mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-06-28 04:42:24 +02:00
dc9499bdf9
- Add the ability to block a user via their profile page. - This will unstar their repositories and visa versa. - Blocked users cannot create issues or pull requests on your the doer's repositories (mind that this is not the case for organizations). - Blocked users cannot comment on the doer's opened issues or pull requests. - Blocked users cannot add reactions to doer's comments. - Blocked users cannot cause a notification trough mentioning the doer. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/540 (cherry picked from commit687d852480) (cherry picked from commit0c32a4fde5) (cherry picked from commit1791130e3c) (cherry picked from commit00f411819f) (cherry picked from commite0c039b0e8) (cherry picked from commitb5a058ef00) (cherry picked from commit5ff5460d28) (cherry picked from commit97bc6e619d)
194 lines
6.3 KiB
Go
194 lines
6.3 KiB
Go
// Copyright 2023 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package user
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"time"
|
|
|
|
_ "image/jpeg" // Needed for jpeg support
|
|
|
|
activities_model "code.gitea.io/gitea/models/activities"
|
|
asymkey_model "code.gitea.io/gitea/models/asymkey"
|
|
auth_model "code.gitea.io/gitea/models/auth"
|
|
"code.gitea.io/gitea/models/db"
|
|
git_model "code.gitea.io/gitea/models/git"
|
|
issues_model "code.gitea.io/gitea/models/issues"
|
|
"code.gitea.io/gitea/models/organization"
|
|
access_model "code.gitea.io/gitea/models/perm/access"
|
|
pull_model "code.gitea.io/gitea/models/pull"
|
|
repo_model "code.gitea.io/gitea/models/repo"
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
|
|
"xorm.io/builder"
|
|
)
|
|
|
|
// deleteUser deletes models associated to an user.
|
|
func deleteUser(ctx context.Context, u *user_model.User, purge bool) (err error) {
|
|
e := db.GetEngine(ctx)
|
|
|
|
// ***** START: Watch *****
|
|
watchedRepoIDs, err := db.FindIDs(ctx, "watch", "watch.repo_id",
|
|
builder.Eq{"watch.user_id": u.ID}.
|
|
And(builder.Neq{"watch.mode": repo_model.WatchModeDont}))
|
|
if err != nil {
|
|
return fmt.Errorf("get all watches: %w", err)
|
|
}
|
|
if err = db.DecrByIDs(ctx, watchedRepoIDs, "num_watches", new(repo_model.Repository)); err != nil {
|
|
return fmt.Errorf("decrease repository num_watches: %w", err)
|
|
}
|
|
// ***** END: Watch *****
|
|
|
|
// ***** START: Star *****
|
|
starredRepoIDs, err := db.FindIDs(ctx, "star", "star.repo_id",
|
|
builder.Eq{"star.uid": u.ID})
|
|
if err != nil {
|
|
return fmt.Errorf("get all stars: %w", err)
|
|
} else if err = db.DecrByIDs(ctx, starredRepoIDs, "num_stars", new(repo_model.Repository)); err != nil {
|
|
return fmt.Errorf("decrease repository num_stars: %w", err)
|
|
}
|
|
// ***** END: Star *****
|
|
|
|
// ***** START: Follow *****
|
|
followeeIDs, err := db.FindIDs(ctx, "follow", "follow.follow_id",
|
|
builder.Eq{"follow.user_id": u.ID})
|
|
if err != nil {
|
|
return fmt.Errorf("get all followees: %w", err)
|
|
} else if err = db.DecrByIDs(ctx, followeeIDs, "num_followers", new(user_model.User)); err != nil {
|
|
return fmt.Errorf("decrease user num_followers: %w", err)
|
|
}
|
|
|
|
followerIDs, err := db.FindIDs(ctx, "follow", "follow.user_id",
|
|
builder.Eq{"follow.follow_id": u.ID})
|
|
if err != nil {
|
|
return fmt.Errorf("get all followers: %w", err)
|
|
} else if err = db.DecrByIDs(ctx, followerIDs, "num_following", new(user_model.User)); err != nil {
|
|
return fmt.Errorf("decrease user num_following: %w", err)
|
|
}
|
|
// ***** END: Follow *****
|
|
|
|
if err = db.DeleteBeans(ctx,
|
|
&auth_model.AccessToken{UID: u.ID},
|
|
&repo_model.Collaboration{UserID: u.ID},
|
|
&access_model.Access{UserID: u.ID},
|
|
&repo_model.Watch{UserID: u.ID},
|
|
&repo_model.Star{UID: u.ID},
|
|
&user_model.Follow{UserID: u.ID},
|
|
&user_model.Follow{FollowID: u.ID},
|
|
&activities_model.Action{UserID: u.ID},
|
|
&issues_model.IssueUser{UID: u.ID},
|
|
&user_model.EmailAddress{UID: u.ID},
|
|
&user_model.UserOpenID{UID: u.ID},
|
|
&issues_model.Reaction{UserID: u.ID},
|
|
&organization.TeamUser{UID: u.ID},
|
|
&issues_model.Stopwatch{UserID: u.ID},
|
|
&user_model.Setting{UserID: u.ID},
|
|
&user_model.UserBadge{UserID: u.ID},
|
|
&pull_model.AutoMerge{DoerID: u.ID},
|
|
&pull_model.ReviewState{UserID: u.ID},
|
|
&user_model.Redirect{RedirectUserID: u.ID},
|
|
&user_model.BlockedUser{BlockID: u.ID},
|
|
&user_model.BlockedUser{UserID: u.ID},
|
|
); err != nil {
|
|
return fmt.Errorf("deleteBeans: %w", err)
|
|
}
|
|
|
|
if err := auth_model.DeleteOAuth2RelictsByUserID(ctx, u.ID); err != nil {
|
|
return err
|
|
}
|
|
|
|
if purge || (setting.Service.UserDeleteWithCommentsMaxTime != 0 &&
|
|
u.CreatedUnix.AsTime().Add(setting.Service.UserDeleteWithCommentsMaxTime).After(time.Now())) {
|
|
|
|
// Delete Comments
|
|
const batchSize = 50
|
|
for {
|
|
comments := make([]*issues_model.Comment, 0, batchSize)
|
|
if err = e.Where("type=? AND poster_id=?", issues_model.CommentTypeComment, u.ID).Limit(batchSize, 0).Find(&comments); err != nil {
|
|
return err
|
|
}
|
|
if len(comments) == 0 {
|
|
break
|
|
}
|
|
|
|
for _, comment := range comments {
|
|
if err = issues_model.DeleteComment(ctx, comment); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
|
|
// Delete Reactions
|
|
if err = issues_model.DeleteReaction(ctx, &issues_model.ReactionOptions{DoerID: u.ID}); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
// ***** START: Branch Protections *****
|
|
{
|
|
const batchSize = 50
|
|
for start := 0; ; start += batchSize {
|
|
protections := make([]*git_model.ProtectedBranch, 0, batchSize)
|
|
// @perf: We can't filter on DB side by u.ID, as those IDs are serialized as JSON strings.
|
|
// We could filter down with `WHERE repo_id IN (reposWithPushPermission(u))`,
|
|
// though that query will be quite complex and tricky to maintain (compare `getRepoAssignees()`).
|
|
// Also, as we didn't update branch protections when removing entries from `access` table,
|
|
// it's safer to iterate all protected branches.
|
|
if err = e.Limit(batchSize, start).Find(&protections); err != nil {
|
|
return fmt.Errorf("findProtectedBranches: %w", err)
|
|
}
|
|
if len(protections) == 0 {
|
|
break
|
|
}
|
|
for _, p := range protections {
|
|
if err := git_model.RemoveUserIDFromProtectedBranch(ctx, p, u.ID); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
}
|
|
// ***** END: Branch Protections *****
|
|
|
|
// ***** START: PublicKey *****
|
|
if _, err = db.DeleteByBean(ctx, &asymkey_model.PublicKey{OwnerID: u.ID}); err != nil {
|
|
return fmt.Errorf("deletePublicKeys: %w", err)
|
|
}
|
|
// ***** END: PublicKey *****
|
|
|
|
// ***** START: GPGPublicKey *****
|
|
keys, err := asymkey_model.ListGPGKeys(ctx, u.ID, db.ListOptions{})
|
|
if err != nil {
|
|
return fmt.Errorf("ListGPGKeys: %w", err)
|
|
}
|
|
// Delete GPGKeyImport(s).
|
|
for _, key := range keys {
|
|
if _, err = db.DeleteByBean(ctx, &asymkey_model.GPGKeyImport{KeyID: key.KeyID}); err != nil {
|
|
return fmt.Errorf("deleteGPGKeyImports: %w", err)
|
|
}
|
|
}
|
|
if _, err = db.DeleteByBean(ctx, &asymkey_model.GPGKey{OwnerID: u.ID}); err != nil {
|
|
return fmt.Errorf("deleteGPGKeys: %w", err)
|
|
}
|
|
// ***** END: GPGPublicKey *****
|
|
|
|
// Clear assignee.
|
|
if _, err = db.DeleteByBean(ctx, &issues_model.IssueAssignees{AssigneeID: u.ID}); err != nil {
|
|
return fmt.Errorf("clear assignee: %w", err)
|
|
}
|
|
|
|
// ***** START: ExternalLoginUser *****
|
|
if err = user_model.RemoveAllAccountLinks(ctx, u); err != nil {
|
|
return fmt.Errorf("ExternalLoginUser: %w", err)
|
|
}
|
|
// ***** END: ExternalLoginUser *****
|
|
|
|
if _, err = db.DeleteByID(ctx, u.ID, new(user_model.User)); err != nil {
|
|
return fmt.Errorf("delete: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|