Merge tag 'v1.22.4' into release/v1.22

* SECURITY
  * Fix basic auth with webauthn (go-gitea#32531) (go-gitea#32536)
  * Refactor internal routers (partial backport, auth token const time comparing) (go-gitea#32473) (go-gitea#32479)
* PERFORMANCE
  * Remove transaction for archive download (go-gitea#32186) (go-gitea#32520)
* BUGFIXES
  * Fix `missing signature key` error when pulling Docker images with `SERVE_DIRECT` enabled (go-gitea#32365) (go-gitea#32397)
  * Fix get reviewers fails when selecting user without pull request permissions unit (go-gitea#32415) (go-gitea#32616)
  * Fix adding index files to tmp directory (go-gitea#32360) (go-gitea#32593)
  * Fix PR creation on forked repositories via API (go-gitea#31863) (go-gitea#32591)
  * Fix missing menu tabs in organization project view page (go-gitea#32313) (go-gitea#32592)
  * Support HTTP POST requests to `/userinfo`, aligning to OpenID Core specification (go-gitea#32578) (go-gitea#32594)
  * Fix debian package clean up cron job (go-gitea#32351) (go-gitea#32590)
  * Fix GetInactiveUsers (go-gitea#32540) (go-gitea#32588)
  * Allow the actions user to login via the jwt token (go-gitea#32527) (go-gitea#32580)
  * Fix submodule parsing (go-gitea#32571) (go-gitea#32577)
  * Refactor find forks and fix possible bugs that weaken permissions check (go-gitea#32528) (go-gitea#32547)
  * Fix some places that don't respect org full name setting (go-gitea#32243) (go-gitea#32550)
  * Refactor push mirror find and add check for updating push mirror (go-gitea#32539) (go-gitea#32549)
  * Fix basic auth with webauthn (go-gitea#32531) (go-gitea#32536)
  * Fix artifact v4 upload above 8MB (go-gitea#31664) (go-gitea#32523)
  * Fix oauth2 error handle not return immediately (go-gitea#32514) (go-gitea#32516)
  * Fix action not triggered when commit message is too long (go-gitea#32498) (go-gitea#32507)
  * Fix `GetRepoLink` nil pointer dereference on dashboard feed page when repo is deleted with actions enabled (go-gitea#32501) (go-gitea#32502)
  * Fix `missing signature key` error when pulling Docker images with `SERVE_DIRECT` enabled (go-gitea#32397) (go-gitea#32397)
  * Fix the permission check for user search API and limit the number of returned users for `/user/search` (go-gitea#32310)
  * Fix SearchIssues swagger docs (go-gitea#32208) (go-gitea#32298)
  * Fix dropdown content overflow (go-gitea#31610) (go-gitea#32250)
  * Disable Oauth check if oauth disabled (go-gitea#32368) (go-gitea#32480)
  * Respect renamed dependencies of Cargo registry (go-gitea#32430) (go-gitea#32478)
  * Fix mermaid diagram height when initially hidden (go-gitea#32457) (go-gitea#32464)
  * Fix broken releases when re-pushing tags (go-gitea#32435) (go-gitea#32449)
  * Only provide the commit summary for Discord webhook push events (go-gitea#32432) (go-gitea#32447)
  * Only query team tables if repository is under org when getting assignees (go-gitea#32414) (go-gitea#32426)
  * Fix created_unix for mirroring (go-gitea#32342) (go-gitea#32406)
  * Respect UI.ExploreDefaultSort setting again (go-gitea#32357) (go-gitea#32385)
  * Fix broken image when editing comment with non-image attachments (go-gitea#32319) (go-gitea#32345)
  * Fix disable 2fa bug (go-gitea#32320) (go-gitea#32330)
  * Always update expiration time when creating an artifact (go-gitea#32281) (go-gitea#32285)
  * Fix null errors on conversation holder (go-gitea#32258) (go-gitea#32266) (go-gitea#32282)
  * Only rename a user when they should receive a different name (go-gitea#32247) (go-gitea#32249)
  * Fix checkbox bug on private/archive filter (go-gitea#32236) (go-gitea#32240)
  * Add a doctor check to disable the "Actions" unit for mirrors (go-gitea#32424) (go-gitea#32497)
  * Quick fix milestone deadline 9999 (go-gitea#32423)
  * Make `show stats` work when only one file changed (go-gitea#32244) (go-gitea#32268)
  * Make `owner/repo/pulls` handlers use "PR reader" permission (go-gitea#32254) (go-gitea#32265)
  * Update scheduled tasks even if changes are pushed by "ActionsUser" (go-gitea#32246) (go-gitea#32252)
* MISC
  * Remove unnecessary code: `GetPushMirrorsByRepoID` called on all repo pages (go-gitea#32560) (go-gitea#32567)
  * Improve some sanitizer rules (go-gitea#32534)
  * Update nix development environment vor v1.22.x (go-gitea#32495)
  * Add warn log when deleting inactive users (go-gitea#32318) (go-gitea#32321)
  * Update github.com/go-enry/go-enry to v2.9.1 (go-gitea#32295) (go-gitea#32296)
  * Warn users when they try to use a non-root-url to sign in/up (go-gitea#32272) (go-gitea#32273)

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEumb2f9c/cFjXEtMIw7fJG2Mvc4oFAmdEyeoACgkQw7fJG2Mv
# c4pythAAn57Z9Csfd8UrHbCd87SBlEGydhlng5Oc99pQIAvExR0hc9VFWjt5pFr4
# aXTajtzb/sDQkAPZEiL45CL471z+Ga81ixaKRfrBeMiSECB0wBaL4+XH94qQ3lw3
# /dNfQsc9bUnomGWQyEIbQ6mT85fJdvBD1nibUSH3b5P4WqOBHbY9YlehPmE96KY2
# 9k1IYvBvcfCjK6njVQ7m+sFOr7/Y2ZHe9FeN8hEf/1Bfnc75wtkeNyeXnlNe67Eo
# ViFzcA35WyTXw4NRY+TG/8xZEXHl8DuOuUdPoBqkpFw9TzxR2svO0QLzRIHgJP+t
# /Cdd16zZd6fQ+ET+DV8IaF2wlXdEgVDWs2aT04VDLGpSw9czxsUEUQ0ETWFFomXN
# //goTLu1B3fVQYrE9MK2vfUQGe2Su3ChGwNtNEK9bMQpO6sLFGRE0nPgBJMPJ0yA
# bfPhRlsVxnyEToqeKoC77wv0kPiOkzPfDm6sFLAt+tATcij5UlTU4nVXyXsELk14
# p5mtsTfaEqiH3U+JW0Drz8wV7nk8F599lZbYO92M3Z59bqC5TsOVYgqb1ODTpqQO
# 7gLdgdKmQbKWTPHLA9Hz+0/3bT1MirMRdtXW7TmgW83TuN37wOuElCmXmJTN2feY
# LG4k417kVrBwF+fdGPXo+T7H0MqxX1fTkVftG3C63sdaRQrUM1M=
# =jyQM
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue, Nov 26, 2024  3:03:06 AM
# gpg:                using RSA key BA66F67FD73F7058D712D308C3B7C91B632F738A
# gpg: Note: database_open 134217901 waiting for lock (held by 1152) ...
# gpg: Note: database_open 134217901 waiting for lock (held by 1152) ...
# gpg: Note: database_open 134217901 waiting for lock (held by 1152) ...
# gpg: Note: database_open 134217901 waiting for lock (held by 1152) ...
# gpg: Note: database_open 134217901 waiting for lock (held by 1152) ...
# gpg: keydb_search failed: Connection timed out
# gpg: Note: database_open 134217901 waiting for lock (held by 1152) ...
# gpg: Note: database_open 134217901 waiting for lock (held by 1152) ...
# gpg: Note: database_open 134217901 waiting for lock (held by 1152) ...
# gpg: Note: database_open 134217901 waiting for lock (held by 1152) ...
# gpg: Note: database_open 134217901 waiting for lock (held by 1152) ...
# gpg: keydb_search failed: Connection timed out
# gpg: Can't check signature: No public key

CHANGELOG.md

@@ -4,6 +4,63 @@ This changelog goes through the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.com).
 
+## [1.22.4](https://github.com/go-gitea/gitea/releases/tag/1.22.4) - 2024-11-14
+
+* SECURITY
+  * Fix basic auth with webauthn (#32531) (#32536)
+  * Refactor internal routers (partial backport, auth token const time comparing) (#32473) (#32479)
+* PERFORMANCE
+  * Remove transaction for archive download (#32186) (#32520)
+* BUGFIXES
+  * Fix `missing signature key` error when pulling Docker images with `SERVE_DIRECT` enabled (#32365) (#32397)
+  * Fix get reviewers fails when selecting user without pull request permissions unit (#32415) (#32616)
+  * Fix adding index files to tmp directory (#32360) (#32593)
+  * Fix PR creation on forked repositories via API (#31863) (#32591)
+  * Fix missing menu tabs in organization project view page (#32313) (#32592)
+  * Support HTTP POST requests to `/userinfo`, aligning to OpenID Core specification (#32578) (#32594)
+  * Fix debian package clean up cron job (#32351) (#32590)
+  * Fix GetInactiveUsers (#32540) (#32588)
+  * Allow the actions user to login via the jwt token (#32527) (#32580)
+  * Fix submodule parsing (#32571) (#32577)
+  * Refactor find forks and fix possible bugs that weaken permissions check (#32528) (#32547)
+  * Fix some places that don't respect org full name setting (#32243) (#32550)
+  * Refactor push mirror find and add check for updating push mirror (#32539) (#32549)
+  * Fix basic auth with webauthn (#32531) (#32536)
+  * Fix artifact v4 upload above 8MB (#31664) (#32523)
+  * Fix oauth2 error handle not return immediately (#32514) (#32516)
+  * Fix action not triggered when commit message is too long (#32498) (#32507)
+  * Fix `GetRepoLink` nil pointer dereference on dashboard feed page when repo is deleted with actions enabled (#32501) (#32502)
+  * Fix `missing signature key` error when pulling Docker images with `SERVE_DIRECT` enabled (#32397) (#32397)
+  * Fix the permission check for user search API and limit the number of returned users for `/user/search` (#32310)
+  * Fix SearchIssues swagger docs (#32208) (#32298)
+  * Fix dropdown content overflow (#31610) (#32250)
+  * Disable Oauth check if oauth disabled (#32368) (#32480)
+  * Respect renamed dependencies of Cargo registry (#32430) (#32478)
+  * Fix mermaid diagram height when initially hidden (#32457) (#32464)
+  * Fix broken releases when re-pushing tags (#32435) (#32449)
+  * Only provide the commit summary for Discord webhook push events (#32432) (#32447)
+  * Only query team tables if repository is under org when getting assignees (#32414) (#32426)
+  * Fix created_unix for mirroring (#32342) (#32406)
+  * Respect UI.ExploreDefaultSort setting again (#32357) (#32385)
+  * Fix broken image when editing comment with non-image attachments (#32319) (#32345)
+  * Fix disable 2fa bug (#32320) (#32330)
+  * Always update expiration time when creating an artifact (#32281) (#32285)
+  * Fix null errors on conversation holder (#32258) (#32266) (#32282)
+  * Only rename a user when they should receive a different name (#32247) (#32249)
+  * Fix checkbox bug on private/archive filter (#32236) (#32240)
+  * Add a doctor check to disable the "Actions" unit for mirrors (#32424) (#32497)
+  * Quick fix milestone deadline 9999 (#32423)
+  * Make `show stats` work when only one file changed (#32244) (#32268)
+  * Make `owner/repo/pulls` handlers use "PR reader" permission (#32254) (#32265)
+  * Update scheduled tasks even if changes are pushed by "ActionsUser" (#32246) (#32252)
+* MISC
+  * Remove unnecessary code: `GetPushMirrorsByRepoID` called on all repo pages (#32560) (#32567)
+  * Improve some sanitizer rules (#32534)
+  * Update nix development environment vor v1.22.x (#32495)
+  * Add warn log when deleting inactive users (#32318) (#32321)
+  * Update github.com/go-enry/go-enry to v2.9.1 (#32295) (#32296)
+  * Warn users when they try to use a non-root-url to sign in/up (#32272) (#32273)
+
 ## [1.22.3](https://github.com/go-gitea/gitea/releases/tag/1.22.3) - 2024-10-08
 
 * SECURITY

go.mod

@@ -40,7 +40,7 @@ require (
 	github.com/go-chi/chi/v5 v5.0.12
 	github.com/go-chi/cors v1.2.1
 	github.com/go-co-op/gocron v1.37.0
-	github.com/go-enry/go-enry/v2 v2.8.7
+	github.com/go-enry/go-enry/v2 v2.9.1
 	github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e
 	github.com/go-git/go-billy/v5 v5.5.0
 	github.com/go-git/go-git/v5 v5.11.0

go.sum

@@ -288,8 +288,8 @@ github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
 github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0=
 github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY=
-github.com/go-enry/go-enry/v2 v2.8.7 h1:vbab0pcf5Yo1cHQLzbWZ+QomUh3EfEU8EiR5n7W0lnQ=
-github.com/go-enry/go-enry/v2 v2.8.7/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
+github.com/go-enry/go-enry/v2 v2.9.1 h1:G9iDteJ/Mc0F4Di5NeQknf83R2OkRbwY9cAYmcqVG6U=
+github.com/go-enry/go-enry/v2 v2.9.1/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
 github.com/go-enry/go-oniguruma v1.2.1 h1:k8aAMuJfMrqm/56SG2lV9Cfti6tC4x8673aHCcBk+eo=
 github.com/go-enry/go-oniguruma v1.2.1/go.mod h1:bWDhYP+S6xZQgiRL7wlTScFYBe023B6ilRZbCAD5Hf4=
 github.com/go-faster/city v1.0.1 h1:4WAxSZ3V2Ws4QRDrscLEDcibJY8uf41H6AhXDrNDcGw=

models/actions/artifact.go

@@ -69,7 +69,7 @@ func CreateArtifact(ctx context.Context, t *ActionTask, artifactName, artifactPa
 			OwnerID:      t.OwnerID,
 			CommitSHA:    t.CommitSHA,
 			Status:       int64(ArtifactStatusUploadPending),
-			ExpiredUnix:  timeutil.TimeStamp(time.Now().Unix() + 3600*24*expiredDays),
+			ExpiredUnix:  timeutil.TimeStamp(time.Now().Unix() + timeutil.Day*expiredDays),
 		}
 		if _, err := db.GetEngine(ctx).Insert(artifact); err != nil {
 			return nil, err
@@ -78,6 +78,13 @@ func CreateArtifact(ctx context.Context, t *ActionTask, artifactName, artifactPa
 	} else if err != nil {
 		return nil, err
 	}
+
+	if _, err := db.GetEngine(ctx).ID(artifact.ID).Cols("expired_unix").Update(&ActionArtifact{
+		ExpiredUnix: timeutil.TimeStamp(time.Now().Unix() + timeutil.Day*expiredDays),
+	}); err != nil {
+		return nil, err
+	}
+
 	return artifact, nil
 }
 

models/actions/run.go

@@ -261,6 +261,7 @@ func CancelPreviousJobs(ctx context.Context, repoID int64, ref, workflowID strin
 }
 
 // InsertRun inserts a run
+// The title will be cut off at 255 characters if it's longer than 255 characters.
 func InsertRun(ctx context.Context, run *ActionRun, jobs []*jobparser.SingleWorkflow) error {
 	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
@@ -273,6 +274,7 @@ func InsertRun(ctx context.Context, run *ActionRun, jobs []*jobparser.SingleWork
 		return err
 	}
 	run.Index = index
+	run.Title, _ = util.SplitStringAtByteN(run.Title, 255)
 
 	if err := db.Insert(ctx, run); err != nil {
 		return err
@@ -386,6 +388,7 @@ func UpdateRun(ctx context.Context, run *ActionRun, cols ...string) error {
 	if len(cols) > 0 {
 		sess.Cols(cols...)
 	}
+	run.Title, _ = util.SplitStringAtByteN(run.Title, 255)
 	affected, err := sess.Update(run)
 	if err != nil {
 		return err

models/actions/runner.go

@@ -242,6 +242,7 @@ func GetRunnerByID(ctx context.Context, id int64) (*ActionRunner, error) {
 // UpdateRunner updates runner's information.
 func UpdateRunner(ctx context.Context, r *ActionRunner, cols ...string) error {
 	e := db.GetEngine(ctx)
+	r.Name, _ = util.SplitStringAtByteN(r.Name, 255)
 	var err error
 	if len(cols) == 0 {
 		_, err = e.ID(r.ID).AllCols().Update(r)
@@ -263,6 +264,7 @@ func DeleteRunner(ctx context.Context, id int64) error {
 
 // CreateRunner creates new runner.
 func CreateRunner(ctx context.Context, t *ActionRunner) error {
+	t.Name, _ = util.SplitStringAtByteN(t.Name, 255)
 	return db.Insert(ctx, t)
 }
 

models/actions/schedule.go

@@ -12,6 +12,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"
 	webhook_module "code.gitea.io/gitea/modules/webhook"
 
 	"github.com/robfig/cron/v3"
@@ -71,6 +72,7 @@ func CreateScheduleTask(ctx context.Context, rows []*ActionSchedule) error {
 
 	// Loop through each schedule row
 	for _, row := range rows {
+		row.Title, _ = util.SplitStringAtByteN(row.Title, 255)
 		// Create new schedule row
 		if err = db.Insert(ctx, row); err != nil {
 			return err

models/activities/action.go

@@ -248,6 +248,9 @@ func (a *Action) GetActDisplayNameTitle(ctx context.Context) string {
 // GetRepoUserName returns the name of the action repository owner.
 func (a *Action) GetRepoUserName(ctx context.Context) string {
 	a.loadRepo(ctx)
+	if a.Repo == nil {
+		return "(non-existing-repo)"
+	}
 	return a.Repo.OwnerName
 }
 
@@ -260,6 +263,9 @@ func (a *Action) ShortRepoUserName(ctx context.Context) string {
 // GetRepoName returns the name of the action repository.
 func (a *Action) GetRepoName(ctx context.Context) string {
 	a.loadRepo(ctx)
+	if a.Repo == nil {
+		return "(non-existing-repo)"
+	}
 	return a.Repo.Name
 }
 

models/db/collation.go

@@ -68,7 +68,8 @@ func CheckCollations(x *xorm.Engine) (*CheckCollationsResult, error) {
 
 	var candidateCollations []string
 	if x.Dialect().URI().DBType == schemas.MYSQL {
-		if _, err = x.SQL("SELECT @@collation_database").Get(&res.DatabaseCollation); err != nil {
+		_, err = x.SQL("SELECT DEFAULT_COLLATION_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = ?", setting.Database.Name).Get(&res.DatabaseCollation)
+		if err != nil {
 			return nil, err
 		}
 		res.IsCollationCaseSensitive = func(s string) bool {

models/fixtures/action_task.yml

@@ -1,3 +1,22 @@
+-
+  id: 46
+  attempt: 3
+  runner_id: 1
+  status: 3 # 3 is the status code for "cancelled"
+  started: 1683636528
+  stopped: 1683636626
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: 0
+  token_hash: 6d8ef48297195edcc8e22c70b3020eaa06c52976db67d39b4260c64a69a2cc1508825121b7b8394e48e00b1bf8718b2aaaaa
+  token_salt: eeeeeeee
+  token_last_eight: eeeeeeee
+  log_filename: artifact-test2/2f/47.log
+  log_in_storage: 1
+  log_length: 707
+  log_size: 90179
+  log_expired: 0
 -
   id: 47
   job_id: 192

models/fixtures/user.yml

@@ -332,6 +332,7 @@
   repo_admin_change_team_access: false
   theme: ""
   keep_activity_private: false
+  created_unix: 1730468968
 
 -
   id: 10

models/issues/issue_update.go

@@ -21,6 +21,7 @@ import (
 	"code.gitea.io/gitea/modules/references"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"
 
 	"xorm.io/builder"
 )
@@ -138,6 +139,7 @@ func ChangeIssueTitle(ctx context.Context, issue *Issue, doer *user_model.User,
 	}
 	defer committer.Close()
 
+	issue.Title, _ = util.SplitStringAtByteN(issue.Title, 255)
 	if err = UpdateIssueCols(ctx, issue, "name"); err != nil {
 		return fmt.Errorf("updateIssueCols: %w", err)
 	}
@@ -381,6 +383,7 @@ func NewIssueWithIndex(ctx context.Context, doer *user_model.User, opts NewIssue
 }
 
 // NewIssue creates new issue with labels for repository.
+// The title will be cut off at 255 characters if it's longer than 255 characters.
 func NewIssue(ctx context.Context, repo *repo_model.Repository, issue *Issue, labelIDs []int64, uuids []string) (err error) {
 	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
@@ -394,6 +397,7 @@ func NewIssue(ctx context.Context, repo *repo_model.Repository, issue *Issue, la
 	}
 
 	issue.Index = idx
+	issue.Title, _ = util.SplitStringAtByteN(issue.Title, 255)
 
 	if err = NewIssueWithIndex(ctx, issue.Poster, NewIssueOptions{
 		Repo:        repo,

models/issues/milestone.go

@@ -84,7 +84,7 @@ func (m *Milestone) BeforeUpdate() {
 // this object.
 func (m *Milestone) AfterLoad() {
 	m.NumOpenIssues = m.NumIssues - m.NumClosedIssues
-	if m.DeadlineUnix.Year() == 9999 {
+	if m.DeadlineUnix.Year() >= 9999 {
 		return
 	}
 

models/issues/pull.go

@@ -545,6 +545,7 @@ func NewPullRequest(ctx context.Context, repo *repo_model.Repository, issue *Iss
 	}
 
 	issue.Index = idx
+	issue.Title, _ = util.SplitStringAtByteN(issue.Title, 255)
 
 	if err = NewIssueWithIndex(ctx, issue.Poster, NewIssueOptions{
 		Repo:        repo,

models/migrations/v1_21/v276.go

@@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/modules/git"
 	giturl "code.gitea.io/gitea/modules/git/url"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 
 	"xorm.io/xorm"
 )
@@ -163,7 +164,9 @@ func migratePushMirrors(x *xorm.Engine) error {
 
 func getRemoteAddress(ownerName, repoName, remoteName string) (string, error) {
 	repoPath := filepath.Join(setting.RepoRootPath, strings.ToLower(ownerName), strings.ToLower(repoName)+".git")
-
+	if exist, _ := util.IsExist(repoPath); !exist {
+		return "", nil
+	}
 	remoteURL, err := git.GetRemoteAddress(context.Background(), repoPath, remoteName)
 	if err != nil {
 		return "", fmt.Errorf("get remote %s's address of %s/%s failed: %v", remoteName, ownerName, repoName, err)

models/organization/team_repo.go

@@ -9,6 +9,7 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
 
 	"xorm.io/builder"
 )
@@ -83,3 +84,16 @@ func GetTeamsWithAccessToRepo(ctx context.Context, orgID, repoID int64, mode per
 		OrderBy("name").
 		Find(&teams)
 }
+
+// GetTeamsWithAccessToRepoUnit returns all teams in an organization that have given access level to the repository special unit.
+func GetTeamsWithAccessToRepoUnit(ctx context.Context, orgID, repoID int64, mode perm.AccessMode, unitType unit.Type) ([]*Team, error) {
+	teams := make([]*Team, 0, 5)
+	return teams, db.GetEngine(ctx).Where("team_unit.access_mode >= ?", mode).
+		Join("INNER", "team_repo", "team_repo.team_id = team.id").
+		Join("INNER", "team_unit", "team_unit.team_id = team.id").
+		And("team_repo.org_id = ?", orgID).
+		And("team_repo.repo_id = ?", repoID).
+		And("team_unit.type = ?", unitType).
+		OrderBy("name").
+		Find(&teams)
+}

models/organization/team_repo_test.go

@@ -0,0 +1,31 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package organization_test
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/organization"
+	"code.gitea.io/gitea/models/perm"
+	"code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
+	"code.gitea.io/gitea/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetTeamsWithAccessToRepoUnit(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	org41 := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 41})
+	repo61 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 61})
+
+	teams, err := organization.GetTeamsWithAccessToRepoUnit(db.DefaultContext, org41.ID, repo61.ID, perm.AccessModeRead, unit.TypePullRequests)
+	assert.NoError(t, err)
+	if assert.Len(t, teams, 2) {
+		assert.EqualValues(t, 21, teams[0].ID)
+		assert.EqualValues(t, 22, teams[1].ID)
+	}
+}