Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

In code search, get code unit accessible repos in one (main) query #19764

Merged
merged 12 commits into from
Jun 15, 2022
4 changes: 2 additions & 2 deletions models/issue.go
Original file line number Diff line number Diff line change
Expand Up @@ -1375,7 +1375,7 @@ func issuePullAccessibleRepoCond(repoIDstr string, userID int64, org *organizati
cond = cond.And(
builder.Or(
userOwnedRepoCond(userID), // owned repos
userCollaborationRepoCond(repoIDstr, userID), // collaboration repos
userAccessRepoCond(repoIDstr, userID), // collaboration repos
zeripath marked this conversation as resolved.
Show resolved Hide resolved
userAssignedRepoCond(repoIDstr, userID), // user has been assigned accessible public repos
userMentionedRepoCond(repoIDstr, userID), // user has been mentioned accessible public repos
userCreateIssueRepoCond(repoIDstr, userID, isPull), // user has created issue/pr accessible public repos
Expand Down Expand Up @@ -1444,7 +1444,7 @@ func GetRepoIDsForIssuesOptions(opts *IssuesOptions, user *user_model.User) ([]i

opts.setupSessionNoLimit(sess)

accessCond := accessibleRepositoryCondition(user)
accessCond := accessibleRepositoryCondition(user, unit.TypeInvalid)
if err := sess.Where(accessCond).
Distinct("issue.repo_id").
Table("issue").
Expand Down
5 changes: 3 additions & 2 deletions models/lfs.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (

"code.gitea.io/gitea/models/db"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/lfs"
"code.gitea.io/gitea/modules/log"
Expand Down Expand Up @@ -142,7 +143,7 @@ func LFSObjectAccessible(user *user_model.User, oid string) (bool, error) {
count, err := db.GetEngine(db.DefaultContext).Count(&LFSMetaObject{Pointer: lfs.Pointer{Oid: oid}})
return count > 0, err
}
cond := accessibleRepositoryCondition(user)
cond := accessibleRepositoryCondition(user, unit.TypeInvalid)
count, err := db.GetEngine(db.DefaultContext).Where(cond).Join("INNER", "repository", "`lfs_meta_object`.repository_id = `repository`.id").Count(&LFSMetaObject{Pointer: lfs.Pointer{Oid: oid}})
return count > 0, err
}
Expand Down Expand Up @@ -173,7 +174,7 @@ func LFSAutoAssociate(metas []*LFSMetaObject, user *user_model.User, repoID int6
newMetas := make([]*LFSMetaObject, 0, len(metas))
cond := builder.In(
"`lfs_meta_object`.repository_id",
builder.Select("`repository`.id").From("repository").Where(accessibleRepositoryCondition(user)),
builder.Select("`repository`.id").From("repository").Where(accessibleRepositoryCondition(user, unit.TypeInvalid)),
)
err = sess.Cols("oid").Where(cond).In("oid", oids...).GroupBy("oid").Find(&newMetas)
if err != nil {
Expand Down
3 changes: 2 additions & 1 deletion models/org.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"code.gitea.io/gitea/models/organization"
access_model "code.gitea.io/gitea/models/perm/access"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unit"
user_model "code.gitea.io/gitea/models/user"

"xorm.io/builder"
Expand Down Expand Up @@ -54,7 +55,7 @@ func GetUserOrgsList(user *user_model.User) ([]*MinimalOrg, error) {
Join("LEFT", builder.
Select("id as repo_id, owner_id as repo_owner_id").
From("repository").
Where(accessibleRepositoryCondition(user)), "`repository`.repo_owner_id = `team`.org_id").
Where(accessibleRepositoryCondition(user, unit.TypeInvalid)), "`repository`.repo_owner_id = `team`.org_id").
Where("`team_user`.uid = ?", user.ID).
GroupBy(groupByStr)

Expand Down
62 changes: 45 additions & 17 deletions models/repo_list.go
Original file line number Diff line number Diff line change
Expand Up @@ -282,8 +282,8 @@ func teamUnitsRepoCond(id string, userID, orgID, teamID int64, units ...unit.Typ
))
}

// userCollaborationRepoCond returns user as collabrators repositories list
func userCollaborationRepoCond(idStr string, userID int64) builder.Cond {
// userAccessRepoCond returns a condition for selecting all repositories a user has access to
func userAccessRepoCond(idStr string, userID int64) builder.Cond {
return builder.In(idStr, builder.Select("repo_id").
From("`access`").
Where(builder.And(
Expand All @@ -293,6 +293,17 @@ func userCollaborationRepoCond(idStr string, userID int64) builder.Cond {
)
}

// userCollaborationRepoCond returns a condition for selecting all repositories a user is collaborator in
func userCollaborationRepoCond(idStr string, userID int64) builder.Cond {
return builder.In(idStr, builder.Select("repo_id").
From("`collaboration`").
Where(builder.And(
builder.Eq{"`collaboration`.user_id": userID},
builder.Gt{"`collaboration`.mode": int(perm.AccessModeNone)},
zeripath marked this conversation as resolved.
Show resolved Hide resolved
)),
)
}

// userOrgTeamRepoCond selects repos that the given user has access to through team membership
func userOrgTeamRepoCond(idStr string, userID int64) builder.Cond {
return builder.In(idStr, userOrgTeamRepoBuilder(userID))
Expand All @@ -310,7 +321,13 @@ func userOrgTeamRepoBuilder(userID int64) *builder.Builder {
func userOrgTeamUnitRepoBuilder(userID int64, unitType unit.Type) *builder.Builder {
return userOrgTeamRepoBuilder(userID).
Join("INNER", "team_unit", "`team_unit`.team_id = `team_repo`.team_id").
Where(builder.Eq{"`team_unit`.`type`": unitType})
Where(builder.Eq{"`team_unit`.`type`": unitType}).
And(builder.Gt{"`team_unit`.`access_mode`": int(perm.AccessModeNone)})
zeripath marked this conversation as resolved.
Show resolved Hide resolved
}

// userOrgTeamUnitRepoCond returns a condition to select repo ids where user's teams can access the special unit.
func userOrgTeamUnitRepoCond(idStr string, userID int64, unitType unit.Type) builder.Cond {
return builder.In(idStr, userOrgTeamUnitRepoBuilder(userID, unitType))
}

// userOrgUnitRepoCond selects repos that the given user has access to through org and the special unit
Expand Down Expand Up @@ -363,7 +380,7 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
if opts.Private {
if opts.Actor != nil && !opts.Actor.IsAdmin && opts.Actor.ID != opts.OwnerID {
// OK we're in the context of a User
cond = cond.And(accessibleRepositoryCondition(opts.Actor))
cond = cond.And(accessibleRepositoryCondition(opts.Actor, unit.TypeInvalid))
}
} else {
// Not looking at private organisations and users
Expand Down Expand Up @@ -409,7 +426,7 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
// 2. But we can see because of:
builder.Or(
// A. We have access
userCollaborationRepoCond("`repository`.id", opts.OwnerID),
userAccessRepoCond("`repository`.id", opts.OwnerID),
// B. We are in a team for
userOrgTeamRepoCond("`repository`.id", opts.OwnerID),
// C. Public repositories in organizations that we are member of
Expand Down Expand Up @@ -483,7 +500,7 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
}

if opts.Actor != nil && opts.Actor.IsRestricted {
cond = cond.And(accessibleRepositoryCondition(opts.Actor))
cond = cond.And(accessibleRepositoryCondition(opts.Actor, unit.TypeInvalid))
}

if opts.Archived != util.OptionalBoolNone {
Expand Down Expand Up @@ -570,7 +587,7 @@ func searchRepositoryByCondition(opts *SearchRepoOptions, cond builder.Cond) (db
}

// accessibleRepositoryCondition takes a user a returns a condition for checking if a repository is accessible
func accessibleRepositoryCondition(user *user_model.User) builder.Cond {
func accessibleRepositoryCondition(user *user_model.User, unitType unit.Type) builder.Cond {
cond := builder.NewCond()

if user == nil || !user.IsRestricted || user.ID <= 0 {
Expand All @@ -590,13 +607,24 @@ func accessibleRepositoryCondition(user *user_model.User) builder.Cond {
}

if user != nil {
// 2. Be able to see all repositories that we have direct access to
// 3. Be able to see all repositories through team membership(s)
if unitType == unit.TypeInvalid {
// Regardless of UnitType
cond = cond.Or(
userAccessRepoCond("`repository`.id", user.ID),
userOrgTeamRepoCond("`repository`.id", user.ID),
)
} else {
// For a specific UnitType
cond = cond.Or(
userCollaborationRepoCond("`repository`.id", user.ID),
userOrgTeamUnitRepoCond("`repository`.id", user.ID, unitType),
)
}
cond = cond.Or(
// 2. Be able to see all repositories that we have access to
userCollaborationRepoCond("`repository`.id", user.ID),
// 3. Repositories that we directly own
// 4. Repositories that we directly own
builder.Eq{"`repository`.owner_id": user.ID},
// 4. Be able to see all repositories that we are in a team
userOrgTeamRepoCond("`repository`.id", user.ID),
// 5. Be able to see all public repos in private organizations that we are an org_user of
userOrgPublicRepoCond(user.ID),
)
Expand Down Expand Up @@ -641,18 +669,18 @@ func SearchRepositoryIDs(opts *SearchRepoOptions) ([]int64, int64, error) {
// AccessibleRepoIDsQuery queries accessible repository ids. Usable as a subquery wherever repo ids need to be filtered.
func AccessibleRepoIDsQuery(user *user_model.User) *builder.Builder {
// NB: Please note this code needs to still work if user is nil
return builder.Select("id").From("repository").Where(accessibleRepositoryCondition(user))
return builder.Select("id").From("repository").Where(accessibleRepositoryCondition(user, unit.TypeInvalid))
}

// FindUserAccessibleRepoIDs find all accessible repositories' ID by user's id
func FindUserAccessibleRepoIDs(user *user_model.User) ([]int64, error) {
// FindUserCodeAccessibleRepoIDs finds all at Code level accessible repositories' ID by the user's id
func FindUserCodeAccessibleRepoIDs(user *user_model.User) ([]int64, error) {
repoIDs := make([]int64, 0, 10)
if err := db.GetEngine(db.DefaultContext).
Table("repository").
Cols("id").
Where(accessibleRepositoryCondition(user)).
Where(accessibleRepositoryCondition(user, unit.TypeCode)).
Find(&repoIDs); err != nil {
return nil, fmt.Errorf("FindUserAccesibleRepoIDs: %v", err)
return nil, fmt.Errorf("FindUserCodeAccesibleRepoIDs: %v", err)
}
return repoIDs, nil
}
Expand Down
143 changes: 57 additions & 86 deletions routers/web/explore/code.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (

"code.gitea.io/gitea/models"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
code_indexer "code.gitea.io/gitea/modules/indexer/code"
Expand Down Expand Up @@ -44,106 +43,78 @@ func Code(ctx *context.Context) {
queryType := ctx.FormTrim("t")
isMatch := queryType == "match"

var (
repoIDs []int64
err error
isAdmin bool
)
if ctx.Doer != nil {
isAdmin = ctx.Doer.IsAdmin
}

// guest user or non-admin user
if ctx.Doer == nil || !isAdmin {
repoIDs, err = models.FindUserAccessibleRepoIDs(ctx.Doer)
if err != nil {
ctx.ServerError("SearchResults", err)
return
}
}

var (
total int
searchResults []*code_indexer.Result
searchResultLanguages []*code_indexer.SearchResultLanguages
)

// if non-admin login user, we need check UnitTypeCode at first
if ctx.Doer != nil && len(repoIDs) > 0 {
repoMaps, err := repo_model.GetRepositoriesMapByIDs(repoIDs)
if err != nil {
ctx.ServerError("SearchResults", err)
return
if keyword != "" {
var (
repoIDs []int64
err error
isAdmin bool
)
if ctx.Doer != nil {
isAdmin = ctx.Doer.IsAdmin
}

rightRepoMap := make(map[int64]*repo_model.Repository, len(repoMaps))
repoIDs = make([]int64, 0, len(repoMaps))
for id, repo := range repoMaps {
if models.CheckRepoUnitUser(repo, ctx.Doer, unit.TypeCode) {
rightRepoMap[id] = repo
repoIDs = append(repoIDs, id)
}
}

ctx.Data["RepoMaps"] = rightRepoMap

total, searchResults, searchResultLanguages, err = code_indexer.PerformSearch(ctx, repoIDs, language, keyword, page, setting.UI.RepoSearchPagingNum, isMatch)
if err != nil {
if code_indexer.IsAvailable() {
// guest user or non-admin user
if ctx.Doer == nil || !isAdmin {
repoIDs, err = models.FindUserCodeAccessibleRepoIDs(ctx.Doer)
if err != nil {
ctx.ServerError("SearchResults", err)
return
}
ctx.Data["CodeIndexerUnavailable"] = true
} else {
ctx.Data["CodeIndexerUnavailable"] = !code_indexer.IsAvailable()
}
// if non-login user or isAdmin, no need to check UnitTypeCode
} else if (ctx.Doer == nil && len(repoIDs) > 0) || isAdmin {
total, searchResults, searchResultLanguages, err = code_indexer.PerformSearch(ctx, repoIDs, language, keyword, page, setting.UI.RepoSearchPagingNum, isMatch)
if err != nil {
if code_indexer.IsAvailable() {
ctx.ServerError("SearchResults", err)
return

var (
total int
searchResults []*code_indexer.Result
searchResultLanguages []*code_indexer.SearchResultLanguages
)

if (len(repoIDs) > 0) || isAdmin {
total, searchResults, searchResultLanguages, err = code_indexer.PerformSearch(ctx, repoIDs, language, keyword, page, setting.UI.RepoSearchPagingNum, isMatch)
if err != nil {
if code_indexer.IsAvailable() {
ctx.ServerError("SearchResults", err)
return
}
ctx.Data["CodeIndexerUnavailable"] = true
} else {
ctx.Data["CodeIndexerUnavailable"] = !code_indexer.IsAvailable()
}
ctx.Data["CodeIndexerUnavailable"] = true
} else {
ctx.Data["CodeIndexerUnavailable"] = !code_indexer.IsAvailable()
}

loadRepoIDs := make([]int64, 0, len(searchResults))
for _, result := range searchResults {
var find bool
for _, id := range loadRepoIDs {
if id == result.RepoID {
find = true
break
loadRepoIDs := make([]int64, 0, len(searchResults))
for _, result := range searchResults {
var find bool
for _, id := range loadRepoIDs {
if id == result.RepoID {
find = true
break
}
}
if !find {
loadRepoIDs = append(loadRepoIDs, result.RepoID)
}
}
if !find {
loadRepoIDs = append(loadRepoIDs, result.RepoID)

repoMaps, err := repo_model.GetRepositoriesMapByIDs(loadRepoIDs)
if err != nil {
ctx.ServerError("SearchResults", err)
return
}
}

repoMaps, err := repo_model.GetRepositoriesMapByIDs(loadRepoIDs)
if err != nil {
ctx.ServerError("SearchResults", err)
return
ctx.Data["RepoMaps"] = repoMaps
}

ctx.Data["RepoMaps"] = repoMaps
ctx.Data["Keyword"] = keyword
ctx.Data["Language"] = language
ctx.Data["queryType"] = queryType
ctx.Data["SearchResults"] = searchResults
ctx.Data["SearchResultLanguages"] = searchResultLanguages
ctx.Data["PageIsViewCode"] = true

pager := context.NewPagination(total, setting.UI.RepoSearchPagingNum, page, 5)
pager.SetDefaultParams(ctx)
pager.AddParam(ctx, "l", "Language")
ctx.Data["Page"] = pager
}

ctx.Data["Keyword"] = keyword
ctx.Data["Language"] = language
ctx.Data["queryType"] = queryType
ctx.Data["SearchResults"] = searchResults
ctx.Data["SearchResultLanguages"] = searchResultLanguages
ctx.Data["PageIsViewCode"] = true

pager := context.NewPagination(total, setting.UI.RepoSearchPagingNum, page, 5)
pager.SetDefaultParams(ctx)
pager.AddParam(ctx, "l", "Language")
ctx.Data["Page"] = pager

ctx.HTML(http.StatusOK, tplExploreCode)
}