domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Remove GetByBean method because sometimes it's danger when query condition parameter is zero and also introduce new generic methods (#28220)

Browse source 
The function `GetByBean` has an obvious defect that when the fields are
empty values, it will be ignored. Then users will get a wrong result
which is possibly used to make a security problem.

To avoid the possibility, this PR removed function `GetByBean` and all
references.
And some new generic functions have been introduced to be used.

The recommand usage like below.

```go
// if query an object according id
obj, err := db.GetByID[Object](ctx, id)
// query with other conditions
obj, err := db.Get[Object](ctx, builder.Eq{"a": a, "b":b})
```
This commit is contained in:
Lunny Xiao 2023-12-07 15:27:36 +08:00 committed by GitHub
parent beb71f5ef6
commit dd30d9d5c0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
28 changed files with 189 additions and 174 deletions
Download patch file Download diff file Expand all files Collapse all files

22
models/org_team.go
View file

@ -162,7 +162,7 @@ func NewTeam(ctx context.Context, t *organization.Team) (err error) {
return err
}
has, err := db.GetEngine(ctx).ID(t.OrgID).Get(new(user_model.User))
has, err := db.ExistByID[user_model.User](ctx, t.OrgID)
if err != nil {
return err
}
@ -171,10 +171,10 @@ func NewTeam(ctx context.Context, t *organization.Team) (err error) {
}
t.LowerName = strings.ToLower(t.Name)
has, err = db.GetEngine(ctx).
Where("org_id=?", t.OrgID).
And("lower_name=?", t.LowerName).
Get(new(organization.Team))
has, err = db.Exist[organization.Team](ctx, builder.Eq{
"org_id": t.OrgID,
"lower_name": t.LowerName,
})
if err != nil {
return err
}
@ -232,20 +232,20 @@ func UpdateTeam(ctx context.Context, t *organization.Team, authChanged, includeA
return err
}
defer committer.Close()
sess := db.GetEngine(ctx)
t.LowerName = strings.ToLower(t.Name)
has, err := sess.
Where("org_id=?", t.OrgID).
And("lower_name=?", t.LowerName).
And("id!=?", t.ID).
Get(new(organization.Team))
has, err := db.Exist[organization.Team](ctx, builder.Eq{
"org_id": t.OrgID,
"lower_name": t.LowerName,
}.And(builder.Neq{"id": t.ID}),
)
if err != nil {
return err
} else if has {
return organization.ErrTeamAlreadyExist{OrgID: t.OrgID, Name: t.LowerName}
}
sess := db.GetEngine(ctx)
if _, err = sess.ID(t.ID).Cols("name", "lower_name", "description",
"can_create_org_repo", "authorize", "includes_all_repositories").Update(t); err != nil {
return fmt.Errorf("update: %w", err)