113 lines
2.9 KiB
Go
113 lines
2.9 KiB
Go
// Copyright 2020 Drone IO, Inc.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package transfer
|
|
|
|
import (
|
|
"context"
|
|
"runtime/debug"
|
|
|
|
"github.com/drone/drone/core"
|
|
|
|
"github.com/hashicorp/go-multierror"
|
|
"github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// Transferer handles transfering repository ownership from one
|
|
// user to another user account.
|
|
type Transferer struct {
|
|
Repos core.RepositoryStore
|
|
Perms core.PermStore
|
|
}
|
|
|
|
// New returns a new repository transfer service.
|
|
func New(repos core.RepositoryStore, perms core.PermStore) core.Transferer {
|
|
return &Transferer{
|
|
Repos: repos,
|
|
Perms: perms,
|
|
}
|
|
}
|
|
|
|
// Transfer transfers all repositories owned by the specified user
|
|
// to an alternate account with sufficient admin permissions.
|
|
func (t *Transferer) Transfer(ctx context.Context, user *core.User) error {
|
|
defer func() {
|
|
// taking the paranoid approach to recover from
|
|
// a panic that should absolutely never happen.
|
|
if r := recover(); r != nil {
|
|
logrus.Errorf("transferer: unexpected panic: %s", r)
|
|
debug.PrintStack()
|
|
}
|
|
}()
|
|
|
|
repos, err := t.Repos.List(ctx, user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
var result error
|
|
for _, repo := range repos {
|
|
// only transfer repository ownership if the deactivated
|
|
// user owns the repository.
|
|
if repo.UserID != user.ID {
|
|
continue
|
|
}
|
|
|
|
members, err := t.Perms.List(ctx, repo.UID)
|
|
if err != nil {
|
|
result = multierror.Append(result, err)
|
|
continue
|
|
}
|
|
|
|
var admin int64
|
|
for _, member := range members {
|
|
// only transfer the repository to an admin user
|
|
// that is not equal to the deactivated user.
|
|
if repo.UserID == member.UserID {
|
|
continue
|
|
}
|
|
if member.Admin {
|
|
admin = member.UserID
|
|
break
|
|
}
|
|
}
|
|
|
|
if admin == 0 {
|
|
logrus.
|
|
WithField("repo.id", repo.ID).
|
|
WithField("repo.namespace", repo.Namespace).
|
|
WithField("repo.name", repo.Name).
|
|
Traceln("repository disabled")
|
|
} else {
|
|
logrus.
|
|
WithField("repo.id", repo.ID).
|
|
WithField("repo.namespace", repo.Namespace).
|
|
WithField("repo.name", repo.Name).
|
|
WithField("old.user.id", repo.UserID).
|
|
WithField("new.user.id", admin).
|
|
Traceln("repository owner re-assigned")
|
|
}
|
|
|
|
// if no alternate user was found the repository id
|
|
// is reset to the zero value, indicating the repository
|
|
// has no owner.
|
|
repo.UserID = admin
|
|
err = t.Repos.Update(ctx, repo)
|
|
if err != nil {
|
|
result = multierror.Append(result, err)
|
|
}
|
|
}
|
|
|
|
return result
|
|
}
|