fix read access team visibility of private repo

models/action.go

@@ -309,7 +309,7 @@ func CommitRepoAction(userId, repoUserId int64, userName, actEmail string,
 		return errors.New("action.CommitRepoAction(GetRepositoryByName): " + err.Error())
 	}
 	repo.IsBare = false
-	if err = UpdateRepository(repo); err != nil {
+	if err = UpdateRepository(repo, false); err != nil {
 		return errors.New("action.CommitRepoAction(UpdateRepository): " + err.Error())
 	}
 

models/repo.go

@@ -347,7 +347,7 @@ func MigrateRepository(u *User, name, desc string, private, mirror bool, url str
 			return repo, err
 		}
 		repo.IsMirror = true
-		return repo, UpdateRepository(repo)
+		return repo, UpdateRepository(repo, false)
 	} else {
 		os.RemoveAll(repoPath)
 	}
@@ -362,7 +362,7 @@ func MigrateRepository(u *User, name, desc string, private, mirror bool, url str
 		return repo, fmt.Errorf("create update hook: %v", err)
 	}
 
-	return repo, UpdateRepository(repo)
+	return repo, UpdateRepository(repo, false)
 }
 
 // extractGitBareZip extracts git-bare.zip to repository path.
@@ -501,7 +501,7 @@ func initRepository(e Engine, f string, u *User, repo *Repository, initReadme bo
 		}
 		repo.IsBare = true
 		repo.DefaultBranch = "master"
-		return updateRepository(e, repo)
+		return updateRepository(e, repo, false)
 	}
 
 	// Apply changes and commit.
@@ -733,7 +733,7 @@ func ChangeRepositoryName(userName, oldRepoName, newRepoName string) (err error)
 	return os.Rename(RepoPath(userName, oldRepoName), RepoPath(userName, newRepoName))
 }
 
-func updateRepository(e Engine, repo *Repository) error {
+func updateRepository(e Engine, repo *Repository, visibilityChanged bool) (err error) {
 	repo.LowerName = strings.ToLower(repo.Name)
 
 	if len(repo.Description) > 255 {
@@ -742,12 +742,40 @@ func updateRepository(e Engine, repo *Repository) error {
 	if len(repo.Website) > 255 {
 		repo.Website = repo.Website[:255]
 	}
-	_, err := e.Id(repo.Id).AllCols().Update(repo)
-	return err
+
+	if _, err = e.Id(repo.Id).AllCols().Update(repo); err != nil {
+		return fmt.Errorf("update: %v", err)
+	}
+
+	if visibilityChanged {
+		if err = repo.getOwner(e); err != nil {
+			return fmt.Errorf("getOwner: %v", err)
+		}
+		if !repo.Owner.IsOrganization() {
+			return nil
+		}
+
+		// Organization repository need to recalculate access table when visivility is changed.
+		if err = repo.recalculateTeamAccesses(e, 0); err != nil {
+			return fmt.Errorf("recalculateTeamAccesses: %v", err)
+		}
+	}
+
+	return nil
 }
 
-func UpdateRepository(repo *Repository) error {
-	return updateRepository(x, repo)
+func UpdateRepository(repo *Repository, visibilityChanged bool) (err error) {
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	if err = updateRepository(x, repo, visibilityChanged); err != nil {
+		return fmt.Errorf("updateRepository: %v", err)
+	}
+
+	return sess.Commit()
 }
 
 // DeleteRepository deletes a repository for a user or organization.

routers/repo/repo.go

@@ -356,7 +356,7 @@ func Action(ctx *middleware.Context) {
 
 		ctx.Repo.Repository.Description = ctx.Query("desc")
 		ctx.Repo.Repository.Website = ctx.Query("site")
-		err = models.UpdateRepository(ctx.Repo.Repository)
+		err = models.UpdateRepository(ctx.Repo.Repository, false)
 	}
 
 	if err != nil {

routers/repo/setting.go

@@ -78,8 +78,9 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
 		}
 		ctx.Repo.Repository.Description = form.Description
 		ctx.Repo.Repository.Website = form.Website
+		visibilityChanged := ctx.Repo.Repository.IsPrivate != form.Private
 		ctx.Repo.Repository.IsPrivate = form.Private
-		if err := models.UpdateRepository(ctx.Repo.Repository); err != nil {
+		if err := models.UpdateRepository(ctx.Repo.Repository, visibilityChanged); err != nil {
 			ctx.Handle(404, "UpdateRepository", err)
 			return
 		}