// SignedInId returns the id of signed in user.
func SignedInId(header http.Header, sess session.Store) int64 {
if !models.HasEngine {
return 0
}
if setting.Service.EnableReverseProxyAuth {
webAuthUser := header.Get(setting.ReverseProxyAuthUser)
if len(webAuthUser) > 0 {
u, err := models.GetUserByName(webAuthUser)
if err != nil {
if err != models.ErrUserNotExist {
log.Error(4, "GetUserByName: %v", err)
}
return 0
}
return u.Id
}
}
uid := sess.Get("uid")
if uid == nil {
return 0
}
if id, ok := uid.(int64); ok {
if _, err := models.GetUserById(id); err != nil {
if err != models.ErrUserNotExist {
log.Error(4, "GetUserById: %v", err)
}
return 0
}
return id
}
return 0
}
// SendIssueNotifyMail sends mail notification of all watchers of repository.
func SendIssueNotifyMail(u, owner *models.User, repo *models.Repository, issue *models.Issue) ([]string, error) {
ws, err := models.GetWatchers(repo.Id)
if err != nil {
return nil, errors.New("mail.NotifyWatchers(GetWatchers): " + err.Error())
}
tos := make([]string, 0, len(ws))
for i := range ws {
uid := ws[i].UserId
if u.Id == uid {
continue
}
u, err := models.GetUserById(uid)
if err != nil {
return nil, errors.New("mail.NotifyWatchers(GetUserById): " + err.Error())
}
tos = append(tos, u.Email)
}
if len(tos) == 0 {
return tos, nil
}
subject := fmt.Sprintf("[%s] %s(#%d)", repo.Name, issue.Name, issue.Index)
content := fmt.Sprintf("%s<br>-<br> <a href=\"%s%s/%s/issues/%d\">View it on Gogs</a>.",
base.RenderSpecialLink([]byte(issue.Content), owner.Name+"/"+repo.Name),
setting.AppUrl, owner.Name, repo.Name, issue.Index)
msg := NewMailMessageFrom(tos, u.Email, subject, content)
msg.Info = fmt.Sprintf("Subject: %s, send issue notify emails", subject)
SendAsync(&msg)
return tos, nil
}
func DeleteUser(ctx *middleware.Context) {
uid := com.StrTo(ctx.Params(":userid")).MustInt64()
if uid == 0 {
ctx.Handle(404, "DeleteUser", nil)
return
}
u, err := models.GetUserById(uid)
if err != nil {
ctx.Handle(500, "GetUserById", err)
return
}
if err = models.DeleteUser(u); err != nil {
switch err {
case models.ErrUserOwnRepos:
ctx.Flash.Error(ctx.Tr("admin.users.still_own_repo"))
ctx.Redirect("/admin/users/" + ctx.Params(":userid"))
default:
ctx.Handle(500, "DeleteUser", err)
}
return
}
log.Trace("Account deleted by admin(%s): %s", ctx.User.Name, u.Name)
ctx.Redirect("/admin/users")
}
func EditUser(ctx *middleware.Context) {
ctx.Data["Title"] = ctx.Tr("admin.users.edit_account")
ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminUsers"] = true
uid := com.StrTo(ctx.Params(":userid")).MustInt64()
if uid == 0 {
ctx.Handle(404, "EditUser", nil)
return
}
u, err := models.GetUserById(uid)
if err != nil {
ctx.Handle(500, "GetUserById", err)
return
}
ctx.Data["User"] = u
auths, err := models.GetAuths()
if err != nil {
ctx.Handle(500, "GetAuths", err)
return
}
ctx.Data["LoginSources"] = auths
ctx.HTML(200, USER_EDIT)
}
// SignedInUser returns the user object of signed user.
func SignedInUser(header http.Header, sess session.Store) *models.User {
uid := SignedInId(header, sess)
if uid <= 0 {
return nil
}
u, err := models.GetUserById(uid)
if err != nil {
log.Error(4, "GetUserById: %v", err)
return nil
}
return u
}
func EditUserPost(ctx *middleware.Context, form auth.AdminEditUserForm) {
ctx.Data["Title"] = ctx.Tr("admin.users.edit_account")
ctx.Data["PageIsAdmin"] = true
ctx.Data["PageIsAdminUsers"] = true
uid := com.StrTo(ctx.Params(":userid")).MustInt64()
if uid == 0 {
ctx.Handle(404, "EditUser", nil)
return
}
u, err := models.GetUserById(uid)
if err != nil {
ctx.Handle(500, "GetUserById", err)
return
}
if ctx.HasError() {
ctx.HTML(200, USER_EDIT)
return
}
// NOTE: need password length check?
if len(form.Passwd) > 0 {
u.Passwd = form.Passwd
u.Salt = models.GetUserSalt()
u.EncodePasswd()
}
u.Email = form.Email
u.Website = form.Website
u.Location = form.Location
if len(form.Avatar) == 0 {
form.Avatar = form.Email
}
u.Avatar = base.EncodeMd5(form.Avatar)
u.AvatarEmail = form.Avatar
u.IsActive = form.Active
u.IsAdmin = form.Admin
if err := models.UpdateUser(u); err != nil {
ctx.Handle(500, "UpdateUser", err)
return
}
log.Trace("Account profile updated by admin(%s): %s", ctx.User.Name, u.Name)
ctx.Data["User"] = u
ctx.Flash.Success(ctx.Tr("admin.users.update_profile_success"))
ctx.Redirect("/admin/users/" + ctx.Params(":userid"))
}
func Migrate(ctx *middleware.Context, form auth.MigrateRepoForm) {
u, err := models.GetUserByName(ctx.Query("username"))
if err != nil {
ctx.JSON(500, map[string]interface{}{
"ok": false,
"error": err.Error(),
})
return
}
if !u.ValidtePassword(ctx.Query("password")) {
ctx.JSON(500, map[string]interface{}{
"ok": false,
"error": "username or password is not correct",
})
return
}
ctxUser := u
// Not equal means current user is an organization.
if form.Uid != u.Id {
org, err := models.GetUserById(form.Uid)
if err != nil {
ctx.JSON(500, map[string]interface{}{
"ok": false,
"error": err.Error(),
})
return
}
ctxUser = org
}
if ctx.HasError() {
ctx.JSON(500, map[string]interface{}{
"ok": false,
"error": ctx.GetErrMsg(),
})
return
}
if ctxUser.IsOrganization() {
// Check ownership of organization.
if !ctxUser.IsOrgOwner(u.Id) {
ctx.JSON(403, map[string]interface{}{
"ok": false,
"error": "given user is not owner of organization",
})
return
}
}
authStr := strings.Replace(fmt.Sprintf("://%s:%s",
form.AuthUserName, form.AuthPasswd), "@", "%40", -1)
url := strings.Replace(form.HttpsUrl, "://", authStr+"@", 1)
repo, err := models.MigrateRepository(ctxUser, form.RepoName, form.Description, form.Private,
form.Mirror, url)
if err == nil {
log.Trace("Repository migrated: %s/%s", ctxUser.Name, form.RepoName)
ctx.JSON(200, map[string]interface{}{
"ok": true,
"data": "/" + ctxUser.Name + "/" + form.RepoName,
})
return
}
if repo != nil {
if errDelete := models.DeleteRepository(ctxUser.Id, repo.Id, ctxUser.Name); errDelete != nil {
log.Error(4, "DeleteRepository: %v", errDelete)
}
}
ctx.JSON(500, map[string]interface{}{
"ok": false,
"error": err.Error(),
})
}