Archive entire organizations.

Author: junoberryferry

models/organization/org.go

@@ -7,7 +7,9 @@ package organization
 import (
 	"context"
 	"fmt"
+	"strconv"
 	"strings"
+	"time"
 
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/perm"
@@ -592,3 +594,65 @@ func getUserTeamIDsQueryBuilder(orgID, userID int64) *builder.Builder {
 			"team_user.uid":    userID,
 		})
 }
+
+// ErrOrgIsArchived represents a "OrgIsArchived" error
+type ErrOrgIsArchived struct {
+	OrgName string
+}
+
+func (err ErrOrgIsArchived) Error() string {
+	return fmt.Sprintf("organization is archived [name: %s]", err.OrgName)
+}
+
+func (err ErrOrgIsArchived) Unwrap() error {
+	return util.ErrPermissionDenied
+}
+
+// IsArchived returns true if organization is archived
+func (org *Organization) IsArchived(ctx context.Context) bool {
+	archived, _ := user_model.GetSetting(ctx, org.ID, "org_archived")
+	return archived == "true"
+}
+
+// SetArchived sets the archived status of the organization
+func (org *Organization) SetArchived(ctx context.Context, archived bool) error {
+	archivedStr := "false"
+	if archived {
+		archivedStr = "true"
+	}
+
+	if err := user_model.SetUserSetting(ctx, org.ID, "org_archived", archivedStr); err != nil {
+		return err
+	}
+
+	if archived {
+		// Set the archived date
+		return user_model.SetUserSetting(ctx, org.ID, "org_archived_date", strconv.FormatInt(time.Now().Unix(), 10))
+	} else {
+		// Clear the archived date when unarchiving
+		return user_model.SetUserSetting(ctx, org.ID, "org_archived_date", "")
+	}
+}
+
+// GetArchivedDate returns the date when the organization was archived, or zero time if not archived
+func (org *Organization) GetArchivedDate(ctx context.Context) (time.Time, error) {
+	dateStr, err := user_model.GetSetting(ctx, org.ID, "org_archived_date")
+	if err != nil || dateStr == "" {
+		return time.Time{}, err
+	}
+
+	timestamp, err := strconv.ParseInt(dateStr, 10, 64)
+	if err != nil {
+		return time.Time{}, err
+	}
+
+	return time.Unix(timestamp, 0), nil
+}
+
+// MustNotBeArchived returns ErrOrgIsArchived if the organization is archived
+func (org *Organization) MustNotBeArchived(ctx context.Context) error {
+	if org.IsArchived(ctx) {
+		return ErrOrgIsArchived{OrgName: org.Name}
+	}
+	return nil
+}

models/repo/repo.go

@@ -312,6 +312,21 @@ func (repo *Repository) IsBroken() bool {
 	return repo.Status == RepositoryBroken
 }
 
+// IsEffectivelyArchived indicates that repository is archived either directly or through its parent organization
+func (repo *Repository) IsEffectivelyArchived(ctx context.Context) bool {
+	if repo.IsArchived {
+		return true
+	}
+
+	// Check if parent organization is archived (if repository belongs to an organization)
+	if repo.Owner != nil && repo.Owner.IsOrganization() {
+		archived, _ := user_model.GetSetting(ctx, repo.Owner.ID, "org_archived")
+		return archived == "true"
+	}
+
+	return false
+}
+
 // MarkAsBrokenEmpty marks the repo as broken and empty
 // FIXME: the status "broken" and "is_empty" were abused,
 // The code always set them together, no way to distinguish whether a repo is really "empty" or "broken"

modules/structs/org.go

@@ -15,6 +15,7 @@ type Organization struct {
 	Location                  string `json:"location"`
 	Visibility                string `json:"visibility"`
 	RepoAdminChangeTeamAccess bool   `json:"repo_admin_change_team_access"`
+	Archived                  bool   `json:"archived"`
 	// username of the organization
 	// deprecated
 	UserName string `json:"username"`
@@ -58,6 +59,7 @@ type EditOrgOption struct {
 	// enum: public,limited,private
 	Visibility                string `json:"visibility" binding:"In(,public,limited,private)"`
 	RepoAdminChangeTeamAccess *bool  `json:"repo_admin_change_team_access"`
+	Archived                  *bool  `json:"archived"`
 }
 
 // RenameOrgOption options when renaming an organization

options/locale/locale_en-US.ini

@@ -2874,6 +2874,18 @@ settings.confirm_delete_account = Confirm Deletion
 settings.delete_failed = Deleting organization failed due to an internal error
 settings.delete_successful = Organization <b>%s</b> has been deleted successfully.
 settings.hooks_desc = Add webhooks which will be triggered for <strong>all repositories</strong> under this organization.
+settings.archive = Archive
+settings.archive_this_org = Archive this organization
+settings.archive_this_org_desc = Archiving will make this organization read-only. No repositories can be created, and existing repositories cannot be pushed to.
+settings.archive_not_allowed = Only organization owners can archive organizations.
+settings.archive_org_header = Archive This Organization
+settings.archive_org_button = Archive Organization
+settings.unarchive_org_header = Unarchive This Organization
+settings.unarchive_org_button = Unarchive Organization
+
+archived_create_repo_not_allowed = Cannot create repositories in an archived organization.
+settings.archive_success = Organization has been successfully archived.
+settings.unarchive_success = Organization has been successfully unarchived.
 
 settings.labels_desc = Add labels which can be used on issues for <strong>all repositories</strong> under this organization.
 

routers/api/v1/org/org.go

@@ -386,6 +386,25 @@ func Edit(ctx *context.APIContext) {
 		}
 	}
 
+	// Handle archived field - only allow org owners to modify
+	if form.Archived != nil {
+		// Check if user is owner of the organization
+		isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
+		if err != nil {
+			ctx.APIErrorInternal(err)
+			return
+		}
+		if !isOwner && !ctx.Doer.IsAdmin {
+			ctx.APIError(http.StatusForbidden, "only organization owners and site admins can archive/unarchive organizations")
+			return
+		}
+
+		if err := ctx.Org.Organization.SetArchived(ctx, *form.Archived); err != nil {
+			ctx.APIErrorInternal(err)
+			return
+		}
+	}
+
 	opts := &user_service.UpdateOptions{
 		FullName:                  optional.Some(form.FullName),
 		Description:               optional.Some(form.Description),

routers/api/v1/repo/repo.go

@@ -510,6 +510,11 @@ func CreateOrgRepo(ctx *context.APIContext) {
 		return
 	}
 
+	if err := org.MustNotBeArchived(ctx); err != nil {
+		ctx.APIError(http.StatusForbidden, err)
+		return
+	}
+
 	if !ctx.Doer.IsAdmin {
 		canCreate, err := org.CanCreateOrgRepo(ctx, ctx.Doer.ID)
 		if err != nil {

routers/web/org/setting.go

@@ -45,6 +45,7 @@ func Settings(ctx *context.Context) {
 	ctx.Data["PageIsSettingsOptions"] = true
 	ctx.Data["CurrentVisibility"] = ctx.Org.Organization.Visibility
 	ctx.Data["RepoAdminChangeTeamAccess"] = ctx.Org.Organization.RepoAdminChangeTeamAccess
+	ctx.Data["IsArchived"] = ctx.Org.Organization.IsArchived(ctx)
 	ctx.Data["ContextUser"] = ctx.ContextUser
 
 	if _, err := shared_user.RenderUserOrgHeader(ctx); err != nil {
@@ -165,6 +166,54 @@ func SettingsDeleteOrgPost(ctx *context.Context) {
 	ctx.JSONRedirect(setting.AppSubURL + "/")
 }
 
+// SettingsArchive archives an organization
+func SettingsArchive(ctx *context.Context) {
+	if !ctx.Org.IsOwner {
+		ctx.JSONError(ctx.Tr("org.settings.archive_not_allowed"))
+		return
+	}
+
+	org := ctx.Org.Organization
+	orgName := ctx.FormString("org_name")
+
+	if orgName != org.Name {
+		ctx.JSONError(ctx.Tr("form.enterred_invalid_org_name"))
+		return
+	}
+
+	if err := org.SetArchived(ctx, true); err != nil {
+		ctx.ServerError("SetArchived", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("org.settings.archive_success"))
+	ctx.JSONRedirect(ctx.Org.OrgLink + "/settings")
+}
+
+// SettingsUnarchive unarchives an organization
+func SettingsUnarchive(ctx *context.Context) {
+	if !ctx.Org.IsOwner {
+		ctx.JSONError(ctx.Tr("org.settings.archive_not_allowed"))
+		return
+	}
+
+	org := ctx.Org.Organization
+	orgName := ctx.FormString("org_name")
+
+	if orgName != org.Name {
+		ctx.JSONError(ctx.Tr("form.enterred_invalid_org_name"))
+		return
+	}
+
+	if err := org.SetArchived(ctx, false); err != nil {
+		ctx.ServerError("SetArchived", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("org.settings.unarchive_success"))
+	ctx.JSONRedirect(ctx.Org.OrgLink + "/settings")
+}
+
 // Webhooks render webhook list page
 func Webhooks(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("org.settings")

routers/web/repo/fork.go

@@ -143,6 +143,14 @@ func ForkPost(ctx *context.Context) {
 		return
 	}
 
+	if ctxUser.IsOrganization() {
+		org := organization.OrgFromUser(ctxUser)
+		if err := org.MustNotBeArchived(ctx); err != nil {
+			ctx.JSONError(ctx.Tr("org.archived_create_repo_not_allowed"))
+			return
+		}
+	}
+
 	forkRepo := getForkRepository(ctx)
 	if ctx.Written() {
 		return

routers/web/repo/githttp.go

@@ -118,9 +118,9 @@ func httpBase(ctx *context.Context) *serviceHandler {
 		repoExist = false
 	}
 
-	// Don't allow pushing if the repo is archived
-	if repoExist && repo.IsArchived && !isPull {
-		ctx.PlainText(http.StatusForbidden, "This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.")
+	// Don't allow pushing if the repo or its organization is archived
+	if repoExist && repo.IsEffectivelyArchived(ctx) && !isPull {
+		ctx.PlainText(http.StatusForbidden, "This repository is archived. You can view files and clone it, but cannot push or open issues/pull-requests.")
 		return nil
 	}
 

routers/web/repo/release.go

@@ -165,7 +165,7 @@ func Releases(ctx *context.Context) {
 	}
 
 	writeAccess := ctx.Repo.CanWrite(unit.TypeReleases)
-	ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsArchived
+	ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsEffectivelyArchived(ctx)
 
 	releases, err := getReleaseInfos(ctx, &repo_model.FindReleasesOptions{
 		ListOptions: listOptions,
@@ -274,7 +274,7 @@ func SingleRelease(ctx *context.Context) {
 	ctx.Data["PageIsReleaseList"] = true
 
 	writeAccess := ctx.Repo.CanWrite(unit.TypeReleases)
-	ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsArchived
+	ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsEffectivelyArchived(ctx)
 
 	releases, err := getReleaseInfos(ctx, &repo_model.FindReleasesOptions{
 		ListOptions: db.ListOptions{Page: 1, PageSize: 1},