Move delete deploy keys into service layer

lunny · lunny · commit f9682bf9b5c3 · 2024-10-05T13:49:23.000-07:00
diff --git a/models/asymkey/error.go b/models/asymkey/error.go
@@ -217,6 +217,7 @@ func (err ErrGPGKeyAccessDenied) Unwrap() error {
 // ErrKeyAccessDenied represents a "KeyAccessDenied" kind of error.
 type ErrKeyAccessDenied struct {
 	UserID int64
+	RepoID int64
 	KeyID  int64
 	Note   string
 }
@@ -228,8 +229,8 @@ func IsErrKeyAccessDenied(err error) bool {
 }
 
 func (err ErrKeyAccessDenied) Error() string {
-	return fmt.Sprintf("user does not have access to the key [user_id: %d, key_id: %d, note: %s]",
-		err.UserID, err.KeyID, err.Note)
+	return fmt.Sprintf("user does not have access to the key [user_id: %d, repo_id: %d, key_id: %d, note: %s]",
+		err.UserID, err.RepoID, err.KeyID, err.Note)
 }
 
 func (err ErrKeyAccessDenied) Unwrap() error {
diff --git a/models/repo.go b/models/repo.go
@@ -6,15 +6,12 @@ package models
 
 import (
 	"context"
-	"fmt"
 	"strconv"
 
 	_ "image/jpeg" // Needed for jpeg support
 
-	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
 	issues_model "code.gitea.io/gitea/models/issues"
-	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
@@ -315,48 +312,3 @@ func DoctorUserStarNum(ctx context.Context) (err error) {
 
 	return err
 }
-
-// DeleteDeployKey delete deploy keys
-func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error {
-	key, err := asymkey_model.GetDeployKeyByID(ctx, id)
-	if err != nil {
-		if asymkey_model.IsErrDeployKeyNotExist(err) {
-			return nil
-		}
-		return fmt.Errorf("GetDeployKeyByID: %w", err)
-	}
-
-	// Check if user has access to delete this key.
-	if !doer.IsAdmin {
-		repo, err := repo_model.GetRepositoryByID(ctx, key.RepoID)
-		if err != nil {
-			return fmt.Errorf("GetRepositoryByID: %w", err)
-		}
-		has, err := access_model.IsUserRepoAdmin(ctx, repo, doer)
-		if err != nil {
-			return fmt.Errorf("GetUserRepoPermission: %w", err)
-		} else if !has {
-			return asymkey_model.ErrKeyAccessDenied{
-				UserID: doer.ID,
-				KeyID:  key.ID,
-				Note:   "deploy",
-			}
-		}
-	}
-
-	if _, err := db.DeleteByID[asymkey_model.DeployKey](ctx, key.ID); err != nil {
-		return fmt.Errorf("delete deploy key [%d]: %w", key.ID, err)
-	}
-
-	// Check if this is the last reference to same key content.
-	has, err := asymkey_model.IsDeployKeyExistByKeyID(ctx, key.KeyID)
-	if err != nil {
-		return err
-	} else if !has {
-		if _, err = db.DeleteByID[asymkey_model.PublicKey](ctx, key.KeyID); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
diff --git a/services/asymkey/deploy_key.go b/services/asymkey/deploy_key.go
@@ -5,12 +5,75 @@ package asymkey
 
 import (
 	"context"
+	"fmt"
 
-	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
+	access_model "code.gitea.io/gitea/models/perm/access"
+	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 )
 
+func DeleteRepoDeployKeys(ctx context.Context, doer *user_model.User, repoID int64) (int, error) {
+	deployKeys, err := db.Find[asymkey_model.DeployKey](ctx, asymkey_model.ListDeployKeysOptions{RepoID: repoID})
+	if err != nil {
+		return 0, fmt.Errorf("listDeployKeys: %w", err)
+	}
+
+	if err := checkDeployPerm(ctx, doer, repoID, 0); err != nil {
+		return 0, err
+	}
+
+	for _, dKey := range deployKeys {
+		if err := deleteDeployKeyFromDB(ctx, doer, dKey); err != nil {
+			return 0, fmt.Errorf("deleteDeployKeys: %w", err)
+		}
+	}
+	return len(deployKeys), nil
+}
+
+// checkDeployPerm Check if user has access to delete this key.
+func checkDeployPerm(ctx context.Context, doer *user_model.User, repoID, keyID int64) error {
+	if doer.IsAdmin {
+		return nil
+	}
+	repo, err := repo_model.GetRepositoryByID(ctx, repoID)
+	if err != nil {
+		return fmt.Errorf("GetRepositoryByID: %w", err)
+	}
+	has, err := access_model.IsUserRepoAdmin(ctx, repo, doer)
+	if err != nil {
+		return fmt.Errorf("IsUserRepoAdmin: %w", err)
+	} else if !has {
+		return asymkey_model.ErrKeyAccessDenied{
+			UserID: doer.ID,
+			RepoID: repoID,
+			KeyID:  keyID,
+			Note:   "deploy",
+		}
+	}
+	return nil
+}
+
+// deleteDeployKeyFromDB delete deploy keys from database
+func deleteDeployKeyFromDB(ctx context.Context, doer *user_model.User, key *asymkey_model.DeployKey) error {
+	if _, err := db.DeleteByID[asymkey_model.DeployKey](ctx, key.ID); err != nil {
+		return fmt.Errorf("delete deploy key [%d]: %w", key.ID, err)
+	}
+
+	// Check if this is the last reference to same key content.
+	has, err := asymkey_model.IsDeployKeyExistByKeyID(ctx, key.KeyID)
+	if err != nil {
+		return err
+	} else if !has {
+		if _, err = db.DeleteByID[asymkey_model.PublicKey](ctx, key.KeyID); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 // DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.
 func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error {
 	dbCtx, committer, err := db.TxContext(ctx)
@@ -19,7 +82,19 @@ func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error
 	}
 	defer committer.Close()
 
-	if err := models.DeleteDeployKey(dbCtx, doer, id); err != nil {
+	key, err := asymkey_model.GetDeployKeyByID(ctx, id)
+	if err != nil {
+		if asymkey_model.IsErrDeployKeyNotExist(err) {
+			return nil
+		}
+		return fmt.Errorf("GetDeployKeyByID: %w", err)
+	}
+
+	if err := checkDeployPerm(ctx, doer, key.RepoID, key.ID); err != nil {
+		return err
+	}
+
+	if err := deleteDeployKeyFromDB(dbCtx, doer, key); err != nil {
 		return err
 	}
 	if err := committer.Commit(); err != nil {
diff --git a/services/repository/delete.go b/services/repository/delete.go
@@ -7,11 +7,9 @@ import (
 	"context"
 	"fmt"
 
-	"code.gitea.io/gitea/models"
 	actions_model "code.gitea.io/gitea/models/actions"
 	activities_model "code.gitea.io/gitea/models/activities"
 	admin_model "code.gitea.io/gitea/models/admin"
-	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
 	git_model "code.gitea.io/gitea/models/git"
 	issues_model "code.gitea.io/gitea/models/issues"
@@ -76,16 +74,11 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID
 	}
 
 	// Delete Deploy Keys
-	deployKeys, err := db.Find[asymkey_model.DeployKey](ctx, asymkey_model.ListDeployKeysOptions{RepoID: repoID})
+	deleted, err := asymkey_service.DeleteRepoDeployKeys(ctx, doer, repoID)
 	if err != nil {
-		return fmt.Errorf("listDeployKeys: %w", err)
-	}
-	needRewriteKeysFile := len(deployKeys) > 0
-	for _, dKey := range deployKeys {
-		if err := models.DeleteDeployKey(ctx, doer, dKey.ID); err != nil {
-			return fmt.Errorf("deleteDeployKeys: %w", err)
-		}
+		return err
 	}
+	needRewriteKeysFile := deleted > 0
 
 	if cnt, err := sess.ID(repoID).Delete(&repo_model.Repository{}); err != nil {
 		return err

Original file line number	Diff line number	Diff line change
`@@ -217,6 +217,7 @@ func (err ErrGPGKeyAccessDenied) Unwrap() error {`
`217`	`217`	`// ErrKeyAccessDenied represents a "KeyAccessDenied" kind of error.`
`218`	`218`	`type ErrKeyAccessDenied struct {`
`219`	`219`	`UserID int64`
	`220`	`+ RepoID int64`
`220`	`221`	`KeyID int64`
`221`	`222`	`Note string`
`222`	`223`	`}`
`@@ -228,8 +229,8 @@ func IsErrKeyAccessDenied(err error) bool {`
`228`	`229`	`}`
`229`	`230`
`230`	`231`	`func (err ErrKeyAccessDenied) Error() string {`
`231`		`- return fmt.Sprintf("user does not have access to the key [user_id: %d, key_id: %d, note: %s]",`
`232`		`- err.UserID, err.KeyID, err.Note)`
	`232`	`+ return fmt.Sprintf("user does not have access to the key [user_id: %d, repo_id: %d, key_id: %d, note: %s]",`
	`233`	`+ err.UserID, err.RepoID, err.KeyID, err.Note)`
`233`	`234`	`}`
`234`	`235`
`235`	`236`	`func (err ErrKeyAccessDenied) Unwrap() error {`