hide issues from org private repos w/o team assignment

[daviian]

targets #4029

hides private organization repository issues from users that have no access to them.

[jonasfranz]

Why did you remove the IsPrivate: false part?

[jonasfranz]

[13:16] lunny: JonasFranz because bool has default value false, Don’t know it means false or null
[13:16] lunny: Sess.Get has the same behavior
[13:16] JonasFranz: Okay, so we need to check it afterwards?

Since it is not supported to use bools in xorm, I propose to add an check if IsPrivate is set right:

assert.False(t, repo1.IsPrivate)

or

assert.True(t, repo1.IsPrivate)

[daviian]

I changed it such that it really loads the expected repository. The resulting repository is the same, just an assurance.
That's applicable to the other changes in access_test.go too.

[jonasfranz]

But it would be good to check that the repository is really private/public a comment does not ensure that.

[daviian]

I can add it of course, just think that it's nothing that adds value since its predefined by the fixtures anyway.

[jonasfranz]

Why did you remove the IsPrivate: true part?

[jonasfranz]

Why did you remove the IsPrivate: true part?

[jonasfranz]

Why did you remove the IsPrivate: false part?

[jonasfranz]

Check is_private = 0 first

[jonasfranz]

Please use assert.Len instead

[jonasfranz]

Drone ci is failing.

[jonasfranz]

The second parameter should be the expected value and the third the actual value. (See https://godoc.org/github.com/stretchr/testify/assert#Equal)

[jonasfranz]

The second parameter should be the expected value and the third the actual value. (See https://godoc.org/github.com/stretchr/testify/assert#Equal)

[codecov-io]

Codecov Report

Merging #4034 into master will increase coverage by 0.08%.
The diff coverage is 29.24%.

@@            Coverage Diff             @@
##           master    #4034      +/-   ##
==========================================
+ Coverage      20%   20.09%   +0.08%     
==========================================
  Files         153      153              
  Lines       30620    30660      +40     
==========================================
+ Hits         6127     6160      +33     
+ Misses      23565    23558       -7     
- Partials      928      942      +14

Impacted Files	Coverage Δ
models/repo.go	18.4% <0%> (+0.61%)	⬆️
models/models.go	33.33% <100%> (+0.28%)	⬆️
models/user.go	22.33% <33.33%> (+0.73%)	⬆️
routers/user/home.go	24.92% <40%> (ø)	⬆️
models/notification.go	66.84% <42.85%> (-0.95%)	⬇️
models/org_team.go	47.22% <5%> (-3.01%)	⬇️
models/repo_watch.go	61.62% <50%> (-1.89%)	⬇️
models/org.go	68.18% <69.23%> (-0.04%)	⬇️
modules/process/manager.go	69.56% <0%> (-4.35%)	⬇️
models/topic.go	54.12% <0%> (-0.58%)	⬇️
... and 2 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 46d19c4...f5a3465. Read the comment docs.

[jonasfranz]

Please change it to:

repository.is_private = 0 OR (team_user.team_id = team_repo.team_id AND repository.id = team_repo.repo_id)

[daviian]

Problem with this is that it's not necessarily 0 if it is not private, because it could also be null
Also integration tests with pgsql fail on my pc

[jonasfranz]

Please remove , true since it is not used anymore

[daviian]

Actually it is used. It's not possible to write != 0 because it doesn't work on all databases. You will see that pgsql fails if we use that.

[jonasfranz]

This may be out of scope for this PR but if I create a team with permissions for Wiki only for example, the issues of the repository are shown in the issue list of the team members. But they shouldn't see them.

[lunny]

LGTM

[lunny]

As @JonasFranzDEV said, team unit permissions are also need to be checked.

[daviian]

@lunny @JonasFranzDEV Do you want me to make a more or less dirty fix by iterating over the selected repo ID's and check the unittype or do you favor a more solid solution by moving out the UnitType json into a new team_unit table?

[lafriks]

I would prefer team_unit table but than it can not be backported

[daviian]

@lafriks I could backport the quick'n'dirty solution anyway ;-)

[lafriks]

@daviian it is not so critical bug to be worth it imho

[daviian]

Can you mark this PR as WIP? There is one thing missing I've not implemented yet.

TODO

• Migrate team unit types into new team_unit table
• Filter Issues by team access and unit type
• Don't notify users about certain actions that lack the required unit type.
• Remove link to issue in actions on dashboard if user is not allowed to access

[daviian]

@lafriks There's one open issue though. What happens to existing actions on the dashboard that are linked to unallowed issues because of a change in the units afterwards?

[jonasfranz]

conflicted but otherwise LGTM

[lafriks]

@daviian please rebase and resolve conflicts

[axifive]

@daviian, Please use v69 migration name for conflict resolving. Because I already resolved #4258 with v68

[daviian]

@axifive Sry, didn't read your comment before rebasing.

[axifive]

@daviian, just wanted to warn against double rebase