Support user secrets (#2126)

Author: qwerty287

Makefile

@@ -139,7 +139,7 @@ ui-dependencies: ## Install UI dependencies
 .PHONY: lint
 lint: install-tools ## Lint code
 	@echo "Running golangci-lint"
-	golangci-lint run --timeout 10m
+	golangci-lint run --timeout 15m
 	@echo "Running zerolog linter"
 	lint github.com/woodpecker-ci/woodpecker/cmd/agent
 	lint github.com/woodpecker-ci/woodpecker/cmd/cli

cmd/server/docs/docs.go

@@ -91,12 +91,15 @@ func GetOrgPermissions(c *gin.Context) {
 		return
 	}
 
-	if (org.IsUser && org.Name == user.Login) || user.Admin {
+	if (org.IsUser && org.Name == user.Login) || (user.Admin && !org.IsUser) {
 		c.JSON(http.StatusOK, &model.OrgPerm{
 			Member: true,
 			Admin:  true,
 		})
 		return
+	} else if org.IsUser {
+		c.JSON(http.StatusOK, &model.OrgPerm{})
+		return
 	}
 
 	perm, err := server.Config.Services.Membership.Get(c, user, org.Name)

server/api/org.go

@@ -64,6 +64,9 @@ type User struct {
 
 	// Hash is a unique token used to sign tokens.
 	Hash string `json:"-" xorm:"UNIQUE varchar(500) 'user_hash'"`
+
+	// OrgID is the of the user as model.Org.
+	OrgID int64 `json:"org_id" xorm:"user_org_id"`
 } //	@name User
 
 // TableName return database table name for xorm

server/model/user.go

@@ -23,7 +23,7 @@ import (
 )
 
 func TestGetPipelineQueue(t *testing.T) {
-	store, closer := newTestStore(t, new(model.Repo), new(model.User), new(model.Perm), new(model.Pipeline))
+	store, closer := newTestStore(t, new(model.Repo), new(model.User), new(model.Perm), new(model.Pipeline), new(model.Org))
 	defer closer()
 
 	user := &model.User{
@@ -64,7 +64,7 @@ func TestGetPipelineQueue(t *testing.T) {
 }
 
 func TestUserFeed(t *testing.T) {
-	store, closer := newTestStore(t, new(model.Repo), new(model.User), new(model.Perm), new(model.Pipeline))
+	store, closer := newTestStore(t, new(model.Repo), new(model.User), new(model.Perm), new(model.Pipeline), new(model.Org))
 	defer closer()
 
 	user := &model.User{
@@ -115,7 +115,7 @@ func TestUserFeed(t *testing.T) {
 }
 
 func TestRepoListLatest(t *testing.T) {
-	store, closer := newTestStore(t, new(model.Repo), new(model.User), new(model.Perm), new(model.Pipeline))
+	store, closer := newTestStore(t, new(model.Repo), new(model.User), new(model.Perm), new(model.Pipeline), new(model.Org))
 	defer closer()
 
 	user := &model.User{

server/store/datastore/feed_test.go

@@ -0,0 +1,61 @@
+// Copyright 2022 Woodpecker Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package migration
+
+import (
+	"fmt"
+
+	"xorm.io/xorm"
+
+	"github.com/woodpecker-ci/woodpecker/server/model"
+)
+
+var addOrgID = task{
+	name:     "add-org-id",
+	required: true,
+	fn: func(sess *xorm.Session) error {
+		if err := sess.Sync(new(model.User)); err != nil {
+			return fmt.Errorf("sync new models failed: %w", err)
+		}
+
+		// get all users
+		var users []*model.User
+		if err := sess.Find(&users); err != nil {
+			return fmt.Errorf("find all repos failed: %w", err)
+		}
+
+		for _, user := range users {
+			org := &model.Org{}
+			has, err := sess.Where("name = ?", user.Login).Get(org)
+			if err != nil {
+				return fmt.Errorf("getting org failed: %w", err)
+			} else if !has {
+				org = &model.Org{
+					Name:   user.Login,
+					IsUser: true,
+				}
+				if _, err := sess.Insert(org); err != nil {
+					return fmt.Errorf("inserting org failed: %w", err)
+				}
+			}
+			user.OrgID = org.ID
+			if _, err := sess.Cols("user_org_id").Update(user); err != nil {
+				return fmt.Errorf("updating user failed: %w", err)
+			}
+		}
+
+		return dropTableColumns(sess, "secrets", "secret_owner")
+	},
+}

server/store/datastore/migration/022_add_org_id.go

@@ -54,6 +54,7 @@ var migrationTasks = []*task{
 	&migrateLogs2LogEntries,
 	&parentStepsToWorkflows,
 	&addOrgs,
+	&addOrgID,
 }
 
 var allBeans = []interface{}{

server/store/datastore/migration/migration.go

@@ -18,13 +18,18 @@ import (
 	"strings"
 
 	"github.com/woodpecker-ci/woodpecker/server/model"
+	"xorm.io/xorm"
 )
 
 func (s storage) OrgCreate(org *model.Org) error {
+	return s.orgCreate(org, s.engine.NewSession())
+}
+
+func (s storage) orgCreate(org *model.Org, sess *xorm.Session) error {
 	// sanitize
 	org.Name = strings.ToLower(org.Name)
 	// insert
-	_, err := s.engine.Insert(org)
+	_, err := sess.Insert(org)
 	return err
 }
 

server/store/datastore/org.go

@@ -140,7 +140,7 @@ func TestRepos(t *testing.T) {
 }
 
 func TestRepoList(t *testing.T) {
-	store, closer := newTestStore(t, new(model.Repo), new(model.User), new(model.Perm))
+	store, closer := newTestStore(t, new(model.Repo), new(model.User), new(model.Perm), new(model.Org))
 	defer closer()
 
 	user := &model.User{
@@ -196,7 +196,7 @@ func TestRepoList(t *testing.T) {
 }
 
 func TestOwnedRepoList(t *testing.T) {
-	store, closer := newTestStore(t, new(model.Repo), new(model.User), new(model.Perm))
+	store, closer := newTestStore(t, new(model.Repo), new(model.User), new(model.Perm), new(model.Org))
 	defer closer()
 
 	user := &model.User{

server/store/datastore/repo_test.go

@@ -53,8 +53,18 @@ func (s storage) GetUserCount() (int64, error) {
 }
 
 func (s storage) CreateUser(user *model.User) error {
+	sess := s.engine.NewSession()
+	org := &model.Org{
+		Name:   user.Login,
+		IsUser: true,
+	}
+	err := s.orgCreate(org, sess)
+	if err != nil {
+		return err
+	}
+	user.OrgID = org.ID
 	// only Insert set auto created ID back to object
-	_, err := s.engine.Insert(user)
+	_, err = sess.Insert(user)
 	return err
 }