On set/get of repo make sure forge_id is set and on fetch respected (#5717)

server/api/hook.go

@@ -347,13 +347,12 @@ func PostHook(c *gin.Context) {
 
 func getRepoFromToken(store store.Store, t *token.Token) (*model.Repo, error) {
 	if t.Get("repo-forge-remote-id") != "" {
-		// TODO: use both the forge ID and repo forge remote ID
-		/*forgeID, err := strconv.ParseInt(t.Get("forge-id"), 10, 64)
+		forgeID, err := strconv.ParseInt(t.Get("forge-id"), 10, 64)
 		if err != nil {
 			return nil, err
-		}*/
+		}
 
-		return store.GetRepoForgeID(model.ForgeRemoteID(t.Get("repo-forge-remote-id")))
+		return store.GetRepoForgeID(forgeID, model.ForgeRemoteID(t.Get("repo-forge-remote-id")))
 	}
 
 	// get the repo by the repo-id

server/api/login.go

@@ -291,7 +291,7 @@ func HandleAuth(c *gin.Context) {
 		return
 	}
 
-	err = updateRepoPermissions(c, user, _store, _forge)
+	err = updateRepoPermissions(c, user, _store, _forge, forgeID)
 	if err != nil {
 		log.Error().Err(err).Msgf("cannot update repo permissions for user %s", user.Login)
 		c.Redirect(http.StatusSeeOther, server.Config.Server.RootPath+"/login?error=internal_error")
@@ -303,7 +303,7 @@ func HandleAuth(c *gin.Context) {
 	c.Redirect(http.StatusSeeOther, server.Config.Server.RootPath+"/")
 }
 
-func updateRepoPermissions(c *gin.Context, user *model.User, _store store.Store, _forge forge.Forge) error {
+func updateRepoPermissions(c *gin.Context, user *model.User, _store store.Store, _forge forge.Forge, forgeID int64) error {
 	repos, err := utils.Paginate(func(page int) ([]*model.Repo, error) {
 		return _forge.Repos(c, user, &model.ListOptions{
 			Page:    page,
@@ -315,7 +315,10 @@ func updateRepoPermissions(c *gin.Context, user *model.User, _store store.Store,
 	}
 
 	for _, forgeRepo := range repos {
-		dbRepo, err := _store.GetRepoForgeID(forgeRepo.ForgeRemoteID)
+		// make sure forgeID is set
+		forgeRepo.ForgeID = forgeID
+
+		dbRepo, err := _store.GetRepoForgeID(forgeID, forgeRepo.ForgeRemoteID)
 		if err != nil && errors.Is(err, types.RecordNotExist) {
 			continue
 		}

server/api/repo.go

@@ -61,7 +61,7 @@ func PostRepo(c *gin.Context) {
 		return
 	}
 
-	repo, err := _store.GetRepoForgeID(forgeRemoteID)
+	repo, err := _store.GetRepoForgeID(user.ForgeID, forgeRemoteID)
 	enabledOnce := err == nil // if there's no error, the repo was found and enabled once already
 	if enabledOnce && repo.IsActive {
 		c.String(http.StatusConflict, "Repository is already active.")
@@ -78,6 +78,7 @@ func PostRepo(c *gin.Context) {
 		c.String(http.StatusInternalServerError, "Could not fetch repository from forge.")
 		return
 	}
+	from.ForgeID = user.ForgeID
 	if !from.Perm.Admin {
 		c.String(http.StatusForbidden, "User has to be a admin of this repository")
 		return
@@ -540,6 +541,7 @@ func MoveRepo(c *gin.Context) {
 		_ = c.AbortWithError(http.StatusInternalServerError, err)
 		return
 	}
+	from.ForgeID = repo.ForgeID
 	if !from.Perm.Admin {
 		c.AbortWithStatus(http.StatusUnauthorized)
 		return
@@ -697,6 +699,7 @@ func repairRepo(c *gin.Context, repo *model.Repo, updatePermissions bool) error
 		log.Error().Err(err).Msgf("get repo '%s/%s' from forge", repo.Owner, repo.Name)
 		return err
 	}
+	from.ForgeID = repo.ForgeID
 
 	if repo.FullName != from.FullName {
 		// create a redirection

server/api/user.go

@@ -127,6 +127,9 @@ func GetRepos(c *gin.Context) {
 
 		var repos []*model.Repo
 		for _, r := range _repos {
+			// make sure forgeID is set
+			r.ForgeID = user.ForgeID
+
 			if r.Perm.Push && server.Config.Permissions.OwnersAllowlist.IsAllowed(r) {
 				if active[r.ForgeRemoteID] != nil {
 					existingRepo := active[r.ForgeRemoteID]