mirror of
https://github.com/go-gitea/gitea.git
synced 2026-06-15 20:25:18 +02:00
55250407dd
Closes #37670. Today, org members in Gitea only see teams they're a member of. In larger orgs that hurts onboarding and discoverability — there's no way to look up which team owns what without asking around. GitHub solves this with a per-team visibility setting; this PR brings the same model to Gitea. ## What changes - Every team gets a `visibility` setting: - `private` *(default)* — only team members and org owners can see the team. Same as today's behavior. - `limited` — listable by any member of the organization. Members and the repos the team has access to are visible too. Non-org-members still see nothing. - `public` — listable by any signed-in user. - The Owners team visibility is fixed and cannot be changed via settings. - Existing teams default to `private`, so this is a no-op for anyone who doesn't change anything. ## API - `Team`, `CreateTeamOption`, `EditTeamOption` all gain a `visibility` field (string enum: `private` | `limited` | `public`). - `GET /orgs/{org}/teams` and `/orgs/{org}/teams/search` now apply the same visibility rules as the web UI: - site admins and org owners still see every team - other org members see their own teams plus any `limited` or `public` team - `private` teams are no longer leaked through these endpoints - Swagger/OpenAPI specs regenerated. ## UI View from admin2 (not an owner): <img width="1669" height="726" src="https://github.com/user-attachments/assets/daf4bccb-644b-4426-b178-71963aeaf73b" /> View from admin (owner): <img width="2559" height="863" src="https://github.com/user-attachments/assets/4f22cebc-e9df-4fd2-8ed4-724d31fadb7a" /> --------- Signed-off-by: bircni <bircni@icloud.com> Co-authored-by: TheFox0x7 <thefox0x7@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
37 lines
954 B
Go
37 lines
954 B
Go
// Copyright 2026 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package v1_27
|
|
|
|
import (
|
|
"gitea.dev/models/db"
|
|
|
|
"xorm.io/xorm"
|
|
)
|
|
|
|
type VisibleType int
|
|
|
|
type teamWithVisibility struct {
|
|
Visibility VisibleType `xorm:"NOT NULL DEFAULT 2"`
|
|
}
|
|
|
|
func (teamWithVisibility) TableName() string {
|
|
return "team"
|
|
}
|
|
|
|
func AddVisibilityToTeam(x db.EngineMigration) error {
|
|
if _, err := x.SyncWithOptions(xorm.SyncOptions{
|
|
IgnoreDropIndices: true,
|
|
IgnoreConstrains: true,
|
|
}, new(teamWithVisibility)); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Owner teams must remain listable to all org members; new orgs create
|
|
// them as "limited", so make existing owner teams limited too.
|
|
// Filter on authorize=4 (AccessModeOwner) so a user-created team that
|
|
// happens to share the name "owners" is not accidentally affected.
|
|
_, err := x.Exec("UPDATE `team` SET visibility = ? WHERE lower_name = ? AND authorize = ?", 1, "owners", 4)
|
|
return err
|
|
}
|