Merge branch 'main' of https://github.com/go-gitea/gitea into workflow-webhook-api

Author: ChristopherHX

cmd/admin_auth_ldap.go

@@ -127,6 +127,34 @@ var (
 		&cli.UintFlag{
 			Name:  "page-size",
 			Usage: "Search page size.",
+		},
+		&cli.BoolFlag{
+			Name:  "enable-groups",
+			Usage: "Enable LDAP groups",
+		},
+		&cli.StringFlag{
+			Name:  "group-search-base-dn",
+			Usage: "The LDAP base DN at which group accounts will be searched for",
+		},
+		&cli.StringFlag{
+			Name:  "group-member-attribute",
+			Usage: "Group attribute containing list of users",
+		},
+		&cli.StringFlag{
+			Name:  "group-user-attribute",
+			Usage: "User attribute listed in group",
+		},
+		&cli.StringFlag{
+			Name:  "group-filter",
+			Usage: "Verify group membership in LDAP",
+		},
+		&cli.StringFlag{
+			Name:  "group-team-map",
+			Usage: "Map LDAP groups to Organization teams",
+		},
+		&cli.BoolFlag{
+			Name:  "group-team-map-removal",
+			Usage: "Remove users from synchronized teams if user does not belong to corresponding LDAP group",
 		})
 
 	ldapSimpleAuthCLIFlags = append(commonLdapCLIFlags,
@@ -273,6 +301,27 @@ func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
 	if c.IsSet("skip-local-2fa") {
 		config.SkipLocalTwoFA = c.Bool("skip-local-2fa")
 	}
+	if c.IsSet("enable-groups") {
+		config.GroupsEnabled = c.Bool("enable-groups")
+	}
+	if c.IsSet("group-search-base-dn") {
+		config.GroupDN = c.String("group-search-base-dn")
+	}
+	if c.IsSet("group-member-attribute") {
+		config.GroupMemberUID = c.String("group-member-attribute")
+	}
+	if c.IsSet("group-user-attribute") {
+		config.UserUID = c.String("group-user-attribute")
+	}
+	if c.IsSet("group-filter") {
+		config.GroupFilter = c.String("group-filter")
+	}
+	if c.IsSet("group-team-map") {
+		config.GroupTeamMap = c.String("group-team-map")
+	}
+	if c.IsSet("group-team-map-removal") {
+		config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")
+	}
 	return nil
 }
 

cmd/admin_auth_ldap_test.go

@@ -51,6 +51,13 @@ func TestAddLdapBindDn(t *testing.T) {
 				"--attributes-in-bind",
 				"--synchronize-users",
 				"--page-size", "99",
+				"--enable-groups",
+				"--group-search-base-dn", "ou=group,dc=full-domain-bind,dc=org",
+				"--group-member-attribute", "memberUid",
+				"--group-user-attribute", "uid",
+				"--group-filter", "(|(cn=gitea_users)(cn=admins))",
+				"--group-team-map", `{"cn=my-group,cn=groups,dc=example,dc=org": {"MyGiteaOrganization": ["MyGiteaTeam1", "MyGiteaTeam2"]}}`,
+				"--group-team-map-removal",
 			},
 			source: &auth.Source{
 				Type:          auth.LDAP,
@@ -78,6 +85,13 @@ func TestAddLdapBindDn(t *testing.T) {
 					AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",
 					RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",
 					Enabled:               true,
+					GroupsEnabled:         true,
+					GroupDN:               "ou=group,dc=full-domain-bind,dc=org",
+					GroupMemberUID:        "memberUid",
+					UserUID:               "uid",
+					GroupFilter:           "(|(cn=gitea_users)(cn=admins))",
+					GroupTeamMap:          `{"cn=my-group,cn=groups,dc=example,dc=org": {"MyGiteaOrganization": ["MyGiteaTeam1", "MyGiteaTeam2"]}}`,
+					GroupTeamMapRemoval:   true,
 				},
 			},
 		},
@@ -510,6 +524,13 @@ func TestUpdateLdapBindDn(t *testing.T) {
 				"--bind-password", "secret-bind-full",
 				"--synchronize-users",
 				"--page-size", "99",
+				"--enable-groups",
+				"--group-search-base-dn", "ou=group,dc=full-domain-bind,dc=org",
+				"--group-member-attribute", "memberUid",
+				"--group-user-attribute", "uid",
+				"--group-filter", "(|(cn=gitea_users)(cn=admins))",
+				"--group-team-map", `{"cn=my-group,cn=groups,dc=example,dc=org": {"MyGiteaOrganization": ["MyGiteaTeam1", "MyGiteaTeam2"]}}`,
+				"--group-team-map-removal",
 			},
 			id: 23,
 			existingAuthSource: &auth.Source{
@@ -545,6 +566,13 @@ func TestUpdateLdapBindDn(t *testing.T) {
 					AdminFilter:           "(memberOf=cn=admin-group,ou=example,dc=full-domain-bind,dc=org)",
 					RestrictedFilter:      "(memberOf=cn=restricted-group,ou=example,dc=full-domain-bind,dc=org)",
 					Enabled:               true,
+					GroupsEnabled:         true,
+					GroupDN:               "ou=group,dc=full-domain-bind,dc=org",
+					GroupMemberUID:        "memberUid",
+					UserUID:               "uid",
+					GroupFilter:           "(|(cn=gitea_users)(cn=admins))",
+					GroupTeamMap:          `{"cn=my-group,cn=groups,dc=example,dc=org": {"MyGiteaOrganization": ["MyGiteaTeam1", "MyGiteaTeam2"]}}`,
+					GroupTeamMapRemoval:   true,
 				},
 			},
 		},

models/activities/action.go

@@ -172,7 +172,10 @@ func (a *Action) TableIndices() []*schemas.Index {
 	cuIndex := schemas.NewIndex("c_u", schemas.IndexType)
 	cuIndex.AddColumn("user_id", "is_deleted")
 
-	indices := []*schemas.Index{actUserIndex, repoIndex, cudIndex, cuIndex}
+	actUserUserIndex := schemas.NewIndex("au_c_u", schemas.IndexType)
+	actUserUserIndex.AddColumn("act_user_id", "created_unix", "user_id")
+
+	indices := []*schemas.Index{actUserIndex, repoIndex, cudIndex, cuIndex, actUserUserIndex}
 
 	return indices
 }
@@ -442,6 +445,7 @@ type GetFeedsOptions struct {
 	OnlyPerformedBy bool                   // only actions performed by requested user
 	IncludeDeleted  bool                   // include deleted actions
 	Date            string                 // the day we want activity for: YYYY-MM-DD
+	DontCount       bool                   // do counting in GetFeeds
 }
 
 // ActivityReadable return whether doer can read activities of user

models/activities/action_list.go

@@ -243,7 +243,11 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, err
 		sess := db.GetEngine(ctx).Where(cond)
 		sess = db.SetSessionPagination(sess, &opts)
 
-		count, err = sess.Desc("`action`.created_unix").FindAndCount(&actions)
+		if opts.DontCount {
+			err = sess.Desc("`action`.created_unix").Find(&actions)
+		} else {
+			count, err = sess.Desc("`action`.created_unix").FindAndCount(&actions)
+		}
 		if err != nil {
 			return nil, 0, fmt.Errorf("FindAndCount: %w", err)
 		}
@@ -257,11 +261,13 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, err
 			return nil, 0, fmt.Errorf("Find(actionsIDs): %w", err)
 		}
 
-		count, err = db.GetEngine(ctx).Where(cond).
-			Table("action").
-			Cols("`action`.id").Count()
-		if err != nil {
-			return nil, 0, fmt.Errorf("Count: %w", err)
+		if !opts.DontCount {
+			count, err = db.GetEngine(ctx).Where(cond).
+				Table("action").
+				Cols("`action`.id").Count()
+			if err != nil {
+				return nil, 0, fmt.Errorf("Count: %w", err)
+			}
 		}
 
 		if err := db.GetEngine(ctx).In("`action`.id", actionIDs).Desc("`action`.created_unix").Find(&actions); err != nil {
@@ -275,3 +281,9 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, err
 
 	return actions, count, nil
 }
+
+func CountUserFeeds(ctx context.Context, userID int64) (int64, error) {
+	return db.GetEngine(ctx).Where("user_id = ?", userID).
+		And("is_deleted = ?", false).
+		Count(&Action{})
+}

models/db/search.go

@@ -29,7 +29,3 @@ const (
 // NoConditionID means a condition to filter the records which don't match any id.
 // eg: "milestone_id=-1" means "find the items without any milestone.
 const NoConditionID int64 = -1
-
-// NonExistingID means a condition to match no result (eg: a non-existing user)
-// It doesn't use -1 or -2 because they are used as builtin users.
-const NonExistingID int64 = -1000000

models/issues/issue_search.go

@@ -27,8 +27,8 @@ type IssuesOptions struct { //nolint
 	RepoIDs            []int64 // overwrites RepoCond if the length is not 0
 	AllPublic          bool    // include also all public repositories
 	RepoCond           builder.Cond
-	AssigneeID         optional.Option[int64]
-	PosterID           optional.Option[int64]
+	AssigneeID         string // "(none)" or "(any)" or a user ID
+	PosterID           string // "(none)" or "(any)" or a user ID
 	MentionedID        int64
 	ReviewRequestedID  int64
 	ReviewedID         int64
@@ -356,26 +356,25 @@ func issuePullAccessibleRepoCond(repoIDstr string, userID int64, owner *user_mod
 	return cond
 }
 
-func applyAssigneeCondition(sess *xorm.Session, assigneeID optional.Option[int64]) {
+func applyAssigneeCondition(sess *xorm.Session, assigneeID string) {
 	// old logic: 0 is also treated as "not filtering assignee", because the "assignee" was read as FormInt64
-	if !assigneeID.Has() || assigneeID.Value() == 0 {
-		return
-	}
-	if assigneeID.Value() == db.NoConditionID {
+	if assigneeID == "(none)" {
 		sess.Where("issue.id NOT IN (SELECT issue_id FROM issue_assignees)")
-	} else {
+	} else if assigneeID == "(any)" {
+		sess.Where("issue.id IN (SELECT issue_id FROM issue_assignees)")
+	} else if assigneeIDInt64, _ := strconv.ParseInt(assigneeID, 10, 64); assigneeIDInt64 > 0 {
 		sess.Join("INNER", "issue_assignees", "issue.id = issue_assignees.issue_id").
-			And("issue_assignees.assignee_id = ?", assigneeID.Value())
+			And("issue_assignees.assignee_id = ?", assigneeIDInt64)
 	}
 }
 
-func applyPosterCondition(sess *xorm.Session, posterID optional.Option[int64]) {
-	if !posterID.Has() {
-		return
-	}
-	// poster doesn't need to support db.NoConditionID(-1), so just use the value as-is
-	if posterID.Has() {
-		sess.And("issue.poster_id=?", posterID.Value())
+func applyPosterCondition(sess *xorm.Session, posterID string) {
+	// Actually every issue has a poster.
+	// The "(none)" is for internal usage only: when doer tries to search non-existing user as poster, use "(none)" to return empty result.
+	if posterID == "(none)" {
+		sess.And("issue.poster_id=0")
+	} else if posterIDInt64, _ := strconv.ParseInt(posterID, 10, 64); posterIDInt64 > 0 {
+		sess.And("issue.poster_id=?", posterIDInt64)
 	}
 }
 

models/issues/issue_test.go

@@ -15,7 +15,6 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/optional"
 	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/stretchr/testify/assert"
@@ -155,7 +154,7 @@ func TestIssues(t *testing.T) {
 	}{
 		{
 			issues_model.IssuesOptions{
-				AssigneeID: optional.Some(int64(1)),
+				AssigneeID: "1",
 				SortType:   "oldest",
 			},
 			[]int64{1, 6},

models/migrations/migrations.go

@@ -377,6 +377,7 @@ func prepareMigrationTasks() []*migration {
 		newMigration(314, "Update OwnerID as zero for repository level action tables", v1_24.UpdateOwnerIDOfRepoLevelActionsTables),
 		newMigration(315, "Add Ephemeral to ActionRunner", v1_24.AddEphemeralToActionRunner),
 		newMigration(316, "Add description for secrets and variables", v1_24.AddDescriptionForSecretsAndVariables),
+		newMigration(317, "Add new index for action for heatmap", v1_24.AddNewIndexForUserDashboard),
 	}
 	return preparedMigrations
 }

models/migrations/v1_24/v317.go

@@ -0,0 +1,56 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_24 //nolint
+
+import (
+	"code.gitea.io/gitea/modules/timeutil"
+
+	"xorm.io/xorm"
+	"xorm.io/xorm/schemas"
+)
+
+type improveActionTableIndicesAction struct {
+	ID          int64 `xorm:"pk autoincr"`
+	UserID      int64 `xorm:"INDEX"` // Receiver user id.
+	OpType      int
+	ActUserID   int64 // Action user id.
+	RepoID      int64
+	CommentID   int64 `xorm:"INDEX"`
+	IsDeleted   bool  `xorm:"NOT NULL DEFAULT false"`
+	RefName     string
+	IsPrivate   bool               `xorm:"NOT NULL DEFAULT false"`
+	Content     string             `xorm:"TEXT"`
+	CreatedUnix timeutil.TimeStamp `xorm:"created"`
+}
+
+// TableName sets the name of this table
+func (*improveActionTableIndicesAction) TableName() string {
+	return "action"
+}
+
+// TableIndices implements xorm's TableIndices interface
+func (a *improveActionTableIndicesAction) TableIndices() []*schemas.Index {
+	repoIndex := schemas.NewIndex("r_u_d", schemas.IndexType)
+	repoIndex.AddColumn("repo_id", "user_id", "is_deleted")
+
+	actUserIndex := schemas.NewIndex("au_r_c_u_d", schemas.IndexType)
+	actUserIndex.AddColumn("act_user_id", "repo_id", "created_unix", "user_id", "is_deleted")
+
+	cudIndex := schemas.NewIndex("c_u_d", schemas.IndexType)
+	cudIndex.AddColumn("created_unix", "user_id", "is_deleted")
+
+	cuIndex := schemas.NewIndex("c_u", schemas.IndexType)
+	cuIndex.AddColumn("user_id", "is_deleted")
+
+	actUserUserIndex := schemas.NewIndex("au_c_u", schemas.IndexType)
+	actUserUserIndex.AddColumn("act_user_id", "created_unix", "user_id")
+
+	indices := []*schemas.Index{actUserIndex, repoIndex, cudIndex, cuIndex, actUserUserIndex}
+
+	return indices
+}
+
+func AddNewIndexForUserDashboard(x *xorm.Engine) error {
+	return x.Sync(new(improveActionTableIndicesAction))
+}

models/repo/repo.go

@@ -215,12 +215,24 @@ func init() {
 	db.RegisterModel(new(Repository))
 }
 
-func (repo *Repository) GetName() string {
-	return repo.Name
+func RelativePath(ownerName, repoName string) string {
+	return strings.ToLower(ownerName) + "/" + strings.ToLower(repoName) + ".git"
 }
 
-func (repo *Repository) GetOwnerName() string {
-	return repo.OwnerName
+// RelativePath should be an unix style path like username/reponame.git
+func (repo *Repository) RelativePath() string {
+	return RelativePath(repo.OwnerName, repo.Name)
+}
+
+type StorageRepo string
+
+// RelativePath should be an unix style path like username/reponame.git
+func (sr StorageRepo) RelativePath() string {
+	return string(sr)
+}
+
+func (repo *Repository) WikiStorageRepo() StorageRepo {
+	return StorageRepo(strings.ToLower(repo.OwnerName) + "/" + strings.ToLower(repo.Name) + ".wiki.git")
 }
 
 // SanitizedOriginalURL returns a sanitized OriginalURL