appks/service/workspace/settings.rs

use serde::{Deserialize, Serialize};
use uuid::Uuid;

use crate::error::AppError;
use crate::models::workspaces::{Workspace, WorkspaceSettings};
use crate::service::WorkspaceService;
use crate::session::Session;

use super::util::{merge_optional_text, set_local_user_id};

#[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)]
pub struct UpdateWorkspaceSettingsParams {
    pub allow_public_repos: Option<bool>,
    pub allow_member_invites: Option<bool>,
    pub require_two_factor: Option<bool>,
    pub default_repo_visibility: Option<String>,
    pub default_branch_name: Option<String>,
    pub issue_tracking_enabled: Option<bool>,
    pub pull_requests_enabled: Option<bool>,
    pub wiki_enabled: Option<bool>,
}

impl WorkspaceService {
    pub async fn workspace_settings(
        &self,
        ctx: &Session,
        ws: &Workspace,
    ) -> Result<WorkspaceSettings, AppError> {
        let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
        self.ensure_workspace_readable(user_uid, &ws).await?;
        self.ensure_user_workspace_settings(ws.id).await
    }

    pub async fn workspace_update_settings(
        &self,
        ctx: &Session,
        ws: &Workspace,
        params: UpdateWorkspaceSettingsParams,
    ) -> Result<WorkspaceSettings, AppError> {
        let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
        self.ensure_workspace_role_at_least(user_uid, &ws, crate::models::common::Role::Admin)
            .await?;

        let current = self.ensure_user_workspace_settings(ws.id).await?;
        let now = chrono::Utc::now();
        let mut txn = self
            .ctx
            .db
            .writer()
            .begin()
            .await
            .map_err(|_| AppError::TxnError)?;
        sqlx::query(set_local_user_id(user_uid))
            .execute(&mut *txn)
            .await
            .map_err(AppError::Database)?;

        let result = sqlx::query_as::<_, WorkspaceSettings>(
            "UPDATE workspace_settings SET \
             allow_public_repos = $1, allow_member_invites = $2, require_two_factor = $3, \
             default_repo_visibility = $4, default_branch_name = $5, \
             issue_tracking_enabled = $6, pull_requests_enabled = $7, wiki_enabled = $8, updated_at = $9 \
             WHERE workspace_id = $10 \
             RETURNING workspace_id, allow_public_repos, allow_member_invites, require_two_factor, \
             default_repo_visibility, default_branch_name, issue_tracking_enabled, \
             pull_requests_enabled, wiki_enabled, created_at, updated_at",
        )
        .bind(params.allow_public_repos.unwrap_or(current.allow_public_repos))
        .bind(params.allow_member_invites.unwrap_or(current.allow_member_invites))
        .bind(params.require_two_factor.unwrap_or(current.require_two_factor))
        .bind(merge_optional_text(params.default_repo_visibility, Some(current.default_repo_visibility.clone())).unwrap_or_else(|| current.default_repo_visibility.clone()))
        .bind(merge_optional_text(params.default_branch_name, Some(current.default_branch_name.clone())).unwrap_or_else(|| current.default_branch_name.clone()))
        .bind(params.issue_tracking_enabled.unwrap_or(current.issue_tracking_enabled))
        .bind(params.pull_requests_enabled.unwrap_or(current.pull_requests_enabled))
        .bind(params.wiki_enabled.unwrap_or(current.wiki_enabled))
        .bind(now)
        .bind(ws.id)
        .fetch_one(&mut *txn)
        .await
        .map_err(AppError::Database)?;

        txn.commit().await.map_err(|_| AppError::TxnError)?;
        Ok(result)
    }

    async fn ensure_user_workspace_settings(
        &self,
        workspace_id: Uuid,
    ) -> Result<WorkspaceSettings, AppError> {
        if let Some(settings) = self.find_workspace_settings(workspace_id).await? {
            return Ok(settings);
        }
        let now = chrono::Utc::now();
        sqlx::query(
            "INSERT INTO workspace_settings (workspace_id, allow_public_repos, allow_member_invites, \
             require_two_factor, default_repo_visibility, default_branch_name, \
             issue_tracking_enabled, pull_requests_enabled, wiki_enabled, created_at, updated_at) \
             VALUES ($1, true, true, false, 'private', 'main', true, true, true, $2, $2) ON CONFLICT (workspace_id) DO NOTHING",
        )
        .bind(workspace_id)
        .bind(now)
        .execute(self.ctx.db.writer())
        .await
        .map_err(AppError::Database)?;
        // Read from writer to avoid replication lag
        sqlx::query_as::<_, WorkspaceSettings>(
            "SELECT workspace_id, allow_public_repos, allow_member_invites, require_two_factor, \
             default_repo_visibility, default_branch_name, issue_tracking_enabled, \
             pull_requests_enabled, wiki_enabled, created_at, updated_at \
             FROM workspace_settings WHERE workspace_id = $1",
        )
        .bind(workspace_id)
        .fetch_optional(self.ctx.db.writer())
        .await
        .map_err(AppError::Database)?
        .ok_or(AppError::NotFound("workspace settings not found".into()))
    }

    async fn find_workspace_settings(
        &self,
        workspace_id: Uuid,
    ) -> Result<Option<WorkspaceSettings>, AppError> {
        sqlx::query_as::<_, WorkspaceSettings>(
            "SELECT workspace_id, allow_public_repos, allow_member_invites, require_two_factor, \
             default_repo_visibility, default_branch_name, issue_tracking_enabled, \
             pull_requests_enabled, wiki_enabled, created_at, updated_at \
             FROM workspace_settings WHERE workspace_id = $1",
        )
        .bind(workspace_id)
        .fetch_optional(self.ctx.db.reader())
        .await
        .map_err(AppError::Database)
    }
}