From d58e9aade0ca328fd6c3f4df4113573332628c5e Mon Sep 17 00:00:00 2001 From: KN4CK3R Date: Sun, 28 Aug 2022 10:50:27 +0000 Subject: [PATCH 1/2] Only check accessible packages. --- models/packages/package.go | 11 +++++- models/packages/package_test.go | 69 +++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 models/packages/package_test.go diff --git a/models/packages/package.go b/models/packages/package.go index 39b1c83cfabf6..a1a3a69e72404 100644 --- a/models/packages/package.go +++ b/models/packages/package.go @@ -219,9 +219,16 @@ func FindUnreferencedPackages(ctx context.Context) ([]*Package, error) { Find(&ps) } -// HasOwnerPackages tests if a user/org has packages +// HasOwnerPackages tests if a user/org has accessible packages func HasOwnerPackages(ctx context.Context, ownerID int64) (bool, error) { - return db.GetEngine(ctx).Where("owner_id = ?", ownerID).Exist(&Package{}) + return db.GetEngine(ctx). + Table("package_version"). + Join("INNER", "package", "package.id = package_version.package_id"). + Where(builder.Eq{ + "package_version.is_internal": false, + "package.owner_id": ownerID, + }). + Exist(&PackageVersion{}) } // HasRepositoryPackages tests if a repository has packages diff --git a/models/packages/package_test.go b/models/packages/package_test.go new file mode 100644 index 0000000000000..f32fcf1cee6bf --- /dev/null +++ b/models/packages/package_test.go @@ -0,0 +1,69 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package packages_test + +import ( + "path/filepath" + "testing" + + "code.gitea.io/gitea/models/db" + packages_model "code.gitea.io/gitea/models/packages" + "code.gitea.io/gitea/models/unittest" + user_model "code.gitea.io/gitea/models/user" + + _ "code.gitea.io/gitea/models" + + "github.com/stretchr/testify/assert" +) + +func TestMain(m *testing.M) { + unittest.MainTest(m, &unittest.TestOptions{ + GiteaRootPath: filepath.Join("..", ".."), + }) +} + +func TestHasOwnerPackages(t *testing.T) { + assert.NoError(t, unittest.PrepareTestDatabase()) + + owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) + + p, err := packages_model.TryInsertPackage(db.DefaultContext, &packages_model.Package{ + OwnerID: owner.ID, + LowerName: "package", + }) + assert.NotNil(t, p) + assert.NoError(t, err) + + // A package without package versions gets automaticaly cleaned up and should return false + has, err := packages_model.HasOwnerPackages(db.DefaultContext, owner.ID) + assert.False(t, has) + assert.NoError(t, err) + + pv, err := packages_model.GetOrInsertVersion(db.DefaultContext, &packages_model.PackageVersion{ + PackageID: p.ID, + LowerVersion: "internal", + IsInternal: true, + }) + assert.NotNil(t, pv) + assert.NoError(t, err) + + // A package with an internal package version gets automaticaly cleaned up and should return false + has, err = packages_model.HasOwnerPackages(db.DefaultContext, owner.ID) + assert.False(t, has) + assert.NoError(t, err) + + pv, err = packages_model.GetOrInsertVersion(db.DefaultContext, &packages_model.PackageVersion{ + PackageID: p.ID, + LowerVersion: "normal", + IsInternal: false, + }) + assert.NotNil(t, pv) + assert.NoError(t, err) + + // A package with a normal package version should return true + has, err = packages_model.HasOwnerPackages(db.DefaultContext, owner.ID) + assert.True(t, has) + assert.NoError(t, err) +} From 6d16044d5f73c6af8604eea93582138847d9033e Mon Sep 17 00:00:00 2001 From: zeripath Date: Sat, 3 Sep 2022 14:38:05 +0100 Subject: [PATCH 2/2] Update models/packages/package_test.go Co-authored-by: delvh --- models/packages/package_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/packages/package_test.go b/models/packages/package_test.go index f32fcf1cee6bf..3d3a2333bae87 100644 --- a/models/packages/package_test.go +++ b/models/packages/package_test.go @@ -36,7 +36,7 @@ func TestHasOwnerPackages(t *testing.T) { assert.NotNil(t, p) assert.NoError(t, err) - // A package without package versions gets automaticaly cleaned up and should return false + // A package without package versions gets automatically cleaned up and should return false has, err := packages_model.HasOwnerPackages(db.DefaultContext, owner.ID) assert.False(t, has) assert.NoError(t, err)