Restricted users (#6274)

* Restricted users (#4334): initial implementation

* Add User.IsRestricted & UI to edit it

* Pass user object instead of user id to places where IsRestricted flag matters

* Restricted users: maintain access rows for all referenced repos (incl public)

* Take logged in user & IsRestricted flag into account in org/repo listings, searches and accesses

* Add basic repo access tests for restricted users

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Mention restricted users in the faq

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Revert unnecessary change `.isUserPartOfOrg` -> `.IsUserPartOfOrg`

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Remove unnecessary `org.IsOrganization()` call

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Revert to an `int64` keyed `accessMap`

* Add type `userAccess`
* Add convenience func updateUserAccess()
* Turn accessMap into a `map[int64]userAccess`

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* or even better: `map[int64]*userAccess`

* updateUserAccess(): use tighter syntax as suggested by lafriks

* even tighter

* Avoid extra loop

* Don't disclose limited orgs to unauthenticated users

* Don't assume block only applies to orgs

* Use an array of `VisibleType` for filtering

* fix yet another thinko

* Ok - no need for u

* Revert "Ok - no need for u"

This reverts commit 5c3e886aab.

Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>

models/action_test.go

@@ -33,11 +33,11 @@ func TestGetFeeds(t *testing.T) {
 	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
 
 	actions, err := GetFeeds(GetFeedsOptions{
-		RequestedUser:    user,
-		RequestingUserID: user.ID,
-		IncludePrivate:   true,
-		OnlyPerformedBy:  false,
-		IncludeDeleted:   true,
+		RequestedUser:   user,
+		Actor:           user,
+		IncludePrivate:  true,
+		OnlyPerformedBy: false,
+		IncludeDeleted:  true,
 	})
 	assert.NoError(t, err)
 	if assert.Len(t, actions, 1) {
@@ -46,10 +46,10 @@ func TestGetFeeds(t *testing.T) {
 	}
 
 	actions, err = GetFeeds(GetFeedsOptions{
-		RequestedUser:    user,
-		RequestingUserID: user.ID,
-		IncludePrivate:   false,
-		OnlyPerformedBy:  false,
+		RequestedUser:   user,
+		Actor:           user,
+		IncludePrivate:  false,
+		OnlyPerformedBy: false,
 	})
 	assert.NoError(t, err)
 	assert.Len(t, actions, 0)
@@ -59,14 +59,14 @@ func TestGetFeeds2(t *testing.T) {
 	// test with an organization user
 	assert.NoError(t, PrepareTestDatabase())
 	org := AssertExistsAndLoadBean(t, &User{ID: 3}).(*User)
-	const userID = 2 // user2 is an owner of the organization
+	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
 
 	actions, err := GetFeeds(GetFeedsOptions{
-		RequestedUser:    org,
-		RequestingUserID: userID,
-		IncludePrivate:   true,
-		OnlyPerformedBy:  false,
-		IncludeDeleted:   true,
+		RequestedUser:   org,
+		Actor:           user,
+		IncludePrivate:  true,
+		OnlyPerformedBy: false,
+		IncludeDeleted:  true,
 	})
 	assert.NoError(t, err)
 	assert.Len(t, actions, 1)
@@ -76,11 +76,11 @@ func TestGetFeeds2(t *testing.T) {
 	}
 
 	actions, err = GetFeeds(GetFeedsOptions{
-		RequestedUser:    org,
-		RequestingUserID: userID,
-		IncludePrivate:   false,
-		OnlyPerformedBy:  false,
-		IncludeDeleted:   true,
+		RequestedUser:   org,
+		Actor:           user,
+		IncludePrivate:  false,
+		OnlyPerformedBy: false,
+		IncludeDeleted:  true,
 	})
 	assert.NoError(t, err)
 	assert.Len(t, actions, 0)