feat(org): add team visibility so org members can discover teams (#37680)

Closes #37670.

Today, org members in Gitea only see teams they're a member of. In
larger orgs that hurts onboarding and discoverability — there's no way
to look up which team owns what without asking around. GitHub solves
this with a per-team visibility setting; this PR brings the same model
to Gitea.

## What changes

- Every team gets a `visibility` setting:
- `private` *(default)* — only team members and org owners can see the
team. Same as today's behavior.
- `limited` — listable by any member of the organization. Members and
the repos the team has access to are visible too. Non-org-members still
see nothing.
  - `public` — listable by any signed-in user.
- The Owners team visibility is fixed and cannot be changed via
settings.
- Existing teams default to `private`, so this is a no-op for anyone who
doesn't change anything.

## API

- `Team`, `CreateTeamOption`, `EditTeamOption` all gain a `visibility`
field (string enum: `private` | `limited` | `public`).
- `GET /orgs/{org}/teams` and `/orgs/{org}/teams/search` now apply the
same visibility rules as the web UI:
  - site admins and org owners still see every team
- other org members see their own teams plus any `limited` or `public`
team
  - `private` teams are no longer leaked through these endpoints
- Swagger/OpenAPI specs regenerated.

## UI

View from admin2 (not an owner):
<img width="1669" height="726"
src="https://github.com/user-attachments/assets/daf4bccb-644b-4426-b178-71963aeaf73b"
/>

View from admin (owner):

<img width="2559" height="863"
src="https://github.com/user-attachments/assets/4f22cebc-e9df-4fd2-8ed4-724d31fadb7a"
/>

---------

Signed-off-by: bircni <bircni@icloud.com>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

build/generate-openapi.go

@@ -57,8 +57,8 @@ func main() {
 		log.Fatalf("scanning swagger:enum annotations: %v", err)
 	}
 	names := make([]string, 0, len(astEnumMap))
-	for _, n := range astEnumMap {
-		names = append(names, n)
+	for _, ns := range astEnumMap {
+		names = append(names, ns...)
 	}
 	sort.Strings(names)
 	fmt.Fprintf(os.Stderr, "discovered %d swagger:enum types: %s\n", len(names), strings.Join(names, ", "))

build/openapi3gen/convert.go

@@ -6,6 +6,7 @@ package openapi3gen
 import (
 	"fmt"
 	"regexp"
+	"sort"
 	"strings"
 
 	"gitea.dev/modules/json"
@@ -25,10 +26,12 @@ var rxDeprecated = regexp.MustCompile(`(?i)(?:^|[\n.;])\s*deprecated\b`)
 // Gitea-specific post-processing: file-schema fixups, URI formats,
 // deprecated flags, and shared-enum extraction.
 //
-// astEnumMap is a value-set-key → Go-type-name map (built by
-// ScanSwaggerEnumTypes). If a shared enum in the spec has no entry in the
-// map, Convert returns an error — no fallback naming.
-func Convert(swaggerJSON []byte, astEnumMap map[string]string) (*openapi3.T, error) {
+// astEnumMap is a value-set-key → Go-type-name(s) map (built by
+// ScanSwaggerEnumTypes). When a value set is shared by multiple Go types,
+// per-property disambiguation uses the x-go-enum-desc extension. If a shared
+// enum in the spec has no matching entry, Convert returns an error — no
+// fallback naming.
+func Convert(swaggerJSON []byte, astEnumMap map[string][]string) (*openapi3.T, error) {
 	var swagger2 openapi2.T
 	if err := json.Unmarshal(swaggerJSON, &swagger2); err != nil {
 		return nil, fmt.Errorf("parsing swagger 2.0: %w", err)
@@ -176,12 +179,24 @@ type enumUsage struct {
 // If the derived enum name collides with an existing component schema, or
 // no // swagger:enum annotation matches the value set, generation aborts
 // with an actionable error — there are no silent fallbacks.
-func extractSharedEnums(doc *openapi3.T, astEnumMap map[string]string) error {
+func extractSharedEnums(doc *openapi3.T, astEnumMap map[string][]string) error {
 	if doc.Components == nil {
 		return nil
 	}
 
-	enumGroups := map[string][]enumUsage{}
+	type groupKey struct {
+		valueSet string
+		typeName string
+	}
+	enumGroups := map[groupKey][]enumUsage{}
+	groupOrder := []groupKey{} // deterministic iteration
+
+	addUsage := func(key groupKey, u enumUsage) {
+		if _, seen := enumGroups[key]; !seen {
+			groupOrder = append(groupOrder, key)
+		}
+		enumGroups[key] = append(enumGroups[key], u)
+	}
 
 	for schemaName, schemaRef := range doc.Components.Schemas {
 		if schemaRef.Value == nil {
@@ -192,24 +207,31 @@ func extractSharedEnums(doc *openapi3.T, astEnumMap map[string]string) error {
 				continue
 			}
 			if len(propRef.Value.Enum) > 1 && propRef.Value.Type.Is("string") {
-				key := EnumKey(propRef.Value.Enum)
-				enumGroups[key] = append(enumGroups[key], enumUsage{schemaName, propName, propRef, false})
+				key := groupKey{
+					valueSet: EnumKey(propRef.Value.Enum),
+					typeName: extractEnumTypeName(propRef.Value, astEnumMap),
+				}
+				addUsage(key, enumUsage{schemaName, propName, propRef, false})
 			}
 			if propRef.Value.Type.Is("array") && propRef.Value.Items != nil &&
 				propRef.Value.Items.Value != nil && propRef.Value.Items.Ref == "" &&
 				len(propRef.Value.Items.Value.Enum) > 1 && propRef.Value.Items.Value.Type.Is("string") {
-				key := EnumKey(propRef.Value.Items.Value.Enum)
-				enumGroups[key] = append(enumGroups[key], enumUsage{schemaName, propName, propRef, true})
+				key := groupKey{
+					valueSet: EnumKey(propRef.Value.Items.Value.Enum),
+					typeName: extractEnumTypeName(propRef.Value.Items.Value, astEnumMap),
+				}
+				addUsage(key, enumUsage{schemaName, propName, propRef, true})
 			}
 		}
 	}
 
-	for key, usages := range enumGroups {
+	for _, key := range groupOrder {
+		usages := enumGroups[key]
 		if len(usages) < 2 {
 			continue
 		}
 
-		enumName, err := deriveEnumName(key, usages, astEnumMap)
+		enumName, err := deriveEnumName(key.valueSet, key.typeName, usages, astEnumMap)
 		if err != nil {
 			return err
 		}
@@ -257,12 +279,17 @@ func extractSharedEnums(doc *openapi3.T, astEnumMap map[string]string) error {
 	return nil
 }
 
-// deriveEnumName looks up a shared enum's Go type name from astEnumMap by
-// value-set key. If no annotation matches, returns an error identifying the
-// offending properties and the fix.
-func deriveEnumName(key string, usages []enumUsage, astEnumMap map[string]string) (string, error) {
-	if name, ok := astEnumMap[key]; ok {
-		return name, nil
+// deriveEnumName looks up a shared enum's Go type name. If typeName is
+// non-empty (because we recovered it from x-go-enum-desc), it is used
+// directly. Otherwise the value-set must map to exactly one known type. On
+// failure, returns an error identifying the offending properties.
+func deriveEnumName(key, typeName string, usages []enumUsage, astEnumMap map[string][]string) (string, error) {
+	if typeName != "" {
+		return typeName, nil
+	}
+	names := astEnumMap[key]
+	if len(names) == 1 {
+		return names[0], nil
 	}
 
 	props := map[string]bool{}
@@ -273,9 +300,87 @@ func deriveEnumName(key string, usages []enumUsage, astEnumMap map[string]string
 	for p := range props {
 		propList = append(propList, p)
 	}
+	if len(names) > 1 {
+		return "", fmt.Errorf(
+			"value-set %q is shared by multiple swagger:enum types %v and could not be disambiguated for properties: %v; "+
+				"ensure go-swagger emits x-go-enum-desc for those properties",
+			key, names, propList,
+		)
+	}
 	return "", fmt.Errorf(
 		"no swagger:enum annotation matches value-set %q used by %d properties: %v; "+
 			"fix by adding a named string type with // swagger:enum to modules/structs or modules/commitstatus",
 		key, len(usages), propList,
 	)
 }
+
+// extractEnumTypeName recovers the Go type name a schema's enum came from by
+// parsing the property's x-go-enum-desc extension. go-swagger emits one line
+// per value as "<value> <ConstName>[ <free text>]"; the type is the longest
+// common prefix of the const names, narrowed to the candidate set in
+// astEnumMap. Returns "" if extraction is inconclusive.
+func extractEnumTypeName(s *openapi3.Schema, astEnumMap map[string][]string) string {
+	if s == nil || s.Extensions == nil {
+		return ""
+	}
+	raw, ok := s.Extensions["x-go-enum-desc"]
+	if !ok {
+		return ""
+	}
+	desc, ok := raw.(string)
+	if !ok {
+		return ""
+	}
+	candidates := astEnumMap[EnumKey(s.Enum)]
+	if len(candidates) == 0 {
+		return ""
+	}
+	// Collect the const names (second whitespace-separated field per line).
+	var consts []string
+	for line := range strings.SplitSeq(desc, "\n") {
+		fields := strings.Fields(line)
+		if len(fields) >= 2 {
+			consts = append(consts, fields[1])
+		}
+	}
+	if len(consts) == 0 {
+		return ""
+	}
+	// A candidate matches when it is a prefix of every const name AND the
+	// first character after the prefix is an uppercase ASCII letter — this
+	// rejects e.g. "Alpha" matching "Alphabet" (suffix "bet" starts lower)
+	// while still accepting both "Alpha" and "AlphaPlus" against "AlphaPlusX"
+	// (both prefixes valid). The most specific (longest) wins; ties return
+	// "" so deriveEnumName surfaces the ambiguity rather than silently
+	// picking a winner.
+	ordered := append([]string(nil), candidates...)
+	sort.Slice(ordered, func(i, j int) bool { return len(ordered[i]) > len(ordered[j]) })
+	var matches []string
+	for _, name := range ordered {
+		ok := true
+		for _, c := range consts {
+			if !strings.HasPrefix(c, name) {
+				ok = false
+				break
+			}
+			suffix := c[len(name):]
+			// Empty suffix means the const name exactly equals the type name — valid exact match.
+			// A non-empty suffix must begin with an uppercase letter to reject incidental
+			// prefix matches (e.g. "Alpha" should not match "Alphabet").
+			if len(suffix) > 0 && (suffix[0] < 'A' || suffix[0] > 'Z') {
+				ok = false
+				break
+			}
+		}
+		if ok {
+			matches = append(matches, name)
+		}
+	}
+	if len(matches) == 0 {
+		return ""
+	}
+	if len(matches) > 1 && len(matches[0]) == len(matches[1]) {
+		return ""
+	}
+	return matches[0]
+}

build/openapi3gen/convert_test.go

@@ -12,9 +12,9 @@ import (
 
 func TestDeriveEnumName_hit(t *testing.T) {
 	key := EnumKey([]any{"red", "green", "blue"})
-	astMap := map[string]string{key: "Color"}
+	astMap := map[string][]string{key: {"Color"}}
 	usages := []enumUsage{{schemaName: "Paint", propName: "color"}}
-	got, err := deriveEnumName(key, usages, astMap)
+	got, err := deriveEnumName(key, "", usages, astMap)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -26,7 +26,7 @@ func TestDeriveEnumName_hit(t *testing.T) {
 func TestDeriveEnumName_miss(t *testing.T) {
 	key := EnumKey([]any{"x", "y"})
 	usages := []enumUsage{{schemaName: "Thing", propName: "kind"}}
-	_, err := deriveEnumName(key, usages, map[string]string{})
+	_, err := deriveEnumName(key, "", usages, map[string][]string{})
 	if err == nil {
 		t.Fatal("expected miss error, got nil")
 	}
@@ -64,7 +64,7 @@ func TestExtractSharedEnums_usesASTMap(t *testing.T) {
 			},
 		},
 	}
-	astMap := map[string]string{EnumKey([]any{"red", "green", "blue"}): "Color"}
+	astMap := map[string][]string{EnumKey([]any{"red", "green", "blue"}): {"Color"}}
 	if err := extractSharedEnums(doc, astMap); err != nil {
 		t.Fatalf("extractSharedEnums: %v", err)
 	}
@@ -139,6 +139,54 @@ func TestFixFileSchemas_recursesIntoNested(t *testing.T) {
 	}
 }
 
+func TestExtractEnumTypeName_TeamVisibility(t *testing.T) {
+	enum := []any{"public", "limited", "private"}
+	key := EnumKey(enum)
+	astMap := map[string][]string{key: {"UserVisibility", "TeamVisibility"}}
+	schema := &openapi3.Schema{
+		Type: &openapi3.Types{"string"},
+		Enum: enum,
+		Extensions: map[string]any{
+			"x-go-enum-desc": "public TeamVisibilityPublic\nlimited TeamVisibilityLimited\nprivate TeamVisibilityPrivate",
+		},
+	}
+	if got := extractEnumTypeName(schema, astMap); got != "TeamVisibility" {
+		t.Fatalf("got %q, want %q", got, "TeamVisibility")
+	}
+}
+
+func TestExtractEnumTypeName_ambiguousPrefixTie(t *testing.T) {
+	enum := []any{"one", "two"}
+	key := EnumKey(enum)
+	astMap := map[string][]string{key: {"AB", "AC"}}
+	schema := &openapi3.Schema{
+		Type: &openapi3.Types{"string"},
+		Enum: enum,
+		Extensions: map[string]any{
+			"x-go-enum-desc": "one ABOne\ntwo ACTwo",
+		},
+	}
+	if got := extractEnumTypeName(schema, astMap); got != "" {
+		t.Fatalf("got %q, want empty string for ambiguous tie", got)
+	}
+}
+
+func TestExtractEnumTypeName_rejectsIncidentalPrefix(t *testing.T) {
+	enum := []any{"a", "b"}
+	key := EnumKey(enum)
+	astMap := map[string][]string{key: {"Alpha", "Alphabet"}}
+	schema := &openapi3.Schema{
+		Type: &openapi3.Types{"string"},
+		Enum: enum,
+		Extensions: map[string]any{
+			"x-go-enum-desc": "a AlphabetA\nb AlphabetB",
+		},
+	}
+	if got := extractEnumTypeName(schema, astMap); got != "Alphabet" {
+		t.Fatalf("got %q, want %q", got, "Alphabet")
+	}
+}
+
 func TestExtractSharedEnums_missReturnsError(t *testing.T) {
 	doc := &openapi3.T{
 		Components: &openapi3.Components{
@@ -164,7 +212,7 @@ func TestExtractSharedEnums_missReturnsError(t *testing.T) {
 			},
 		},
 	}
-	if err := extractSharedEnums(doc, map[string]string{}); err == nil {
+	if err := extractSharedEnums(doc, map[string][]string{}); err == nil {
 		t.Fatal("expected miss error")
 	}
 }

build/openapi3gen/enumscan.go

@@ -34,13 +34,16 @@ func EnumKey(values []any) string {
 var rxSwaggerEnum = regexp.MustCompile(`swagger:enum\s+(\w+)`)
 
 // ScanSwaggerEnumTypes walks .go files under each dir and returns a map from
-// a canonical value-set key (see EnumKey) to the Go type name declared with
-// // swagger:enum TypeName.
+// a canonical value-set key (see EnumKey) to the Go type names declared with
+// // swagger:enum TypeName. Multiple type names per key are allowed (e.g.
+// distinct enum types that happen to share a value set such as
+// {public, limited, private}); callers must disambiguate per-usage (typically
+// by parsing the property's x-go-enum-desc extension to recover the const
+// type prefix).
 //
-// Returns an error on parse failure, on an annotation for a type whose
-// constants can't be extracted, or on value-set collisions between two
-// different enum types.
-func ScanSwaggerEnumTypes(dirs []string) (map[string]string, error) {
+// Returns an error on parse failure or on an annotation for a type whose
+// constants can't be extracted.
+func ScanSwaggerEnumTypes(dirs []string) (map[string][]string, error) {
 	fset := token.NewFileSet()
 	parsed := []*ast.File{}
 
@@ -92,17 +95,18 @@ func ScanSwaggerEnumTypes(dirs []string) (map[string]string, error) {
 		}
 	}
 
-	result := map[string]string{}
+	result := map[string][]string{}
 	for typeName := range enumTypes {
 		values, ok := enumValues[typeName]
 		if !ok || len(values) == 0 {
 			return nil, fmt.Errorf("swagger:enum %s has no const block with typed string values", typeName)
 		}
 		key := EnumKey(values)
-		if existing, ok := result[key]; ok && existing != typeName {
-			return nil, fmt.Errorf("swagger:enum value-set collision: %s and %s both use %q", existing, typeName, key)
-		}
-		result[key] = typeName
+		result[key] = append(result[key], typeName)
+	}
+	for key, names := range result {
+		sort.Strings(names)
+		result[key] = names
 	}
 	return result, nil
 }

build/openapi3gen/enumscan_test.go

@@ -6,10 +6,19 @@ package openapi3gen
 import (
 	"os"
 	"path/filepath"
+	"slices"
 	"strings"
 	"testing"
 )
 
+func single(got map[string][]string, key string) string {
+	v := got[key]
+	if len(v) != 1 {
+		return ""
+	}
+	return v[0]
+}
+
 func TestEnumKey_sortsAndJoins(t *testing.T) {
 	key := EnumKey([]any{"b", "a", "c"})
 	if key != "a|b|c" {
@@ -47,7 +56,7 @@ const (
 		t.Fatalf("ScanSwaggerEnumTypes: %v", err)
 	}
 	wantKey := EnumKey([]any{"red", "green", "blue"})
-	if got[wantKey] != "Color" {
+	if single(got, wantKey) != "Color" {
 		t.Fatalf("map[%q] = %q, want %q", wantKey, got[wantKey], "Color")
 	}
 }
@@ -98,13 +107,14 @@ const (
 		t.Fatal(err)
 	}
 
-	_, err := ScanSwaggerEnumTypes([]string{dir})
-	if err == nil {
-		t.Fatal("expected collision error, got nil")
+	got, err := ScanSwaggerEnumTypes([]string{dir})
+	if err != nil {
+		t.Fatalf("ScanSwaggerEnumTypes: %v", err)
 	}
-	msg := err.Error()
-	if !strings.Contains(msg, "Alpha") || !strings.Contains(msg, "Beta") {
-		t.Fatalf("error %q should mention both Alpha and Beta", msg)
+	key := EnumKey([]any{"x", "y"})
+	names := got[key]
+	if !slices.Equal(names, []string{"Alpha", "Beta"}) {
+		t.Fatalf("map[%q] = %v, want [Alpha Beta]", key, names)
 	}
 }
 
@@ -168,7 +178,7 @@ type Hue string
 		t.Fatalf("ScanSwaggerEnumTypes: %v", err)
 	}
 	wantKey := EnumKey([]any{"a", "b"})
-	if got[wantKey] != "Hue" {
+	if single(got, wantKey) != "Hue" {
 		t.Fatalf("map[%q] = %q, want %q", wantKey, got[wantKey], "Hue")
 	}
 }
@@ -194,7 +204,7 @@ type Shade string
 		t.Fatalf("ScanSwaggerEnumTypes: %v", err)
 	}
 	wantKey := EnumKey([]any{"dark", "light"})
-	if got[wantKey] != "Shade" {
+	if single(got, wantKey) != "Shade" {
 		t.Fatalf("map[%q] = %q, want %q", wantKey, got[wantKey], "Shade")
 	}
 }
@@ -230,10 +240,10 @@ const (
 	}
 	colorKey := EnumKey([]any{"red", "blue"})
 	shadeKey := EnumKey([]any{"dark", "light"})
-	if got[colorKey] != "Color" {
+	if single(got, colorKey) != "Color" {
 		t.Fatalf("Color: map[%q] = %q, want %q", colorKey, got[colorKey], "Color")
 	}
-	if got[shadeKey] != "Shade" {
+	if single(got, shadeKey) != "Shade" {
 		t.Fatalf("Shade: map[%q] = %q, want %q", shadeKey, got[shadeKey], "Shade")
 	}
 }