mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-03-25 09:03:04 -04:00
51d0188533
`Option[T]` currently exposes a method `Value()` which is permitted to be called on an option that has a value, and an option that doesn't have a value. This API is awkward because the behaviour if the option doesn't have a value isn't clear to the caller, and, because almost all accesses end up being `.Has()?` then `OK, use .Value()`. `Get() (bool, T)` is added as a better replacement, which both returns whether the option has a value, and the value if present. Most call-sites are rewritten to this form. `ValueOrZeroValue()` is a direct replacement that has the same behaviour that `Value()` had, but describes the behaviour if the value is missing. In addition to the current API being awkward, the core reason for this change is that `Value()` conflicts with the `Value()` function from the `driver.Valuer` interface. If this interface was implemented, it would allow `Option[T]` to be used to represent a nullable field in an xorm bean struct (requires: https://code.forgejo.org/xorm/xorm/pulls/66). _Note:_ changes are extensive in this PR, but are almost all changes are easy, mechanical transitions from `.Has()` to `.Get()`. All of this work was performed by hand. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. *The decision if the pull request will be shown in the release notes is up to the mergers / release team.* The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11218 Reviewed-by: Otto <otto@codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
196 lines
5.8 KiB
Go
196 lines
5.8 KiB
Go
// Copyright 2021 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package user
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"forgejo.org/models/db"
|
|
"forgejo.org/modules/container"
|
|
"forgejo.org/modules/optional"
|
|
"forgejo.org/modules/structs"
|
|
|
|
"xorm.io/builder"
|
|
"xorm.io/xorm"
|
|
)
|
|
|
|
// SearchUserOptions contains the options for searching
|
|
type SearchUserOptions struct {
|
|
db.ListOptions
|
|
|
|
Keyword string
|
|
Type UserType
|
|
UID int64
|
|
LoginName string // this option should be used only for admin user
|
|
SourceID optional.Option[int64] // this option should be used only for admin user
|
|
OrderBy db.SearchOrderBy
|
|
Visible []structs.VisibleType
|
|
Actor *User // The user doing the search
|
|
SearchByEmail bool // Search by email as well as username/full name
|
|
|
|
SupportedSortOrders container.Set[string] // if not nil, only allow to use the sort orders in this set
|
|
|
|
IsActive optional.Option[bool]
|
|
IsAdmin optional.Option[bool]
|
|
IsRestricted optional.Option[bool]
|
|
IsTwoFactorEnabled optional.Option[bool]
|
|
IsProhibitLogin optional.Option[bool]
|
|
AccountType optional.Option[UserType]
|
|
IncludeReserved bool
|
|
|
|
Load2FAStatus bool
|
|
ExtraParamStrings map[string]string
|
|
}
|
|
|
|
func (opts *SearchUserOptions) toSearchQueryBase(ctx context.Context) *xorm.Session {
|
|
var cond builder.Cond
|
|
if opts.Type == UserTypeIndividual {
|
|
cond = builder.In("type", UserTypeIndividual, UserTypeRemoteUser)
|
|
} else {
|
|
cond = builder.Eq{"type": opts.Type}
|
|
}
|
|
if opts.IncludeReserved {
|
|
switch opts.Type {
|
|
case UserTypeIndividual:
|
|
cond = cond.Or(builder.Eq{"type": UserTypeUserReserved}).Or(
|
|
builder.Eq{"type": UserTypeBot},
|
|
).Or(
|
|
builder.Eq{"type": UserTypeRemoteUser},
|
|
)
|
|
case UserTypeOrganization:
|
|
cond = cond.Or(builder.Eq{"type": UserTypeOrganizationReserved})
|
|
}
|
|
}
|
|
|
|
if len(opts.Keyword) > 0 {
|
|
lowerKeyword := strings.ToLower(opts.Keyword)
|
|
keywordCond := builder.Or(
|
|
builder.Like{"lower_name", lowerKeyword},
|
|
builder.Like{"LOWER(full_name)", lowerKeyword},
|
|
)
|
|
if opts.SearchByEmail {
|
|
var emailCond builder.Cond
|
|
emailCond = builder.Like{"LOWER(email)", lowerKeyword}
|
|
if opts.Actor == nil {
|
|
emailCond = emailCond.And(builder.Eq{"keep_email_private": false})
|
|
} else if !opts.Actor.IsAdmin {
|
|
emailCond = emailCond.And(
|
|
builder.Or(
|
|
builder.Eq{"keep_email_private": false},
|
|
builder.Eq{"id": opts.Actor.ID},
|
|
),
|
|
)
|
|
}
|
|
keywordCond = keywordCond.Or(emailCond)
|
|
}
|
|
|
|
cond = cond.And(keywordCond)
|
|
}
|
|
|
|
// If visibility filtered
|
|
if len(opts.Visible) > 0 {
|
|
cond = cond.And(builder.In("visibility", opts.Visible))
|
|
}
|
|
|
|
cond = cond.And(BuildCanSeeUserCondition(opts.Actor))
|
|
|
|
if opts.UID > 0 {
|
|
cond = cond.And(builder.Eq{"id": opts.UID})
|
|
}
|
|
|
|
if has, value := opts.SourceID.Get(); has {
|
|
cond = cond.And(builder.Eq{"login_source": value})
|
|
}
|
|
if opts.LoginName != "" {
|
|
cond = cond.And(builder.Eq{"login_name": opts.LoginName})
|
|
}
|
|
|
|
if has, value := opts.IsActive.Get(); has {
|
|
cond = cond.And(builder.Eq{"is_active": value})
|
|
}
|
|
|
|
if has, value := opts.IsAdmin.Get(); has {
|
|
cond = cond.And(builder.Eq{"is_admin": value})
|
|
}
|
|
|
|
if has, value := opts.IsRestricted.Get(); has {
|
|
cond = cond.And(builder.Eq{"is_restricted": value})
|
|
}
|
|
|
|
if has, value := opts.IsProhibitLogin.Get(); has {
|
|
cond = cond.And(builder.Eq{"prohibit_login": value})
|
|
}
|
|
|
|
if has, value := opts.AccountType.Get(); has {
|
|
cond = cond.And(builder.Eq{"type": value})
|
|
}
|
|
|
|
e := db.GetEngine(ctx)
|
|
hasTwoFactor, isTwoFactorEnabled := opts.IsTwoFactorEnabled.Get()
|
|
if !hasTwoFactor {
|
|
return e.Where(cond)
|
|
}
|
|
|
|
// Check if the user has two factor enabled, which is TOTP or Webauthn.
|
|
if isTwoFactorEnabled {
|
|
cond = cond.And(builder.Expr("two_factor.uid IS NOT NULL OR webauthn_credential.user_id IS NOT NULL"))
|
|
} else {
|
|
cond = cond.And(builder.Expr("two_factor.uid IS NULL AND webauthn_credential.user_id IS NULL"))
|
|
}
|
|
|
|
return e.Join("LEFT OUTER", "two_factor", "two_factor.uid = `user`.id").
|
|
Join("LEFT OUTER", "webauthn_credential", "webauthn_credential.user_id = `user`.id").
|
|
Where(cond)
|
|
}
|
|
|
|
// SearchUsers takes options i.e. keyword and part of user name to search,
|
|
// it returns results in given range and number of total results.
|
|
func SearchUsers(ctx context.Context, opts *SearchUserOptions) (users []*User, _ int64, _ error) {
|
|
sessCount := opts.toSearchQueryBase(ctx)
|
|
defer sessCount.Close()
|
|
count, err := sessCount.Count(new(User))
|
|
if err != nil {
|
|
return nil, 0, fmt.Errorf("count: %w", err)
|
|
}
|
|
|
|
if len(opts.OrderBy) == 0 {
|
|
opts.OrderBy = db.SearchOrderByAlphabetically
|
|
}
|
|
|
|
sessQuery := opts.toSearchQueryBase(ctx).OrderBy(opts.OrderBy.String())
|
|
defer sessQuery.Close()
|
|
if opts.PageSize > 0 {
|
|
sessQuery = db.SetSessionPagination(sessQuery, opts)
|
|
}
|
|
|
|
// the sql may contain JOIN, so we must only select User related columns
|
|
sessQuery = sessQuery.Select("`user`.*")
|
|
users = make([]*User, 0, opts.PageSize)
|
|
return users, count, sessQuery.Find(&users)
|
|
}
|
|
|
|
// BuildCanSeeUserCondition creates a condition which can be used to restrict results to users/orgs the actor can see
|
|
func BuildCanSeeUserCondition(actor *User) builder.Cond {
|
|
if actor != nil {
|
|
// If Admin - they see all users!
|
|
if !actor.IsAdmin {
|
|
// Users can see an organization they are a member of
|
|
cond := builder.In("`user`.id", builder.Select("org_id").From("org_user").Where(builder.Eq{"uid": actor.ID}))
|
|
if !actor.IsRestricted {
|
|
// Not-Restricted users can see public and limited users/organizations
|
|
cond = cond.Or(builder.In("`user`.visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))
|
|
}
|
|
// Don't forget about self
|
|
return cond.Or(builder.Eq{"`user`.id": actor.ID})
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Force visibility for privacy
|
|
// Not logged in - only public users
|
|
return builder.In("`user`.visibility", structs.VisibleTypePublic)
|
|
}
|