Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(api): owner ID should be zero when created repo secret #31715

Merged
merged 5 commits into from
Jul 29, 2024
Merged

fix(api): owner ID should be zero when created repo secret #31715

merged 5 commits into from
Jul 29, 2024

Conversation

appleboy
Copy link
Member

  • Change condition to include RepoID equal to 0 for organization secrets

@appleboy
fix(api): owner ID should be zero when created repo secret
fccdd24 
- Change `owner.ID` to `0` in the `CreateOrUpdateSecret` function call

Signed-off-by: Bo-Yi Wu <[email protected]>
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jul 28, 2024
@pull-request-size pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 28, 2024
@github-actions github-actions bot added modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code labels Jul 28, 2024
@appleboy appleboy added this to the 1.22.2 milestone Jul 28, 2024
@appleboy
refactor: refactor codebase for improved efficiency and clarity
d100d0d 
- Remove unused variable `owner` from `CreateOrUpdateSecret` function

Signed-off-by: Bo-Yi Wu <[email protected]>
@appleboy
refactor: refactor secret deletion functions and improve tests
e323b6f 
- Remove unused `owner` variable in `DeleteSecret` function
- Change `DeleteSecretByName` function call to use `0` instead of `owner.ID`

Signed-off-by: Bo-Yi Wu <[email protected]>
@wxiaoguang wxiaoguang removed their request for review July 28, 2024 11:20
wolfogre
wolfogre requested changes Jul 28, 2024
View reviewed changes
Copy link
Member

@wolfogre wolfogre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I don't get it, why?

And how to handle deleting org?

gitea/models/organization/org.go

Line 404 in 0fe9f93

&secret_model.Secret{OwnerID: org.ID},

@GiteaBot GiteaBot added lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jul 28, 2024
@appleboy
Copy link
Member Author

Sorry, I don't get it, why?

And how to handle deleting org?

gitea/models/organization/org.go

Line 404 in 0fe9f93

&secret_model.Secret{OwnerID: org.ID},

Yes, &secret_model.Secret{OwnerID: org.ID} is right.

wolfogre
wolfogre approved these changes Jul 29, 2024
View reviewed changes
Copy link
Member

@wolfogre wolfogre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I misunderstood. I get it now.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged labels Jul 29, 2024
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jul 29, 2024
@wolfogre wolfogre mentioned this pull request Jul 29, 2024
Merged
@wolfogre
Copy link
Member

Please also review

@wolfogre wolfogre added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Jul 29, 2024
@lunny lunny enabled auto-merge (squash) July 29, 2024 16:48
@lunny lunny merged commit d39bce7 into go-gitea:main Jul 29, 2024
26 checks passed
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Jul 29, 2024
zjjhot added a commit to zjjhot/gitea that referenced this pull request Jul 30, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
7057df3 
* giteaofficial/main:
  Set owner id to zero when GetRegistrationToken for repo (go-gitea#31725)
  fix(api): owner ID should be zero when created repo secret (go-gitea#31715)
  Fix API endpoint for registration-token (go-gitea#31722)
  Fix loadRepository error when access user dashboard (go-gitea#31719)
  Add permission check when creating PR (go-gitea#31033)
wolfogre added a commit that referenced this pull request Aug 1, 2024
@wolfogre
Clarify Actions resources ownership (#31724)
a33e74d 
Fix #31707.

Also related to #31715.

Some Actions resources could has different types of ownership. It could
be:

- global: all repos and orgs/users can use it.
- org/user level: only the org/user can use it.
- repo level: only the repo can use it.

There are two ways to distinguish org/user level from repo level:
1. `{owner_id: 1, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.
2. `{owner_id: 0, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.

The first way seems more reasonable, but it may not be true. The point
is that although a resource, like a runner, belongs to a repo (it can be
used by the repo), the runner doesn't belong to the repo's org (other
repos in the same org cannot use the runner). So, the second method
makes more sense.

And the first way is not user-friendly to query, we must set the repo id
to zero to avoid wrong results.

So, #31715 should be right. And the most simple way to fix #31707 is
just:

```diff
-	shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID)
+	shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID)
```

However, it is quite intuitive to set both owner id and repo id since
the repo belongs to the owner. So I prefer to be compatible with it. If
we get both owner id and repo id not zero when creating or finding, it's
very clear that the caller want one with repo level, but set owner id
accidentally. So it's OK to accept it but fix the owner id to zero.
@lunny lunny added the backport/v1.22 This PR should be backported to Gitea 1.22 label Aug 2, 2024
@appleboy appleboy deleted the secrets branch August 2, 2024 13:12
@lunny lunny modified the milestones: 1.22.2, 1.23.0 Aug 2, 2024
@GiteaBot
Copy link
Contributor

GiteaBot commented Aug 2, 2024

I was unable to create a backport for 1.22. @appleboy, please send one manually. 🍵

go run ./contrib/backport 31715
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot added the backport/manual No power to the bots! Create your backport yourself! label Aug 2, 2024
appleboy added a commit to appleboy/gitea that referenced this pull request Aug 9, 2024
@appleboy @GiteaBot
fix(api): owner ID should be zero when created repo secret (go-gitea#…
0efd5f2 
…31715)

- Change condition to include `RepoID` equal to 0 for organization
secrets

---------

Signed-off-by: Bo-Yi Wu <[email protected]>
Co-authored-by: Giteabot <[email protected]>
@appleboy appleboy mentioned this pull request Aug 9, 2024
Merged
lunny pushed a commit that referenced this pull request Aug 9, 2024
@appleboy
fix(api): owner ID should be zero when created repo secret (#31715) (#…
e563297 
…31811)

- Change condition to include `RepoID` equal to 0 for organization
secrets

Backport #31715 by @appleboy

Signed-off-by: Bo-Yi Wu <[email protected]>
@wolfogre wolfogre added the backport/done All backports for this PR have been created label Aug 13, 2024
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Oct 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wolfogre wolfogre wolfogre approved these changes

@lunny lunny lunny approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created backport/manual No power to the bots! Create your backport yourself! backport/v1.22 This PR should be backported to Gitea 1.22 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
1.23.0
Development

Successfully merging this pull request may close these issues.
4 participants
@appleboy @wolfogre @GiteaBot @lunny