Check user/org repo limit instead of doer (#34147)

This PR tries to finally fix the bug mentioned in #30011 and #15504, where the user repo limit is checked when creating a repo in an organization. Fix #30011 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
2025-07-22 18:28:37 +00:00 · 2025-04-08 06:45:31 +00:00
parent a100ac3306
commit fd7c364ca6
15 changed files with 92 additions and 71 deletions
--- a/services/repository/adopt.go
+++ b/services/repository/adopt.go
@@ -40,17 +40,17 @@ func deleteFailedAdoptRepository(repoID int64) error {
 }

 // AdoptRepository adopts pre-existing repository files for the user/organization.
-func AdoptRepository(ctx context.Context, doer, u *user_model.User, opts CreateRepoOptions) (*repo_model.Repository, error) {
-	if !doer.IsAdmin && !u.CanCreateRepo() {
+func AdoptRepository(ctx context.Context, doer, owner *user_model.User, opts CreateRepoOptions) (*repo_model.Repository, error) {
+	if !doer.CanCreateRepoIn(owner) {
 		return nil, repo_model.ErrReachLimitOfRepo{
-			Limit: u.MaxRepoCreation,
+			Limit: owner.MaxRepoCreation,
 		}
 	}

 	repo := &repo_model.Repository{
-		OwnerID:                         u.ID,
-		Owner:                           u,
-		OwnerName:                       u.Name,
+		OwnerID:                         owner.ID,
+		Owner:                           owner,
+		OwnerName:                       owner.Name,
 		Name:                            opts.Name,
 		LowerName:                       strings.ToLower(opts.Name),
 		Description:                     opts.Description,
@@ -65,7 +65,7 @@ func AdoptRepository(ctx context.Context, doer, u *user_model.User, opts CreateR

 	// 1 - create the repository database operations first
 	err := db.WithTx(ctx, func(ctx context.Context) error {
-		return createRepositoryInDB(ctx, doer, u, repo, false)
+		return createRepositoryInDB(ctx, doer, owner, repo, false)
 	})
 	if err != nil {
 		return nil, err
@@ -104,7 +104,7 @@ func AdoptRepository(ctx context.Context, doer, u *user_model.User, opts CreateR
 		return nil, fmt.Errorf("UpdateRepositoryCols: %w", err)
 	}

-	notify_service.AdoptRepository(ctx, doer, u, repo)
+	notify_service.AdoptRepository(ctx, doer, owner, repo)

 	return repo, nil
 }
--- a/services/repository/create.go
+++ b/services/repository/create.go
@@ -204,10 +204,10 @@ func initRepository(ctx context.Context, u *user_model.User, repo *repo_model.Re
 }

 // CreateRepositoryDirectly creates a repository for the user/organization.
-func CreateRepositoryDirectly(ctx context.Context, doer, u *user_model.User, opts CreateRepoOptions) (*repo_model.Repository, error) {
-	if !doer.IsAdmin && !u.CanCreateRepo() {
+func CreateRepositoryDirectly(ctx context.Context, doer, owner *user_model.User, opts CreateRepoOptions) (*repo_model.Repository, error) {
+	if !doer.CanCreateRepoIn(owner) {
 		return nil, repo_model.ErrReachLimitOfRepo{
-			Limit: u.MaxRepoCreation,
+			Limit: owner.MaxRepoCreation,
 		}
 	}

@@ -227,9 +227,9 @@ func CreateRepositoryDirectly(ctx context.Context, doer, u *user_model.User, opt
 	}

 	repo := &repo_model.Repository{
-		OwnerID:                         u.ID,
-		Owner:                           u,
-		OwnerName:                       u.Name,
+		OwnerID:                         owner.ID,
+		Owner:                           owner,
+		OwnerName:                       owner.Name,
 		Name:                            opts.Name,
 		LowerName:                       strings.ToLower(opts.Name),
 		Description:                     opts.Description,
@@ -252,7 +252,7 @@ func CreateRepositoryDirectly(ctx context.Context, doer, u *user_model.User, opt

 	// 1 - create the repository database operations first
 	err := db.WithTx(ctx, func(ctx context.Context) error {
-		return createRepositoryInDB(ctx, doer, u, repo, false)
+		return createRepositoryInDB(ctx, doer, owner, repo, false)
 	})
 	if err != nil {
 		return nil, err
--- a/services/repository/fork.go
+++ b/services/repository/fork.go
@@ -65,7 +65,7 @@ func ForkRepository(ctx context.Context, doer, owner *user_model.User, opts Fork
 	}

 	// Fork is prohibited, if user has reached maximum limit of repositories
-	if !owner.CanForkRepo() {
+	if !doer.CanForkRepoIn(owner) {
 		return nil, repo_model.ErrReachLimitOfRepo{
 			Limit: owner.MaxRepoCreation,
 		}
--- a/services/repository/template.go
+++ b/services/repository/template.go
@@ -68,7 +68,7 @@ func GenerateProtectedBranch(ctx context.Context, templateRepo, generateRepo *re

 // GenerateRepository generates a repository from a template
 func GenerateRepository(ctx context.Context, doer, owner *user_model.User, templateRepo *repo_model.Repository, opts GenerateRepoOptions) (_ *repo_model.Repository, err error) {
-	if !doer.IsAdmin && !owner.CanCreateRepo() {
+	if !doer.CanCreateRepoIn(owner) {
 		return nil, repo_model.ErrReachLimitOfRepo{
 			Limit: owner.MaxRepoCreation,
 		}
--- a/services/repository/transfer.go
+++ b/services/repository/transfer.go
@@ -61,7 +61,7 @@ func AcceptTransferOwnership(ctx context.Context, repo *repo_model.Repository, d
 			return err
 		}

-		if !doer.IsAdmin && !repoTransfer.Recipient.CanCreateRepo() {
+		if !doer.CanCreateRepoIn(repoTransfer.Recipient) {
 			limit := util.Iif(repoTransfer.Recipient.MaxRepoCreation >= 0, repoTransfer.Recipient.MaxRepoCreation, setting.Repository.MaxCreationLimit)
 			return LimitReachedError{Limit: limit}
 		}
@@ -416,7 +416,7 @@ func StartRepositoryTransfer(ctx context.Context, doer, newOwner *user_model.Use
 		return err
 	}

-	if !doer.IsAdmin && !newOwner.CanCreateRepo() {
+	if !doer.CanForkRepoIn(newOwner) {
 		limit := util.Iif(newOwner.MaxRepoCreation >= 0, newOwner.MaxRepoCreation, setting.Repository.MaxCreationLimit)
 		return LimitReachedError{Limit: limit}
 	}
--- a/services/repository/transfer_test.go
+++ b/services/repository/transfer_test.go
@@ -144,7 +144,7 @@ func TestRepositoryTransferRejection(t *testing.T) {
 	require.NotNil(t, transfer)
 	require.NoError(t, transfer.LoadRecipient(db.DefaultContext))

-	require.True(t, transfer.Recipient.CanCreateRepo()) // admin is not subject to limits
+	require.True(t, doerAdmin.CanCreateRepoIn(transfer.Recipient)) // admin is not subject to limits

 	// Administrator should not be affected by the limits so transfer should be successful
 	assert.NoError(t, AcceptTransferOwnership(db.DefaultContext, repo, doerAdmin))
@@ -158,7 +158,7 @@ func TestRepositoryTransferRejection(t *testing.T) {
 	require.NotNil(t, transfer)
 	require.NoError(t, transfer.LoadRecipient(db.DefaultContext))

-	require.False(t, transfer.Recipient.CanCreateRepo()) // regular user is subject to limits
+	require.False(t, doer.CanCreateRepoIn(transfer.Recipient)) // regular user is subject to limits

 	// Cannot accept because of the limit
 	err = AcceptTransferOwnership(db.DefaultContext, repo, doer)