From 60522fc96f1fa4675e95010e4b1535e0eac21910 Mon Sep 17 00:00:00 2001 From: Danila Fominykh Date: Mon, 13 Nov 2023 20:38:50 -0300 Subject: [PATCH] packages: Calculate package size quota using package creator ID instead of owner ID (#28007) Changed behavior to calculate package quota limit using package `creator ID` instead of `owner ID`. Currently, users are allowed to create an unlimited number of organizations, each of which has its own package limit quota, resulting in the ability for users to have unlimited package space in different organization scopes. This fix will calculate package quota based on `package version creator ID` instead of `package version owner ID` (which might be organization), so that users are not allowed to take more space than configured package settings. Also, there is a side case in which users can publish packages to a specific package version, initially published by different user, taking that user package size quota. Version in fix should be better because the total amount of space is limited to the quota for users sharing the same organization scope. --- models/packages/package_file.go | 12 ++++++++++++ services/packages/packages.go | 4 +--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/models/packages/package_file.go b/models/packages/package_file.go index 1c2c9ac072..a2ddae7325 100644 --- a/models/packages/package_file.go +++ b/models/packages/package_file.go @@ -230,3 +230,15 @@ func CalculateFileSize(ctx context.Context, opts *PackageFileSearchOptions) (int Join("INNER", "package_blob", "package_blob.id = package_file.blob_id"). SumInt(new(PackageBlob), "size") } + +// CalculateCreatorPackageQuota sums up all blob sizes related to package +// version creator id. +// It does NOT respect the deduplication of blobs. +func CalculateCreatorPackageQuota(ctx context.Context, creatorID int64) (int64, error) { + return db.GetEngine(ctx). + Table("package_version"). + Where(builder.Eq{"creator_id": creatorID}). + Join("INNER", "package_file", "package_version.id = package_file.version_id"). + Join("INNER", "package_blob", "package_blob.id = package_file.blob_id"). + SumInt(new(PackageBlob), "size") +} diff --git a/services/packages/packages.go b/services/packages/packages.go index 56d5cc04de..294ee6cc1a 100644 --- a/services/packages/packages.go +++ b/services/packages/packages.go @@ -401,9 +401,7 @@ func CheckSizeQuotaExceeded(ctx context.Context, doer, owner *user_model.User, p } if setting.Packages.LimitTotalOwnerSize > -1 { - totalSize, err := packages_model.CalculateFileSize(ctx, &packages_model.PackageFileSearchOptions{ - OwnerID: owner.ID, - }) + totalSize, err := packages_model.CalculateCreatorPackageQuota(ctx, doer.ID) if err != nil { log.Error("CalculateFileSize failed: %v", err) return err