Clean up protected_branches when deleting user

fixes go-gitea#19094
noerw · Mar 21, 2022 · 4e6f879 · 4e6f879
1 parent b05b401
commit 4e6f879
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 0 deletions.
diff --git a/models/user.go b/models/user.go
@@ -18,6 +18,7 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
 
 	"xorm.io/builder"
 )
@@ -120,6 +121,50 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) {
 		}
 	}
 
+	// ***** START: Branch Protections *****
+	{
+		const batchSize = 50
+		for start := 0; ; start += batchSize {
+			protections := make([]*ProtectedBranch, 0, batchSize)
+			// @perf: We can't filter on DB side by u.ID, as those IDs are serialized as JSON strings.
+			//   We could filter down with `WHERE repo_id IN (reposWithPushPermission(u))`,
+			//   though that query will be quite complex and tricky to maintain (compare `getRepoAssignees()`).
+			// Also, as we didn't update branch protections when removing entries from `access` table,
+			//   it's safer to iterate all protected branches.
+			if err = e.Limit(batchSize, start).Find(&protections); err != nil {
+				return fmt.Errorf("findProtectedBranches: %v", err)
+			}
+			if len(protections) == 0 {
+				break
+			}
+			for _, p := range protections {
+				var matched1, matched2, matched3 bool
+				if len(p.WhitelistUserIDs) != 0 {
+					p.WhitelistUserIDs, matched1 = util.RemoveIDFromList(
+						p.WhitelistUserIDs, u.ID)
+				}
+				if len(p.ApprovalsWhitelistUserIDs) != 0 {
+					p.ApprovalsWhitelistUserIDs, matched2 = util.RemoveIDFromList(
+						p.ApprovalsWhitelistUserIDs, u.ID)
+				}
+				if len(p.MergeWhitelistUserIDs) != 0 {
+					p.MergeWhitelistUserIDs, matched3 = util.RemoveIDFromList(
+						p.MergeWhitelistUserIDs, u.ID)
+				}
+				if matched1 || matched2 || matched3 {
+					if _, err = e.ID(p.ID).Cols(
+						"whitelist_user_i_ds",
+						"merge_whitelist_user_i_ds",
+						"approvals_whitelist_user_i_ds",
+					).Update(p); err != nil {
+						return fmt.Errorf("updateProtectedBranches: %v", err)
+					}
+				}
+			}
+		}
+	}
+	// ***** END: Branch Protections *****
+
 	// ***** START: PublicKey *****
 	if _, err = e.Delete(&asymkey_model.PublicKey{OwnerID: u.ID}); err != nil {
 		return fmt.Errorf("deletePublicKeys: %v", err)

diff --git a/modules/util/slice.go b/modules/util/slice.go
@@ -0,0 +1,18 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package util
+
+// RemoveIDFromList removes the given ID from the slice, if found.
+// It does not preserve order, and assumes the ID is unique.
+func RemoveIDFromList(list []int64, id int64) ([]int64, bool) {
+	n := len(list) - 1
+	for i, item := range list {
+		if item == id {
+			list[i] = list[n]
+			return list[:n], true
+		}
+	}
+	return list, false
+}