diff --git a/models/user/user.go b/models/user/user.go
index 7c871bf5751b7..449163ab0f88d 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -955,6 +955,16 @@ func UpdateUserCols(ctx context.Context, u *User, cols ...string) error {
return err
}
+// UpdateUserColsNoAutoTime update user according special columns
+func UpdateUserColsNoAutoTime(ctx context.Context, u *User, cols ...string) error {
+ if err := ValidateUser(u, cols...); err != nil {
+ return err
+ }
+
+ _, err := db.GetEngine(ctx).ID(u.ID).Cols(cols...).NoAutoTime().Update(u)
+ return err
+}
+
// GetInactiveUsers gets all inactive users
func GetInactiveUsers(ctx context.Context, olderThan time.Duration) ([]*User, error) {
cond := builder.And(
diff --git a/modules/indexer/issues/util.go b/modules/indexer/issues/util.go
index 19d835a1d80aa..7647be58e89f2 100644
--- a/modules/indexer/issues/util.go
+++ b/modules/indexer/issues/util.go
@@ -97,10 +97,14 @@ func getIssueIndexerData(ctx context.Context, issueID int64) (*internal.IndexerD
return nil, false, err
}
+ if err := issue.Repo.LoadOwner(ctx); err != nil {
+ return nil, false, fmt.Errorf("issue.Repo.LoadOwner: %w", err)
+ }
+
return &internal.IndexerData{
ID: issue.ID,
RepoID: issue.RepoID,
- IsPublic: !issue.Repo.IsPrivate,
+ IsPublic: !issue.Repo.IsPrivate && issue.Repo.Owner.Visibility.IsPublic(),
Title: issue.Title,
Content: issue.Content,
Comments: comments,
diff --git a/modules/structs/visible_type.go b/modules/structs/visible_type.go
index b5ff353b87630..45af941aa05d9 100644
--- a/modules/structs/visible_type.go
+++ b/modules/structs/visible_type.go
@@ -39,6 +39,10 @@ func (vt VisibleType) IsPrivate() bool {
return vt == VisibleTypePrivate
}
+func (vt VisibleType) IsValid() bool {
+ return vt.String() != ""
+}
+
// VisibilityString provides the mode string of the visibility type (public, limited, private)
func (vt VisibleType) String() string {
for k, v := range VisibilityModes {
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 9a2591e9eedee..0f1b894393f1e 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -2840,6 +2840,14 @@ settings.location = Location
settings.permission = Permissions
settings.repoadminchangeteam = Repository admin can add and remove access for teams
settings.visibility = Visibility
+settings.change_visibility = Change Visibility
+settings.invalid_visibility = The new visibility is not valid.
+settings.change_visibility_notices_1 = This operation CANNOT be undone.
+settings.change_visibility_notices_2 = Non-members will lose access to the organization’s repositories if visibility is changed to private.
+settings.change_visibility_no_change = You did not make any changes to visibility.
+settings.change_visibility_failed = Failed to change the visibility of %s due to an internal error.
+settings.change_visibility_success = The visibility of organization %s has been successfully changed.
+settings.visibility_desc = Change who can view the organization and its repositories.
settings.visibility.public = Public
settings.visibility.limited = Limited (Visible to authenticated users only)
settings.visibility.limited_shortname = Limited
diff --git a/routers/web/org/setting.go b/routers/web/org/setting.go
index 2bc1e8bc43388..d2965c2c3e822 100644
--- a/routers/web/org/setting.go
+++ b/routers/web/org/setting.go
@@ -17,6 +17,7 @@ import (
"code.gitea.io/gitea/modules/optional"
repo_module "code.gitea.io/gitea/modules/repository"
"code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/templates"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/web"
@@ -25,7 +26,6 @@ import (
"code.gitea.io/gitea/services/context"
"code.gitea.io/gitea/services/forms"
org_service "code.gitea.io/gitea/services/org"
- repo_service "code.gitea.io/gitea/services/repository"
user_service "code.gitea.io/gitea/services/user"
)
@@ -83,38 +83,17 @@ func SettingsPost(ctx *context.Context) {
Description: optional.Some(form.Description),
Website: optional.Some(form.Website),
Location: optional.Some(form.Location),
- Visibility: optional.Some(form.Visibility),
RepoAdminChangeTeamAccess: optional.Some(form.RepoAdminChangeTeamAccess),
}
if ctx.Doer.IsAdmin {
opts.MaxRepoCreation = optional.Some(form.MaxRepoCreation)
}
- visibilityChanged := org.Visibility != form.Visibility
-
if err := user_service.UpdateUser(ctx, org.AsUser(), opts); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
- // update forks visibility
- if visibilityChanged {
- repos, _, err := repo_model.GetUserRepositories(ctx, repo_model.SearchRepoOptions{
- Actor: org.AsUser(), Private: true, ListOptions: db.ListOptions{Page: 1, PageSize: org.NumRepos},
- })
- if err != nil {
- ctx.ServerError("GetRepositories", err)
- return
- }
- for _, repo := range repos {
- repo.OwnerName = org.Name
- if err := repo_service.UpdateRepository(ctx, repo, true); err != nil {
- ctx.ServerError("UpdateRepository", err)
- return
- }
- }
- }
-
log.Trace("Organization setting updated: %s", org.Name)
ctx.Flash.Success(ctx.Tr("org.settings.update_setting_success"))
ctx.Redirect(ctx.Org.OrgLink + "/settings")
@@ -251,3 +230,26 @@ func SettingsRenamePost(ctx *context.Context) {
ctx.Flash.Success(ctx.Tr("org.settings.rename_success", oldOrgName, newOrgName))
ctx.JSONRedirect(setting.AppSubURL + "/org/" + url.PathEscape(newOrgName) + "/settings")
}
+
+// SettingsChangeVisibilityPost response for change organization visibility
+func SettingsChangeVisibilityPost(ctx *context.Context) {
+ visibility := structs.VisibilityModes[ctx.FormString("visibility")]
+ if !visibility.IsValid() {
+ ctx.JSONError(ctx.Tr("org.settings.invalid_visibility"))
+ return
+ }
+
+ if ctx.Org.Organization.Visibility == visibility {
+ ctx.JSONError(ctx.Tr("org.settings.change_visibility_no_change"))
+ return
+ }
+
+ if err := org_service.ChangeOrganizationVisibility(ctx, ctx.Org.Organization, visibility); err != nil {
+ log.Error("ChangeOrganizationVisibility: %v", err)
+ ctx.JSONError(util.Iif(ctx.Doer.IsAdmin, err.Error(), string(ctx.Tr("org.settings.change_visibility_failed", ctx.Org.Organization.Name))))
+ return
+ }
+
+ ctx.Flash.Success(ctx.Tr("org.settings.change_visibility_success", ctx.Org.Organization.Name))
+ ctx.JSONRedirect(setting.AppSubURL + "/org/" + url.PathEscape(ctx.Org.Organization.Name) + "/settings")
+}
diff --git a/routers/web/web.go b/routers/web/web.go
index 66c3a2da0912d..b2aadeef2810a 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -966,6 +966,7 @@ func registerWebRoutes(m *web.Router) {
m.Post("/rename", web.Bind(forms.RenameOrgForm{}), org.SettingsRenamePost)
m.Post("/delete", org.SettingsDeleteOrgPost)
+ m.Post("/visibility", org.SettingsChangeVisibilityPost)
m.Group("/packages", func() {
m.Get("", org.Packages)
diff --git a/services/forms/org.go b/services/forms/org.go
index 2ac18ef25cc63..3997e1da8450e 100644
--- a/services/forms/org.go
+++ b/services/forms/org.go
@@ -41,7 +41,6 @@ type UpdateOrgSettingForm struct {
Description string `binding:"MaxSize(255)"`
Website string `binding:"ValidUrl;MaxSize(255)"`
Location string `binding:"MaxSize(50)"`
- Visibility structs.VisibleType
MaxRepoCreation int
RepoAdminChangeTeamAccess bool
}
diff --git a/services/org/org.go b/services/org/org.go
index 3d30ae21a39d3..142a643f9fccf 100644
--- a/services/org/org.go
+++ b/services/org/org.go
@@ -8,13 +8,17 @@ import (
"fmt"
actions_model "code.gitea.io/gitea/models/actions"
+ activities_model "code.gitea.io/gitea/models/activities"
"code.gitea.io/gitea/models/db"
org_model "code.gitea.io/gitea/models/organization"
packages_model "code.gitea.io/gitea/models/packages"
+ access_model "code.gitea.io/gitea/models/perm/access"
repo_model "code.gitea.io/gitea/models/repo"
secret_model "code.gitea.io/gitea/models/secret"
user_model "code.gitea.io/gitea/models/user"
+ issue_indexer "code.gitea.io/gitea/modules/indexer/issues"
"code.gitea.io/gitea/modules/storage"
+ "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/util"
repo_service "code.gitea.io/gitea/services/repository"
)
@@ -102,3 +106,70 @@ func DeleteOrganization(ctx context.Context, org *org_model.Organization, purge
return nil
}
+
+func updateOrgRepoForVisibilityChanged(ctx context.Context, repo *repo_model.Repository, makePrivate bool) error {
+ // Organization repository need to recalculate access table when visibility is changed.
+ if err := access_model.RecalculateTeamAccesses(ctx, repo, 0); err != nil {
+ return fmt.Errorf("recalculateTeamAccesses: %w", err)
+ }
+
+ if makePrivate {
+ if _, err := db.GetEngine(ctx).Where("repo_id = ?", repo.ID).Cols("is_private").Update(&activities_model.Action{
+ IsPrivate: true,
+ }); err != nil {
+ return err
+ }
+
+ if err := repo_model.ClearRepoStars(ctx, repo.ID); err != nil {
+ return err
+ }
+ }
+
+ // Create/Remove git-daemon-export-ok for git-daemon...
+ if err := repo_service.CheckDaemonExportOK(ctx, repo); err != nil {
+ return err
+ }
+
+ // If visibility is changed, we need to update the issue indexer.
+ // Since the data in the issue indexer have field to indicate if the repo is public or not.
+ // FIXME: it should check organization visibility instead of repository visibility only.
+ issue_indexer.UpdateRepoIndexer(ctx, repo.ID)
+
+ forkRepos, err := repo_model.GetRepositoriesByForkID(ctx, repo.ID)
+ if err != nil {
+ return fmt.Errorf("getRepositoriesByForkID: %w", err)
+ }
+ for i := range forkRepos {
+ if err := updateOrgRepoForVisibilityChanged(ctx, forkRepos[i], makePrivate); err != nil {
+ return fmt.Errorf("updateRepoForVisibilityChanged[%s]: %w", forkRepos[i].FullName(), err)
+ }
+ }
+ return nil
+}
+
+func ChangeOrganizationVisibility(ctx context.Context, org *org_model.Organization, visibility structs.VisibleType) error {
+ if org.Visibility == visibility {
+ return nil
+ }
+
+ org.Visibility = visibility
+ // FIXME: If it's a big forks network(forks and sub forks), the database transaction will be too long to fail.
+ return db.WithTx(ctx, func(ctx context.Context) error {
+ if err := user_model.UpdateUserColsNoAutoTime(ctx, org.AsUser(), "visibility"); err != nil {
+ return err
+ }
+
+ repos, _, err := repo_model.GetUserRepositories(ctx, repo_model.SearchRepoOptions{
+ Actor: org.AsUser(), Private: true, ListOptions: db.ListOptionsAll,
+ })
+ if err != nil {
+ return err
+ }
+ for _, repo := range repos {
+ if err := updateOrgRepoForVisibilityChanged(ctx, repo, visibility == structs.VisibleTypePrivate); err != nil {
+ return fmt.Errorf("updateOrgRepoForVisibilityChanged: %w", err)
+ }
+ }
+ return nil
+ })
+}
diff --git a/services/repository/create.go b/services/repository/create.go
index bed02e5d7e941..c415a24353894 100644
--- a/services/repository/create.go
+++ b/services/repository/create.go
@@ -469,7 +469,7 @@ func cleanupRepository(repoID int64) {
}
func updateGitRepoAfterCreate(ctx context.Context, repo *repo_model.Repository) error {
- if err := checkDaemonExportOK(ctx, repo); err != nil {
+ if err := CheckDaemonExportOK(ctx, repo); err != nil {
return fmt.Errorf("checkDaemonExportOK: %w", err)
}
diff --git a/services/repository/repository.go b/services/repository/repository.go
index e574dc6c0181d..df5462bf5aee4 100644
--- a/services/repository/repository.go
+++ b/services/repository/repository.go
@@ -142,7 +142,7 @@ func MakeRepoPublic(ctx context.Context, repo *repo_model.Repository) (err error
}
// Create/Remove git-daemon-export-ok for git-daemon...
- if err := checkDaemonExportOK(ctx, repo); err != nil {
+ if err := CheckDaemonExportOK(ctx, repo); err != nil {
return err
}
@@ -197,7 +197,7 @@ func MakeRepoPrivate(ctx context.Context, repo *repo_model.Repository) (err erro
}
// Create/Remove git-daemon-export-ok for git-daemon...
- if err := checkDaemonExportOK(ctx, repo); err != nil {
+ if err := CheckDaemonExportOK(ctx, repo); err != nil {
return err
}
@@ -243,8 +243,8 @@ func LinkedRepository(ctx context.Context, a *repo_model.Attachment) (*repo_mode
return nil, -1, nil
}
-// checkDaemonExportOK creates/removes git-daemon-export-ok for git-daemon...
-func checkDaemonExportOK(ctx context.Context, repo *repo_model.Repository) error {
+// CheckDaemonExportOK creates/removes git-daemon-export-ok for git-daemon...
+func CheckDaemonExportOK(ctx context.Context, repo *repo_model.Repository) error {
if err := repo.LoadOwner(ctx); err != nil {
return err
}
@@ -314,7 +314,7 @@ func updateRepository(ctx context.Context, repo *repo_model.Repository, visibili
}
// Create/Remove git-daemon-export-ok for git-daemon...
- if err := checkDaemonExportOK(ctx, repo); err != nil {
+ if err := CheckDaemonExportOK(ctx, repo); err != nil {
return err
}
diff --git a/templates/org/settings/options.tmpl b/templates/org/settings/options.tmpl
index d94bb4c62b2e5..f2d4ee0b28e47 100644
--- a/templates/org/settings/options.tmpl
+++ b/templates/org/settings/options.tmpl
@@ -29,29 +29,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/templates/org/settings/options_dangerzone.tmpl b/templates/org/settings/options_dangerzone.tmpl
index 01cf3fd4051dc..f761c4ea7ed3b 100644
--- a/templates/org/settings/options_dangerzone.tmpl
+++ b/templates/org/settings/options_dangerzone.tmpl
@@ -3,6 +3,16 @@
+
+
+
{{ctx.Locale.Tr "org.settings.visibility"}}
+
{{ctx.Locale.Tr "org.settings.visibility_desc"}}
+
+
+
+
+
+
{{ctx.Locale.Tr "org.settings.rename"}}
@@ -25,15 +35,55 @@
+
+
+
+
+
+ - {{ctx.Locale.Tr "org.settings.change_visibility_notices_1"}}
+ - {{ctx.Locale.Tr "org.settings.change_visibility_notices_2"}}
+
+
+
+
+
+
-
- - {{ctx.Locale.Tr "org.settings.rename_notices_1"}}
- - {{ctx.Locale.Tr "org.settings.rename_notices_2"}}
-
+
+
+ - {{ctx.Locale.Tr "org.settings.rename_notices_1"}}
+ - {{ctx.Locale.Tr "org.settings.rename_notices_2"}}
+
+