Merge remote-tracking branch 'github/feature-activitypub' into feature-activitypub

2022-06-15 10:56:14 -05:00 · 2022-06-15 10:56:14 -05:00 · e5ed91d986
parent f48115f5f0 46b344ca3e
commit e5ed91d986
35 changed files with 949 additions and 936 deletions
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@ -37,10 +37,10 @@ var CmdRestoreRepository = cli.Command{
 			Value: "",
 			Usage: "Restore destination repository name",
 		},
-		cli.StringFlag{
+		cli.StringSliceFlag{
 			Name:  "units",
-			Value: "",
-			Usage: `Which items will be restored, one or more units should be separated as comma.
+			Value: nil,
+			Usage: `Which items will be restored, one or more units should be repeated with this flag.
 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
 		},
 		cli.BoolFlag{
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -2125,7 +2125,7 @@ PATH =
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; The first locale will be used as the default if user browser's language doesn't match any locale in the list.
 ;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
-;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,Português de Portugal,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,ελληνικά,فارسی,magyar nyelv,bahasa Indonesia,മലയാളം
+;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@ -631,7 +631,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type
  - Built-in networks:
    - `loopback`: 127.0.0.0/8 for IPv4 and ::1/128 for IPv6, localhost is included.
    - `private`: RFC 1918 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and RFC 4193 (FC00::/7). Also called LAN/Intranet.
-    - `external`: A valid non-private unicast IP, you can access all hosts on public internet. 
+    - `external`: A valid non-private unicast IP, you can access all hosts on public internet.
    - `*`: All hosts are allowed.
  - CIDR list: `1.2.3.0/8` for IPv4 and `2001:db8::/32` for IPv6
  - Wildcard hosts: `*.mydomain.com`, `192.168.100.*`
@ -763,7 +763,7 @@ Default templates for project boards:
 - `STACKTRACE_LEVEL`: **None**: Default log level at which to log create stack traces. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
 - `ENABLE_SSH_LOG`: **false**: save ssh log to log file
 - `ENABLE_XORM_LOG`: **true**: Set whether to perform XORM logging. Please note SQL statement logging can be disabled by setting `LOG_SQL` to false in the `[database]` section.
- 
+
 ### Router Log (`log`)
 - `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
 - `ROUTER`: **console**: The mode or name of the log the router should log to. (If you set this to `,` it will log to default Gitea logger.)
@ -998,9 +998,9 @@ Default templates for project boards:

 ## i18n (`i18n`)

- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN**:
+- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN**:
     List of locales shown in language selector. The first locale will be used as the default if user browser's language doesn't match any locale in the list.
- `NAMES`: **English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,日本語,español,português do Brasil,Português de Portugal,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,ελληνικά,فارسی,magyar nyelv,bahasa Indonesia,മലയാളം**: Visible names corresponding to the locales
+- `NAMES`: **English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം**: Visible names corresponding to the locales

 ## U2F (`U2F`) **DEPRECATED**
 - `APP_ID`: **`ROOT_URL`**: Declares the facet of the application which is used for authentication of previously registered U2F keys. Requires HTTPS.
--- a/models/db/context.go
+++ b/models/db/context.go
@ -32,7 +32,7 @@ type Context struct {
 	e Engine
 }

-// WithEngine returns a db.Context from a context.Context and db.Engine
+// WithEngine returns a Context from a context.Context and Engine
 func WithEngine(ctx context.Context, e Engine) *Context {
 	return &Context{
 		Context: ctx,
--- a/models/db/engine_test.go
+++ b/models/db/engine_test.go
@ -0,0 +1,56 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package db_test
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models/db"
+	issues_model "code.gitea.io/gitea/models/issues"
+	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDumpDatabase(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	dir, err := os.MkdirTemp(os.TempDir(), "dump")
+	assert.NoError(t, err)
+
+	type Version struct {
+		ID      int64 `xorm:"pk autoincr"`
+		Version int64
+	}
+	assert.NoError(t, db.GetEngine(db.DefaultContext).Sync2(new(Version)))
+
+	for _, dbType := range setting.SupportedDatabaseTypes {
+		assert.NoError(t, db.DumpDatabase(filepath.Join(dir, dbType+".sql"), dbType))
+	}
+}
+
+func TestDeleteOrphanedObjects(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	countBefore, err := db.GetEngine(db.DefaultContext).Count(&issues_model.PullRequest{})
+	assert.NoError(t, err)
+
+	_, err = db.GetEngine(db.DefaultContext).Insert(&issues_model.PullRequest{IssueID: 1000}, &issues_model.PullRequest{IssueID: 1001}, &issues_model.PullRequest{IssueID: 1003})
+	assert.NoError(t, err)
+
+	orphaned, err := db.CountOrphanedObjects("pull_request", "issue", "pull_request.issue_id=issue.id")
+	assert.NoError(t, err)
+	assert.EqualValues(t, 3, orphaned)
+
+	err = db.DeleteOrphanedObjects("pull_request", "issue", "pull_request.issue_id=issue.id")
+	assert.NoError(t, err)
+
+	countAfter, err := db.GetEngine(db.DefaultContext).Count(&issues_model.PullRequest{})
+	assert.NoError(t, err)
+	assert.EqualValues(t, countBefore, countAfter)
+}
--- a/models/db/main_test.go
+++ b/models/db/main_test.go
@ -0,0 +1,21 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package db_test
+
+import (
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models/unittest"
+
+	_ "code.gitea.io/gitea/models"
+	_ "code.gitea.io/gitea/models/repo"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m, &unittest.TestOptions{
+		GiteaRootPath: filepath.Join("..", ".."),
+	})
+}
--- a/models/engine_test.go
+++ b/models/engine_test.go
@ -1,34 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package models
-
-import (
-	"os"
-	"path/filepath"
-	"testing"
-
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/unittest"
-	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestDumpDatabase(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	dir, err := os.MkdirTemp(os.TempDir(), "dump")
-	assert.NoError(t, err)
-
-	type Version struct {
-		ID      int64 `xorm:"pk autoincr"`
-		Version int64
-	}
-	assert.NoError(t, db.GetEngine(db.DefaultContext).Sync2(new(Version)))
-
-	for _, dbType := range setting.SupportedDatabaseTypes {
-		assert.NoError(t, db.DumpDatabase(filepath.Join(dir, dbType+".sql"), dbType))
-	}
-}
--- a/models/org_test.go
+++ b/models/org_test.go
@ -7,12 +7,9 @@ package models
 import (
 	"testing"

-	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/organization"
-	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/setting"

 	"github.com/stretchr/testify/assert"
 )
@ -62,115 +59,3 @@ func TestRemoveOrgUser(t *testing.T) {
 	unittest.AssertExistsAndLoadBean(t, &organization.OrgUser{OrgID: 7, UID: 5})
 	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
 }
-
-func TestUser_RemoveOrgRepo(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerID: org.ID}).(*repo_model.Repository)
-
-	// remove a repo that does belong to org
-	unittest.AssertExistsAndLoadBean(t, &organization.TeamRepo{RepoID: repo.ID, OrgID: org.ID})
-	assert.NoError(t, organization.RemoveOrgRepo(db.DefaultContext, org.ID, repo.ID))
-	unittest.AssertNotExistsBean(t, &organization.TeamRepo{RepoID: repo.ID, OrgID: org.ID})
-	unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: repo.ID}) // repo should still exist
-
-	// remove a repo that does not belong to org
-	assert.NoError(t, organization.RemoveOrgRepo(db.DefaultContext, org.ID, repo.ID))
-	unittest.AssertNotExistsBean(t, &organization.TeamRepo{RepoID: repo.ID, OrgID: org.ID})
-
-	assert.NoError(t, organization.RemoveOrgRepo(db.DefaultContext, org.ID, unittest.NonexistentID))
-
-	unittest.CheckConsistencyFor(t,
-		&user_model.User{ID: org.ID},
-		&organization.Team{OrgID: org.ID},
-		&repo_model.Repository{ID: repo.ID})
-}
-
-func TestCreateOrganization(t *testing.T) {
-	// successful creation of org
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	const newOrgName = "neworg"
-	org := &organization.Organization{
-		Name: newOrgName,
-	}
-
-	unittest.AssertNotExistsBean(t, &user_model.User{Name: newOrgName, Type: user_model.UserTypeOrganization})
-	assert.NoError(t, organization.CreateOrganization(org, owner))
-	org = unittest.AssertExistsAndLoadBean(t,
-		&organization.Organization{Name: newOrgName, Type: user_model.UserTypeOrganization}).(*organization.Organization)
-	ownerTeam := unittest.AssertExistsAndLoadBean(t,
-		&organization.Team{Name: organization.OwnerTeamName, OrgID: org.ID}).(*organization.Team)
-	unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{UID: owner.ID, TeamID: ownerTeam.ID})
-	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
-}
-
-func TestCreateOrganization2(t *testing.T) {
-	// unauthorized creation of org
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
-	const newOrgName = "neworg"
-	org := &organization.Organization{
-		Name: newOrgName,
-	}
-
-	unittest.AssertNotExistsBean(t, &organization.Organization{Name: newOrgName, Type: user_model.UserTypeOrganization})
-	err := organization.CreateOrganization(org, owner)
-	assert.Error(t, err)
-	assert.True(t, organization.IsErrUserNotAllowedCreateOrg(err))
-	unittest.AssertNotExistsBean(t, &organization.Organization{Name: newOrgName, Type: user_model.UserTypeOrganization})
-	unittest.CheckConsistencyFor(t, &organization.Organization{}, &organization.Team{})
-}
-
-func TestCreateOrganization3(t *testing.T) {
-	// create org with same name as existent org
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	org := &organization.Organization{Name: "user3"}                      // should already exist
-	unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: org.Name}) // sanity check
-	err := organization.CreateOrganization(org, owner)
-	assert.Error(t, err)
-	assert.True(t, user_model.IsErrUserAlreadyExist(err))
-	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
-}
-
-func TestCreateOrganization4(t *testing.T) {
-	// create org with unusable name
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	err := organization.CreateOrganization(&organization.Organization{Name: "assets"}, owner)
-	assert.Error(t, err)
-	assert.True(t, db.IsErrNameReserved(err))
-	unittest.CheckConsistencyFor(t, &organization.Organization{}, &organization.Team{})
-}
-
-func TestAddOrgUser(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-	testSuccess := func(orgID, userID int64, isPublic bool) {
-		org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: orgID}).(*user_model.User)
-		expectedNumMembers := org.NumMembers
-		if !unittest.BeanExists(t, &organization.OrgUser{OrgID: orgID, UID: userID}) {
-			expectedNumMembers++
-		}
-		assert.NoError(t, organization.AddOrgUser(orgID, userID))
-		ou := &organization.OrgUser{OrgID: orgID, UID: userID}
-		unittest.AssertExistsAndLoadBean(t, ou)
-		assert.Equal(t, isPublic, ou.IsPublic)
-		org = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: orgID}).(*user_model.User)
-		assert.EqualValues(t, expectedNumMembers, org.NumMembers)
-	}
-
-	setting.Service.DefaultOrgMemberVisible = false
-	testSuccess(3, 5, false)
-	testSuccess(3, 5, false)
-	testSuccess(6, 2, false)
-
-	setting.Service.DefaultOrgMemberVisible = true
-	testSuccess(6, 3, true)
-
-	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
-}
--- a/models/organization/main_test.go
+++ b/models/organization/main_test.go
@ -2,26 +2,22 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package organization
+package organization_test

 import (
 	"path/filepath"
 	"testing"

 	"code.gitea.io/gitea/models/unittest"
+
+	_ "code.gitea.io/gitea/models"
+	_ "code.gitea.io/gitea/models/organization"
+	_ "code.gitea.io/gitea/models/repo"
+	_ "code.gitea.io/gitea/models/user"
 )

 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: filepath.Join("..", ".."),
-		FixtureFiles: []string{
-			"user.yml",
-			"org_user.yml",
-			"team.yml",
-			"team_repo.yml",
-			"team_unit.yml",
-			"team_user.yml",
-			"repository.yml",
-		},
 	})
 }
--- a/models/organization/org_test.go
+++ b/models/organization/org_test.go
@ -2,12 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package organization
+package organization_test

 import (
 	"testing"

 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/organization"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
@ -30,7 +31,7 @@ func TestUser_IsOwnedBy(t *testing.T) {
 		{2, 2, false}, // user2 is not an organization
 		{2, 3, false},
 	} {
-		org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: testCase.OrgID}).(*Organization)
+		org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: testCase.OrgID}).(*organization.Organization)
 		isOwner, err := org.IsOwnedBy(testCase.UserID)
 		assert.NoError(t, err)
 		assert.Equal(t, testCase.ExpectedOwner, isOwner)
@ -51,7 +52,7 @@ func TestUser_IsOrgMember(t *testing.T) {
 		{2, 2, false}, // user2 is not an organization
 		{2, 3, false},
 	} {
-		org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: testCase.OrgID}).(*Organization)
+		org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: testCase.OrgID}).(*organization.Organization)
 		isMember, err := org.IsOrgMember(testCase.UserID)
 		assert.NoError(t, err)
 		assert.Equal(t, testCase.ExpectedMember, isMember)
@ -60,35 +61,35 @@ func TestUser_IsOrgMember(t *testing.T) {

 func TestUser_GetTeam(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	team, err := org.GetTeam("team1")
 	assert.NoError(t, err)
 	assert.Equal(t, org.ID, team.OrgID)
 	assert.Equal(t, "team1", team.LowerName)

 	_, err = org.GetTeam("does not exist")
-	assert.True(t, IsErrTeamNotExist(err))
+	assert.True(t, organization.IsErrTeamNotExist(err))

-	nonOrg := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 2}).(*Organization)
+	nonOrg := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 2}).(*organization.Organization)
 	_, err = nonOrg.GetTeam("team")
-	assert.True(t, IsErrTeamNotExist(err))
+	assert.True(t, organization.IsErrTeamNotExist(err))
 }

 func TestUser_GetOwnerTeam(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	team, err := org.GetOwnerTeam()
 	assert.NoError(t, err)
 	assert.Equal(t, org.ID, team.OrgID)

-	nonOrg := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 2}).(*Organization)
+	nonOrg := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 2}).(*organization.Organization)
 	_, err = nonOrg.GetOwnerTeam()
-	assert.True(t, IsErrTeamNotExist(err))
+	assert.True(t, organization.IsErrTeamNotExist(err))
 }

 func TestUser_GetTeams(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	teams, err := org.LoadTeams()
 	assert.NoError(t, err)
 	if assert.Len(t, teams, 4) {
@ -101,7 +102,7 @@ func TestUser_GetTeams(t *testing.T) {

 func TestUser_GetMembers(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	members, _, err := org.GetMembers()
 	assert.NoError(t, err)
 	if assert.Len(t, members, 3) {
@ -114,23 +115,23 @@ func TestUser_GetMembers(t *testing.T) {
 func TestGetOrgByName(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	org, err := GetOrgByName("user3")
+	org, err := organization.GetOrgByName("user3")
 	assert.NoError(t, err)
 	assert.EqualValues(t, 3, org.ID)
 	assert.Equal(t, "user3", org.Name)

-	_, err = GetOrgByName("user2") // user2 is an individual
-	assert.True(t, IsErrOrgNotExist(err))
+	_, err = organization.GetOrgByName("user2") // user2 is an individual
+	assert.True(t, organization.IsErrOrgNotExist(err))

-	_, err = GetOrgByName("") // corner case
-	assert.True(t, IsErrOrgNotExist(err))
+	_, err = organization.GetOrgByName("") // corner case
+	assert.True(t, organization.IsErrOrgNotExist(err))
 }

 func TestCountOrganizations(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	expected, err := db.GetEngine(db.DefaultContext).Where("type=?", user_model.UserTypeOrganization).Count(&Organization{})
+	expected, err := db.GetEngine(db.DefaultContext).Where("type=?", user_model.UserTypeOrganization).Count(&organization.Organization{})
 	assert.NoError(t, err)
-	cnt, err := CountOrgs(FindOrgOptions{IncludePrivate: true})
+	cnt, err := organization.CountOrgs(organization.FindOrgOptions{IncludePrivate: true})
 	assert.NoError(t, err)
 	assert.Equal(t, expected, cnt)
 }
@ -138,7 +139,7 @@ func TestCountOrganizations(t *testing.T) {
 func TestIsOrganizationOwner(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	test := func(orgID, userID int64, expected bool) {
-		isOwner, err := IsOrganizationOwner(db.DefaultContext, orgID, userID)
+		isOwner, err := organization.IsOrganizationOwner(db.DefaultContext, orgID, userID)
 		assert.NoError(t, err)
 		assert.EqualValues(t, expected, isOwner)
 	}
@ -152,7 +153,7 @@ func TestIsOrganizationOwner(t *testing.T) {
 func TestIsOrganizationMember(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	test := func(orgID, userID int64, expected bool) {
-		isMember, err := IsOrganizationMember(db.DefaultContext, orgID, userID)
+		isMember, err := organization.IsOrganizationMember(db.DefaultContext, orgID, userID)
 		assert.NoError(t, err)
 		assert.EqualValues(t, expected, isMember)
 	}
@ -167,7 +168,7 @@ func TestIsOrganizationMember(t *testing.T) {
 func TestIsPublicMembership(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	test := func(orgID, userID int64, expected bool) {
-		isMember, err := IsPublicMembership(orgID, userID)
+		isMember, err := organization.IsPublicMembership(orgID, userID)
 		assert.NoError(t, err)
 		assert.EqualValues(t, expected, isMember)
 	}
@ -182,7 +183,7 @@ func TestIsPublicMembership(t *testing.T) {
 func TestFindOrgs(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	orgs, err := FindOrgs(FindOrgOptions{
+	orgs, err := organization.FindOrgs(organization.FindOrgOptions{
 		UserID:         4,
 		IncludePrivate: true,
 	})
@ -191,14 +192,14 @@ func TestFindOrgs(t *testing.T) {
 		assert.EqualValues(t, 3, orgs[0].ID)
 	}

-	orgs, err = FindOrgs(FindOrgOptions{
+	orgs, err = organization.FindOrgs(organization.FindOrgOptions{
 		UserID:         4,
 		IncludePrivate: false,
 	})
 	assert.NoError(t, err)
 	assert.Len(t, orgs, 0)

-	total, err := CountOrgs(FindOrgOptions{
+	total, err := organization.CountOrgs(organization.FindOrgOptions{
 		UserID:         4,
 		IncludePrivate: true,
 	})
@ -209,16 +210,16 @@ func TestFindOrgs(t *testing.T) {
 func TestGetOrgUsersByUserID(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	orgUsers, err := GetOrgUsersByUserID(5, &SearchOrganizationsOptions{All: true})
+	orgUsers, err := organization.GetOrgUsersByUserID(5, &organization.SearchOrganizationsOptions{All: true})
 	assert.NoError(t, err)
 	if assert.Len(t, orgUsers, 2) {
-		assert.Equal(t, OrgUser{
+		assert.Equal(t, organization.OrgUser{
 			ID:       orgUsers[0].ID,
 			OrgID:    6,
 			UID:      5,
 			IsPublic: true,
 		}, *orgUsers[0])
-		assert.Equal(t, OrgUser{
+		assert.Equal(t, organization.OrgUser{
 			ID:       orgUsers[1].ID,
 			OrgID:    7,
 			UID:      5,
@ -226,12 +227,12 @@ func TestGetOrgUsersByUserID(t *testing.T) {
 		}, *orgUsers[1])
 	}

-	publicOrgUsers, err := GetOrgUsersByUserID(5, &SearchOrganizationsOptions{All: false})
+	publicOrgUsers, err := organization.GetOrgUsersByUserID(5, &organization.SearchOrganizationsOptions{All: false})
 	assert.NoError(t, err)
 	assert.Len(t, publicOrgUsers, 1)
 	assert.Equal(t, *orgUsers[0], *publicOrgUsers[0])

-	orgUsers, err = GetOrgUsersByUserID(1, &SearchOrganizationsOptions{All: true})
+	orgUsers, err = organization.GetOrgUsersByUserID(1, &organization.SearchOrganizationsOptions{All: true})
 	assert.NoError(t, err)
 	assert.Len(t, orgUsers, 0)
 }
@ -239,20 +240,20 @@ func TestGetOrgUsersByUserID(t *testing.T) {
 func TestGetOrgUsersByOrgID(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	orgUsers, err := GetOrgUsersByOrgID(db.DefaultContext, &FindOrgMembersOpts{
+	orgUsers, err := organization.GetOrgUsersByOrgID(db.DefaultContext, &organization.FindOrgMembersOpts{
 		ListOptions: db.ListOptions{},
 		OrgID:       3,
 		PublicOnly:  false,
 	})
 	assert.NoError(t, err)
 	if assert.Len(t, orgUsers, 3) {
-		assert.Equal(t, OrgUser{
+		assert.Equal(t, organization.OrgUser{
 			ID:       orgUsers[0].ID,
 			OrgID:    3,
 			UID:      2,
 			IsPublic: true,
 		}, *orgUsers[0])
-		assert.Equal(t, OrgUser{
+		assert.Equal(t, organization.OrgUser{
 			ID:       orgUsers[1].ID,
 			OrgID:    3,
 			UID:      4,
@ -260,7 +261,7 @@ func TestGetOrgUsersByOrgID(t *testing.T) {
 		}, *orgUsers[1])
 	}

-	orgUsers, err = GetOrgUsersByOrgID(db.DefaultContext, &FindOrgMembersOpts{
+	orgUsers, err = organization.GetOrgUsersByOrgID(db.DefaultContext, &organization.FindOrgMembersOpts{
 		ListOptions: db.ListOptions{},
 		OrgID:       unittest.NonexistentID,
 		PublicOnly:  false,
@ -273,20 +274,20 @@ func TestChangeOrgUserStatus(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	testSuccess := func(orgID, userID int64, public bool) {
-		assert.NoError(t, ChangeOrgUserStatus(orgID, userID, public))
-		orgUser := unittest.AssertExistsAndLoadBean(t, &OrgUser{OrgID: orgID, UID: userID}).(*OrgUser)
+		assert.NoError(t, organization.ChangeOrgUserStatus(orgID, userID, public))
+		orgUser := unittest.AssertExistsAndLoadBean(t, &organization.OrgUser{OrgID: orgID, UID: userID}).(*organization.OrgUser)
 		assert.Equal(t, public, orgUser.IsPublic)
 	}

 	testSuccess(3, 2, false)
 	testSuccess(3, 2, false)
 	testSuccess(3, 4, true)
-	assert.NoError(t, ChangeOrgUserStatus(unittest.NonexistentID, unittest.NonexistentID, true))
+	assert.NoError(t, organization.ChangeOrgUserStatus(unittest.NonexistentID, unittest.NonexistentID, true))
 }

 func TestUser_GetUserTeamIDs(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	testSuccess := func(userID int64, expected []int64) {
 		teamIDs, err := org.GetUserTeamIDs(userID)
 		assert.NoError(t, err)
@ -299,9 +300,9 @@ func TestUser_GetUserTeamIDs(t *testing.T) {

 func TestAccessibleReposEnv_CountRepos(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	testSuccess := func(userID, expectedCount int64) {
-		env, err := AccessibleReposEnv(db.DefaultContext, org, userID)
+		env, err := organization.AccessibleReposEnv(db.DefaultContext, org, userID)
 		assert.NoError(t, err)
 		count, err := env.CountRepos()
 		assert.NoError(t, err)
@ -313,9 +314,9 @@ func TestAccessibleReposEnv_CountRepos(t *testing.T) {

 func TestAccessibleReposEnv_RepoIDs(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	testSuccess := func(userID, _, pageSize int64, expectedRepoIDs []int64) {
-		env, err := AccessibleReposEnv(db.DefaultContext, org, userID)
+		env, err := organization.AccessibleReposEnv(db.DefaultContext, org, userID)
 		assert.NoError(t, err)
 		repoIDs, err := env.RepoIDs(1, 100)
 		assert.NoError(t, err)
@ -327,9 +328,9 @@ func TestAccessibleReposEnv_RepoIDs(t *testing.T) {

 func TestAccessibleReposEnv_Repos(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	testSuccess := func(userID int64, expectedRepoIDs []int64) {
-		env, err := AccessibleReposEnv(db.DefaultContext, org, userID)
+		env, err := organization.AccessibleReposEnv(db.DefaultContext, org, userID)
 		assert.NoError(t, err)
 		repos, err := env.Repos(1, 100)
 		assert.NoError(t, err)
@ -346,9 +347,9 @@ func TestAccessibleReposEnv_Repos(t *testing.T) {

 func TestAccessibleReposEnv_MirrorRepos(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	testSuccess := func(userID int64, expectedRepoIDs []int64) {
-		env, err := AccessibleReposEnv(db.DefaultContext, org, userID)
+		env, err := organization.AccessibleReposEnv(db.DefaultContext, org, userID)
 		assert.NoError(t, err)
 		repos, err := env.MirrorRepos()
 		assert.NoError(t, err)
@ -369,18 +370,18 @@ func TestHasOrgVisibleTypePublic(t *testing.T) {
 	user3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)

 	const newOrgName = "test-org-public"
-	org := &Organization{
+	org := &organization.Organization{
 		Name:       newOrgName,
 		Visibility: structs.VisibleTypePublic,
 	}

 	unittest.AssertNotExistsBean(t, &user_model.User{Name: org.Name, Type: user_model.UserTypeOrganization})
-	assert.NoError(t, CreateOrganization(org, owner))
+	assert.NoError(t, organization.CreateOrganization(org, owner))
 	org = unittest.AssertExistsAndLoadBean(t,
-		&Organization{Name: org.Name, Type: user_model.UserTypeOrganization}).(*Organization)
-	test1 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), owner)
-	test2 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), user3)
-	test3 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), nil)
+		&organization.Organization{Name: org.Name, Type: user_model.UserTypeOrganization}).(*organization.Organization)
+	test1 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), owner)
+	test2 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), user3)
+	test3 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), nil)
 	assert.True(t, test1) // owner of org
 	assert.True(t, test2) // user not a part of org
 	assert.True(t, test3) // logged out user
@ -392,18 +393,18 @@ func TestHasOrgVisibleTypeLimited(t *testing.T) {
 	user3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)

 	const newOrgName = "test-org-limited"
-	org := &Organization{
+	org := &organization.Organization{
 		Name:       newOrgName,
 		Visibility: structs.VisibleTypeLimited,
 	}

 	unittest.AssertNotExistsBean(t, &user_model.User{Name: org.Name, Type: user_model.UserTypeOrganization})
-	assert.NoError(t, CreateOrganization(org, owner))
+	assert.NoError(t, organization.CreateOrganization(org, owner))
 	org = unittest.AssertExistsAndLoadBean(t,
-		&Organization{Name: org.Name, Type: user_model.UserTypeOrganization}).(*Organization)
-	test1 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), owner)
-	test2 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), user3)
-	test3 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), nil)
+		&organization.Organization{Name: org.Name, Type: user_model.UserTypeOrganization}).(*organization.Organization)
+	test1 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), owner)
+	test2 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), user3)
+	test3 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), nil)
 	assert.True(t, test1)  // owner of org
 	assert.True(t, test2)  // user not a part of org
 	assert.False(t, test3) // logged out user
@ -415,18 +416,18 @@ func TestHasOrgVisibleTypePrivate(t *testing.T) {
 	user3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)

 	const newOrgName = "test-org-private"
-	org := &Organization{
+	org := &organization.Organization{
 		Name:       newOrgName,
 		Visibility: structs.VisibleTypePrivate,
 	}

 	unittest.AssertNotExistsBean(t, &user_model.User{Name: org.Name, Type: user_model.UserTypeOrganization})
-	assert.NoError(t, CreateOrganization(org, owner))
+	assert.NoError(t, organization.CreateOrganization(org, owner))
 	org = unittest.AssertExistsAndLoadBean(t,
-		&Organization{Name: org.Name, Type: user_model.UserTypeOrganization}).(*Organization)
-	test1 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), owner)
-	test2 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), user3)
-	test3 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), nil)
+		&organization.Organization{Name: org.Name, Type: user_model.UserTypeOrganization}).(*organization.Organization)
+	test1 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), owner)
+	test2 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), user3)
+	test3 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), nil)
 	assert.True(t, test1)  // owner of org
 	assert.False(t, test2) // user not a part of org
 	assert.False(t, test3) // logged out user
@ -435,7 +436,7 @@ func TestHasOrgVisibleTypePrivate(t *testing.T) {
 func TestGetUsersWhoCanCreateOrgRepo(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	users, err := GetUsersWhoCanCreateOrgRepo(db.DefaultContext, 3)
+	users, err := organization.GetUsersWhoCanCreateOrgRepo(db.DefaultContext, 3)
 	assert.NoError(t, err)
 	assert.Len(t, users, 2)
 	var ids []int64
@ -444,8 +445,93 @@ func TestGetUsersWhoCanCreateOrgRepo(t *testing.T) {
 	}
 	assert.ElementsMatch(t, ids, []int64{2, 28})

-	users, err = GetUsersWhoCanCreateOrgRepo(db.DefaultContext, 7)
+	users, err = organization.GetUsersWhoCanCreateOrgRepo(db.DefaultContext, 7)
 	assert.NoError(t, err)
 	assert.Len(t, users, 1)
 	assert.EqualValues(t, 5, users[0].ID)
 }
+
+func TestUser_RemoveOrgRepo(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerID: org.ID}).(*repo_model.Repository)
+
+	// remove a repo that does belong to org
+	unittest.AssertExistsAndLoadBean(t, &organization.TeamRepo{RepoID: repo.ID, OrgID: org.ID})
+	assert.NoError(t, organization.RemoveOrgRepo(db.DefaultContext, org.ID, repo.ID))
+	unittest.AssertNotExistsBean(t, &organization.TeamRepo{RepoID: repo.ID, OrgID: org.ID})
+	unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: repo.ID}) // repo should still exist
+
+	// remove a repo that does not belong to org
+	assert.NoError(t, organization.RemoveOrgRepo(db.DefaultContext, org.ID, repo.ID))
+	unittest.AssertNotExistsBean(t, &organization.TeamRepo{RepoID: repo.ID, OrgID: org.ID})
+
+	assert.NoError(t, organization.RemoveOrgRepo(db.DefaultContext, org.ID, unittest.NonexistentID))
+
+	unittest.CheckConsistencyFor(t,
+		&user_model.User{ID: org.ID},
+		&organization.Team{OrgID: org.ID},
+		&repo_model.Repository{ID: repo.ID})
+}
+
+func TestCreateOrganization(t *testing.T) {
+	// successful creation of org
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	const newOrgName = "neworg"
+	org := &organization.Organization{
+		Name: newOrgName,
+	}
+
+	unittest.AssertNotExistsBean(t, &user_model.User{Name: newOrgName, Type: user_model.UserTypeOrganization})
+	assert.NoError(t, organization.CreateOrganization(org, owner))
+	org = unittest.AssertExistsAndLoadBean(t,
+		&organization.Organization{Name: newOrgName, Type: user_model.UserTypeOrganization}).(*organization.Organization)
+	ownerTeam := unittest.AssertExistsAndLoadBean(t,
+		&organization.Team{Name: organization.OwnerTeamName, OrgID: org.ID}).(*organization.Team)
+	unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{UID: owner.ID, TeamID: ownerTeam.ID})
+	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
+}
+
+func TestCreateOrganization2(t *testing.T) {
+	// unauthorized creation of org
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
+	const newOrgName = "neworg"
+	org := &organization.Organization{
+		Name: newOrgName,
+	}
+
+	unittest.AssertNotExistsBean(t, &organization.Organization{Name: newOrgName, Type: user_model.UserTypeOrganization})
+	err := organization.CreateOrganization(org, owner)
+	assert.Error(t, err)
+	assert.True(t, organization.IsErrUserNotAllowedCreateOrg(err))
+	unittest.AssertNotExistsBean(t, &organization.Organization{Name: newOrgName, Type: user_model.UserTypeOrganization})
+	unittest.CheckConsistencyFor(t, &organization.Organization{}, &organization.Team{})
+}
+
+func TestCreateOrganization3(t *testing.T) {
+	// create org with same name as existent org
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	org := &organization.Organization{Name: "user3"}                      // should already exist
+	unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: org.Name}) // sanity check
+	err := organization.CreateOrganization(org, owner)
+	assert.Error(t, err)
+	assert.True(t, user_model.IsErrUserAlreadyExist(err))
+	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
+}
+
+func TestCreateOrganization4(t *testing.T) {
+	// create org with unusable name
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	err := organization.CreateOrganization(&organization.Organization{Name: "assets"}, owner)
+	assert.Error(t, err)
+	assert.True(t, db.IsErrNameReserved(err))
+	unittest.CheckConsistencyFor(t, &organization.Organization{}, &organization.Team{})
+}
--- a/models/organization/org_user_test.go
+++ b/models/organization/org_user_test.go
@ -2,15 +2,17 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package organization
+package organization_test

 import (
 	"fmt"
 	"testing"

 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/setting"

 	"github.com/stretchr/testify/assert"
 )
@ -38,7 +40,7 @@ func TestUserIsPublicMember(t *testing.T) {
 func testUserIsPublicMember(t *testing.T, uid, orgID int64, expected bool) {
 	user, err := user_model.GetUserByID(uid)
 	assert.NoError(t, err)
-	is, err := IsPublicMembership(orgID, user.ID)
+	is, err := organization.IsPublicMembership(orgID, user.ID)
 	assert.NoError(t, err)
 	assert.Equal(t, expected, is)
 }
@ -66,7 +68,7 @@ func TestIsUserOrgOwner(t *testing.T) {
 func testIsUserOrgOwner(t *testing.T, uid, orgID int64, expected bool) {
 	user, err := user_model.GetUserByID(uid)
 	assert.NoError(t, err)
-	is, err := IsOrganizationOwner(db.DefaultContext, orgID, user.ID)
+	is, err := organization.IsOrganizationOwner(db.DefaultContext, orgID, user.ID)
 	assert.NoError(t, err)
 	assert.Equal(t, expected, is)
 }
@ -91,7 +93,7 @@ func TestUserListIsPublicMember(t *testing.T) {
 }

 func testUserListIsPublicMember(t *testing.T, orgID int64, expected map[int64]bool) {
-	org, err := GetOrgByID(db.DefaultContext, orgID)
+	org, err := organization.GetOrgByID(db.DefaultContext, orgID)
 	assert.NoError(t, err)
 	_, membersIsPublic, err := org.GetMembers()
 	assert.NoError(t, err)
@ -118,9 +120,36 @@ func TestUserListIsUserOrgOwner(t *testing.T) {
 }

 func testUserListIsUserOrgOwner(t *testing.T, orgID int64, expected map[int64]bool) {
-	org, err := GetOrgByID(db.DefaultContext, orgID)
+	org, err := organization.GetOrgByID(db.DefaultContext, orgID)
 	assert.NoError(t, err)
 	members, _, err := org.GetMembers()
 	assert.NoError(t, err)
-	assert.Equal(t, expected, IsUserOrgOwner(members, orgID))
+	assert.Equal(t, expected, organization.IsUserOrgOwner(members, orgID))
+}
+
+func TestAddOrgUser(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	testSuccess := func(orgID, userID int64, isPublic bool) {
+		org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: orgID}).(*user_model.User)
+		expectedNumMembers := org.NumMembers
+		if !unittest.BeanExists(t, &organization.OrgUser{OrgID: orgID, UID: userID}) {
+			expectedNumMembers++
+		}
+		assert.NoError(t, organization.AddOrgUser(orgID, userID))
+		ou := &organization.OrgUser{OrgID: orgID, UID: userID}
+		unittest.AssertExistsAndLoadBean(t, ou)
+		assert.Equal(t, isPublic, ou.IsPublic)
+		org = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: orgID}).(*user_model.User)
+		assert.EqualValues(t, expectedNumMembers, org.NumMembers)
+	}
+
+	setting.Service.DefaultOrgMemberVisible = false
+	testSuccess(3, 5, false)
+	testSuccess(3, 5, false)
+	testSuccess(6, 2, false)
+
+	setting.Service.DefaultOrgMemberVisible = true
+	testSuccess(6, 3, true)
+
+	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
 }
--- a/models/organization/team_test.go
+++ b/models/organization/team_test.go
@ -2,12 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package organization
+package organization_test

 import (
 	"testing"

 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/unittest"

 	"github.com/stretchr/testify/assert"
@ -16,22 +17,22 @@ import (
 func TestTeam_IsOwnerTeam(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	team := unittest.AssertExistsAndLoadBean(t, &Team{ID: 1}).(*Team)
+	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 1}).(*organization.Team)
 	assert.True(t, team.IsOwnerTeam())

-	team = unittest.AssertExistsAndLoadBean(t, &Team{ID: 2}).(*Team)
+	team = unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2}).(*organization.Team)
 	assert.False(t, team.IsOwnerTeam())
 }

 func TestTeam_IsMember(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	team := unittest.AssertExistsAndLoadBean(t, &Team{ID: 1}).(*Team)
+	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 1}).(*organization.Team)
 	assert.True(t, team.IsMember(2))
 	assert.False(t, team.IsMember(4))
 	assert.False(t, team.IsMember(unittest.NonexistentID))

-	team = unittest.AssertExistsAndLoadBean(t, &Team{ID: 2}).(*Team)
+	team = unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2}).(*organization.Team)
 	assert.True(t, team.IsMember(2))
 	assert.True(t, team.IsMember(4))
 	assert.False(t, team.IsMember(unittest.NonexistentID))
@ -41,11 +42,11 @@ func TestTeam_GetRepositories(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	test := func(teamID int64) {
-		team := unittest.AssertExistsAndLoadBean(t, &Team{ID: teamID}).(*Team)
+		team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: teamID}).(*organization.Team)
 		assert.NoError(t, team.GetRepositoriesCtx(db.DefaultContext))
 		assert.Len(t, team.Repos, team.NumRepos)
 		for _, repo := range team.Repos {
-			unittest.AssertExistsAndLoadBean(t, &TeamRepo{TeamID: teamID, RepoID: repo.ID})
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamRepo{TeamID: teamID, RepoID: repo.ID})
 		}
 	}
 	test(1)
@ -56,11 +57,11 @@ func TestTeam_GetMembers(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	test := func(teamID int64) {
-		team := unittest.AssertExistsAndLoadBean(t, &Team{ID: teamID}).(*Team)
+		team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: teamID}).(*organization.Team)
 		assert.NoError(t, team.GetMembersCtx(db.DefaultContext))
 		assert.Len(t, team.Members, team.NumMembers)
 		for _, member := range team.Members {
-			unittest.AssertExistsAndLoadBean(t, &TeamUser{UID: member.ID, TeamID: teamID})
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{UID: member.ID, TeamID: teamID})
 		}
 	}
 	test(1)
@ -71,7 +72,7 @@ func TestGetTeam(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	testSuccess := func(orgID int64, name string) {
-		team, err := GetTeam(db.DefaultContext, orgID, name)
+		team, err := organization.GetTeam(db.DefaultContext, orgID, name)
 		assert.NoError(t, err)
 		assert.EqualValues(t, orgID, team.OrgID)
 		assert.Equal(t, name, team.Name)
@ -79,9 +80,9 @@ func TestGetTeam(t *testing.T) {
 	testSuccess(3, "Owners")
 	testSuccess(3, "team1")

-	_, err := GetTeam(db.DefaultContext, 3, "nonexistent")
+	_, err := organization.GetTeam(db.DefaultContext, 3, "nonexistent")
 	assert.Error(t, err)
-	_, err = GetTeam(db.DefaultContext, unittest.NonexistentID, "Owners")
+	_, err = organization.GetTeam(db.DefaultContext, unittest.NonexistentID, "Owners")
 	assert.Error(t, err)
 }

@ -89,7 +90,7 @@ func TestGetTeamByID(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	testSuccess := func(teamID int64) {
-		team, err := GetTeamByID(db.DefaultContext, teamID)
+		team, err := organization.GetTeamByID(db.DefaultContext, teamID)
 		assert.NoError(t, err)
 		assert.EqualValues(t, teamID, team.ID)
 	}
@ -98,14 +99,14 @@ func TestGetTeamByID(t *testing.T) {
 	testSuccess(3)
 	testSuccess(4)

-	_, err := GetTeamByID(db.DefaultContext, unittest.NonexistentID)
+	_, err := organization.GetTeamByID(db.DefaultContext, unittest.NonexistentID)
 	assert.Error(t, err)
 }

 func TestIsTeamMember(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	test := func(orgID, teamID, userID int64, expected bool) {
-		isMember, err := IsTeamMember(db.DefaultContext, orgID, teamID, userID)
+		isMember, err := organization.IsTeamMember(db.DefaultContext, orgID, teamID, userID)
 		assert.NoError(t, err)
 		assert.Equal(t, expected, isMember)
 	}
@ -125,14 +126,14 @@ func TestGetTeamMembers(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	test := func(teamID int64) {
-		team := unittest.AssertExistsAndLoadBean(t, &Team{ID: teamID}).(*Team)
-		members, err := GetTeamMembers(db.DefaultContext, &SearchMembersOptions{
+		team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: teamID}).(*organization.Team)
+		members, err := organization.GetTeamMembers(db.DefaultContext, &organization.SearchMembersOptions{
 			TeamID: teamID,
 		})
 		assert.NoError(t, err)
 		assert.Len(t, members, team.NumMembers)
 		for _, member := range members {
-			unittest.AssertExistsAndLoadBean(t, &TeamUser{UID: member.ID, TeamID: teamID})
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{UID: member.ID, TeamID: teamID})
 		}
 	}
 	test(1)
@ -142,10 +143,10 @@ func TestGetTeamMembers(t *testing.T) {
 func TestGetUserTeams(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	test := func(userID int64) {
-		teams, _, err := SearchTeam(&SearchTeamOptions{UserID: userID})
+		teams, _, err := organization.SearchTeam(&organization.SearchTeamOptions{UserID: userID})
 		assert.NoError(t, err)
 		for _, team := range teams {
-			unittest.AssertExistsAndLoadBean(t, &TeamUser{TeamID: team.ID, UID: userID})
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{TeamID: team.ID, UID: userID})
 		}
 	}
 	test(2)
@ -156,11 +157,11 @@ func TestGetUserTeams(t *testing.T) {
 func TestGetUserOrgTeams(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	test := func(orgID, userID int64) {
-		teams, err := GetUserOrgTeams(db.DefaultContext, orgID, userID)
+		teams, err := organization.GetUserOrgTeams(db.DefaultContext, orgID, userID)
 		assert.NoError(t, err)
 		for _, team := range teams {
 			assert.EqualValues(t, orgID, team.OrgID)
-			unittest.AssertExistsAndLoadBean(t, &TeamUser{TeamID: team.ID, UID: userID})
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{TeamID: team.ID, UID: userID})
 		}
 	}
 	test(3, 2)
@ -172,8 +173,8 @@ func TestHasTeamRepo(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	test := func(teamID, repoID int64, expected bool) {
-		team := unittest.AssertExistsAndLoadBean(t, &Team{ID: teamID}).(*Team)
-		assert.Equal(t, expected, HasTeamRepo(db.DefaultContext, team.OrgID, teamID, repoID))
+		team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: teamID}).(*organization.Team)
+		assert.Equal(t, expected, organization.HasTeamRepo(db.DefaultContext, team.OrgID, teamID, repoID))
 	}
 	test(1, 1, false)
 	test(1, 3, true)
@ -188,7 +189,7 @@ func TestUsersInTeamsCount(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	test := func(teamIDs, userIDs []int64, expected int64) {
-		count, err := UsersInTeamsCount(teamIDs, userIDs)
+		count, err := organization.UsersInTeamsCount(teamIDs, userIDs)
 		assert.NoError(t, err)
 		assert.Equal(t, expected, count)
 	}
--- a/models/perm/access/access_test.go
+++ b/models/perm/access/access_test.go
@ -2,14 +2,18 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package access
+package access_test

 import (
 	"testing"

+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/perm"
+	"code.gitea.io/gitea/models/organization"
+	perm_model "code.gitea.io/gitea/models/perm"
+	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"

@ -35,36 +39,36 @@ func TestAccessLevel(t *testing.T) {
 	// org. owned private repo
 	repo24 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24}).(*repo_model.Repository)

-	level, err := AccessLevel(user2, repo1)
+	level, err := access_model.AccessLevel(user2, repo1)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeOwner, level)
+	assert.Equal(t, perm_model.AccessModeOwner, level)

-	level, err = AccessLevel(user2, repo3)
+	level, err = access_model.AccessLevel(user2, repo3)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeOwner, level)
+	assert.Equal(t, perm_model.AccessModeOwner, level)

-	level, err = AccessLevel(user5, repo1)
+	level, err = access_model.AccessLevel(user5, repo1)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeRead, level)
+	assert.Equal(t, perm_model.AccessModeRead, level)

-	level, err = AccessLevel(user5, repo3)
+	level, err = access_model.AccessLevel(user5, repo3)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeNone, level)
+	assert.Equal(t, perm_model.AccessModeNone, level)

 	// restricted user has no access to a public repo
-	level, err = AccessLevel(user29, repo1)
+	level, err = access_model.AccessLevel(user29, repo1)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeNone, level)
+	assert.Equal(t, perm_model.AccessModeNone, level)

 	// ... unless he's a collaborator
-	level, err = AccessLevel(user29, repo4)
+	level, err = access_model.AccessLevel(user29, repo4)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeWrite, level)
+	assert.Equal(t, perm_model.AccessModeWrite, level)

 	// ... or a team member
-	level, err = AccessLevel(user29, repo24)
+	level, err = access_model.AccessLevel(user29, repo24)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeRead, level)
+	assert.Equal(t, perm_model.AccessModeRead, level)
 }

 func TestHasAccess(t *testing.T) {
@ -79,17 +83,17 @@ func TestHasAccess(t *testing.T) {
 	repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3}).(*repo_model.Repository)
 	assert.True(t, repo2.IsPrivate)

-	has, err := HasAccess(db.DefaultContext, user1.ID, repo1)
+	has, err := access_model.HasAccess(db.DefaultContext, user1.ID, repo1)
 	assert.NoError(t, err)
 	assert.True(t, has)

-	_, err = HasAccess(db.DefaultContext, user1.ID, repo2)
+	_, err = access_model.HasAccess(db.DefaultContext, user1.ID, repo2)
 	assert.NoError(t, err)

-	_, err = HasAccess(db.DefaultContext, user2.ID, repo1)
+	_, err = access_model.HasAccess(db.DefaultContext, user2.ID, repo1)
 	assert.NoError(t, err)

-	_, err = HasAccess(db.DefaultContext, user2.ID, repo2)
+	_, err = access_model.HasAccess(db.DefaultContext, user2.ID, repo2)
 	assert.NoError(t, err)
 }

@ -101,13 +105,13 @@ func TestRepository_RecalculateAccesses(t *testing.T) {

 	_, err := db.GetEngine(db.DefaultContext).Delete(&repo_model.Collaboration{UserID: 2, RepoID: 3})
 	assert.NoError(t, err)
-	assert.NoError(t, RecalculateAccesses(db.DefaultContext, repo1))
+	assert.NoError(t, access_model.RecalculateAccesses(db.DefaultContext, repo1))

-	access := &Access{UserID: 2, RepoID: 3}
+	access := &access_model.Access{UserID: 2, RepoID: 3}
 	has, err := db.GetEngine(db.DefaultContext).Get(access)
 	assert.NoError(t, err)
 	assert.True(t, has)
-	assert.Equal(t, perm.AccessModeOwner, access.Mode)
+	assert.Equal(t, perm_model.AccessModeOwner, access.Mode)
 }

 func TestRepository_RecalculateAccesses2(t *testing.T) {
@ -118,9 +122,255 @@ func TestRepository_RecalculateAccesses2(t *testing.T) {

 	_, err := db.GetEngine(db.DefaultContext).Delete(&repo_model.Collaboration{UserID: 4, RepoID: 4})
 	assert.NoError(t, err)
-	assert.NoError(t, RecalculateAccesses(db.DefaultContext, repo1))
+	assert.NoError(t, access_model.RecalculateAccesses(db.DefaultContext, repo1))

-	has, err := db.GetEngine(db.DefaultContext).Get(&Access{UserID: 4, RepoID: 4})
+	has, err := db.GetEngine(db.DefaultContext).Get(&access_model.Access{UserID: 4, RepoID: 4})
 	assert.NoError(t, err)
 	assert.False(t, has)
 }
+
+func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	// public non-organization repo
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}).(*repo_model.Repository)
+	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
+
+	// plain user
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// change to collaborator
+	assert.NoError(t, models.AddCollaborator(repo, user))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// collaborator
+	collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, collaborator)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// owner
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// admin
+	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+}
+
+func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	// private non-organization repo
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2}).(*repo_model.Repository)
+	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
+
+	// plain user
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
+	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.False(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// change to collaborator to default write access
+	assert.NoError(t, models.AddCollaborator(repo, user))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// owner
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// admin
+	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+}
+
+func TestRepoPermissionPublicOrgRepo(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	// public organization repo
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 32}).(*repo_model.Repository)
+	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
+
+	// plain user
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
+	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// change to collaborator to default write access
+	assert.NoError(t, models.AddCollaborator(repo, user))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// org member team owner
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// org member team tester
+	member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, member)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+	}
+	assert.True(t, perm.CanWrite(unit.TypeIssues))
+	assert.False(t, perm.CanWrite(unit.TypeCode))
+
+	// admin
+	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+}
+
+func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	// private organization repo
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24}).(*repo_model.Repository)
+	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
+
+	// plain user
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
+	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.False(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// change to collaborator to default write access
+	assert.NoError(t, models.AddCollaborator(repo, user))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// org member team owner
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// update team information and then check permission
+	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5}).(*organization.Team)
+	err = organization.UpdateTeamUnits(team, nil)
+	assert.NoError(t, err)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// org member team tester
+	tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, tester)
+	assert.NoError(t, err)
+	assert.True(t, perm.CanWrite(unit.TypeIssues))
+	assert.False(t, perm.CanWrite(unit.TypeCode))
+	assert.False(t, perm.CanRead(unit.TypeCode))
+
+	// org member team reviewer
+	reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, reviewer)
+	assert.NoError(t, err)
+	assert.False(t, perm.CanRead(unit.TypeIssues))
+	assert.False(t, perm.CanWrite(unit.TypeCode))
+	assert.True(t, perm.CanRead(unit.TypeCode))
+
+	// admin
+	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+}
--- a/models/perm/access/main_test.go
+++ b/models/perm/access/main_test.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package access
+package access_test

 import (
 	"path/filepath"
@ -10,23 +10,13 @@ import (

 	"code.gitea.io/gitea/models/unittest"

+	_ "code.gitea.io/gitea/models"
 	_ "code.gitea.io/gitea/models/repo"
+	_ "code.gitea.io/gitea/models/user"
 )

 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: filepath.Join("..", "..", ".."),
-		FixtureFiles: []string{
-			"access.yml",
-			"user.yml",
-			"repository.yml",
-			"collaboration.yml",
-			"org_user.yml",
-			"repo_unit.yml",
-			"team_user.yml",
-			"team_repo.yml",
-			"team.yml",
-			"team_unit.yml",
-		},
 	})
 }
--- a/models/repo/collaboration_test.go
+++ b/models/repo/collaboration_test.go
@ -8,6 +8,8 @@ import (
 	"testing"

 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/perm"
+	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"

@ -48,3 +50,22 @@ func TestRepository_IsCollaborator(t *testing.T) {
 	test(4, 2, false)
 	test(4, 4, true)
 }
+
+func TestRepository_ChangeCollaborationAccessMode(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}).(*repo_model.Repository)
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, 4, perm.AccessModeAdmin))
+
+	collaboration := unittest.AssertExistsAndLoadBean(t, &repo_model.Collaboration{RepoID: repo.ID, UserID: 4}).(*repo_model.Collaboration)
+	assert.EqualValues(t, perm.AccessModeAdmin, collaboration.Mode)
+
+	access := unittest.AssertExistsAndLoadBean(t, &access_model.Access{UserID: 4, RepoID: repo.ID}).(*access_model.Access)
+	assert.EqualValues(t, perm.AccessModeAdmin, access.Mode)
+
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, 4, perm.AccessModeAdmin))
+
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, unittest.NonexistentID, perm.AccessModeAdmin))
+
+	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repo.ID})
+}
--- a/models/repo/repo_test.go
+++ b/models/repo/repo_test.go
@ -9,7 +9,10 @@ import (

 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/util"

 	"github.com/stretchr/testify/assert"
@ -57,3 +60,68 @@ func TestRepoAPIURL(t *testing.T) {

 	assert.Equal(t, "https://try.gitea.io/api/v1/repos/user12/repo10", repo.APIURL())
 }
+
+func TestWatchRepo(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	const repoID = 3
+	const userID = 2
+
+	assert.NoError(t, repo_model.WatchRepo(db.DefaultContext, userID, repoID, true))
+	unittest.AssertExistsAndLoadBean(t, &repo_model.Watch{RepoID: repoID, UserID: userID})
+	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repoID})
+
+	assert.NoError(t, repo_model.WatchRepo(db.DefaultContext, userID, repoID, false))
+	unittest.AssertNotExistsBean(t, &repo_model.Watch{RepoID: repoID, UserID: userID})
+	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repoID})
+}
+
+func TestMetas(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	repo := &repo_model.Repository{Name: "testRepo"}
+	repo.Owner = &user_model.User{Name: "testOwner"}
+	repo.OwnerName = repo.Owner.Name
+
+	repo.Units = nil
+
+	metas := repo.ComposeMetas()
+	assert.Equal(t, "testRepo", metas["repo"])
+	assert.Equal(t, "testOwner", metas["user"])
+
+	externalTracker := repo_model.RepoUnit{
+		Type: unit.TypeExternalTracker,
+		Config: &repo_model.ExternalTrackerConfig{
+			ExternalTrackerFormat: "https://someurl.com/{user}/{repo}/{issue}",
+		},
+	}
+
+	testSuccess := func(expectedStyle string) {
+		repo.Units = []*repo_model.RepoUnit{&externalTracker}
+		repo.RenderingMetas = nil
+		metas := repo.ComposeMetas()
+		assert.Equal(t, expectedStyle, metas["style"])
+		assert.Equal(t, "testRepo", metas["repo"])
+		assert.Equal(t, "testOwner", metas["user"])
+		assert.Equal(t, "https://someurl.com/{user}/{repo}/{issue}", metas["format"])
+	}
+
+	testSuccess(markup.IssueNameStyleNumeric)
+
+	externalTracker.ExternalTrackerConfig().ExternalTrackerStyle = markup.IssueNameStyleAlphanumeric
+	testSuccess(markup.IssueNameStyleAlphanumeric)
+
+	externalTracker.ExternalTrackerConfig().ExternalTrackerStyle = markup.IssueNameStyleNumeric
+	testSuccess(markup.IssueNameStyleNumeric)
+
+	externalTracker.ExternalTrackerConfig().ExternalTrackerStyle = markup.IssueNameStyleRegexp
+	testSuccess(markup.IssueNameStyleRegexp)
+
+	repo, err := repo_model.GetRepositoryByID(3)
+	assert.NoError(t, err)
+
+	metas = repo.ComposeMetas()
+	assert.Contains(t, metas, "org")
+	assert.Contains(t, metas, "teams")
+	assert.Equal(t, "user3", metas["org"])
+	assert.Equal(t, ",owners,team1,", metas["teams"])
+}
--- a/models/repo_collaboration_test.go
+++ b/models/repo_collaboration_test.go
@ -8,8 +8,6 @@ import (
 	"testing"

 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/perm"
-	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
@ -32,25 +30,6 @@ func TestRepository_AddCollaborator(t *testing.T) {
 	testSuccess(3, 4)
 }

-func TestRepository_ChangeCollaborationAccessMode(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}).(*repo_model.Repository)
-	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, 4, perm.AccessModeAdmin))
-
-	collaboration := unittest.AssertExistsAndLoadBean(t, &repo_model.Collaboration{RepoID: repo.ID, UserID: 4}).(*repo_model.Collaboration)
-	assert.EqualValues(t, perm.AccessModeAdmin, collaboration.Mode)
-
-	access := unittest.AssertExistsAndLoadBean(t, &access_model.Access{UserID: 4, RepoID: repo.ID}).(*access_model.Access)
-	assert.EqualValues(t, perm.AccessModeAdmin, access.Mode)
-
-	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, 4, perm.AccessModeAdmin))
-
-	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, unittest.NonexistentID, perm.AccessModeAdmin))
-
-	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repo.ID})
-}
-
 func TestRepository_DeleteCollaboration(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

--- a/models/repo_permission_test.go
+++ b/models/repo_permission_test.go
@ -1,266 +0,0 @@
-// Copyright 2018 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package models
-
-import (
-	"testing"
-
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/organization"
-	perm_model "code.gitea.io/gitea/models/perm"
-	access_model "code.gitea.io/gitea/models/perm/access"
-	repo_model "code.gitea.io/gitea/models/repo"
-	"code.gitea.io/gitea/models/unit"
-	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	// public non-organization repo
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}).(*repo_model.Repository)
-	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
-
-	// plain user
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// change to collaborator
-	assert.NoError(t, AddCollaborator(repo, user))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// collaborator
-	collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, collaborator)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// owner
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// admin
-	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-}
-
-func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	// private non-organization repo
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2}).(*repo_model.Repository)
-	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
-
-	// plain user
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
-	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.False(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// change to collaborator to default write access
-	assert.NoError(t, AddCollaborator(repo, user))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// owner
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// admin
-	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-}
-
-func TestRepoPermissionPublicOrgRepo(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	// public organization repo
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 32}).(*repo_model.Repository)
-	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
-
-	// plain user
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
-	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// change to collaborator to default write access
-	assert.NoError(t, AddCollaborator(repo, user))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// org member team owner
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// org member team tester
-	member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, member)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-	}
-	assert.True(t, perm.CanWrite(unit.TypeIssues))
-	assert.False(t, perm.CanWrite(unit.TypeCode))
-
-	// admin
-	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-}
-
-func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	// private organization repo
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24}).(*repo_model.Repository)
-	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
-
-	// plain user
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
-	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.False(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// change to collaborator to default write access
-	assert.NoError(t, AddCollaborator(repo, user))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// org member team owner
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// update team information and then check permission
-	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5}).(*organization.Team)
-	err = organization.UpdateTeamUnits(team, nil)
-	assert.NoError(t, err)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// org member team tester
-	tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, tester)
-	assert.NoError(t, err)
-	assert.True(t, perm.CanWrite(unit.TypeIssues))
-	assert.False(t, perm.CanWrite(unit.TypeCode))
-	assert.False(t, perm.CanRead(unit.TypeCode))
-
-	// org member team reviewer
-	reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, reviewer)
-	assert.NoError(t, err)
-	assert.False(t, perm.CanRead(unit.TypeIssues))
-	assert.False(t, perm.CanWrite(unit.TypeCode))
-	assert.True(t, perm.CanRead(unit.TypeCode))
-
-	// admin
-	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-}
--- a/models/repo_test.go
+++ b/models/repo_test.go
@ -8,11 +8,7 @@ import (
 	"testing"

 	"code.gitea.io/gitea/models/db"
-	repo_model "code.gitea.io/gitea/models/repo"
-	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/markup"

 	"github.com/stretchr/testify/assert"
 )
@ -22,71 +18,6 @@ func TestCheckRepoStats(t *testing.T) {
 	assert.NoError(t, CheckRepoStats(db.DefaultContext))
 }

-func TestWatchRepo(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-	const repoID = 3
-	const userID = 2
-
-	assert.NoError(t, repo_model.WatchRepo(db.DefaultContext, userID, repoID, true))
-	unittest.AssertExistsAndLoadBean(t, &repo_model.Watch{RepoID: repoID, UserID: userID})
-	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repoID})
-
-	assert.NoError(t, repo_model.WatchRepo(db.DefaultContext, userID, repoID, false))
-	unittest.AssertNotExistsBean(t, &repo_model.Watch{RepoID: repoID, UserID: userID})
-	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repoID})
-}
-
-func TestMetas(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	repo := &repo_model.Repository{Name: "testRepo"}
-	repo.Owner = &user_model.User{Name: "testOwner"}
-	repo.OwnerName = repo.Owner.Name
-
-	repo.Units = nil
-
-	metas := repo.ComposeMetas()
-	assert.Equal(t, "testRepo", metas["repo"])
-	assert.Equal(t, "testOwner", metas["user"])
-
-	externalTracker := repo_model.RepoUnit{
-		Type: unit.TypeExternalTracker,
-		Config: &repo_model.ExternalTrackerConfig{
-			ExternalTrackerFormat: "https://someurl.com/{user}/{repo}/{issue}",
-		},
-	}
-
-	testSuccess := func(expectedStyle string) {
-		repo.Units = []*repo_model.RepoUnit{&externalTracker}
-		repo.RenderingMetas = nil
-		metas := repo.ComposeMetas()
-		assert.Equal(t, expectedStyle, metas["style"])
-		assert.Equal(t, "testRepo", metas["repo"])
-		assert.Equal(t, "testOwner", metas["user"])
-		assert.Equal(t, "https://someurl.com/{user}/{repo}/{issue}", metas["format"])
-	}
-
-	testSuccess(markup.IssueNameStyleNumeric)
-
-	externalTracker.ExternalTrackerConfig().ExternalTrackerStyle = markup.IssueNameStyleAlphanumeric
-	testSuccess(markup.IssueNameStyleAlphanumeric)
-
-	externalTracker.ExternalTrackerConfig().ExternalTrackerStyle = markup.IssueNameStyleNumeric
-	testSuccess(markup.IssueNameStyleNumeric)
-
-	externalTracker.ExternalTrackerConfig().ExternalTrackerStyle = markup.IssueNameStyleRegexp
-	testSuccess(markup.IssueNameStyleRegexp)
-
-	repo, err := repo_model.GetRepositoryByID(3)
-	assert.NoError(t, err)
-
-	metas = repo.ComposeMetas()
-	assert.Contains(t, metas, "org")
-	assert.Contains(t, metas, "teams")
-	assert.Equal(t, "user3", metas["org"])
-	assert.Equal(t, ",owners,team1,", metas["teams"])
-}
-
 func TestDoctorUserStarNum(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

--- a/models/user/email_address_test.go
+++ b/models/user/email_address_test.go
@ -2,13 +2,14 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package user
+package user_test

 import (
 	"testing"

 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/util"

 	"github.com/stretchr/testify/assert"
@ -17,14 +18,14 @@ import (
 func TestGetEmailAddresses(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	emails, _ := GetEmailAddresses(int64(1))
+	emails, _ := user_model.GetEmailAddresses(int64(1))
 	if assert.Len(t, emails, 3) {
 		assert.True(t, emails[0].IsPrimary)
 		assert.True(t, emails[2].IsActivated)
 		assert.False(t, emails[2].IsPrimary)
 	}

-	emails, _ = GetEmailAddresses(int64(2))
+	emails, _ = user_model.GetEmailAddresses(int64(2))
 	if assert.Len(t, emails, 2) {
 		assert.True(t, emails[0].IsPrimary)
 		assert.True(t, emails[0].IsActivated)
@ -34,18 +35,18 @@ func TestGetEmailAddresses(t *testing.T) {
 func TestIsEmailUsed(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	isExist, _ := IsEmailUsed(db.DefaultContext, "")
+	isExist, _ := user_model.IsEmailUsed(db.DefaultContext, "")
 	assert.True(t, isExist)
-	isExist, _ = IsEmailUsed(db.DefaultContext, "user11@example.com")
+	isExist, _ = user_model.IsEmailUsed(db.DefaultContext, "user11@example.com")
 	assert.True(t, isExist)
-	isExist, _ = IsEmailUsed(db.DefaultContext, "user1234567890@example.com")
+	isExist, _ = user_model.IsEmailUsed(db.DefaultContext, "user1234567890@example.com")
 	assert.False(t, isExist)
 }

 func TestAddEmailAddress(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	assert.NoError(t, AddEmailAddress(db.DefaultContext, &EmailAddress{
+	assert.NoError(t, user_model.AddEmailAddress(db.DefaultContext, &user_model.EmailAddress{
 		Email:       "user1234567890@example.com",
 		LowerEmail:  "user1234567890@example.com",
 		IsPrimary:   true,
@ -53,55 +54,55 @@ func TestAddEmailAddress(t *testing.T) {
 	}))

 	// ErrEmailAlreadyUsed
-	err := AddEmailAddress(db.DefaultContext, &EmailAddress{
+	err := user_model.AddEmailAddress(db.DefaultContext, &user_model.EmailAddress{
 		Email:      "user1234567890@example.com",
 		LowerEmail: "user1234567890@example.com",
 	})
 	assert.Error(t, err)
-	assert.True(t, IsErrEmailAlreadyUsed(err))
+	assert.True(t, user_model.IsErrEmailAlreadyUsed(err))
 }

 func TestAddEmailAddresses(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	// insert multiple email address
-	emails := make([]*EmailAddress, 2)
-	emails[0] = &EmailAddress{
+	emails := make([]*user_model.EmailAddress, 2)
+	emails[0] = &user_model.EmailAddress{
 		Email:       "user1234@example.com",
 		LowerEmail:  "user1234@example.com",
 		IsActivated: true,
 	}
-	emails[1] = &EmailAddress{
+	emails[1] = &user_model.EmailAddress{
 		Email:       "user5678@example.com",
 		LowerEmail:  "user5678@example.com",
 		IsActivated: true,
 	}
-	assert.NoError(t, AddEmailAddresses(emails))
+	assert.NoError(t, user_model.AddEmailAddresses(emails))

 	// ErrEmailAlreadyUsed
-	err := AddEmailAddresses(emails)
+	err := user_model.AddEmailAddresses(emails)
 	assert.Error(t, err)
-	assert.True(t, IsErrEmailAlreadyUsed(err))
+	assert.True(t, user_model.IsErrEmailAlreadyUsed(err))
 }

 func TestDeleteEmailAddress(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	assert.NoError(t, DeleteEmailAddress(&EmailAddress{
+	assert.NoError(t, user_model.DeleteEmailAddress(&user_model.EmailAddress{
 		UID:        int64(1),
 		ID:         int64(33),
 		Email:      "user1-2@example.com",
 		LowerEmail: "user1-2@example.com",
 	}))

-	assert.NoError(t, DeleteEmailAddress(&EmailAddress{
+	assert.NoError(t, user_model.DeleteEmailAddress(&user_model.EmailAddress{
 		UID:        int64(1),
 		Email:      "user1-3@example.com",
 		LowerEmail: "user1-3@example.com",
 	}))

 	// Email address does not exist
-	err := DeleteEmailAddress(&EmailAddress{
+	err := user_model.DeleteEmailAddress(&user_model.EmailAddress{
 		UID:        int64(1),
 		Email:      "user1234567890@example.com",
 		LowerEmail: "user1234567890@example.com",
@ -113,70 +114,70 @@ func TestDeleteEmailAddresses(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	// delete multiple email address
-	emails := make([]*EmailAddress, 2)
-	emails[0] = &EmailAddress{
+	emails := make([]*user_model.EmailAddress, 2)
+	emails[0] = &user_model.EmailAddress{
 		UID:        int64(2),
 		ID:         int64(3),
 		Email:      "user2@example.com",
 		LowerEmail: "user2@example.com",
 	}
-	emails[1] = &EmailAddress{
+	emails[1] = &user_model.EmailAddress{
 		UID:        int64(2),
 		Email:      "user2-2@example.com",
 		LowerEmail: "user2-2@example.com",
 	}
-	assert.NoError(t, DeleteEmailAddresses(emails))
+	assert.NoError(t, user_model.DeleteEmailAddresses(emails))

 	// ErrEmailAlreadyUsed
-	err := DeleteEmailAddresses(emails)
+	err := user_model.DeleteEmailAddresses(emails)
 	assert.Error(t, err)
 }

 func TestMakeEmailPrimary(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	email := &EmailAddress{
+	email := &user_model.EmailAddress{
 		Email: "user567890@example.com",
 	}
-	err := MakeEmailPrimary(email)
+	err := user_model.MakeEmailPrimary(email)
 	assert.Error(t, err)
-	assert.EqualError(t, err, ErrEmailAddressNotExist{Email: email.Email}.Error())
+	assert.EqualError(t, err, user_model.ErrEmailAddressNotExist{Email: email.Email}.Error())

-	email = &EmailAddress{
+	email = &user_model.EmailAddress{
 		Email: "user11@example.com",
 	}
-	err = MakeEmailPrimary(email)
+	err = user_model.MakeEmailPrimary(email)
 	assert.Error(t, err)
-	assert.EqualError(t, err, ErrEmailNotActivated.Error())
+	assert.EqualError(t, err, user_model.ErrEmailNotActivated.Error())

-	email = &EmailAddress{
+	email = &user_model.EmailAddress{
 		Email: "user9999999@example.com",
 	}
-	err = MakeEmailPrimary(email)
+	err = user_model.MakeEmailPrimary(email)
 	assert.Error(t, err)
-	assert.True(t, IsErrUserNotExist(err))
+	assert.True(t, user_model.IsErrUserNotExist(err))

-	email = &EmailAddress{
+	email = &user_model.EmailAddress{
 		Email: "user101@example.com",
 	}
-	err = MakeEmailPrimary(email)
+	err = user_model.MakeEmailPrimary(email)
 	assert.NoError(t, err)

-	user, _ := GetUserByID(int64(10))
+	user, _ := user_model.GetUserByID(int64(10))
 	assert.Equal(t, "user101@example.com", user.Email)
 }

 func TestActivate(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	email := &EmailAddress{
+	email := &user_model.EmailAddress{
 		ID:    int64(1),
 		UID:   int64(1),
 		Email: "user11@example.com",
 	}
-	assert.NoError(t, ActivateEmail(email))
+	assert.NoError(t, user_model.ActivateEmail(email))

-	emails, _ := GetEmailAddresses(int64(1))
+	emails, _ := user_model.GetEmailAddresses(int64(1))
 	assert.Len(t, emails, 3)
 	assert.True(t, emails[0].IsActivated)
 	assert.True(t, emails[0].IsPrimary)
@ -189,17 +190,17 @@ func TestListEmails(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	// Must find all users and their emails
-	opts := &SearchEmailOptions{
+	opts := &user_model.SearchEmailOptions{
 		ListOptions: db.ListOptions{
 			PageSize: 10000,
 		},
 	}
-	emails, count, err := SearchEmails(opts)
+	emails, count, err := user_model.SearchEmails(opts)
 	assert.NoError(t, err)
 	assert.NotEqual(t, int64(0), count)
 	assert.True(t, count > 5)

-	contains := func(match func(s *SearchEmailResult) bool) bool {
+	contains := func(match func(s *user_model.SearchEmailResult) bool) bool {
 		for _, v := range emails {
 			if match(v) {
 				return true
@ -208,46 +209,46 @@ func TestListEmails(t *testing.T) {
 		return false
 	}

-	assert.True(t, contains(func(s *SearchEmailResult) bool { return s.UID == 18 }))
+	assert.True(t, contains(func(s *user_model.SearchEmailResult) bool { return s.UID == 18 }))
 	// 'user3' is an organization
-	assert.False(t, contains(func(s *SearchEmailResult) bool { return s.UID == 3 }))
+	assert.False(t, contains(func(s *user_model.SearchEmailResult) bool { return s.UID == 3 }))

 	// Must find no records
-	opts = &SearchEmailOptions{Keyword: "NOTFOUND"}
-	emails, count, err = SearchEmails(opts)
+	opts = &user_model.SearchEmailOptions{Keyword: "NOTFOUND"}
+	emails, count, err = user_model.SearchEmails(opts)
 	assert.NoError(t, err)
 	assert.Equal(t, int64(0), count)

 	// Must find users 'user2', 'user28', etc.
-	opts = &SearchEmailOptions{Keyword: "user2"}
-	emails, count, err = SearchEmails(opts)
+	opts = &user_model.SearchEmailOptions{Keyword: "user2"}
+	emails, count, err = user_model.SearchEmails(opts)
 	assert.NoError(t, err)
 	assert.NotEqual(t, int64(0), count)
-	assert.True(t, contains(func(s *SearchEmailResult) bool { return s.UID == 2 }))
-	assert.True(t, contains(func(s *SearchEmailResult) bool { return s.UID == 27 }))
+	assert.True(t, contains(func(s *user_model.SearchEmailResult) bool { return s.UID == 2 }))
+	assert.True(t, contains(func(s *user_model.SearchEmailResult) bool { return s.UID == 27 }))

 	// Must find only primary addresses (i.e. from the `user` table)
-	opts = &SearchEmailOptions{IsPrimary: util.OptionalBoolTrue}
-	emails, _, err = SearchEmails(opts)
+	opts = &user_model.SearchEmailOptions{IsPrimary: util.OptionalBoolTrue}
+	emails, _, err = user_model.SearchEmails(opts)
 	assert.NoError(t, err)
-	assert.True(t, contains(func(s *SearchEmailResult) bool { return s.IsPrimary }))
-	assert.False(t, contains(func(s *SearchEmailResult) bool { return !s.IsPrimary }))
+	assert.True(t, contains(func(s *user_model.SearchEmailResult) bool { return s.IsPrimary }))
+	assert.False(t, contains(func(s *user_model.SearchEmailResult) bool { return !s.IsPrimary }))

 	// Must find only inactive addresses (i.e. not validated)
-	opts = &SearchEmailOptions{IsActivated: util.OptionalBoolFalse}
-	emails, _, err = SearchEmails(opts)
+	opts = &user_model.SearchEmailOptions{IsActivated: util.OptionalBoolFalse}
+	emails, _, err = user_model.SearchEmails(opts)
 	assert.NoError(t, err)
-	assert.True(t, contains(func(s *SearchEmailResult) bool { return !s.IsActivated }))
-	assert.False(t, contains(func(s *SearchEmailResult) bool { return s.IsActivated }))
+	assert.True(t, contains(func(s *user_model.SearchEmailResult) bool { return !s.IsActivated }))
+	assert.False(t, contains(func(s *user_model.SearchEmailResult) bool { return s.IsActivated }))

 	// Must find more than one page, but retrieve only one
-	opts = &SearchEmailOptions{
+	opts = &user_model.SearchEmailOptions{
 		ListOptions: db.ListOptions{
 			PageSize: 5,
 			Page:     1,
 		},
 	}
-	emails, count, err = SearchEmails(opts)
+	emails, count, err = user_model.SearchEmails(opts)
 	assert.NoError(t, err)
 	assert.Len(t, emails, 5)
 	assert.Greater(t, count, int64(len(emails)))
@ -278,32 +279,32 @@ func TestEmailAddressValidate(t *testing.T) {
 		`first|last@iana.org`:            nil,
 		`first}last@iana.org`:            nil,
 		`first~last@iana.org`:            nil,
-		`first;last@iana.org`:            ErrEmailCharIsNotSupported{`first;last@iana.org`},
-		".233@qq.com":                    ErrEmailInvalid{".233@qq.com"},
-		"!233@qq.com":                    ErrEmailInvalid{"!233@qq.com"},
-		"#233@qq.com":                    ErrEmailInvalid{"#233@qq.com"},
-		"$233@qq.com":                    ErrEmailInvalid{"$233@qq.com"},
-		"%233@qq.com":                    ErrEmailInvalid{"%233@qq.com"},
-		"&233@qq.com":                    ErrEmailInvalid{"&233@qq.com"},
-		"'233@qq.com":                    ErrEmailInvalid{"'233@qq.com"},
-		"*233@qq.com":                    ErrEmailInvalid{"*233@qq.com"},
-		"+233@qq.com":                    ErrEmailInvalid{"+233@qq.com"},
-		"/233@qq.com":                    ErrEmailInvalid{"/233@qq.com"},
-		"=233@qq.com":                    ErrEmailInvalid{"=233@qq.com"},
-		"?233@qq.com":                    ErrEmailInvalid{"?233@qq.com"},
-		"^233@qq.com":                    ErrEmailInvalid{"^233@qq.com"},
-		"`233@qq.com":                    ErrEmailInvalid{"`233@qq.com"},
-		"{233@qq.com":                    ErrEmailInvalid{"{233@qq.com"},
-		"|233@qq.com":                    ErrEmailInvalid{"|233@qq.com"},
-		"}233@qq.com":                    ErrEmailInvalid{"}233@qq.com"},
-		"~233@qq.com":                    ErrEmailInvalid{"~233@qq.com"},
-		";233@qq.com":                    ErrEmailCharIsNotSupported{";233@qq.com"},
-		"Foo <foo@bar.com>":              ErrEmailCharIsNotSupported{"Foo <foo@bar.com>"},
-		string([]byte{0xE2, 0x84, 0xAA}): ErrEmailCharIsNotSupported{string([]byte{0xE2, 0x84, 0xAA})},
+		`first;last@iana.org`:            user_model.ErrEmailCharIsNotSupported{`first;last@iana.org`},
+		".233@qq.com":                    user_model.ErrEmailInvalid{".233@qq.com"},
+		"!233@qq.com":                    user_model.ErrEmailInvalid{"!233@qq.com"},
+		"#233@qq.com":                    user_model.ErrEmailInvalid{"#233@qq.com"},
+		"$233@qq.com":                    user_model.ErrEmailInvalid{"$233@qq.com"},
+		"%233@qq.com":                    user_model.ErrEmailInvalid{"%233@qq.com"},
+		"&233@qq.com":                    user_model.ErrEmailInvalid{"&233@qq.com"},
+		"'233@qq.com":                    user_model.ErrEmailInvalid{"'233@qq.com"},
+		"*233@qq.com":                    user_model.ErrEmailInvalid{"*233@qq.com"},
+		"+233@qq.com":                    user_model.ErrEmailInvalid{"+233@qq.com"},
+		"/233@qq.com":                    user_model.ErrEmailInvalid{"/233@qq.com"},
+		"=233@qq.com":                    user_model.ErrEmailInvalid{"=233@qq.com"},
+		"?233@qq.com":                    user_model.ErrEmailInvalid{"?233@qq.com"},
+		"^233@qq.com":                    user_model.ErrEmailInvalid{"^233@qq.com"},
+		"`233@qq.com":                    user_model.ErrEmailInvalid{"`233@qq.com"},
+		"{233@qq.com":                    user_model.ErrEmailInvalid{"{233@qq.com"},
+		"|233@qq.com":                    user_model.ErrEmailInvalid{"|233@qq.com"},
+		"}233@qq.com":                    user_model.ErrEmailInvalid{"}233@qq.com"},
+		"~233@qq.com":                    user_model.ErrEmailInvalid{"~233@qq.com"},
+		";233@qq.com":                    user_model.ErrEmailCharIsNotSupported{";233@qq.com"},
+		"Foo <foo@bar.com>":              user_model.ErrEmailCharIsNotSupported{"Foo <foo@bar.com>"},
+		string([]byte{0xE2, 0x84, 0xAA}): user_model.ErrEmailCharIsNotSupported{string([]byte{0xE2, 0x84, 0xAA})},
 	}
 	for kase, err := range kases {
 		t.Run(kase, func(t *testing.T) {
-			assert.EqualValues(t, err, ValidateEmail(kase))
+			assert.EqualValues(t, err, user_model.ValidateEmail(kase))
 		})
 	}
 }
--- a/models/user/follow_test.go
+++ b/models/user/follow_test.go
@ -2,21 +2,22 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package user
+package user_test

 import (
 	"testing"

 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"

 	"github.com/stretchr/testify/assert"
 )

 func TestIsFollowing(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	assert.True(t, IsFollowing(4, 2))
-	assert.False(t, IsFollowing(2, 4))
-	assert.False(t, IsFollowing(5, unittest.NonexistentID))
-	assert.False(t, IsFollowing(unittest.NonexistentID, 5))
-	assert.False(t, IsFollowing(unittest.NonexistentID, unittest.NonexistentID))
+	assert.True(t, user_model.IsFollowing(4, 2))
+	assert.False(t, user_model.IsFollowing(2, 4))
+	assert.False(t, user_model.IsFollowing(5, unittest.NonexistentID))
+	assert.False(t, user_model.IsFollowing(unittest.NonexistentID, 5))
+	assert.False(t, user_model.IsFollowing(unittest.NonexistentID, unittest.NonexistentID))
 }
--- a/models/user/main_test.go
+++ b/models/user/main_test.go
@ -2,26 +2,20 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package user
+package user_test

 import (
 	"path/filepath"
 	"testing"

 	"code.gitea.io/gitea/models/unittest"
+
+	_ "code.gitea.io/gitea/models"
+	_ "code.gitea.io/gitea/models/user"
 )

 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: filepath.Join("..", ".."),
-		FixtureFiles: []string{
-			"email_address.yml",
-			"user_redirect.yml",
-			"follow.yml",
-			"user_open_id.yml",
-			"two_factor.yml",
-			"oauth2_application.yml",
-			"user.yml",
-		},
 	})
 }
--- a/models/user/openid_test.go
+++ b/models/user/openid_test.go
@ -2,12 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package user
+package user_test

 import (
 	"testing"

 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"

 	"github.com/stretchr/testify/assert"
 )
@ -15,7 +16,7 @@ import (
 func TestGetUserOpenIDs(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	oids, err := GetUserOpenIDs(int64(1))
+	oids, err := user_model.GetUserOpenIDs(int64(1))
 	if assert.NoError(t, err) && assert.Len(t, oids, 2) {
 		assert.Equal(t, "https://user1.domain1.tld/", oids[0].URI)
 		assert.False(t, oids[0].Show)
@ -23,7 +24,7 @@ func TestGetUserOpenIDs(t *testing.T) {
 		assert.True(t, oids[1].Show)
 	}

-	oids, err = GetUserOpenIDs(int64(2))
+	oids, err = user_model.GetUserOpenIDs(int64(2))
 	if assert.NoError(t, err) && assert.Len(t, oids, 1) {
 		assert.Equal(t, "https://domain1.tld/user2/", oids[0].URI)
 		assert.True(t, oids[0].Show)
@ -32,28 +33,28 @@ func TestGetUserOpenIDs(t *testing.T) {

 func TestToggleUserOpenIDVisibility(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	oids, err := GetUserOpenIDs(int64(2))
+	oids, err := user_model.GetUserOpenIDs(int64(2))
 	if !assert.NoError(t, err) || !assert.Len(t, oids, 1) {
 		return
 	}
 	assert.True(t, oids[0].Show)

-	err = ToggleUserOpenIDVisibility(oids[0].ID)
+	err = user_model.ToggleUserOpenIDVisibility(oids[0].ID)
 	if !assert.NoError(t, err) {
 		return
 	}

-	oids, err = GetUserOpenIDs(int64(2))
+	oids, err = user_model.GetUserOpenIDs(int64(2))
 	if !assert.NoError(t, err) || !assert.Len(t, oids, 1) {
 		return
 	}
 	assert.False(t, oids[0].Show)
-	err = ToggleUserOpenIDVisibility(oids[0].ID)
+	err = user_model.ToggleUserOpenIDVisibility(oids[0].ID)
 	if !assert.NoError(t, err) {
 		return
 	}

-	oids, err = GetUserOpenIDs(int64(2))
+	oids, err = user_model.GetUserOpenIDs(int64(2))
 	if !assert.NoError(t, err) {
 		return
 	}
--- a/models/user/redirect_test.go
+++ b/models/user/redirect_test.go
@ -2,12 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package user
+package user_test

 import (
 	"testing"

 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"

 	"github.com/stretchr/testify/assert"
 )
@ -15,10 +16,10 @@ import (
 func TestLookupUserRedirect(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	userID, err := LookupUserRedirect("olduser1")
+	userID, err := user_model.LookupUserRedirect("olduser1")
 	assert.NoError(t, err)
 	assert.EqualValues(t, 1, userID)

-	_, err = LookupUserRedirect("doesnotexist")
-	assert.True(t, IsErrUserRedirectNotExist(err))
+	_, err = user_model.LookupUserRedirect("doesnotexist")
+	assert.True(t, user_model.IsErrUserRedirectNotExist(err))
 }
--- a/models/user/setting_test.go
+++ b/models/user/setting_test.go
@ -2,12 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package user
+package user_test

 import (
 	"testing"

 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"

 	"github.com/stretchr/testify/assert"
 )
@ -16,44 +17,44 @@ func TestSettings(t *testing.T) {
 	keyName := "test_user_setting"
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	newSetting := &Setting{UserID: 99, SettingKey: keyName, SettingValue: "Gitea User Setting Test"}
+	newSetting := &user_model.Setting{UserID: 99, SettingKey: keyName, SettingValue: "Gitea User Setting Test"}

 	// create setting
-	err := SetUserSetting(newSetting.UserID, newSetting.SettingKey, newSetting.SettingValue)
+	err := user_model.SetUserSetting(newSetting.UserID, newSetting.SettingKey, newSetting.SettingValue)
 	assert.NoError(t, err)
 	// test about saving unchanged values
-	err = SetUserSetting(newSetting.UserID, newSetting.SettingKey, newSetting.SettingValue)
+	err = user_model.SetUserSetting(newSetting.UserID, newSetting.SettingKey, newSetting.SettingValue)
 	assert.NoError(t, err)

 	// get specific setting
-	settings, err := GetUserSettings(99, []string{keyName})
+	settings, err := user_model.GetUserSettings(99, []string{keyName})
 	assert.NoError(t, err)
 	assert.Len(t, settings, 1)
 	assert.EqualValues(t, newSetting.SettingValue, settings[keyName].SettingValue)

-	settingValue, err := GetUserSetting(99, keyName)
+	settingValue, err := user_model.GetUserSetting(99, keyName)
 	assert.NoError(t, err)
 	assert.EqualValues(t, newSetting.SettingValue, settingValue)

-	settingValue, err = GetUserSetting(99, "no_such")
+	settingValue, err = user_model.GetUserSetting(99, "no_such")
 	assert.NoError(t, err)
 	assert.EqualValues(t, "", settingValue)

 	// updated setting
-	updatedSetting := &Setting{UserID: 99, SettingKey: keyName, SettingValue: "Updated"}
-	err = SetUserSetting(updatedSetting.UserID, updatedSetting.SettingKey, updatedSetting.SettingValue)
+	updatedSetting := &user_model.Setting{UserID: 99, SettingKey: keyName, SettingValue: "Updated"}
+	err = user_model.SetUserSetting(updatedSetting.UserID, updatedSetting.SettingKey, updatedSetting.SettingValue)
 	assert.NoError(t, err)

 	// get all settings
-	settings, err = GetUserAllSettings(99)
+	settings, err = user_model.GetUserAllSettings(99)
 	assert.NoError(t, err)
 	assert.Len(t, settings, 1)
 	assert.EqualValues(t, updatedSetting.SettingValue, settings[updatedSetting.SettingKey].SettingValue)

 	// delete setting
-	err = DeleteUserSetting(99, keyName)
+	err = user_model.DeleteUserSetting(99, keyName)
 	assert.NoError(t, err)
-	settings, err = GetUserAllSettings(99)
+	settings, err = user_model.GetUserAllSettings(99)
 	assert.NoError(t, err)
 	assert.Len(t, settings, 0)
 }
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-package user
+package user_test

 import (
 	"math/rand"
@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
@ -22,7 +23,7 @@ import (
 func TestOAuth2Application_LoadUser(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	app := unittest.AssertExistsAndLoadBean(t, &auth.OAuth2Application{ID: 1}).(*auth.OAuth2Application)
-	user, err := GetUserByID(app.UID)
+	user, err := user_model.GetUserByID(app.UID)
 	assert.NoError(t, err)
 	assert.NotNil(t, user)
 }
@ -31,19 +32,19 @@ func TestGetUserEmailsByNames(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	// ignore none active user email
-	assert.Equal(t, []string{"user8@example.com"}, GetUserEmailsByNames(db.DefaultContext, []string{"user8", "user9"}))
-	assert.Equal(t, []string{"user8@example.com", "user5@example.com"}, GetUserEmailsByNames(db.DefaultContext, []string{"user8", "user5"}))
+	assert.Equal(t, []string{"user8@example.com"}, user_model.GetUserEmailsByNames(db.DefaultContext, []string{"user8", "user9"}))
+	assert.Equal(t, []string{"user8@example.com", "user5@example.com"}, user_model.GetUserEmailsByNames(db.DefaultContext, []string{"user8", "user5"}))

-	assert.Equal(t, []string{"user8@example.com"}, GetUserEmailsByNames(db.DefaultContext, []string{"user8", "user7"}))
+	assert.Equal(t, []string{"user8@example.com"}, user_model.GetUserEmailsByNames(db.DefaultContext, []string{"user8", "user7"}))
 }

 func TestCanCreateOrganization(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	admin := unittest.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
+	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
 	assert.True(t, admin.CanCreateOrganization())

-	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	assert.True(t, user.CanCreateOrganization())
 	// Disable user create organization permission.
 	user.AllowCreateOrganization = false
@ -57,8 +58,8 @@ func TestCanCreateOrganization(t *testing.T) {

 func TestSearchUsers(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	testSuccess := func(opts *SearchUserOptions, expectedUserOrOrgIDs []int64) {
-		users, _, err := SearchUsers(opts)
+	testSuccess := func(opts *user_model.SearchUserOptions, expectedUserOrOrgIDs []int64) {
+		users, _, err := user_model.SearchUsers(opts)
 		assert.NoError(t, err)
 		if assert.Len(t, users, len(expectedUserOrOrgIDs), opts) {
 			for i, expectedID := range expectedUserOrOrgIDs {
@ -68,58 +69,58 @@ func TestSearchUsers(t *testing.T) {
 	}

 	// test orgs
-	testOrgSuccess := func(opts *SearchUserOptions, expectedOrgIDs []int64) {
-		opts.Type = UserTypeOrganization
+	testOrgSuccess := func(opts *user_model.SearchUserOptions, expectedOrgIDs []int64) {
+		opts.Type = user_model.UserTypeOrganization
 		testSuccess(opts, expectedOrgIDs)
 	}

-	testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1, PageSize: 2}},
+	testOrgSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1, PageSize: 2}},
 		[]int64{3, 6})

-	testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 2, PageSize: 2}},
+	testOrgSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 2, PageSize: 2}},
 		[]int64{7, 17})

-	testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 3, PageSize: 2}},
+	testOrgSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 3, PageSize: 2}},
 		[]int64{19, 25})

-	testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 4, PageSize: 2}},
+	testOrgSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 4, PageSize: 2}},
 		[]int64{26})

-	testOrgSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 5, PageSize: 2}},
+	testOrgSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 5, PageSize: 2}},
 		[]int64{})

 	// test users
-	testUserSuccess := func(opts *SearchUserOptions, expectedUserIDs []int64) {
-		opts.Type = UserTypeIndividual
+	testUserSuccess := func(opts *user_model.SearchUserOptions, expectedUserIDs []int64) {
+		opts.Type = user_model.UserTypeIndividual
 		testSuccess(opts, expectedUserIDs)
 	}

-	testUserSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}},
+	testUserSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}},
 		[]int64{1, 2, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30, 32})

-	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolFalse},
+	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolFalse},
 		[]int64{9})

-	testUserSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
 		[]int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 28, 29, 30, 32})

-	testUserSuccess(&SearchUserOptions{Keyword: "user1", OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{Keyword: "user1", OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
 		[]int64{1, 10, 11, 12, 13, 14, 15, 16, 18})

 	// order by name asc default
-	testUserSuccess(&SearchUserOptions{Keyword: "user1", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{Keyword: "user1", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
 		[]int64{1, 10, 11, 12, 13, 14, 15, 16, 18})

-	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsAdmin: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsAdmin: util.OptionalBoolTrue},
 		[]int64{1})

-	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsRestricted: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsRestricted: util.OptionalBoolTrue},
 		[]int64{29, 30})

-	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsProhibitLogin: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsProhibitLogin: util.OptionalBoolTrue},
 		[]int64{30})

-	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsTwoFactorEnabled: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsTwoFactorEnabled: util.OptionalBoolTrue},
 		[]int64{24})
 }

@ -130,34 +131,34 @@ func TestEmailNotificationPreferences(t *testing.T) {
 		expected string
 		userID   int64
 	}{
-		{EmailNotificationsEnabled, 1},
-		{EmailNotificationsEnabled, 2},
-		{EmailNotificationsOnMention, 3},
-		{EmailNotificationsOnMention, 4},
-		{EmailNotificationsEnabled, 5},
-		{EmailNotificationsEnabled, 6},
-		{EmailNotificationsDisabled, 7},
-		{EmailNotificationsEnabled, 8},
-		{EmailNotificationsOnMention, 9},
+		{user_model.EmailNotificationsEnabled, 1},
+		{user_model.EmailNotificationsEnabled, 2},
+		{user_model.EmailNotificationsOnMention, 3},
+		{user_model.EmailNotificationsOnMention, 4},
+		{user_model.EmailNotificationsEnabled, 5},
+		{user_model.EmailNotificationsEnabled, 6},
+		{user_model.EmailNotificationsDisabled, 7},
+		{user_model.EmailNotificationsEnabled, 8},
+		{user_model.EmailNotificationsOnMention, 9},
 	} {
-		user := unittest.AssertExistsAndLoadBean(t, &User{ID: test.userID}).(*User)
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: test.userID}).(*user_model.User)
 		assert.Equal(t, test.expected, user.EmailNotifications())

 		// Try all possible settings
-		assert.NoError(t, SetEmailNotifications(user, EmailNotificationsEnabled))
-		assert.Equal(t, EmailNotificationsEnabled, user.EmailNotifications())
+		assert.NoError(t, user_model.SetEmailNotifications(user, user_model.EmailNotificationsEnabled))
+		assert.Equal(t, user_model.EmailNotificationsEnabled, user.EmailNotifications())

-		assert.NoError(t, SetEmailNotifications(user, EmailNotificationsOnMention))
-		assert.Equal(t, EmailNotificationsOnMention, user.EmailNotifications())
+		assert.NoError(t, user_model.SetEmailNotifications(user, user_model.EmailNotificationsOnMention))
+		assert.Equal(t, user_model.EmailNotificationsOnMention, user.EmailNotifications())

-		assert.NoError(t, SetEmailNotifications(user, EmailNotificationsDisabled))
-		assert.Equal(t, EmailNotificationsDisabled, user.EmailNotifications())
+		assert.NoError(t, user_model.SetEmailNotifications(user, user_model.EmailNotificationsDisabled))
+		assert.Equal(t, user_model.EmailNotificationsDisabled, user.EmailNotifications())
 	}
 }

 func TestHashPasswordDeterministic(t *testing.T) {
 	b := make([]byte, 16)
-	u := &User{}
+	u := &user_model.User{}
 	algos := []string{"argon2", "pbkdf2", "scrypt", "bcrypt"}
 	for j := 0; j < len(algos); j++ {
 		u.PasswdHashAlgo = algos[j]
@ -184,7 +185,7 @@ func BenchmarkHashPassword(b *testing.B) {
 	// BenchmarkHashPassword ensures that it takes a reasonable amount of time
 	// to hash a password - in order to protect from brute-force attacks.
 	pass := "password1337"
-	u := &User{Passwd: pass}
+	u := &user_model.User{Passwd: pass}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		u.SetPassword(pass)
@ -192,7 +193,7 @@ func BenchmarkHashPassword(b *testing.B) {
 }

 func TestNewGitSig(t *testing.T) {
-	users := make([]*User, 0, 20)
+	users := make([]*user_model.User, 0, 20)
 	err := db.GetEngine(db.DefaultContext).Find(&users)
 	assert.NoError(t, err)

@ -206,7 +207,7 @@ func TestNewGitSig(t *testing.T) {
 }

 func TestDisplayName(t *testing.T) {
-	users := make([]*User, 0, 20)
+	users := make([]*user_model.User, 0, 20)
 	err := db.GetEngine(db.DefaultContext).Find(&users)
 	assert.NoError(t, err)

@ -221,7 +222,7 @@ func TestDisplayName(t *testing.T) {
 }

 func TestCreateUserInvalidEmail(t *testing.T) {
-	user := &User{
+	user := &user_model.User{
 		Name:               "GiteaBot",
 		Email:              "GiteaBot@gitea.io\r\n",
 		Passwd:             ";p['////..-++']",
@ -230,35 +231,35 @@ func TestCreateUserInvalidEmail(t *testing.T) {
 		MustChangePassword: false,
 	}

-	err := CreateUser(user)
+	err := user_model.CreateUser(user)
 	assert.Error(t, err)
-	assert.True(t, IsErrEmailCharIsNotSupported(err))
+	assert.True(t, user_model.IsErrEmailCharIsNotSupported(err))
 }

 func TestCreateUserEmailAlreadyUsed(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

 	// add new user with user2's email
 	user.Name = "testuser"
 	user.LowerName = strings.ToLower(user.Name)
 	user.ID = 0
-	err := CreateUser(user)
+	err := user_model.CreateUser(user)
 	assert.Error(t, err)
-	assert.True(t, IsErrEmailAlreadyUsed(err))
+	assert.True(t, user_model.IsErrEmailAlreadyUsed(err))
 }

 func TestGetUserIDsByNames(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	// ignore non existing
-	IDs, err := GetUserIDsByNames([]string{"user1", "user2", "none_existing_user"}, true)
+	IDs, err := user_model.GetUserIDsByNames([]string{"user1", "user2", "none_existing_user"}, true)
 	assert.NoError(t, err)
 	assert.Equal(t, []int64{1, 2}, IDs)

 	// ignore non existing
-	IDs, err = GetUserIDsByNames([]string{"user1", "do_not_exist"}, false)
+	IDs, err = user_model.GetUserIDsByNames([]string{"user1", "do_not_exist"}, false)
 	assert.Error(t, err)
 	assert.Equal(t, []int64(nil), IDs)
 }
@ -266,14 +267,14 @@ func TestGetUserIDsByNames(t *testing.T) {
 func TestGetMaileableUsersByIDs(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	results, err := GetMaileableUsersByIDs([]int64{1, 4}, false)
+	results, err := user_model.GetMaileableUsersByIDs([]int64{1, 4}, false)
 	assert.NoError(t, err)
 	assert.Len(t, results, 1)
 	if len(results) > 1 {
 		assert.Equal(t, results[0].ID, 1)
 	}

-	results, err = GetMaileableUsersByIDs([]int64{1, 4}, true)
+	results, err = user_model.GetMaileableUsersByIDs([]int64{1, 4}, true)
 	assert.NoError(t, err)
 	assert.Len(t, results, 2)
 	if len(results) > 2 {
@ -284,36 +285,36 @@ func TestGetMaileableUsersByIDs(t *testing.T) {

 func TestUpdateUser(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

 	user.KeepActivityPrivate = true
-	assert.NoError(t, UpdateUser(db.DefaultContext, user, false))
-	user = unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	assert.NoError(t, user_model.UpdateUser(db.DefaultContext, user, false))
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	assert.True(t, user.KeepActivityPrivate)

 	setting.Service.AllowedUserVisibilityModesSlice = []bool{true, false, false}
 	user.KeepActivityPrivate = false
 	user.Visibility = structs.VisibleTypePrivate
-	assert.Error(t, UpdateUser(db.DefaultContext, user, false))
-	user = unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	assert.Error(t, user_model.UpdateUser(db.DefaultContext, user, false))
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	assert.True(t, user.KeepActivityPrivate)

 	user.Email = "no mail@mail.org"
-	assert.Error(t, UpdateUser(db.DefaultContext, user, true))
+	assert.Error(t, user_model.UpdateUser(db.DefaultContext, user, true))
 }

 func TestNewUserRedirect(t *testing.T) {
 	// redirect to a completely new name
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
-	assert.NoError(t, NewUserRedirect(db.DefaultContext, user.ID, user.Name, "newusername"))
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+	assert.NoError(t, user_model.NewUserRedirect(db.DefaultContext, user.ID, user.Name, "newusername"))

-	unittest.AssertExistsAndLoadBean(t, &Redirect{
+	unittest.AssertExistsAndLoadBean(t, &user_model.Redirect{
 		LowerName:      user.LowerName,
 		RedirectUserID: user.ID,
 	})
-	unittest.AssertExistsAndLoadBean(t, &Redirect{
+	unittest.AssertExistsAndLoadBean(t, &user_model.Redirect{
 		LowerName:      "olduser1",
 		RedirectUserID: user.ID,
 	})
@ -323,14 +324,14 @@ func TestNewUserRedirect2(t *testing.T) {
 	// redirect to previously used name
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
-	assert.NoError(t, NewUserRedirect(db.DefaultContext, user.ID, user.Name, "olduser1"))
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+	assert.NoError(t, user_model.NewUserRedirect(db.DefaultContext, user.ID, user.Name, "olduser1"))

-	unittest.AssertExistsAndLoadBean(t, &Redirect{
+	unittest.AssertExistsAndLoadBean(t, &user_model.Redirect{
 		LowerName:      user.LowerName,
 		RedirectUserID: user.ID,
 	})
-	unittest.AssertNotExistsBean(t, &Redirect{
+	unittest.AssertNotExistsBean(t, &user_model.Redirect{
 		LowerName:      "olduser1",
 		RedirectUserID: user.ID,
 	})
@ -340,10 +341,10 @@ func TestNewUserRedirect3(t *testing.T) {
 	// redirect for a previously-unredirected user
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
-	assert.NoError(t, NewUserRedirect(db.DefaultContext, user.ID, user.Name, "newusername"))
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	assert.NoError(t, user_model.NewUserRedirect(db.DefaultContext, user.ID, user.Name, "newusername"))

-	unittest.AssertExistsAndLoadBean(t, &Redirect{
+	unittest.AssertExistsAndLoadBean(t, &user_model.Redirect{
 		LowerName:      user.LowerName,
 		RedirectUserID: user.ID,
 	})
@ -352,18 +353,47 @@ func TestNewUserRedirect3(t *testing.T) {
 func TestGetUserByOpenID(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	_, err := GetUserByOpenID("https://unknown")
+	_, err := user_model.GetUserByOpenID("https://unknown")
 	if assert.Error(t, err) {
-		assert.True(t, IsErrUserNotExist(err))
+		assert.True(t, user_model.IsErrUserNotExist(err))
 	}

-	user, err := GetUserByOpenID("https://user1.domain1.tld")
+	user, err := user_model.GetUserByOpenID("https://user1.domain1.tld")
 	if assert.NoError(t, err) {
 		assert.Equal(t, int64(1), user.ID)
 	}

-	user, err = GetUserByOpenID("https://domain1.tld/user2/")
+	user, err = user_model.GetUserByOpenID("https://domain1.tld/user2/")
 	if assert.NoError(t, err) {
 		assert.Equal(t, int64(2), user.ID)
 	}
 }
+
+func TestFollowUser(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	testSuccess := func(followerID, followedID int64) {
+		assert.NoError(t, user_model.FollowUser(followerID, followedID))
+		unittest.AssertExistsAndLoadBean(t, &user_model.Follow{UserID: followerID, FollowID: followedID})
+	}
+	testSuccess(4, 2)
+	testSuccess(5, 2)
+
+	assert.NoError(t, user_model.FollowUser(2, 2))
+
+	unittest.CheckConsistencyFor(t, &user_model.User{})
+}
+
+func TestUnfollowUser(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	testSuccess := func(followerID, followedID int64) {
+		assert.NoError(t, user_model.UnfollowUser(followerID, followedID))
+		unittest.AssertNotExistsBean(t, &user_model.Follow{UserID: followerID, FollowID: followedID})
+	}
+	testSuccess(4, 2)
+	testSuccess(5, 2)
+	testSuccess(2, 2)
+
+	unittest.CheckConsistencyFor(t, &user_model.User{})
+}
--- a/models/user_test.go
+++ b/models/user_test.go
@ -1,43 +0,0 @@
-// Copyright 2017 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package models
-
-import (
-	"testing"
-
-	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestFollowUser(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	testSuccess := func(followerID, followedID int64) {
-		assert.NoError(t, user_model.FollowUser(followerID, followedID))
-		unittest.AssertExistsAndLoadBean(t, &user_model.Follow{UserID: followerID, FollowID: followedID})
-	}
-	testSuccess(4, 2)
-	testSuccess(5, 2)
-
-	assert.NoError(t, user_model.FollowUser(2, 2))
-
-	unittest.CheckConsistencyFor(t, &user_model.User{})
-}
-
-func TestUnfollowUser(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	testSuccess := func(followerID, followedID int64) {
-		assert.NoError(t, user_model.UnfollowUser(followerID, followedID))
-		unittest.AssertNotExistsBean(t, &user_model.Follow{UserID: followerID, FollowID: followedID})
-	}
-	testSuccess(4, 2)
-	testSuccess(5, 2)
-	testSuccess(2, 2)
-
-	unittest.CheckConsistencyFor(t, &user_model.User{})
-}
--- a/modules/activitypub/user_settings.go
+++ b/modules/activitypub/user_settings.go
@ -8,25 +8,30 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 )

+const (
+	userActivitypubPrivpem = "activitypub_privpem"
+	userActivitypubPubpem  = "activitypub_pubpem"
+)
+
 // GetKeyPair function
 func GetKeyPair(user *user_model.User) (pub, priv string, err error) {
 	var settings map[string]*user_model.Setting
-	if settings, err = user_model.GetUserSettings(user.ID, []string{"activitypub_privpem", "activitypub_pubpem"}); err != nil {
+	if settings, err = user_model.GetUserSettings(user.ID, []string{userActivitypubPrivpem, userActivitypubPubpem}); err != nil {
 		return
 	} else if len(settings) == 0 {
 		if priv, pub, err = GenerateKeyPair(); err != nil {
 			return
 		}
-		if err = user_model.SetUserSetting(user.ID, "activitypub_privpem", priv); err != nil {
+		if err = user_model.SetUserSetting(user.ID, userActivitypubPrivpem, priv); err != nil {
 			return
 		}
-		if err = user_model.SetUserSetting(user.ID, "activitypub_pubpem", pub); err != nil {
+		if err = user_model.SetUserSetting(user.ID, userActivitypubPubpem, pub); err != nil {
 			return
 		}
 		return
 	} else {
-		priv = settings["activitypub_privpem"].SettingValue
-		pub = settings["activitypub_pubpem"].SettingValue
+		priv = settings[userActivitypubPrivpem].SettingValue
+		pub = settings[userActivitypubPubpem].SettingValue
 		return
 	}
 }
--- a/modules/setting/i18n.go
+++ b/modules/setting/i18n.go
@ -11,28 +11,28 @@ var defaultI18nLangNames = []string{
 	"zh-HK", "繁體中文（香港）",
 	"zh-TW", "繁體中文（台灣）",
 	"de-DE", "Deutsch",
-	"fr-FR", "français",
+	"fr-FR", "Français",
 	"nl-NL", "Nederlands",
-	"lv-LV", "latviešu",
-	"ru-RU", "русский",
+	"lv-LV", "Latviešu",
+	"ru-RU", "Русский",
 	"uk-UA", "Українська",
 	"ja-JP", "日本語",
-	"es-ES", "español",
-	"pt-BR", "português do Brasil",
+	"es-ES", "Español",
+	"pt-BR", "Português do Brasil",
 	"pt-PT", "Português de Portugal",
-	"pl-PL", "polski",
-	"bg-BG", "български",
-	"it-IT", "italiano",
-	"fi-FI", "suomi",
+	"pl-PL", "Polski",
+	"bg-BG", "Български",
+	"it-IT", "Italiano",
+	"fi-FI", "Suomi",
 	"tr-TR", "Türkçe",
-	"cs-CZ", "čeština",
-	"sr-SP", "српски",
-	"sv-SE", "svenska",
+	"cs-CZ", "Čeština",
+	"sr-SP", "Српски",
+	"sv-SE", "Svenska",
 	"ko-KR", "한국어",
-	"el-GR", "ελληνικά",
+	"el-GR", "Ελληνικά",
 	"fa-IR", "فارسی",
-	"hu-HU", "magyar nyelv",
-	"id-ID", "bahasa Indonesia",
+	"hu-HU", "Magyar nyelv",
+	"id-ID", "Bahasa Indonesia",
 	"ml-IN", "മലയാളം",
 }

--- a/routers/web/webfinger.go
+++ b/routers/web/webfinger.go
@ -108,10 +108,6 @@ func WebfingerQuery(ctx *context.Context) {
 			Type: "application/activity+json",
 			Href: appURL.String() + "api/v1/activitypub/user/" + url.PathEscape(u.Name),
 		},
-		{
-			Rel:      "http://ostatus.org/schema/1.0/subscribe",
-			Template: appURL.String() + "api/v1/authorize_interaction?uri={uri}",
-		},
 	}

 	ctx.Resp.Header().Add("Access-Control-Allow-Origin", "*")
--- a/services/migrations/dump.go
+++ b/services/migrations/dump.go
@ -6,6 +6,7 @@ package migrations

 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@ -572,7 +573,7 @@ func DumpRepository(ctx context.Context, baseDir, ownerName string, opts base.Mi
 	return nil
 }

-func updateOptionsUnits(opts *base.MigrateOptions, units []string) {
+func updateOptionsUnits(opts *base.MigrateOptions, units []string) error {
 	if len(units) == 0 {
 		opts.Wiki = true
 		opts.Issues = true
@ -585,6 +586,8 @@ func updateOptionsUnits(opts *base.MigrateOptions, units []string) {
 	} else {
 		for _, unit := range units {
 			switch strings.ToLower(unit) {
+			case "":
+				continue
 			case "wiki":
 				opts.Wiki = true
 			case "issues":
@ -601,9 +604,12 @@ func updateOptionsUnits(opts *base.MigrateOptions, units []string) {
 				opts.Comments = true
 			case "pull_requests":
 				opts.PullRequests = true
+			default:
+				return errors.New("invalid unit: " + unit)
 			}
 		}
 	}
+	return nil
 }

 // RestoreRepository restore a repository from the disk directory
@ -626,7 +632,9 @@ func RestoreRepository(ctx context.Context, baseDir, ownerName, repoName string,
 	migrateOpts := base.MigrateOptions{
 		GitServiceType: structs.GitServiceType(tp),
 	}
-	updateOptionsUnits(&migrateOpts, units)
+	if err := updateOptionsUnits(&migrateOpts, units); err != nil {
+		return err
+	}

 	if err = migrateRepository(downloader, uploader, migrateOpts, nil); err != nil {
 		if err1 := uploader.Rollback(); err1 != nil {
--- a/templates/repo/diff/box.tmpl
+++ b/templates/repo/diff/box.tmpl
@ -19,8 +19,8 @@
 			</div>
 			<div class="diff-detail-actions df ac">
 				{{if and .PageIsPullFiles $.SignedUserID (not .IsArchived)}}
-					<meter id="viewed-files-summary" value="{{.Diff.NumViewedFiles}}" max="{{.Diff.NumFiles}}"></meter>
-					<label for="viewed-files-summary" id="viewed-files-summary-label" data-text-changed-template="{{.i18n.Tr "repo.pulls.viewed_files_label"}}">
+					<progress id="viewed-files-summary" class="mr-2" value="{{.Diff.NumViewedFiles}}" max="{{.Diff.NumFiles}}"></progress>
+					<label for="viewed-files-summary" id="viewed-files-summary-label" class="mr-2" data-text-changed-template="{{.i18n.Tr "repo.pulls.viewed_files_label"}}">
 						{{.i18n.Tr "repo.pulls.viewed_files_label" .Diff.NumViewedFiles .Diff.NumFiles}}
 					</label>
 				{{end}}
--- a/web_src/js/features/pull-view-file.js
+++ b/web_src/js/features/pull-view-file.js
@ -9,8 +9,8 @@ const viewedCheckboxSelector = '.viewed-file-form'; // Selector under which all
 // Refreshes the summary of viewed files if present
 // The data used will be window.config.pageData.prReview.numberOf{Viewed}Files
 function refreshViewedFilesSummary() {
-  const viewedFilesMeter = document.getElementById('viewed-files-summary');
-  viewedFilesMeter?.setAttribute('value', prReview.numberOfViewedFiles);
+  const viewedFilesProgress = document.getElementById('viewed-files-summary');
+  viewedFilesProgress?.setAttribute('value', prReview.numberOfViewedFiles);
  const summaryLabel = document.getElementById('viewed-files-summary-label');
  if (summaryLabel) summaryLabel.innerHTML = summaryLabel.getAttribute('data-text-changed-template')
    .replace('%[1]d', prReview.numberOfViewedFiles)
--- a/web_src/less/_base.less
+++ b/web_src/less/_base.less
@ -211,19 +211,19 @@ details summary > * {
 }

 progress {
-  background: var(--color-secondary);
+  background: var(--color-secondary-dark-1);
  border-radius: 6px;
  border: none;
  overflow: hidden;
 }
 progress::-webkit-progress-bar {
-  background: var(--color-secondary);
+  background: var(--color-secondary-dark-1);
 }
 progress::-webkit-progress-value {
-  background-color: var(--color-secondary-dark-3);
+  background-color: var(--color-secondary-dark-4);
 }
 progress::-moz-progress-bar {
-  background: var(--color-secondary-dark-3);
+  background: var(--color-secondary-dark-4);
 }

 * {
--- a/web_src/less/_review.less
+++ b/web_src/less/_review.less
@ -280,3 +280,8 @@ a.blob-excerpt:hover {
 .viewed-file-checked-form {
  background-color: var(--color-primary-light-4);
 }
+
+#viewed-files-summary {
+  width: 72px;
+  height: 10px;
+}