Merge branch 'access' of github.com:gogits/gogs into dev

2025-07-23 02:38:35 +00:00 · 2015-02-28 21:50:29 -05:00
parent 3a6ba39a61 f44204e944
commit b0b11fd7b1
36 changed files with 1385 additions and 1320 deletions
--- a/models/access.go
+++ b/models/access.go
@@ -5,76 +5,190 @@
 package models

 import (
-	"strings"
-	"time"
-
-	"github.com/go-xorm/xorm"
+	"fmt"
 )

-type AccessType int
+type AccessMode int

 const (
-	READABLE AccessType = iota + 1
-	WRITABLE
+	ACCESS_MODE_NONE AccessMode = iota
+	ACCESS_MODE_READ
+	ACCESS_MODE_WRITE
+	ACCESS_MODE_ADMIN
+	ACCESS_MODE_OWNER
 )

-// Access represents the accessibility of user to repository.
+// Access represents the highest access level of a user to the repository. The only access type
+// that is not in this table is the real owner of a repository. In case of an organization
+// repository, the members of the owners team are in this table.
 type Access struct {
-	Id       int64
-	UserName string     `xorm:"UNIQUE(s)"`
-	RepoName string     `xorm:"UNIQUE(s)"` // <user name>/<repo name>
-	Mode     AccessType `xorm:"UNIQUE(s)"`
-	Created  time.Time  `xorm:"CREATED"`
+	ID     int64 `xorm:"pk autoincr"`
+	UserID int64 `xorm:"UNIQUE(s)"`
+	RepoID int64 `xorm:"UNIQUE(s)"`
+	Mode   AccessMode
 }

-// AddAccess adds new access record.
-func AddAccess(access *Access) error {
-	access.UserName = strings.ToLower(access.UserName)
-	access.RepoName = strings.ToLower(access.RepoName)
-	_, err := x.Insert(access)
-	return err
+func accessLevel(e Engine, u *User, repo *Repository) (AccessMode, error) {
+	mode := ACCESS_MODE_NONE
+	if !repo.IsPrivate {
+		mode = ACCESS_MODE_READ
+	}
+
+	if u != nil {
+		if u.Id == repo.OwnerId {
+			return ACCESS_MODE_OWNER, nil
+		}
+
+		a := &Access{UserID: u.Id, RepoID: repo.Id}
+		if has, err := e.Get(a); !has || err != nil {
+			return mode, err
+		}
+		return a.Mode, nil
+	}
+
+	return mode, nil
 }

-// UpdateAccess updates access information.
-func UpdateAccess(access *Access) error {
-	access.UserName = strings.ToLower(access.UserName)
-	access.RepoName = strings.ToLower(access.RepoName)
-	_, err := x.Id(access.Id).Update(access)
-	return err
+// AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
+// user does not have access. User can be nil!
+func AccessLevel(u *User, repo *Repository) (AccessMode, error) {
+	return accessLevel(x, u, repo)
 }

-// DeleteAccess deletes access record.
-func DeleteAccess(access *Access) error {
-	_, err := x.Delete(access)
-	return err
+func hasAccess(e Engine, u *User, repo *Repository, testMode AccessMode) (bool, error) {
+	mode, err := accessLevel(e, u, repo)
+	return testMode <= mode, err
 }

-// UpdateAccess updates access information with session for rolling back.
-func UpdateAccessWithSession(sess *xorm.Session, access *Access) error {
-	if _, err := sess.Id(access.Id).Update(access); err != nil {
-		sess.Rollback()
-		return err
+// HasAccess returns true if someone has the request access level. User can be nil!
+func HasAccess(u *User, repo *Repository, testMode AccessMode) (bool, error) {
+	return hasAccess(x, u, repo, testMode)
+}
+
+// GetAccessibleRepositories finds all repositories where a user has access to,
+// besides his own.
+func (u *User) GetAccessibleRepositories() (map[*Repository]AccessMode, error) {
+	accesses := make([]*Access, 0, 10)
+	if err := x.Find(&accesses, &Access{UserID: u.Id}); err != nil {
+		return nil, err
+	}
+
+	repos := make(map[*Repository]AccessMode, len(accesses))
+	for _, access := range accesses {
+		repo, err := GetRepositoryById(access.RepoID)
+		if err != nil {
+			return nil, err
+		}
+		if err = repo.GetOwner(); err != nil {
+			return nil, err
+		} else if repo.OwnerId == u.Id {
+			continue
+		}
+		repos[repo] = access.Mode
+	}
+
+	// FIXME: should we generate an ordered list here? Random looks weird.
+	return repos, nil
+}
+
+func maxAccessMode(modes ...AccessMode) AccessMode {
+	max := ACCESS_MODE_NONE
+	for _, mode := range modes {
+		if mode > max {
+			max = mode
+		}
+	}
+	return max
+}
+
+// FIXME: do corss-comparison so reduce deletions and additions to the minimum?
+func (repo *Repository) refreshAccesses(e Engine, accessMap map[int64]AccessMode) (err error) {
+	minMode := ACCESS_MODE_READ
+	if !repo.IsPrivate {
+		minMode = ACCESS_MODE_WRITE
+	}
+
+	newAccesses := make([]Access, 0, len(accessMap))
+	for userID, mode := range accessMap {
+		if mode < minMode {
+			continue
+		}
+		newAccesses = append(newAccesses, Access{
+			UserID: userID,
+			RepoID: repo.Id,
+			Mode:   mode,
+		})
+	}
+
+	// Delete old accesses and insert new ones for repository.
+	if _, err = e.Delete(&Access{RepoID: repo.Id}); err != nil {
+		return fmt.Errorf("delete old accesses: %v", err)
+	} else if _, err = e.Insert(newAccesses); err != nil {
+		return fmt.Errorf("insert new accesses: %v", err)
 	}
 	return nil
 }

-// HasAccess returns true if someone can read or write to given repository.
-// The repoName should be in format <username>/<reponame>.
-func HasAccess(uname, repoName string, mode AccessType) (bool, error) {
-	if len(repoName) == 0 {
-		return false, nil
-	}
-	access := &Access{
-		UserName: strings.ToLower(uname),
-		RepoName: strings.ToLower(repoName),
-	}
-	has, err := x.Get(access)
+// FIXME: should be able to have read-only access.
+// Give all collaborators write access.
+func (repo *Repository) refreshCollaboratorAccesses(e Engine, accessMap map[int64]AccessMode) error {
+	collaborators, err := repo.getCollaborators(e)
 	if err != nil {
-		return false, err
-	} else if !has {
-		return false, nil
-	} else if mode > access.Mode {
-		return false, nil
+		return fmt.Errorf("getCollaborators: %v", err)
 	}
-	return true, nil
+	for _, c := range collaborators {
+		accessMap[c.Id] = ACCESS_MODE_WRITE
+	}
+	return nil
+}
+
+// recalculateTeamAccesses recalculates new accesses for teams of an organization
+// except the team whose ID is given. It is used to assign a team ID when
+// remove repository from that team.
+func (repo *Repository) recalculateTeamAccesses(e Engine, ignTeamID int64) (err error) {
+	accessMap := make(map[int64]AccessMode, 20)
+
+	if err = repo.refreshCollaboratorAccesses(e, accessMap); err != nil {
+		return fmt.Errorf("refreshCollaboratorAccesses: %v", err)
+	}
+
+	if err = repo.getOwner(e); err != nil {
+		return err
+	}
+	if repo.Owner.IsOrganization() {
+		if err = repo.Owner.getTeams(e); err != nil {
+			return err
+		}
+
+		for _, t := range repo.Owner.Teams {
+			if t.ID == ignTeamID {
+				continue
+			}
+			if t.IsOwnerTeam() {
+				t.Authorize = ACCESS_MODE_OWNER
+			}
+
+			if err = t.getMembers(e); err != nil {
+				return fmt.Errorf("getMembers '%d': %v", t.ID, err)
+			}
+			for _, m := range t.Members {
+				accessMap[m.Id] = maxAccessMode(accessMap[m.Id], t.Authorize)
+			}
+		}
+	}
+
+	return repo.refreshAccesses(e, accessMap)
+}
+
+func (repo *Repository) recalculateAccesses(e Engine) error {
+	accessMap := make(map[int64]AccessMode, 20)
+	if err := repo.refreshCollaboratorAccesses(e, accessMap); err != nil {
+		return fmt.Errorf("refreshCollaboratorAccesses: %v", err)
+	}
+	return repo.refreshAccesses(e, accessMap)
+}
+
+// RecalculateAccesses recalculates all accesses for repository.
+func (r *Repository) RecalculateAccesses() error {
+	return r.recalculateAccesses(x)
 }
--- a/models/action.go
+++ b/models/action.go
@@ -434,46 +434,58 @@ func CommitRepoAction(userId, repoUserId int64, userName, actEmail string,
 	return nil
 }

-// NewRepoAction adds new action for creating repository.
-func NewRepoAction(u *User, repo *Repository) (err error) {
-	if err = NotifyWatchers(&Action{ActUserId: u.Id, ActUserName: u.Name, ActEmail: u.Email,
-		OpType: CREATE_REPO, RepoId: repo.Id, RepoUserName: repo.Owner.Name, RepoName: repo.Name,
-		IsPrivate: repo.IsPrivate}); err != nil {
-		log.Error(4, "NotifyWatchers: %d/%s", u.Id, repo.Name)
-		return err
+func newRepoAction(e Engine, u *User, repo *Repository) (err error) {
+	if err = notifyWatchers(e, &Action{
+		ActUserId:    u.Id,
+		ActUserName:  u.Name,
+		ActEmail:     u.Email,
+		OpType:       CREATE_REPO,
+		RepoId:       repo.Id,
+		RepoUserName: repo.Owner.Name,
+		RepoName:     repo.Name,
+		IsPrivate:    repo.IsPrivate}); err != nil {
+		return fmt.Errorf("notify watchers '%d/%s'", u.Id, repo.Id)
 	}

 	log.Trace("action.NewRepoAction: %s/%s", u.Name, repo.Name)
 	return err
 }

-// TransferRepoAction adds new action for transferring repository.
-func TransferRepoAction(u, newUser *User, repo *Repository) (err error) {
+// NewRepoAction adds new action for creating repository.
+func NewRepoAction(u *User, repo *Repository) (err error) {
+	return newRepoAction(x, u, repo)
+}
+
+func transferRepoAction(e Engine, actUser, oldOwner, newOwner *User, repo *Repository) (err error) {
 	action := &Action{
-		ActUserId:    u.Id,
-		ActUserName:  u.Name,
-		ActEmail:     u.Email,
+		ActUserId:    actUser.Id,
+		ActUserName:  actUser.Name,
+		ActEmail:     actUser.Email,
 		OpType:       TRANSFER_REPO,
 		RepoId:       repo.Id,
-		RepoUserName: newUser.Name,
+		RepoUserName: newOwner.Name,
 		RepoName:     repo.Name,
 		IsPrivate:    repo.IsPrivate,
-		Content:      path.Join(repo.Owner.LowerName, repo.LowerName),
+		Content:      path.Join(oldOwner.LowerName, repo.LowerName),
 	}
-	if err = NotifyWatchers(action); err != nil {
-		log.Error(4, "NotifyWatchers: %d/%s", u.Id, repo.Name)
-		return err
+	if err = notifyWatchers(e, action); err != nil {
+		return fmt.Errorf("notify watchers '%d/%s'", actUser.Id, repo.Id)
 	}

 	// Remove watch for organization.
 	if repo.Owner.IsOrganization() {
-		if err = WatchRepo(repo.Owner.Id, repo.Id, false); err != nil {
-			log.Error(4, "WatchRepo", err)
+		if err = watchRepo(e, repo.Owner.Id, repo.Id, false); err != nil {
+			return fmt.Errorf("watch repository: %v", err)
 		}
 	}

-	log.Trace("action.TransferRepoAction: %s/%s", u.Name, repo.Name)
-	return err
+	log.Trace("action.TransferRepoAction: %s/%s", actUser.Name, repo.Name)
+	return nil
+}
+
+// TransferRepoAction adds new action for transferring repository.
+func TransferRepoAction(actUser, oldOwner, newOwner *User, repo *Repository) (err error) {
+	return transferRepoAction(x, actUser, oldOwner, newOwner, repo)
 }

 // GetFeeds returns action list of given user in given context.
--- a/models/issue.go
+++ b/models/issue.go
@@ -282,30 +282,33 @@ type IssueUser struct {
 }

 // NewIssueUserPairs adds new issue-user pairs for new issue of repository.
-func NewIssueUserPairs(rid, iid, oid, pid, aid int64, repoName string) (err error) {
-	iu := &IssueUser{IssueId: iid, RepoId: rid}
-
-	us, err := GetCollaborators(repoName)
+func NewIssueUserPairs(repo *Repository, issueID, orgID, posterID, assigneeID int64) (err error) {
+	users, err := repo.GetCollaborators()
 	if err != nil {
 		return err
 	}

+	iu := &IssueUser{
+		IssueId: issueID,
+		RepoId:  repo.Id,
+	}
+
 	isNeedAddPoster := true
-	for _, u := range us {
+	for _, u := range users {
 		iu.Uid = u.Id
-		iu.IsPoster = iu.Uid == pid
+		iu.IsPoster = iu.Uid == posterID
 		if isNeedAddPoster && iu.IsPoster {
 			isNeedAddPoster = false
 		}
-		iu.IsAssigned = iu.Uid == aid
+		iu.IsAssigned = iu.Uid == assigneeID
 		if _, err = x.Insert(iu); err != nil {
 			return err
 		}
 	}
 	if isNeedAddPoster {
-		iu.Uid = pid
+		iu.Uid = posterID
 		iu.IsPoster = true
-		iu.IsAssigned = iu.Uid == aid
+		iu.IsAssigned = iu.Uid == assigneeID
 		if _, err = x.Insert(iu); err != nil {
 			return err
 		}
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -1,12 +1,44 @@
+// Copyright 2015 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
 package migrations

 import (
-	"errors"
+	"fmt"
+	"strings"
+	"time"

+	"github.com/Unknwon/com"
 	"github.com/go-xorm/xorm"
+
+	"github.com/gogits/gogs/modules/log"
+	"github.com/gogits/gogs/modules/setting"
 )

-type migration func(*xorm.Engine) error
+const _MIN_DB_VER = 0
+
+type Migration interface {
+	Description() string
+	Migrate(*xorm.Engine) error
+}
+
+type migration struct {
+	description string
+	migrate     func(*xorm.Engine) error
+}
+
+func NewMigration(desc string, fn func(*xorm.Engine) error) Migration {
+	return &migration{desc, fn}
+}
+
+func (m *migration) Description() string {
+	return m.description
+}
+
+func (m *migration) Migrate(x *xorm.Engine) error {
+	return m.migrate(x)
+}

 // The version table. Should have only one row with id==1
 type Version struct {
@@ -15,30 +47,55 @@ type Version struct {
 }

 // This is a sequence of migrations. Add new migrations to the bottom of the list.
-// If you want to "retire" a migration, replace it with "expiredMigration"
-var migrations = []migration{}
+// If you want to "retire" a migration, remove it from the top of the list and
+// update _MIN_VER_DB accordingly
+var migrations = []Migration{
+	NewMigration("generate collaboration from access", accessToCollaboration), // V0 -> V1
+	NewMigration("make authorize 4 if team is owners", ownerTeamUpdate),       // V1 -> V2
+	NewMigration("refactor access table to use id's", accessRefactor),         // V2 -> V3
+	NewMigration("generate team-repo from team", teamToTeamRepo),              // V3 -> V4
+}

 // Migrate database to current version
 func Migrate(x *xorm.Engine) error {
 	if err := x.Sync(new(Version)); err != nil {
-		return err
+		return fmt.Errorf("sync: %v", err)
 	}

 	currentVersion := &Version{Id: 1}
 	has, err := x.Get(currentVersion)
 	if err != nil {
-		return err
+		return fmt.Errorf("get: %v", err)
 	} else if !has {
-		if _, err = x.InsertOne(currentVersion); err != nil {
+		// If the user table does not exist it is a fresh installation and we
+		// can skip all migrations.
+		needsMigration, err := x.IsTableExist("user")
+		if err != nil {
 			return err
 		}
+		if needsMigration {
+			isEmpty, err := x.IsTableEmpty("user")
+			if err != nil {
+				return err
+			}
+			// If the user table is empty it is a fresh installation and we can
+			// skip all migrations.
+			needsMigration = !isEmpty
+		}
+		if !needsMigration {
+			currentVersion.Version = int64(_MIN_DB_VER + len(migrations))
+		}
+
+		if _, err = x.InsertOne(currentVersion); err != nil {
+			return fmt.Errorf("insert: %v", err)
+		}
 	}

 	v := currentVersion.Version
-
-	for i, migration := range migrations[v:] {
-		if err = migration(x); err != nil {
-			return err
+	for i, m := range migrations[v-_MIN_DB_VER:] {
+		log.Info("Migration: %s", m.Description())
+		if err = m.Migrate(x); err != nil {
+			return fmt.Errorf("do migrate: %v", err)
 		}
 		currentVersion.Version = v + int64(i) + 1
 		if _, err = x.Id(1).Update(currentVersion); err != nil {
@@ -48,6 +105,267 @@ func Migrate(x *xorm.Engine) error {
 	return nil
 }

-func expiredMigration(x *xorm.Engine) error {
-	return errors.New("You are migrating from a too old gogs version")
+func sessionRelease(sess *xorm.Session) {
+	if !sess.IsCommitedOrRollbacked {
+		sess.Rollback()
+	}
+	sess.Close()
+}
+
+func accessToCollaboration(x *xorm.Engine) (err error) {
+	type Collaboration struct {
+		ID      int64 `xorm:"pk autoincr"`
+		RepoID  int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
+		UserID  int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
+		Created time.Time
+	}
+
+	if err = x.Sync(new(Collaboration)); err != nil {
+		return fmt.Errorf("sync: %v", err)
+	}
+
+	results, err := x.Query("SELECT u.id AS `uid`, a.repo_name AS `repo`, a.mode AS `mode`, a.created as `created` FROM `access` a JOIN `user` u ON a.user_name=u.lower_name")
+	if err != nil {
+		return err
+	}
+
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	offset := strings.Split(time.Now().String(), " ")[2]
+	for _, result := range results {
+		mode := com.StrTo(result["mode"]).MustInt64()
+		// Collaborators must have write access.
+		if mode < 2 {
+			continue
+		}
+
+		userID := com.StrTo(result["uid"]).MustInt64()
+		repoRefName := string(result["repo"])
+
+		var created time.Time
+		switch {
+		case setting.UseSQLite3:
+			created, _ = time.Parse(time.RFC3339, string(result["created"]))
+		case setting.UseMySQL:
+			created, _ = time.Parse("2006-01-02 15:04:05-0700", string(result["created"])+offset)
+		case setting.UsePostgreSQL:
+			created, _ = time.Parse("2006-01-02T15:04:05Z-0700", string(result["created"])+offset)
+		}
+
+		// find owner of repository
+		parts := strings.SplitN(repoRefName, "/", 2)
+		ownerName := parts[0]
+		repoName := parts[1]
+
+		results, err := sess.Query("SELECT u.id as `uid`, ou.uid as `memberid` FROM `user` u LEFT JOIN org_user ou ON ou.org_id=u.id WHERE u.lower_name=?", ownerName)
+		if err != nil {
+			return err
+		}
+		if len(results) < 1 {
+			continue
+		}
+
+		ownerID := com.StrTo(results[0]["uid"]).MustInt64()
+		if ownerID == userID {
+			continue
+		}
+
+		// test if user is member of owning organization
+		isMember := false
+		for _, member := range results {
+			memberID := com.StrTo(member["memberid"]).MustInt64()
+			// We can skip all cases that a user is member of the owning organization
+			if memberID == userID {
+				isMember = true
+			}
+		}
+		if isMember {
+			continue
+		}
+
+		results, err = sess.Query("SELECT id FROM `repository` WHERE owner_id=? AND lower_name=?", ownerID, repoName)
+		if err != nil {
+			return err
+		} else if len(results) < 1 {
+			continue
+		}
+
+		collaboration := &Collaboration{
+			UserID: userID,
+			RepoID: com.StrTo(results[0]["id"]).MustInt64(),
+		}
+		has, err := sess.Get(collaboration)
+		if err != nil {
+			return err
+		} else if has {
+			continue
+		}
+
+		collaboration.Created = created
+		if _, err = sess.InsertOne(collaboration); err != nil {
+			return err
+		}
+	}
+
+	return sess.Commit()
+}
+
+func ownerTeamUpdate(x *xorm.Engine) (err error) {
+	if _, err := x.Exec("UPDATE `team` SET authorize=4 WHERE lower_name=?", "owners"); err != nil {
+		return fmt.Errorf("update owner team table: %v", err)
+	}
+	return nil
+}
+
+func accessRefactor(x *xorm.Engine) (err error) {
+	type (
+		AccessMode int
+		Access     struct {
+			ID     int64 `xorm:"pk autoincr"`
+			UserID int64 `xorm:"UNIQUE(s)"`
+			RepoID int64 `xorm:"UNIQUE(s)"`
+			Mode   AccessMode
+		}
+		UserRepo struct {
+			UserID int64
+			RepoID int64
+		}
+	)
+
+	// We consiously don't start a session yet as we make only reads for now, no writes
+
+	accessMap := make(map[UserRepo]AccessMode, 50)
+
+	results, err := x.Query("SELECT r.id AS `repo_id`, r.is_private AS `is_private`, r.owner_id AS `owner_id`, u.type AS `owner_type` FROM `repository` r LEFT JOIN `user` u ON r.owner_id=u.id")
+	if err != nil {
+		return fmt.Errorf("select repositories: %v", err)
+	}
+	for _, repo := range results {
+		repoID := com.StrTo(repo["repo_id"]).MustInt64()
+		isPrivate := com.StrTo(repo["is_private"]).MustInt() > 0
+		ownerID := com.StrTo(repo["owner_id"]).MustInt64()
+		ownerIsOrganization := com.StrTo(repo["owner_type"]).MustInt() > 0
+
+		results, err := x.Query("SELECT `user_id` FROM `collaboration` WHERE repo_id=?", repoID)
+		if err != nil {
+			return fmt.Errorf("select collaborators: %v", err)
+		}
+		for _, user := range results {
+			userID := com.StrTo(user["user_id"]).MustInt64()
+			accessMap[UserRepo{userID, repoID}] = 2 // WRITE ACCESS
+		}
+
+		if !ownerIsOrganization {
+			continue
+		}
+
+		// The minimum level to add a new access record,
+		// because public repository has implicit open access.
+		minAccessLevel := AccessMode(0)
+		if !isPrivate {
+			minAccessLevel = 1
+		}
+
+		repoString := "$" + string(repo["repo_id"]) + "|"
+
+		results, err = x.Query("SELECT `id`,`authorize`,`repo_ids` FROM `team` WHERE org_id=? AND authorize>? ORDER BY `authorize` ASC", ownerID, int(minAccessLevel))
+		if err != nil {
+			return fmt.Errorf("select teams from org: %v", err)
+		}
+
+		for _, team := range results {
+			if !strings.Contains(string(team["repo_ids"]), repoString) {
+				continue
+			}
+			teamID := com.StrTo(team["id"]).MustInt64()
+			mode := AccessMode(com.StrTo(team["authorize"]).MustInt())
+
+			results, err := x.Query("SELECT `uid` FROM `team_user` WHERE team_id=?", teamID)
+			if err != nil {
+				return fmt.Errorf("select users from team: %v", err)
+			}
+			for _, user := range results {
+				userID := com.StrTo(user["user_id"]).MustInt64()
+				accessMap[UserRepo{userID, repoID}] = mode
+			}
+		}
+	}
+
+	// Drop table can't be in a session (at least not in sqlite)
+	if _, err = x.Exec("DROP TABLE `access`"); err != nil {
+		return fmt.Errorf("drop access table: %v", err)
+	}
+
+	// Now we start writing so we make a session
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	if err = sess.Sync2(new(Access)); err != nil {
+		return fmt.Errorf("sync: %v", err)
+	}
+
+	accesses := make([]*Access, 0, len(accessMap))
+	for ur, mode := range accessMap {
+		accesses = append(accesses, &Access{UserID: ur.UserID, RepoID: ur.RepoID, Mode: mode})
+	}
+
+	if _, err = sess.Insert(accesses); err != nil {
+		return fmt.Errorf("insert accesses: %v", err)
+	}
+
+	return sess.Commit()
+}
+
+func teamToTeamRepo(x *xorm.Engine) error {
+	type TeamRepo struct {
+		ID     int64 `xorm:"pk autoincr"`
+		OrgID  int64 `xorm:"INDEX"`
+		TeamID int64 `xorm:"UNIQUE(s)"`
+		RepoID int64 `xorm:"UNIQUE(s)"`
+	}
+
+	teamRepos := make([]*TeamRepo, 0, 50)
+
+	results, err := x.Query("SELECT `id`,`org_id`,`repo_ids` FROM `team`")
+	if err != nil {
+		return fmt.Errorf("select teams: %v", err)
+	}
+	for _, team := range results {
+		orgID := com.StrTo(team["org_id"]).MustInt64()
+		teamID := com.StrTo(team["id"]).MustInt64()
+
+		for _, idStr := range strings.Split(string(team["repo_ids"]), "|") {
+			repoID := com.StrTo(strings.TrimPrefix(idStr, "$")).MustInt64()
+			if repoID == 0 {
+				continue
+			}
+
+			teamRepos = append(teamRepos, &TeamRepo{
+				OrgID:  orgID,
+				TeamID: teamID,
+				RepoID: repoID,
+			})
+		}
+	}
+
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	if err = sess.Sync2(new(TeamRepo)); err != nil {
+		return fmt.Errorf("sync: %v", err)
+	} else if _, err = sess.Insert(teamRepos); err != nil {
+		return fmt.Errorf("insert team-repos: %v", err)
+	}
+
+	return sess.Commit()
 }
--- a/models/models.go
+++ b/models/models.go
@@ -12,10 +12,11 @@ import (
 	"strings"

 	_ "github.com/go-sql-driver/mysql"
+	"github.com/go-xorm/core"
 	"github.com/go-xorm/xorm"
 	_ "github.com/lib/pq"

-	// "github.com/gogits/gogs/models/migrations"
+	"github.com/gogits/gogs/models/migrations"
 	"github.com/gogits/gogs/modules/setting"
 )

@@ -23,12 +24,22 @@ import (
 type Engine interface {
 	Delete(interface{}) (int64, error)
 	Exec(string, ...interface{}) (sql.Result, error)
+	Find(interface{}, ...interface{}) error
 	Get(interface{}) (bool, error)
 	Insert(...interface{}) (int64, error)
+	InsertOne(interface{}) (int64, error)
 	Id(interface{}) *xorm.Session
+	Sql(string, ...interface{}) *xorm.Session
 	Where(string, ...interface{}) *xorm.Session
 }

+func sessionRelease(sess *xorm.Session) {
+	if !sess.IsCommitedOrRollbacked {
+		sess.Rollback()
+	}
+	sess.Close()
+}
+
 var (
 	x         *xorm.Engine
 	tables    []interface{}
@@ -39,24 +50,30 @@ var (
 	}

 	EnableSQLite3 bool
-	UseSQLite3    bool
 )

 func init() {
 	tables = append(tables,
-		new(User), new(PublicKey), new(Follow), new(Oauth2), new(AccessToken),
-		new(Repository), new(Watch), new(Star), new(Action), new(Access),
+		new(User), new(PublicKey), new(Oauth2), new(AccessToken),
+		new(Repository), new(Collaboration), new(Access),
+		new(Watch), new(Star), new(Follow), new(Action),
 		new(Issue), new(Comment), new(Attachment), new(IssueUser), new(Label), new(Milestone),
 		new(Mirror), new(Release), new(LoginSource), new(Webhook),
-		new(UpdateTask), new(HookTask), new(Team), new(OrgUser), new(TeamUser),
+		new(UpdateTask), new(HookTask),
+		new(Team), new(OrgUser), new(TeamUser), new(TeamRepo),
 		new(Notice), new(EmailAddress))
 }

 func LoadModelsConfig() {
 	sec := setting.Cfg.Section("database")
 	DbCfg.Type = sec.Key("DB_TYPE").String()
-	if DbCfg.Type == "sqlite3" {
-		UseSQLite3 = true
+	switch DbCfg.Type {
+	case "sqlite3":
+		setting.UseSQLite3 = true
+	case "mysql":
+		setting.UseMySQL = true
+	case "postgres":
+		setting.UsePostgreSQL = true
 	}
 	DbCfg.Host = sec.Key("HOST").String()
 	DbCfg.Name = sec.Key("NAME").String()
@@ -103,6 +120,7 @@ func NewTestEngine(x *xorm.Engine) (err error) {
 		return fmt.Errorf("connect to database: %v", err)
 	}

+	x.SetMapper(core.GonicMapper{})
 	return x.Sync(tables...)
 }

@@ -112,6 +130,8 @@ func SetEngine() (err error) {
 		return fmt.Errorf("connect to database: %v", err)
 	}

+	x.SetMapper(core.GonicMapper{})
+
 	// WARNING: for serv command, MUST remove the output to os.stdout,
 	// so use log file to instead print to stdout.
 	logPath := path.Join(setting.LogRootPath, "xorm.log")
@@ -136,13 +156,14 @@ func NewEngine() (err error) {
 		return err
 	}

-	// if err = migrations.Migrate(x); err != nil {
-	// 	return err
-	// }
+	if err = migrations.Migrate(x); err != nil {
+		return fmt.Errorf("migrate: %v", err)
+	}

 	if err = x.StoreEngine("InnoDB").Sync2(tables...); err != nil {
 		return fmt.Errorf("sync database struct error: %v\n", err)
 	}
+
 	return nil
 }

--- a/models/org.go
+++ b/models/org.go
--- a/models/repo.go
+++ b/models/repo.go
--- a/models/user.go
+++ b/models/user.go
@@ -231,7 +231,7 @@ func (u *User) GetOrganizations() error {

 	u.Orgs = make([]*User, len(ous))
 	for i, ou := range ous {
-		u.Orgs[i], err = GetUserById(ou.OrgId)
+		u.Orgs[i], err = GetUserById(ou.OrgID)
 		if err != nil {
 			return err
 		}
@@ -398,63 +398,7 @@ func ChangeUserName(u *User, newUserName string) (err error) {
 		return ErrUserNameIllegal
 	}

-	newUserName = strings.ToLower(newUserName)
-	if u.LowerName == newUserName {
-		// User only change letter cases.
-		return nil
-	}
-
-	// Update accesses of user.
-	accesses := make([]Access, 0, 10)
-	if err = x.Find(&accesses, &Access{UserName: u.LowerName}); err != nil {
-		return err
-	}
-
-	sess := x.NewSession()
-	defer sess.Close()
-	if err = sess.Begin(); err != nil {
-		return err
-	}
-
-	for i := range accesses {
-		accesses[i].UserName = newUserName
-		if strings.HasPrefix(accesses[i].RepoName, u.LowerName+"/") {
-			accesses[i].RepoName = strings.Replace(accesses[i].RepoName, u.LowerName, newUserName, 1)
-		}
-		if err = UpdateAccessWithSession(sess, &accesses[i]); err != nil {
-			return err
-		}
-	}
-
-	repos, err := GetRepositories(u.Id, true)
-	if err != nil {
-		return err
-	}
-	for i := range repos {
-		accesses = make([]Access, 0, 10)
-		// Update accesses of user repository.
-		if err = x.Find(&accesses, &Access{RepoName: u.LowerName + "/" + repos[i].LowerName}); err != nil {
-			return err
-		}
-
-		for j := range accesses {
-			// if the access is not the user's access (already updated above)
-			if accesses[j].UserName != u.LowerName {
-				accesses[j].RepoName = newUserName + "/" + repos[i].LowerName
-				if err = UpdateAccessWithSession(sess, &accesses[j]); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	// Change user directory name.
-	if err = os.Rename(UserPath(u.LowerName), UserPath(newUserName)); err != nil {
-		sess.Rollback()
-		return err
-	}
-
-	return sess.Commit()
+	return os.Rename(UserPath(u.LowerName), UserPath(newUserName))
 }

 // UpdateUser updates user's information.
@@ -527,7 +471,7 @@ func DeleteUser(u *User) error {
 		return err
 	}
 	// Delete all accesses.
-	if _, err = x.Delete(&Access{UserName: u.LowerName}); err != nil {
+	if _, err = x.Delete(&Access{UserID: u.Id}); err != nil {
 		return err
 	}
 	// Delete all alternative email addresses
@@ -570,8 +514,7 @@ func UserPath(userName string) string {

 func GetUserByKeyId(keyId int64) (*User, error) {
 	user := new(User)
-	rawSql := "SELECT a.* FROM `user` AS a, public_key AS b WHERE a.id = b.owner_id AND b.id=?"
-	has, err := x.Sql(rawSql, keyId).Get(user)
+	has, err := x.Sql("SELECT a.* FROM `user` AS a, public_key AS b WHERE a.id = b.owner_id AND b.id=?", keyId).Get(user)
 	if err != nil {
 		return nil, err
 	} else if !has {
@@ -580,10 +523,9 @@ func GetUserByKeyId(keyId int64) (*User, error) {
 	return user, nil
 }

-// GetUserById returns the user object by given ID if exists.
-func GetUserById(id int64) (*User, error) {
+func getUserById(e Engine, id int64) (*User, error) {
 	u := new(User)
-	has, err := x.Id(id).Get(u)
+	has, err := e.Id(id).Get(u)
 	if err != nil {
 		return nil, err
 	} else if !has {
@@ -592,6 +534,11 @@ func GetUserById(id int64) (*User, error) {
 	return u, nil
 }

+// GetUserById returns the user object by given ID if exists.
+func GetUserById(id int64) (*User, error) {
+	return getUserById(x, id)
+}
+
 // GetUserByName returns user by given name.
 func GetUserByName(name string) (*User, error) {
 	if len(name) == 0 {
@@ -913,7 +860,7 @@ func UpdateMentions(userNames []string, issueId int64) error {
 		}

 		for _, orgUser := range orgUsers {
-			tempIds = append(tempIds, orgUser.Id)
+			tempIds = append(tempIds, orgUser.ID)
 		}

 		ids = append(ids, tempIds...)