packages: Calculate package size quota using package creator ID instead of owner ID (#28007)

Changed behavior to calculate package quota limit using package `creator
ID` instead of `owner ID`.

Currently, users are allowed to create an unlimited number of
organizations, each of which has its own package limit quota, resulting
in the ability for users to have unlimited package space in different
organization scopes. This fix will calculate package quota based on
`package version creator ID` instead of `package version owner ID`
(which might be organization), so that users are not allowed to take
more space than configured package settings.

Also, there is a side case in which users can publish packages to a
specific package version, initially published by different user, taking
that user package size quota. Version in fix should be better because
the total amount of space is limited to the quota for users sharing the
same organization scope.
This commit is contained in:
Danila Fominykh 2023-11-13 20:38:50 -03:00 committed by GitHub
parent c6366089df
commit 60522fc96f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 3 deletions

View file

@ -230,3 +230,15 @@ func CalculateFileSize(ctx context.Context, opts *PackageFileSearchOptions) (int
Join("INNER", "package_blob", "package_blob.id = package_file.blob_id").
SumInt(new(PackageBlob), "size")
}
// CalculateCreatorPackageQuota sums up all blob sizes related to package
// version creator id.
// It does NOT respect the deduplication of blobs.
func CalculateCreatorPackageQuota(ctx context.Context, creatorID int64) (int64, error) {
return db.GetEngine(ctx).
Table("package_version").
Where(builder.Eq{"creator_id": creatorID}).
Join("INNER", "package_file", "package_version.id = package_file.version_id").
Join("INNER", "package_blob", "package_blob.id = package_file.blob_id").
SumInt(new(PackageBlob), "size")
}

View file

@ -401,9 +401,7 @@ func CheckSizeQuotaExceeded(ctx context.Context, doer, owner *user_model.User, p
}
if setting.Packages.LimitTotalOwnerSize > -1 {
totalSize, err := packages_model.CalculateFileSize(ctx, &packages_model.PackageFileSearchOptions{
OwnerID: owner.ID,
})
totalSize, err := packages_model.CalculateCreatorPackageQuota(ctx, doer.ID)
if err != nil {
log.Error("CalculateFileSize failed: %v", err)
return err