Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure DeleteUser is not allowed to Delete Orgs and visa versa #10134

Merged
merged 5 commits into from
Feb 4, 2020
Merged

Ensure DeleteUser is not allowed to Delete Orgs and visa versa #10134

merged 5 commits into from
Feb 4, 2020

Conversation

6543
Copy link
Member

@6543 6543 commented Feb 4, 2020

as title (extend/come up in #10125)

@6543 6543 requested a review from lunny February 4, 2020 05:19
@6543 6543 mentioned this pull request Feb 4, 2020
Merged
@codecov-io
Copy link

codecov-io commented Feb 4, 2020
edited

Codecov Report

Merging #10134 into master will increase coverage by <.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #10134      +/-   ##
==========================================
+ Coverage   43.39%    43.4%   +<.01%     
==========================================
  Files         576      576              
  Lines       79624    79628       +4     
==========================================
+ Hits        34553    34559       +6     
+ Misses      40792    40789       -3     
- Partials     4279     4280       +1
Impacted Files Coverage Δ
models/user.go 49.37% <100%> (+0.12%) ⬆️
models/org.go 70.32% <100%> (-0.46%) ⬇️
modules/queue/unique_queue_disk_channel.go 54.48% <0%> (+1.92%) ⬆️
models/unit.go 39.5% <0%> (+2.46%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b3c72a7...4de84c0. Read the comment docs.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 4, 2020
adelowo
adelowo approved these changes Feb 4, 2020
View reviewed changes
Copy link
Member

@adelowo adelowo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will be nice to add a test for this though.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Feb 4, 2020
@adelowo
Copy link
Member

adelowo commented Feb 4, 2020
edited

Do we want to add the reverse? Make sure regular users cannot be deleted from DeleteOrganization

gitea/models/org.go

Lines 257 to 275 in b3c72a7

// DeleteOrganization completely and permanently deletes everything of organization.
func DeleteOrganization(org *User) (err error) {
sess := x.NewSession()
defer sess.Close()
if err = sess.Begin(); err != nil {
return err
}
if err = deleteOrg(sess, org); err != nil {
if IsErrUserOwnRepos(err) {
return err
} else if err != nil {
return fmt.Errorf("deleteOrg: %v", err)
}
}
return sess.Commit()
}

@6543 6543 changed the title DeleteUser is not allowed to Delete Orgs DeleteUser is not allowed to Delete Orgs and visa versa Feb 4, 2020
guillep2k
guillep2k reviewed Feb 4, 2020
View reviewed changes
Copy link
Member

@guillep2k guillep2k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will keep the check at routers/api/v1/admin/user.go:231 ?

@6543
Copy link
Member Author

6543 commented Feb 4, 2020
edited

Will keep the check at routers/api/v1/admin/user.go:231 ?

@guillep2k
would say yes -> normal error is 500 and with check it returns 422 in this case ...

@6543
Copy link
Member Author

6543 commented Feb 4, 2020

@adelowo looks like DeleteOrg had already a check ..
I remove redundancy (deleteOrg is only used in DeleteOrganization) ...
@guillep2k I also moved tests to UnitTests

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 4, 2020
bagasme
bagasme reviewed Feb 4, 2020
View reviewed changes
models/org.go Outdated Show resolved Hide resolved
@zeripath zeripath added this to the 1.12.0 milestone Feb 4, 2020
@zeripath zeripath changed the title DeleteUser is not allowed to Delete Orgs and visa versa Ensure DeleteUser is not allowed to Delete Orgs and visa versa Feb 4, 2020
@6543
Copy link
Member Author

6543 commented Feb 4, 2020

ready to merge 🚀

@lafriks lafriks merged commit d4096ab into go-gitea:master Feb 4, 2020
@6543 6543 deleted the add-check-on-delUser branch February 4, 2020 15:11
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zeripath zeripath zeripath left review comments

@bagasme bagasme bagasme left review comments

@lunny lunny lunny approved these changes

@lafriks lafriks lafriks approved these changes

@adelowo adelowo adelowo approved these changes

@guillep2k guillep2k guillep2k approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Milestone
1.12.0
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@6543 @codecov-io @adelowo @lunny @lafriks @zeripath @guillep2k @bagasme @GiteaBot