Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

packages: Calculate package size quota using package creator ID instead of owner ID #28007

Merged
merged 3 commits into from
Nov 13, 2023
Merged

packages: Calculate package size quota using package creator ID instead of owner ID #28007

merged 3 commits into from
Nov 13, 2023

Conversation

ghost
Copy link

@ghost ghost commented Nov 13, 2023

Changed behavior to calculate package quota limit using package creator ID instead of owner ID.

Currently, users are allowed to create an unlimited number of organizations, each of which has its own package limit quota, resulting in the ability for users to have unlimited package space in different organization scopes. This fix will calculate package quota based on package version creator ID instead of package version owner ID (which might be organization), so that users are not allowed to take more space than configured package settings.

Also, there is a side case in which users can publish packages to a specific package version, initially published by different user, taking that user package size quota. Version in fix should be better because the total amount of space is limited to the quota for users sharing the same organization scope.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 13, 2023
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Nov 13, 2023
@github-actions github-actions bot added the modifies/api This PR adds API routes or modifies them label Nov 13, 2023
@ghost ghost force-pushed the fix-package-quota-org-limit branch from d906744 to cc18078 Compare November 13, 2023 04:00
@github-actions github-actions bot removed the modifies/api This PR adds API routes or modifies them label Nov 13, 2023
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 13, 2023
@6543 6543 added type/enhancement An improvement of existing functionality topic/packages backport/v1.21 This PR should be backported to Gitea 1.21 labels Nov 13, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 13, 2023
@6543 6543 merged commit 60522fc into go-gitea:main Nov 13, 2023
25 checks passed
@GiteaBot GiteaBot added this to the 1.22.0 milestone Nov 13, 2023
GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request Nov 13, 2023
@thionic @GiteaBot
packages: Calculate package size quota using package creator ID inste…
44dbc56 
…ad of owner ID (go-gitea#28007)

Changed behavior to calculate package quota limit using package `creator
ID` instead of `owner ID`.

Currently, users are allowed to create an unlimited number of
organizations, each of which has its own package limit quota, resulting
in the ability for users to have unlimited package space in different
organization scopes. This fix will calculate package quota based on
`package version creator ID` instead of `package version owner ID`
(which might be organization), so that users are not allowed to take
more space than configured package settings.

Also, there is a side case in which users can publish packages to a
specific package version, initially published by different user, taking
that user package size quota. Version in fix should be better because
the total amount of space is limited to the quota for users sharing the
same organization scope.
@GiteaBot GiteaBot mentioned this pull request Nov 13, 2023
Closed
@GiteaBot GiteaBot added the backport/done All backports for this PR have been created label Nov 13, 2023
@ghost ghost deleted the fix-package-quota-org-limit branch November 14, 2023 00:05
@lunny
Copy link
Member

lunny commented Nov 14, 2023

I don't think this is right. Every user/org should have their package size quota. What we should do is to limit org's package size but not creators'.

@6543
Copy link
Member

6543 commented Nov 14, 2023

hmm we dont have a org setting to limit right now ... so the fix is good.

but I agree that a long term solution should be to have orgs own limits

zjjhot added a commit to zjjhot/gitea that referenced this pull request Nov 14, 2023
@zjjhot
Merge remote-tracking branch 'upstream/main'
4c78dfc 
* upstream/main:
  fixed duplicate attachments on dump on windows (go-gitea#28019)
  [skip ci] Updated translations via Crowdin
  packages: Calculate package size quota using package creator ID instead of owner ID (go-gitea#28007)
  Dont leak private users via extensions (go-gitea#28023)
  Improve profile for Organizations (go-gitea#27982)
  Enable system users search via the API (go-gitea#28013)
  Enable system users for comment.LoadPoster (go-gitea#28014)
  Change default size of issue/pr attachments and repo file (go-gitea#27946)
  Fix missing mail reply address (go-gitea#27997)
@KN4CK3R
Copy link
Member

KN4CK3R commented Nov 14, 2023

This should be reverted. If you use CI with bot users the quota limit is never reached for a user. A solution could be to have different quotes for owner and creator. Now the description of the ini setting is wrong too.

lunny added a commit to lunny/gitea that referenced this pull request Nov 14, 2023
@lunny
Revert "packages: Calculate package size quota using package creator …
cc02db5 
…ID instead of owner ID (go-gitea#28007)"

This reverts commit 60522fc.
@lunny lunny mentioned this pull request Nov 14, 2023
Merged
6543 pushed a commit that referenced this pull request Nov 14, 2023
@lunny
Revert "packages: Calculate package size quota using package creator …
f65977d 
…ID instead of owner ID (#28007)" (#28049)

This reverts commit #28007 60522fc.
@6543 6543 added skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. and removed type/enhancement An improvement of existing functionality lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. backport/done All backports for this PR have been created backport/v1.21 This PR should be backported to Gitea 1.21 labels Nov 14, 2023
zjjhot added a commit to zjjhot/gitea that referenced this pull request Nov 15, 2023
@zjjhot
Merge remote-tracking branch 'upstream/main'
c20bfbd 
* upstream/main:
  Revert "packages: Calculate package size quota using package creator ID instead of owner ID (go-gitea#28007)" (go-gitea#28049)
  Restricted users only see repos in orgs which their team was assigned to (go-gitea#28025)
  Fix release link in changelog for v1.21.0
  Add v1.21.0 changelog (go-gitea#28005)
  Fix viewing wiki commit on empty repo (go-gitea#28040)
  Add word break to the repo list in admin settings page (go-gitea#28034)
fuxiaohei pushed a commit to fuxiaohei/gitea that referenced this pull request Jan 17, 2024
@thionic @fuxiaohei
packages: Calculate package size quota using package creator ID inste…
fa2caaf 
…ad of owner ID (go-gitea#28007)

Changed behavior to calculate package quota limit using package `creator
ID` instead of `owner ID`.

Currently, users are allowed to create an unlimited number of
organizations, each of which has its own package limit quota, resulting
in the ability for users to have unlimited package space in different
organization scopes. This fix will calculate package quota based on
`package version creator ID` instead of `package version owner ID`
(which might be organization), so that users are not allowed to take
more space than configured package settings.

Also, there is a side case in which users can publish packages to a
specific package version, initially published by different user, taking
that user package size quota. Version in fix should be better because
the total amount of space is limited to the quota for users sharing the
same organization scope.
fuxiaohei pushed a commit to fuxiaohei/gitea that referenced this pull request Jan 17, 2024
@lunny @fuxiaohei
Revert "packages: Calculate package size quota using package creator …
679991b 
…ID instead of owner ID (go-gitea#28007)" (go-gitea#28049)

This reverts commit go-gitea#28007 60522fc.
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Feb 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
size/S Denotes a PR that changes 10-29 lines, ignoring generated files. skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. topic/packages
Projects
None yet
Milestone
1.22.0
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@lunny @6543 @KN4CK3R @silverwind @GiteaBot @thionic