floraachy/gitlink-forgeplus
1
0
Fork 0
mirror of https://gitlink.org.cn/Gitlink/forgeplus.git synced 2026-05-22 20:55:46 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'standalone_develop' into pre_trustie_server

Browse Source
This commit is contained in:
xxq250
2024-10-15 08:58:28 +08:00
parent 2dd567d212 7675370239
commit 1bf1651b0c
46 changed files with 409 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/accounts_controller.rb
View File

@@ -1,5 +1,5 @@
class AccountsController < ApplicationController
before_action :require_login, only: [:login_check, :simple_update]
before_action :require_login, only: [:login_check, :simple_update, :change_password]
include ApplicationHelper
#skip_before_action :check_account, :only => [:logout]
@@ -224,6 +224,7 @@ class AccountsController < ApplicationController
def change_password
return render_error("两次输入的密码不一致") if params[:password].to_s != params[:new_password_repeat].to_s
@user = User.find_by(login: params[:login])
return render_forbidden unless User.current.login == @user&.login
return render_error("此用户禁止修改密码!") if @user.id.to_i === 104691
return render_error("未找到相关用户!") if @user.blank?
return render_error("旧密码不正确") unless @user.check_password?(params[:old_password])

2
app/controllers/admins/projects_controller.rb
View File

@@ -6,7 +6,7 @@ class Admins::ProjectsController < Admins::BaseController
sort_by = Project.column_names.include?(params[:sort_by]) ? params[:sort_by] : 'created_on'
sort_direction = %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : 'desc'
search = params[:search].to_s.strip
projects = Project.where("name like ? OR identifier LIKE ?", "%#{search}%", "%#{search}%").order("#{sort_by} #{sort_direction}")
projects = Project.where("id = ? OR name like ? OR identifier LIKE ?", search, "%#{search}%", "%#{search}%").order("#{sort_by} #{sort_direction}")
case params[:category]
when 'public'
projects = projects.where(is_public: true)

14
app/controllers/admins/user_actions_controller.rb Normal file
View File

@@ -0,0 +1,14 @@
class Admins::UserActionsController < Admins::BaseController
before_action :require_admin
def index
@user_actions = UserAction.order(created_at: :desc)
@user_actions = @user_actions.where(action_type: params[:action_type]) if params[:action_type].present?
keyword = params[:keyword].to_s.strip.presence
if keyword
sql = 'login LIKE :keyword OR phone LIKE :keyword OR email LIKE :keyword'
@user_actions = @user_actions.where(sql, keyword: "%#{keyword}%")
end
@user_actions = paginate @user_actions
end
end

28
app/controllers/admins/users_controller.rb
View File

@@ -27,10 +27,30 @@ class Admins::UsersController < Admins::BaseController
def destroy
UserAction.create(action_id: @user.id, action_type: "DestroyUser", user_id: current_user.id, :ip => request.remote_ip, data_bank: @user.attributes.to_json)
@user.destroy!
Gitea::User::DeleteService.call(@user.login)
render_delete_success
# org_ids = TeamUser.where(user_id: @user.id).pluck(:organization_id) | OrganizationUser.where(user_id: @user.id).pluck(:organization_id)
# organizations = Organization.where(id: org_ids)
# organizations.each do |org|
# # org.team_users.joins(:team).where(user_id: @user.id, teams: {authorize: %w(owner)})
# owner_count = org.team_users.joins(:team).where(teams: {authorize: %w(owner)}).count
# # 多个owner时,仅将用户从组织移除, 一个时直接删除
# if owner_count > 1
# org.team_users.joins(:team).where(user_id: @user.id, teams: {authorize: %w(owner)}).destroy_all
# org.organization_users.where(user_id: @user.id, organization_id: org.id).destroy_all
# else
# org.destroy
# end
# end
# @user.destroy!
# Gitea::User::DeleteService.call(@user.login, true)
#
# render_delete_success
@result_object = Api::V1::Users::DeleteUserService.call(@user)
if @result_object
render_delete_success
else
render_js_error('删除失败!')
end
end
def lock

24
app/controllers/api/v1/users_controller.rb
View File

@@ -115,4 +115,28 @@ class Api::V1::UsersController < Api::V1::BaseController
return render_error('更改手机号失败!')
end
end
def check_user_can_delete
org_ids = TeamUser.where(user_id: @observe_user.id).pluck(:organization_id) | OrganizationUser.where(user_id: @observe_user.id).pluck(:organization_id)
org_count = TeamUser.where(organization_id: org_ids).where(user_id: @observe_user.id).joins(:team).where(teams: {authorize: %w(owner)}).count
project_count = Project.where(user_id: @observe_user.id).count
render_ok({ can_delete: org_count == 0 && project_count == 0, org_count: org_count, project_count: project_count })
end
def destroy
return tip_exception(-1, "密码不正确.") unless @observe_user.check_password?(params[:password])
org_ids = TeamUser.where(user_id: @observe_user.id).pluck(:organization_id) | OrganizationUser.where(user_id: @observe_user.id).pluck(:organization_id)
org_count = TeamUser.where(organization_id: org_ids).where(user_id: @observe_user.id).joins(:team).where(teams: {authorize: %w(owner)}).count
project_count = Project.where(user_id: @observe_user.id).count
return tip_exception(-1, "当前账号名下存在拥有的组织/代码库,请先删除或转让后再尝试注销操作.") if org_count > 0 || project_count > 0
UserAction.create(action_id: @observe_user.id, action_type: "DestroyUser", user_id: @observe_user.id, :ip => request.remote_ip, data_bank: @observe_user.attributes.to_json, memo: params[:memo])
@result_object = Api::V1::Users::DeleteUserService.call(@observe_user)
if @result_object
return render_ok
else
return render_error('删除失败!')
end
end
end

2
app/controllers/application_controller.rb
View File

@@ -376,7 +376,7 @@ class ApplicationController < ActionController::Base
# 多浏览器退出账号时token不存在处理
if current_domain_session && autologin_user.nil?
autologin_user = (User.active.find(current_domain_session) rescue nil)
set_autologin_cookie(autologin_user)
set_autologin_cookie(autologin_user) if autologin_user.present?
end
autologin_user
end

11
app/controllers/concerns/login_helper.rb
View File

@@ -73,6 +73,17 @@ module LoginHelper
session[:"#{default_yun_session}"] = nil
end
def clear_user_cookie
if edu_setting('cookie_domain').present?
cookies.delete(autologin_cookie_name, domain: edu_setting('cookie_domain'))
else
cookies.delete(autologin_cookie_name)
end
# 清除前端写入的用户名
Rails.logger.info("########________cookies['login']___________###########{cookies['login']}")
cookies.delete("login")
end
# Sets the logged in user
def logged_user=(user)
reset_session

5
app/controllers/owners_controller.rb
View File

@@ -11,7 +11,10 @@ class OwnersController < ApplicationController
end
def show
@owner = Owner.find_by(login: params[:id]) || Owner.find_by(id: params[:id])
# login = params[:id].to_s[0..-6]
login = params[:id].to_s
@owner = Owner.find_by(login: login) || Owner.find_by(id: login)
clear_user_cookie unless @owner.present?
return render_not_found unless @owner.present?
# 组织
if @owner.is_a?(Organization)

3
app/controllers/projects_controller.rb
View File

@@ -253,6 +253,7 @@ class ProjectsController < ApplicationController
def destroy
if current_user.admin? || @project.manager?(current_user)
ActiveRecord::Base.transaction do
UserAction.create(action_id: @project.id, action_type: "DestroyProject", user_id: current_user.id, :ip => request.remote_ip, data_bank: @project.attributes.to_json)
close_fork_pull_requests_by(@project)
Gitea::Repository::DeleteService.new(@project.owner, @project.identifier,current_user.gitea_token).call
@project.destroy!
@@ -365,7 +366,7 @@ class ProjectsController < ApplicationController
if @project_detail.save!
attachment_ids = Array(params[:attachment_ids])
logger.info "=============> #{Array(params[:attachment_ids])}"
@attachments = Attachment.where(id: attachment_ids)
@attachments = Attachment.where(id: attachment_ids).or(Attachment.where(uuid: attachment_ids))
@attachments.update_all(
container_id: @project_detail.id,
container_type: @project_detail.model_name.name,

1
app/controllers/users_controller.rb
View File

@@ -714,6 +714,7 @@ class UsersController < ApplicationController
private
def load_user
@user = User.find_by_login(params[:id]) || User.find_by(id: params[:id])
clear_user_cookie unless @user.present?
end
def user_params