1// Copyright 2014 The Gogs Authors. All rights reserved.
2// Copyright 2019 The Gitea Authors. All rights reserved.
3// Use of this source code is governed by a MIT-style
4// license that can be found in the LICENSE file.
5
6package org
7
8import (
9	"net/http"
10	"net/url"
11	"path"
12	"strconv"
13	"strings"
14
15	"code.gitea.io/gitea/models"
16	"code.gitea.io/gitea/models/perm"
17	repo_model "code.gitea.io/gitea/models/repo"
18	unit_model "code.gitea.io/gitea/models/unit"
19	user_model "code.gitea.io/gitea/models/user"
20	"code.gitea.io/gitea/modules/base"
21	"code.gitea.io/gitea/modules/context"
22	"code.gitea.io/gitea/modules/log"
23	"code.gitea.io/gitea/modules/web"
24	"code.gitea.io/gitea/routers/utils"
25	"code.gitea.io/gitea/services/forms"
26)
27
28const (
29	// tplTeams template path for teams list page
30	tplTeams base.TplName = "org/team/teams"
31	// tplTeamNew template path for create new team page
32	tplTeamNew base.TplName = "org/team/new"
33	// tplTeamMembers template path for showing team members page
34	tplTeamMembers base.TplName = "org/team/members"
35	// tplTeamRepositories template path for showing team repositories page
36	tplTeamRepositories base.TplName = "org/team/repositories"
37)
38
39// Teams render teams list page
40func Teams(ctx *context.Context) {
41	org := ctx.Org.Organization
42	ctx.Data["Title"] = org.FullName
43	ctx.Data["PageIsOrgTeams"] = true
44
45	for _, t := range ctx.Org.Teams {
46		if err := t.GetMembers(&models.SearchMembersOptions{}); err != nil {
47			ctx.ServerError("GetMembers", err)
48			return
49		}
50	}
51	ctx.Data["Teams"] = ctx.Org.Teams
52
53	ctx.HTML(http.StatusOK, tplTeams)
54}
55
56// TeamsAction response for join, leave, remove, add operations to team
57func TeamsAction(ctx *context.Context) {
58	uid := ctx.FormInt64("uid")
59	if uid == 0 {
60		ctx.Redirect(ctx.Org.OrgLink + "/teams")
61		return
62	}
63
64	page := ctx.FormString("page")
65	var err error
66	switch ctx.Params(":action") {
67	case "join":
68		if !ctx.Org.IsOwner {
69			ctx.Error(http.StatusNotFound)
70			return
71		}
72		err = ctx.Org.Team.AddMember(ctx.User.ID)
73	case "leave":
74		err = ctx.Org.Team.RemoveMember(ctx.User.ID)
75		if err != nil {
76			if models.IsErrLastOrgOwner(err) {
77				ctx.Flash.Error(ctx.Tr("form.last_org_owner"))
78			} else {
79				log.Error("Action(%s): %v", ctx.Params(":action"), err)
80				ctx.JSON(http.StatusOK, map[string]interface{}{
81					"ok":  false,
82					"err": err.Error(),
83				})
84				return
85			}
86		}
87		ctx.JSON(http.StatusOK,
88			map[string]interface{}{
89				"redirect": ctx.Org.OrgLink + "/teams/",
90			})
91		return
92	case "remove":
93		if !ctx.Org.IsOwner {
94			ctx.Error(http.StatusNotFound)
95			return
96		}
97		err = ctx.Org.Team.RemoveMember(uid)
98		if err != nil {
99			if models.IsErrLastOrgOwner(err) {
100				ctx.Flash.Error(ctx.Tr("form.last_org_owner"))
101			} else {
102				log.Error("Action(%s): %v", ctx.Params(":action"), err)
103				ctx.JSON(http.StatusOK, map[string]interface{}{
104					"ok":  false,
105					"err": err.Error(),
106				})
107				return
108			}
109		}
110		ctx.JSON(http.StatusOK,
111			map[string]interface{}{
112				"redirect": ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName),
113			})
114		return
115	case "add":
116		if !ctx.Org.IsOwner {
117			ctx.Error(http.StatusNotFound)
118			return
119		}
120		uname := utils.RemoveUsernameParameterSuffix(strings.ToLower(ctx.FormString("uname")))
121		var u *user_model.User
122		u, err = user_model.GetUserByName(uname)
123		if err != nil {
124			if user_model.IsErrUserNotExist(err) {
125				ctx.Flash.Error(ctx.Tr("form.user_not_exist"))
126				ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName))
127			} else {
128				ctx.ServerError(" GetUserByName", err)
129			}
130			return
131		}
132
133		if u.IsOrganization() {
134			ctx.Flash.Error(ctx.Tr("form.cannot_add_org_to_team"))
135			ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName))
136			return
137		}
138
139		if ctx.Org.Team.IsMember(u.ID) {
140			ctx.Flash.Error(ctx.Tr("org.teams.add_duplicate_users"))
141		} else {
142			err = ctx.Org.Team.AddMember(u.ID)
143		}
144
145		page = "team"
146	}
147
148	if err != nil {
149		if models.IsErrLastOrgOwner(err) {
150			ctx.Flash.Error(ctx.Tr("form.last_org_owner"))
151		} else {
152			log.Error("Action(%s): %v", ctx.Params(":action"), err)
153			ctx.JSON(http.StatusOK, map[string]interface{}{
154				"ok":  false,
155				"err": err.Error(),
156			})
157			return
158		}
159	}
160
161	switch page {
162	case "team":
163		ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName))
164	case "home":
165		ctx.Redirect(ctx.Org.Organization.AsUser().HomeLink())
166	default:
167		ctx.Redirect(ctx.Org.OrgLink + "/teams")
168	}
169}
170
171// TeamsRepoAction operate team's repository
172func TeamsRepoAction(ctx *context.Context) {
173	if !ctx.Org.IsOwner {
174		ctx.Error(http.StatusNotFound)
175		return
176	}
177
178	var err error
179	action := ctx.Params(":action")
180	switch action {
181	case "add":
182		repoName := path.Base(ctx.FormString("repo_name"))
183		var repo *repo_model.Repository
184		repo, err = repo_model.GetRepositoryByName(ctx.Org.Organization.ID, repoName)
185		if err != nil {
186			if repo_model.IsErrRepoNotExist(err) {
187				ctx.Flash.Error(ctx.Tr("org.teams.add_nonexistent_repo"))
188				ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName) + "/repositories")
189				return
190			}
191			ctx.ServerError("GetRepositoryByName", err)
192			return
193		}
194		err = ctx.Org.Team.AddRepository(repo)
195	case "remove":
196		err = ctx.Org.Team.RemoveRepository(ctx.FormInt64("repoid"))
197	case "addall":
198		err = ctx.Org.Team.AddAllRepositories()
199	case "removeall":
200		err = ctx.Org.Team.RemoveAllRepositories()
201	}
202
203	if err != nil {
204		log.Error("Action(%s): '%s' %v", ctx.Params(":action"), ctx.Org.Team.Name, err)
205		ctx.ServerError("TeamsRepoAction", err)
206		return
207	}
208
209	if action == "addall" || action == "removeall" {
210		ctx.JSON(http.StatusOK, map[string]interface{}{
211			"redirect": ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName) + "/repositories",
212		})
213		return
214	}
215	ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(ctx.Org.Team.LowerName) + "/repositories")
216}
217
218// NewTeam render create new team page
219func NewTeam(ctx *context.Context) {
220	ctx.Data["Title"] = ctx.Org.Organization.FullName
221	ctx.Data["PageIsOrgTeams"] = true
222	ctx.Data["PageIsOrgTeamsNew"] = true
223	ctx.Data["Team"] = &models.Team{}
224	ctx.Data["Units"] = unit_model.Units
225	ctx.HTML(http.StatusOK, tplTeamNew)
226}
227
228func getUnitPerms(forms url.Values) map[unit_model.Type]perm.AccessMode {
229	unitPerms := make(map[unit_model.Type]perm.AccessMode)
230	for k, v := range forms {
231		if strings.HasPrefix(k, "unit_") {
232			t, _ := strconv.Atoi(k[5:])
233			if t > 0 {
234				vv, _ := strconv.Atoi(v[0])
235				unitPerms[unit_model.Type(t)] = perm.AccessMode(vv)
236			}
237		}
238	}
239	return unitPerms
240}
241
242// NewTeamPost response for create new team
243func NewTeamPost(ctx *context.Context) {
244	form := web.GetForm(ctx).(*forms.CreateTeamForm)
245	includesAllRepositories := form.RepoAccess == "all"
246	unitPerms := getUnitPerms(ctx.Req.Form)
247	p := perm.ParseAccessMode(form.Permission)
248	if p < perm.AccessModeAdmin {
249		// if p is less than admin accessmode, then it should be general accessmode,
250		// so we should calculate the minial accessmode from units accessmodes.
251		p = unit_model.MinUnitAccessMode(unitPerms)
252	}
253
254	t := &models.Team{
255		OrgID:                   ctx.Org.Organization.ID,
256		Name:                    form.TeamName,
257		Description:             form.Description,
258		AccessMode:              p,
259		IncludesAllRepositories: includesAllRepositories,
260		CanCreateOrgRepo:        form.CanCreateOrgRepo,
261	}
262
263	if t.AccessMode < perm.AccessModeAdmin {
264		units := make([]*models.TeamUnit, 0, len(unitPerms))
265		for tp, perm := range unitPerms {
266			units = append(units, &models.TeamUnit{
267				OrgID:      ctx.Org.Organization.ID,
268				Type:       tp,
269				AccessMode: perm,
270			})
271		}
272		t.Units = units
273	}
274
275	ctx.Data["Title"] = ctx.Org.Organization.FullName
276	ctx.Data["PageIsOrgTeams"] = true
277	ctx.Data["PageIsOrgTeamsNew"] = true
278	ctx.Data["Units"] = unit_model.Units
279	ctx.Data["Team"] = t
280
281	if ctx.HasError() {
282		ctx.HTML(http.StatusOK, tplTeamNew)
283		return
284	}
285
286	if t.AccessMode < perm.AccessModeAdmin && len(unitPerms) == 0 {
287		ctx.RenderWithErr(ctx.Tr("form.team_no_units_error"), tplTeamNew, &form)
288		return
289	}
290
291	if err := models.NewTeam(t); err != nil {
292		ctx.Data["Err_TeamName"] = true
293		switch {
294		case models.IsErrTeamAlreadyExist(err):
295			ctx.RenderWithErr(ctx.Tr("form.team_name_been_taken"), tplTeamNew, &form)
296		default:
297			ctx.ServerError("NewTeam", err)
298		}
299		return
300	}
301	log.Trace("Team created: %s/%s", ctx.Org.Organization.Name, t.Name)
302	ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(t.LowerName))
303}
304
305// TeamMembers render team members page
306func TeamMembers(ctx *context.Context) {
307	ctx.Data["Title"] = ctx.Org.Team.Name
308	ctx.Data["PageIsOrgTeams"] = true
309	ctx.Data["PageIsOrgTeamMembers"] = true
310	if err := ctx.Org.Team.GetMembers(&models.SearchMembersOptions{}); err != nil {
311		ctx.ServerError("GetMembers", err)
312		return
313	}
314	ctx.Data["Units"] = unit_model.Units
315	ctx.HTML(http.StatusOK, tplTeamMembers)
316}
317
318// TeamRepositories show the repositories of team
319func TeamRepositories(ctx *context.Context) {
320	ctx.Data["Title"] = ctx.Org.Team.Name
321	ctx.Data["PageIsOrgTeams"] = true
322	ctx.Data["PageIsOrgTeamRepos"] = true
323	if err := ctx.Org.Team.GetRepositories(&models.SearchOrgTeamOptions{}); err != nil {
324		ctx.ServerError("GetRepositories", err)
325		return
326	}
327	ctx.Data["Units"] = unit_model.Units
328	ctx.HTML(http.StatusOK, tplTeamRepositories)
329}
330
331// EditTeam render team edit page
332func EditTeam(ctx *context.Context) {
333	ctx.Data["Title"] = ctx.Org.Organization.FullName
334	ctx.Data["PageIsOrgTeams"] = true
335	ctx.Data["team_name"] = ctx.Org.Team.Name
336	ctx.Data["desc"] = ctx.Org.Team.Description
337	ctx.Data["Units"] = unit_model.Units
338	ctx.HTML(http.StatusOK, tplTeamNew)
339}
340
341// EditTeamPost response for modify team information
342func EditTeamPost(ctx *context.Context) {
343	form := web.GetForm(ctx).(*forms.CreateTeamForm)
344	t := ctx.Org.Team
345	unitPerms := getUnitPerms(ctx.Req.Form)
346	isAuthChanged := false
347	isIncludeAllChanged := false
348	includesAllRepositories := form.RepoAccess == "all"
349
350	ctx.Data["Title"] = ctx.Org.Organization.FullName
351	ctx.Data["PageIsOrgTeams"] = true
352	ctx.Data["Team"] = t
353	ctx.Data["Units"] = unit_model.Units
354
355	if !t.IsOwnerTeam() {
356		// Validate permission level.
357		newAccessMode := perm.ParseAccessMode(form.Permission)
358		if newAccessMode < perm.AccessModeAdmin {
359			// if p is less than admin accessmode, then it should be general accessmode,
360			// so we should calculate the minial accessmode from units accessmodes.
361			newAccessMode = unit_model.MinUnitAccessMode(unitPerms)
362		}
363
364		t.Name = form.TeamName
365		if t.AccessMode != newAccessMode {
366			isAuthChanged = true
367			t.AccessMode = newAccessMode
368		}
369
370		if t.IncludesAllRepositories != includesAllRepositories {
371			isIncludeAllChanged = true
372			t.IncludesAllRepositories = includesAllRepositories
373		}
374	}
375	t.Description = form.Description
376	if t.AccessMode < perm.AccessModeAdmin {
377		units := make([]models.TeamUnit, 0, len(unitPerms))
378		for tp, perm := range unitPerms {
379			units = append(units, models.TeamUnit{
380				OrgID:      t.OrgID,
381				TeamID:     t.ID,
382				Type:       tp,
383				AccessMode: perm,
384			})
385		}
386		if err := models.UpdateTeamUnits(t, units); err != nil {
387			ctx.Error(http.StatusInternalServerError, "LoadIssue", err.Error())
388			return
389		}
390	}
391	t.CanCreateOrgRepo = form.CanCreateOrgRepo
392
393	if ctx.HasError() {
394		ctx.HTML(http.StatusOK, tplTeamNew)
395		return
396	}
397
398	if t.AccessMode < perm.AccessModeAdmin && len(unitPerms) == 0 {
399		ctx.RenderWithErr(ctx.Tr("form.team_no_units_error"), tplTeamNew, &form)
400		return
401	}
402
403	if err := models.UpdateTeam(t, isAuthChanged, isIncludeAllChanged); err != nil {
404		ctx.Data["Err_TeamName"] = true
405		switch {
406		case models.IsErrTeamAlreadyExist(err):
407			ctx.RenderWithErr(ctx.Tr("form.team_name_been_taken"), tplTeamNew, &form)
408		default:
409			ctx.ServerError("UpdateTeam", err)
410		}
411		return
412	}
413	ctx.Redirect(ctx.Org.OrgLink + "/teams/" + url.PathEscape(t.LowerName))
414}
415
416// DeleteTeam response for the delete team request
417func DeleteTeam(ctx *context.Context) {
418	if err := models.DeleteTeam(ctx.Org.Team); err != nil {
419		ctx.Flash.Error("DeleteTeam: " + err.Error())
420	} else {
421		ctx.Flash.Success(ctx.Tr("org.teams.delete_team_success"))
422	}
423
424	ctx.JSON(http.StatusOK, map[string]interface{}{
425		"redirect": ctx.Org.OrgLink + "/teams",
426	})
427}
428