zhenyi
318 lines
10 KiB
Rust
318 lines
10 KiB
Rust
use serde::{Deserialize, Serialize};
|
|
use uuid::Uuid;
|
|
|
|
use crate::error::AppError;
|
|
use crate::models::common::Role;
|
|
use crate::models::repos::RepoMember;
|
|
use crate::service::RepoService;
|
|
use crate::session::Session;
|
|
|
|
use super::util::{clamp_limit_offset, ensure_affected, role_level};
|
|
|
|
#[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)]
|
|
pub struct AddRepoMemberParams {
|
|
pub user_id: Uuid,
|
|
pub role: Option<String>,
|
|
}
|
|
|
|
#[derive(Deserialize, Serialize, Clone, Debug, utoipa::ToSchema)]
|
|
pub struct UpdateRepoMemberRoleParams {
|
|
pub role: String,
|
|
}
|
|
|
|
impl RepoService {
|
|
pub async fn repo_members(
|
|
&self,
|
|
ctx: &Session,
|
|
wk_name: &str,
|
|
repo_name: &str,
|
|
limit: i64,
|
|
offset: i64,
|
|
) -> Result<Vec<RepoMember>, AppError> {
|
|
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
|
|
let repo = self.resolve_repo(wk_name, repo_name).await?;
|
|
let repo_id = repo.id;
|
|
self.ensure_repo_readable(user_uid, &repo).await?;
|
|
let (limit, offset) = clamp_limit_offset(limit, offset);
|
|
sqlx::query_as::<_, RepoMember>(
|
|
"SELECT id, repo_id, user_id, role, status, invited_by, joined_at, last_active_at, created_at, updated_at FROM repo_member WHERE repo_id = $1 AND status = 'active' ORDER BY created_at ASC LIMIT $2 OFFSET $3",
|
|
)
|
|
.bind(repo_id)
|
|
.bind(limit)
|
|
.bind(offset)
|
|
.fetch_all(self.ctx.db.reader())
|
|
.await
|
|
.map_err(AppError::Database)
|
|
}
|
|
|
|
pub async fn repo_add_member(
|
|
&self,
|
|
ctx: &Session,
|
|
wk_name: &str,
|
|
repo_name: &str,
|
|
params: AddRepoMemberParams,
|
|
) -> Result<RepoMember, AppError> {
|
|
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
|
|
let repo = self.resolve_repo(wk_name, repo_name).await?;
|
|
let repo_id = repo.id;
|
|
let actor_role = self
|
|
.ensure_repo_role_at_least(user_uid, &repo, Role::Admin)
|
|
.await?;
|
|
|
|
let target_workspace_member = sqlx::query_scalar::<_, bool>(
|
|
"SELECT EXISTS(SELECT 1 FROM workspace_member WHERE workspace_id = $1 AND user_id = $2 AND status = 'active')",
|
|
)
|
|
.bind(repo.workspace_id)
|
|
.bind(params.user_id)
|
|
.fetch_one(self.ctx.db.reader())
|
|
.await
|
|
.map_err(AppError::Database)?;
|
|
if !target_workspace_member {
|
|
return Err(AppError::BadRequest(
|
|
"user must be a workspace member".into(),
|
|
));
|
|
}
|
|
|
|
let existing = sqlx::query_scalar::<_, bool>(
|
|
"SELECT EXISTS(SELECT 1 FROM repo_member WHERE repo_id = $1 AND user_id = $2)",
|
|
)
|
|
.bind(repo_id)
|
|
.bind(params.user_id)
|
|
.fetch_one(self.ctx.db.reader())
|
|
.await
|
|
.map_err(AppError::Database)?;
|
|
|
|
if existing {
|
|
return Err(AppError::Conflict("user is already a member".into()));
|
|
}
|
|
|
|
let role = params
|
|
.role
|
|
.as_deref()
|
|
.and_then(|r| r.parse::<Role>().ok())
|
|
.unwrap_or_else(|| "member".to_string().parse().unwrap_or(Role::Member));
|
|
|
|
if role == Role::Owner {
|
|
return Err(AppError::BadRequest("cannot add member as owner".into()));
|
|
}
|
|
if role == Role::Unknown {
|
|
return Err(AppError::BadRequest("invalid role".into()));
|
|
}
|
|
if role_level(actor_role) < role_level(Role::Owner)
|
|
&& role_level(role) >= role_level(actor_role)
|
|
{
|
|
return Err(AppError::BadRequest(
|
|
"cannot assign role equal or higher than your own".into(),
|
|
));
|
|
}
|
|
|
|
let now = chrono::Utc::now();
|
|
let mut txn = self
|
|
.ctx
|
|
.db
|
|
.writer()
|
|
.begin()
|
|
.await
|
|
.map_err(|_| AppError::TxnError)?;
|
|
sqlx::query("SET LOCAL app.current_user_id = $1")
|
|
.bind(user_uid)
|
|
.execute(&mut *txn)
|
|
.await
|
|
.map_err(AppError::Database)?;
|
|
|
|
let member = sqlx::query_as::<_, RepoMember>(
|
|
"INSERT INTO repo_member (id, repo_id, user_id, role, status, invited_by, joined_at, created_at, updated_at) \
|
|
VALUES ($1, $2, $3, $4, 'active', $5, $6, $6, $6) RETURNING id, repo_id, user_id, role, status, invited_by, joined_at, last_active_at, created_at, updated_at",
|
|
)
|
|
.bind(Uuid::now_v7())
|
|
.bind(repo_id)
|
|
.bind(params.user_id)
|
|
.bind(role.to_string())
|
|
.bind(user_uid)
|
|
.bind(now)
|
|
.fetch_one(&mut *txn)
|
|
.await
|
|
.map_err(AppError::Database)?;
|
|
|
|
txn.commit().await.map_err(|_| AppError::TxnError)?;
|
|
Ok(member)
|
|
}
|
|
|
|
pub async fn repo_update_member_role(
|
|
&self,
|
|
ctx: &Session,
|
|
wk_name: &str,
|
|
repo_name: &str,
|
|
member_id: Uuid,
|
|
params: UpdateRepoMemberRoleParams,
|
|
) -> Result<RepoMember, AppError> {
|
|
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
|
|
let repo = self.resolve_repo(wk_name, repo_name).await?;
|
|
let repo_id = repo.id;
|
|
let actor_role = self
|
|
.ensure_repo_role_at_least(user_uid, &repo, Role::Admin)
|
|
.await?;
|
|
|
|
let new_role = params
|
|
.role
|
|
.parse::<Role>()
|
|
.map_err(|_| AppError::BadRequest("invalid role".into()))?;
|
|
if new_role == Role::Owner {
|
|
return Err(AppError::BadRequest(
|
|
"use repo_transfer_owner to change owner".into(),
|
|
));
|
|
}
|
|
if new_role == Role::Unknown {
|
|
return Err(AppError::BadRequest("invalid role".into()));
|
|
}
|
|
|
|
let target = sqlx::query_as::<_, RepoMember>(
|
|
"SELECT id, repo_id, user_id, role, status, invited_by, joined_at, last_active_at, created_at, updated_at FROM repo_member WHERE id = $1 AND repo_id = $2",
|
|
)
|
|
.bind(member_id)
|
|
.bind(repo_id)
|
|
.fetch_optional(self.ctx.db.reader())
|
|
.await
|
|
.map_err(AppError::Database)?
|
|
.ok_or(AppError::NotFound("member not found".into()))?;
|
|
|
|
if target.role == Role::Owner {
|
|
return Err(AppError::BadRequest("cannot change owner role".into()));
|
|
}
|
|
if role_level(actor_role) <= role_level(target.role) && actor_role != Role::Owner {
|
|
return Err(AppError::BadRequest(
|
|
"cannot change role of member with equal or higher role".into(),
|
|
));
|
|
}
|
|
|
|
let now = chrono::Utc::now();
|
|
let mut txn = self
|
|
.ctx
|
|
.db
|
|
.writer()
|
|
.begin()
|
|
.await
|
|
.map_err(|_| AppError::TxnError)?;
|
|
sqlx::query("SET LOCAL app.current_user_id = $1")
|
|
.bind(user_uid)
|
|
.execute(&mut *txn)
|
|
.await
|
|
.map_err(AppError::Database)?;
|
|
|
|
let result = sqlx::query_as::<_, RepoMember>(
|
|
"UPDATE repo_member SET role = $1, updated_at = $2 WHERE id = $3 AND repo_id = $4 RETURNING id, repo_id, user_id, role, status, invited_by, joined_at, last_active_at, created_at, updated_at",
|
|
)
|
|
.bind(new_role.to_string())
|
|
.bind(now)
|
|
.bind(member_id)
|
|
.bind(repo_id)
|
|
.fetch_one(&mut *txn)
|
|
.await
|
|
.map_err(AppError::Database)?;
|
|
|
|
txn.commit().await.map_err(|_| AppError::TxnError)?;
|
|
Ok(result)
|
|
}
|
|
|
|
pub async fn repo_remove_member(
|
|
&self,
|
|
ctx: &Session,
|
|
wk_name: &str,
|
|
repo_name: &str,
|
|
member_id: Uuid,
|
|
) -> Result<(), AppError> {
|
|
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
|
|
let repo = self.resolve_repo(wk_name, repo_name).await?;
|
|
let repo_id = repo.id;
|
|
let actor_role = self
|
|
.ensure_repo_role_at_least(user_uid, &repo, Role::Admin)
|
|
.await?;
|
|
|
|
let target = sqlx::query_as::<_, RepoMember>(
|
|
"SELECT id, repo_id, user_id, role, status, invited_by, joined_at, last_active_at, created_at, updated_at FROM repo_member WHERE id = $1 AND repo_id = $2",
|
|
)
|
|
.bind(member_id)
|
|
.bind(repo_id)
|
|
.fetch_optional(self.ctx.db.reader())
|
|
.await
|
|
.map_err(AppError::Database)?
|
|
.ok_or(AppError::NotFound("member not found".into()))?;
|
|
|
|
if target.role == Role::Owner {
|
|
return Err(AppError::BadRequest(
|
|
"cannot remove owner; transfer ownership first".into(),
|
|
));
|
|
}
|
|
if role_level(actor_role) <= role_level(target.role) && actor_role != Role::Owner {
|
|
return Err(AppError::BadRequest(
|
|
"cannot remove a member with equal or higher role".into(),
|
|
));
|
|
}
|
|
|
|
let mut txn = self
|
|
.ctx
|
|
.db
|
|
.writer()
|
|
.begin()
|
|
.await
|
|
.map_err(|_| AppError::TxnError)?;
|
|
sqlx::query("SET LOCAL app.current_user_id = $1")
|
|
.bind(user_uid)
|
|
.execute(&mut *txn)
|
|
.await
|
|
.map_err(AppError::Database)?;
|
|
|
|
let result = sqlx::query("DELETE FROM repo_member WHERE id = $1 AND repo_id = $2")
|
|
.bind(member_id)
|
|
.bind(repo_id)
|
|
.execute(&mut *txn)
|
|
.await
|
|
.map_err(AppError::Database)?;
|
|
ensure_affected(result.rows_affected(), "member not found")?;
|
|
|
|
txn.commit().await.map_err(|_| AppError::TxnError)?;
|
|
Ok(())
|
|
}
|
|
|
|
pub async fn repo_leave(
|
|
&self,
|
|
ctx: &Session,
|
|
wk_name: &str,
|
|
repo_name: &str,
|
|
) -> Result<(), AppError> {
|
|
let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
|
|
let repo = self.resolve_repo(wk_name, repo_name).await?;
|
|
let repo_id = repo.id;
|
|
|
|
if repo.owner_id == user_uid {
|
|
return Err(AppError::BadRequest(
|
|
"owner cannot leave; transfer ownership first".into(),
|
|
));
|
|
}
|
|
|
|
let mut txn = self
|
|
.ctx
|
|
.db
|
|
.writer()
|
|
.begin()
|
|
.await
|
|
.map_err(|_| AppError::TxnError)?;
|
|
sqlx::query("SET LOCAL app.current_user_id = $1")
|
|
.bind(user_uid)
|
|
.execute(&mut *txn)
|
|
.await
|
|
.map_err(AppError::Database)?;
|
|
|
|
let result = sqlx::query("DELETE FROM repo_member WHERE repo_id = $1 AND user_id = $2")
|
|
.bind(repo_id)
|
|
.bind(user_uid)
|
|
.execute(&mut *txn)
|
|
.await
|
|
.map_err(AppError::Database)?;
|
|
ensure_affected(result.rows_affected(), "not a member")?;
|
|
|
|
txn.commit().await.map_err(|_| AppError::TxnError)?;
|
|
Ok(())
|
|
}
|
|
}
|