Fix team members missing from assignees when team_unit.access_mode is 0#37365
Draft
pisarz77 wants to merge 1 commit intogo-gitea:mainfrom
Draft
Fix team members missing from assignees when team_unit.access_mode is 0#37365pisarz77 wants to merge 1 commit intogo-gitea:mainfrom
pisarz77 wants to merge 1 commit intogo-gitea:mainfrom
Conversation
On some instances upgraded across multiple releases, `team_unit` rows can end up with `access_mode = 0` even though the parent `team.authorize` is non-zero (e.g. the organisation Owners team). This causes team-only members to be omitted by helpers that filter on `team_unit.access_mode >= AccessModeWrite`, most notably `GetRepoAssignees` in `models/repo/user_repo.go`, which breaks: * @mention autocomplete in issues and pull requests * assignee / reviewer selection * email notifications triggered by mentions The original v206 migration (`AddAuthorizeColForTeamUnit`) copied `team.authorize` into `team_unit.access_mode` but did not guard against subsequent writes or restore paths that reintroduced zeros. Add a follow-up migration that idempotently repairs any remaining `team_unit.access_mode = 0` rows whose parent team has `authorize > 0`, mirroring the same update shape as v206 but scoped to broken rows only. Rows whose parent team legitimately has no permission (`authorize = 0`) are left untouched. Signed-off-by: Jakub Pisarczyk <pisarz77@gmail.com>
GiteaBot
added
the
lgtm/need 2
Contributor
|
The proper fix should use |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR title
Fix team members missing from assignees when
team_unit.access_modeis 0PR summary
Problem
On Gitea instances that have been upgraded across multiple releases (and on databases that have been restored from backups across schema changes), rows in the
team_unittable can end up withaccess_mode = 0(AccessModeNone) even when the parentteamrow has a realauthorizevalue — most commonly the organization Owners team withauthorize = 4(AccessModeOwner).When this happens, any team member who does not already have a row in the
accesstable for a given repo is silently excluded from helpers that filter byteam_unit.access_mode. The most user-visible caller isGetRepoAssigneesinmodels/repo/user_repo.go:When
access_mode = 0for the Owners team, the>= AccessModeWritecondition fails, so the member is dropped from the result. End users experience:@mentionautocomplete in issues and PRs does not suggest the affected user.This has been observed in the wild and lines up with symptoms reported in #34871 ("Cannot add an organization owner as a Pull Request reviewer").
Root cause
The v206 migration (
AddAuthorizeColForTeamUnit, added in 1.16) copiedteam.authorizeintoteam_unit.access_modeas a one-shot fix. It did not defend against subsequent legacy writes (e.g. team editors on very old versions, backup/restore across the schema boundary, external tooling) that left someteam_unitrows withaccess_mode = 0on databases that have lived through that migration.There is no invariant in current code that guarantees
team_unit.access_mode > 0wheneverteam.authorize > 0, andgitea doctor --run check-db-consistencydoes not check this relationship.Fix
Add migration
331(FixTeamUnitZeroAccessMode) that idempotently repairs any remaining broken rows:The shape mirrors the original v206 update. The
WHEREclause scopes the fix strictly to rows where the two values have diverged and the team actually grants a real permission, so:authorize = 0(no-permission teams) are left alone.After the migration,
GetRepoAssigneesreturns the affected users correctly and theaccesstable is re-derived on next team membership change (or immediately via any write path that callsaccess_model.RecalculateTeamAccesses). No rows are deleted fromaccess, so permission checks cannot regress.Testing
models/migrations/v1_26/v331_test.gocovers four cases against an in-memory SQLite fixture:authorize = 4) with brokenteam_unitrows — repaired to4.authorize = 2) with broken rows — repaired to2.authorize = 0) with a zero row — not modified (no real permission to copy).authorize = 4,access_mode = 4) — not modified (idempotent).Reproduction before the fix
Create an organisation, create a local user who signs in via OAuth, add them to the Owners team, and — if the instance is in the affected state — observe that they never appear in
@mentionautocomplete on repositories in that org even though they are listed under Organisation → Members with the "Owner" role.Confirming the divergence directly:
After upgrading past migration
331, this query returns zero rows.AI disclosure
Per CONTRIBUTING.md: the migration, test cases, and this description were drafted with AI assistance. I understand the data model involved (verified the actual divergence against the production database that hit this bug), I wrote and reviewed the SQL and test coverage myself, and I am comfortable defending and iterating on the change in review.