
|
|
if _, err := db.DeleteByBean(ctx, &repo_model.RepoArchiver{RepoID: repoID}); err != nil {
|
|
return err
|
|
}
|
|
|
|
if repo.NumForks > 0 {
|
|
if _, err = sess.Exec("UPDATE `repository` SET fork_id=0,is_fork=? WHERE fork_id=?", false, repo.ID); err != nil {
|
|
log.Error("reset 'fork_id' and 'is_fork': %v", err)
|
|
}
|
|
}
|
|
|
|
// Get all attachments with both issue_id and release_id are zero
|
|
var newAttachments []*repo_model.Attachment
|
|
if err := sess.Where(builder.Eq{
|
|
"repo_id": repo.ID,
|
|
"issue_id": 0,
|
|
"release_id": 0,
|
|
}).Find(&newAttachments); err != nil {
|
|
return err
|
|
}
|
|
|
|
newAttachmentPaths := make([]string, 0, len(newAttachments))
|
|
for _, attach := range newAttachments {
|
|
newAttachmentPaths = append(newAttachmentPaths, attach.RelativePath())
|
|
}
|
|
|
|
if _, err := sess.Where("repo_id=?", repo.ID).Delete(new(repo_model.Attachment)); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err = committer.Commit(); err != nil {
|
|
return err
|
|
}
|
|
|
|
committer.Close()
|
|
|
|
if needRewriteKeysFile {
|
|
if err := asymkey_model.RewriteAllPublicKeys(ctx); err != nil {
|
|
log.Error("RewriteAllPublicKeys failed: %v", err)
|
|
}
|
|
}
|
|
|
|
// We should always delete the files after the database transaction succeed. If
|
|
// we delete the file but the database rollback, the repository will be broken.
|
|
|
|
// Remove repository files.
|
|
repoPath := repo.RepoPath()
|
|
system_model.RemoveAllWithNotice(ctx, "Delete repository files", repoPath)
|
|
|
|
// Remove wiki files
|
|
if repo.HasWiki() {
|
|
system_model.RemoveAllWithNotice(ctx, "Delete repository wiki", repo.WikiPath())
|
|
}
|
|
|
|
// Remove archives
|
|
for _, archive := range archivePaths {
|
|
system_model.RemoveStorageWithNotice(ctx, storage.RepoArchives, "Delete repo archive file", archive)
|
|
}
|
|
|
|
// Remove lfs objects
|
|
for _, lfsObj := range lfsPaths {
|
|
system_model.RemoveStorageWithNotice(ctx, storage.LFS, "Delete orphaned LFS file", lfsObj)
|
|
}
|
|
|
|
// Remove issue attachment files.
|
|
for _, attachment := range attachmentPaths {
|
|
system_model.RemoveStorageWithNotice(ctx, storage.Attachments, "Delete issue attachment", attachment)
|
|
}
|
|
|
|
// Remove release attachment files.
|
|
for _, releaseAttachment := range releaseAttachments {
|
|
system_model.RemoveStorageWithNotice(ctx, storage.Attachments, "Delete release attachment", releaseAttachment)
|
|
}
|
|
|
|
// Remove attachment with no issue_id and release_id.
|
|
for _, newAttachment := range newAttachmentPaths {
|
|
system_model.RemoveStorageWithNotice(ctx, storage.Attachments, "Delete issue attachment", newAttachment)
|
|
}
|
|
|
|
if len(repo.Avatar) > 0 {
|
|
if err := storage.RepoAvatars.Delete(repo.CustomAvatarRelativePath()); err != nil {
|
|
return fmt.Errorf("Failed to remove %s: %w", repo.Avatar, err)
|
|
}
|
|
}
|
|
|
|
// Finally, delete action logs after the actions have already been deleted to avoid new log files
|
|
for _, task := range tasks {
|
|
err := actions_module.RemoveLogs(ctx, task.LogInStorage, task.LogFilename)
|
|
if err != nil {
|
|
log.Error("remove log file %q: %v", task.LogFilename, err)
|
|
// go on
|
|
}
|
|
}
|
|
|
|
// delete actions artifacts in ObjectStorage after the repo have already been deleted
|
|
for _, art := range artifacts {
|
|
if err := storage.ActionsArtifacts.Delete(art.StoragePath); err != nil {
|
|
log.Error("remove artifact file %q: %v", art.StoragePath, err)
|
|
// go on
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// removeRepositoryFromTeam removes a repository from a team and recalculates access
|
|
// Note: Repository shall not be removed from team if it includes all repositories (unless the repository is deleted)
|
|
func removeRepositoryFromTeam(ctx context.Context, t *organization.Team, repo *repo_model.Repository, recalculate bool) (err error) {
|
|
e := db.GetEngine(ctx)
|
|
if err = organization.RemoveTeamRepo(ctx, t.ID, repo.ID); err != nil {
|
|
return err
|
|
}
|
|
|
|
t.NumRepos--
|
|
if _, err = e.ID(t.ID).Cols("num_repos").Update(t); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Don't need to recalculate when delete a repository from organization.
|
|
if recalculate {
|
|
if err = access_model.RecalculateTeamAccesses(ctx, repo, t.ID); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
teamUsers, err := organization.GetTeamUsersByTeamID(ctx, t.ID)
|
|
if err != nil {
|
|
return fmt.Errorf("getTeamUsersByTeamID: %w", err)
|
|
}
|
|
for _, teamUser := range teamUsers {
|
|
has, err := access_model.HasAccess(ctx, teamUser.UID, repo)
|
|
if err != nil {
|
|
return err
|
|
} else if has {
|
|
continue
|
|
}
|
|
|
|
if err = repo_model.WatchRepo(ctx, teamUser.UID, repo.ID, false); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Remove all IssueWatches a user has subscribed to in the repositories
|
|
if err := issues_model.RemoveIssueWatchersByRepoID(ctx, teamUser.UID, repo.ID); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// HasRepository returns true if given repository belong to team.
|
|
func HasRepository(ctx context.Context, t *organization.Team, repoID int64) bool {
|
|
return organization.HasTeamRepo(ctx, t.OrgID, t.ID, repoID)
|
|
}
|
|
|
|
// RemoveRepositoryFromTeam removes repository from team of organization.
|
|
// If the team shall include all repositories the request is ignored.
|
|
func RemoveRepositoryFromTeam(ctx context.Context, t *organization.Team, repoID int64) error {
|
|
if !HasRepository(ctx, t, repoID) {
|
|
return nil
|
|
}
|
|
|
|
if t.IncludesAllRepositories {
|
|
return nil
|
|
}
|
|
|
|
repo, err := repo_model.GetRepositoryByID(ctx, repoID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
ctx, committer, err := db.TxContext(ctx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer committer.Close()
|
|
|
|
if err = removeRepositoryFromTeam(ctx, t, repo, true); err != nil {
|
|
return err
|
|
}
|
|
|
|
return committer.Commit()
|
|
}
|
|
|
|
// DeleteOwnerRepositoriesDirectly calls DeleteRepositoryDirectly for all repos of the given owner
|
|
func DeleteOwnerRepositoriesDirectly(ctx context.Context, owner *user_model.User) error {
|
|
for {
|
|
repos, _, err := repo_model.GetUserRepositories(ctx, &repo_model.SearchRepoOptions{
|
|
ListOptions: db.ListOptions{
|
|
PageSize: repo_model.RepositoryListDefaultPageSize,
|
|
Page: 1,
|
|
},
|
|
Private: true,
|
|
OwnerID: owner.ID,
|
|
Actor: owner,
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("GetUserRepositories: %w", err)
|
|
}
|
|
if len(repos) == 0 {
|
|
break
|
|
}
|
|
for _, repo := range repos {
|
|
if err := DeleteRepositoryDirectly(ctx, owner, repo.ID); err != nil {
|
|
return fmt.Errorf("unable to delete repository %s for %s[%d]. Error: %w", repo.Name, owner.Name, owner.ID, err)
|
|
}
|
|
}
|
|
}
|
|
return nil
|
|
}
|