From d91d4db344792760a18265c6902d4ac909d0ee84 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 15 Jun 2022 15:02:00 +0800
Subject: [PATCH] Move tests as seperate sub packages to reduce duplicated file
 names (#19951)

---
 models/db/context.go                 |   2 +-
 models/db/engine_test.go             |  56 +++++
 models/db/main_test.go               |  21 ++
 models/engine_test.go                |  34 ---
 models/git/main_test.go              |   3 +-
 models/issues/main_test.go           |   7 +-
 models/org_test.go                   | 115 ----------
 models/organization/main_test.go     |  16 +-
 models/organization/org_test.go      | 218 +++++++++++++------
 models/organization/org_user_test.go |  41 +++-
 models/organization/team_test.go     |  51 ++---
 models/perm/access/access_test.go    | 300 ++++++++++++++++++++++++---
 models/perm/access/main_test.go      |  16 +-
 models/repo/collaboration_test.go    |  21 ++
 models/repo/repo_test.go             |  68 ++++++
 models/repo_collaboration_test.go    |  21 --
 models/repo_permission_test.go       | 266 ------------------------
 models/repo_test.go                  |  69 ------
 models/user/email_address_test.go    | 165 +++++++--------
 models/user/follow_test.go           |  13 +-
 models/user/main_test.go             |  14 +-
 models/user/openid_test.go           |  17 +-
 models/user/redirect_test.go         |   9 +-
 models/user/setting_test.go          |  25 +--
 models/user/user_test.go             | 186 ++++++++++-------
 models/user_test.go                  |  43 ----
 services/gitdiff/main_test.go        |   3 +-
 27 files changed, 901 insertions(+), 899 deletions(-)
 create mode 100644 models/db/engine_test.go
 create mode 100644 models/db/main_test.go
 delete mode 100644 models/engine_test.go
 delete mode 100644 models/repo_permission_test.go
 delete mode 100644 models/user_test.go

diff --git a/models/db/context.go b/models/db/context.go
index dae7be3a93..c41d761802 100644
--- a/models/db/context.go
+++ b/models/db/context.go
@@ -32,7 +32,7 @@ type Context struct {
 	e Engine
 }
 
-// WithEngine returns a db.Context from a context.Context and db.Engine
+// WithEngine returns a Context from a context.Context and Engine
 func WithEngine(ctx context.Context, e Engine) *Context {
 	return &Context{
 		Context: ctx,
diff --git a/models/db/engine_test.go b/models/db/engine_test.go
new file mode 100644
index 0000000000..41279c5005
--- /dev/null
+++ b/models/db/engine_test.go
@@ -0,0 +1,56 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package db_test
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models/db"
+	issues_model "code.gitea.io/gitea/models/issues"
+	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDumpDatabase(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	dir, err := os.MkdirTemp(os.TempDir(), "dump")
+	assert.NoError(t, err)
+
+	type Version struct {
+		ID      int64 `xorm:"pk autoincr"`
+		Version int64
+	}
+	assert.NoError(t, db.GetEngine(db.DefaultContext).Sync2(new(Version)))
+
+	for _, dbType := range setting.SupportedDatabaseTypes {
+		assert.NoError(t, db.DumpDatabase(filepath.Join(dir, dbType+".sql"), dbType))
+	}
+}
+
+func TestDeleteOrphanedObjects(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	countBefore, err := db.GetEngine(db.DefaultContext).Count(&issues_model.PullRequest{})
+	assert.NoError(t, err)
+
+	_, err = db.GetEngine(db.DefaultContext).Insert(&issues_model.PullRequest{IssueID: 1000}, &issues_model.PullRequest{IssueID: 1001}, &issues_model.PullRequest{IssueID: 1003})
+	assert.NoError(t, err)
+
+	orphaned, err := db.CountOrphanedObjects("pull_request", "issue", "pull_request.issue_id=issue.id")
+	assert.NoError(t, err)
+	assert.EqualValues(t, 3, orphaned)
+
+	err = db.DeleteOrphanedObjects("pull_request", "issue", "pull_request.issue_id=issue.id")
+	assert.NoError(t, err)
+
+	countAfter, err := db.GetEngine(db.DefaultContext).Count(&issues_model.PullRequest{})
+	assert.NoError(t, err)
+	assert.EqualValues(t, countBefore, countAfter)
+}
diff --git a/models/db/main_test.go b/models/db/main_test.go
new file mode 100644
index 0000000000..b774dce4d8
--- /dev/null
+++ b/models/db/main_test.go
@@ -0,0 +1,21 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package db_test
+
+import (
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models/unittest"
+
+	_ "code.gitea.io/gitea/models"
+	_ "code.gitea.io/gitea/models/repo"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m, &unittest.TestOptions{
+		GiteaRootPath: filepath.Join("..", ".."),
+	})
+}
diff --git a/models/engine_test.go b/models/engine_test.go
deleted file mode 100644
index 6f4d114db3..0000000000
--- a/models/engine_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package models
-
-import (
-	"os"
-	"path/filepath"
-	"testing"
-
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/unittest"
-	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestDumpDatabase(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	dir, err := os.MkdirTemp(os.TempDir(), "dump")
-	assert.NoError(t, err)
-
-	type Version struct {
-		ID      int64 `xorm:"pk autoincr"`
-		Version int64
-	}
-	assert.NoError(t, db.GetEngine(db.DefaultContext).Sync2(new(Version)))
-
-	for _, dbType := range setting.SupportedDatabaseTypes {
-		assert.NoError(t, db.DumpDatabase(filepath.Join(dir, dbType+".sql"), dbType))
-	}
-}
diff --git a/models/git/main_test.go b/models/git/main_test.go
index dc30dfaad7..41e6ac4704 100644
--- a/models/git/main_test.go
+++ b/models/git/main_test.go
@@ -8,8 +8,9 @@ import (
 	"path/filepath"
 	"testing"
 
-	_ "code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
+
+	_ "code.gitea.io/gitea/models"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/issues/main_test.go b/models/issues/main_test.go
index e34bef62ca..89f9e1c999 100644
--- a/models/issues/main_test.go
+++ b/models/issues/main_test.go
@@ -8,13 +8,14 @@ import (
 	"path/filepath"
 	"testing"
 
-	_ "code.gitea.io/gitea/models"
 	issues_model "code.gitea.io/gitea/models/issues"
-	_ "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
-	_ "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 
+	_ "code.gitea.io/gitea/models"
+	_ "code.gitea.io/gitea/models/repo"
+	_ "code.gitea.io/gitea/models/user"
+
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/models/org_test.go b/models/org_test.go
index 4d8831858c..af11bed280 100644
--- a/models/org_test.go
+++ b/models/org_test.go
@@ -7,12 +7,9 @@ package models
 import (
 	"testing"
 
-	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/organization"
-	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -62,115 +59,3 @@ func TestRemoveOrgUser(t *testing.T) {
 	unittest.AssertExistsAndLoadBean(t, &organization.OrgUser{OrgID: 7, UID: 5})
 	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
 }
-
-func TestUser_RemoveOrgRepo(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerID: org.ID}).(*repo_model.Repository)
-
-	// remove a repo that does belong to org
-	unittest.AssertExistsAndLoadBean(t, &organization.TeamRepo{RepoID: repo.ID, OrgID: org.ID})
-	assert.NoError(t, organization.RemoveOrgRepo(db.DefaultContext, org.ID, repo.ID))
-	unittest.AssertNotExistsBean(t, &organization.TeamRepo{RepoID: repo.ID, OrgID: org.ID})
-	unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: repo.ID}) // repo should still exist
-
-	// remove a repo that does not belong to org
-	assert.NoError(t, organization.RemoveOrgRepo(db.DefaultContext, org.ID, repo.ID))
-	unittest.AssertNotExistsBean(t, &organization.TeamRepo{RepoID: repo.ID, OrgID: org.ID})
-
-	assert.NoError(t, organization.RemoveOrgRepo(db.DefaultContext, org.ID, unittest.NonexistentID))
-
-	unittest.CheckConsistencyFor(t,
-		&user_model.User{ID: org.ID},
-		&organization.Team{OrgID: org.ID},
-		&repo_model.Repository{ID: repo.ID})
-}
-
-func TestCreateOrganization(t *testing.T) {
-	// successful creation of org
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	const newOrgName = "neworg"
-	org := &organization.Organization{
-		Name: newOrgName,
-	}
-
-	unittest.AssertNotExistsBean(t, &user_model.User{Name: newOrgName, Type: user_model.UserTypeOrganization})
-	assert.NoError(t, organization.CreateOrganization(org, owner))
-	org = unittest.AssertExistsAndLoadBean(t,
-		&organization.Organization{Name: newOrgName, Type: user_model.UserTypeOrganization}).(*organization.Organization)
-	ownerTeam := unittest.AssertExistsAndLoadBean(t,
-		&organization.Team{Name: organization.OwnerTeamName, OrgID: org.ID}).(*organization.Team)
-	unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{UID: owner.ID, TeamID: ownerTeam.ID})
-	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
-}
-
-func TestCreateOrganization2(t *testing.T) {
-	// unauthorized creation of org
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
-	const newOrgName = "neworg"
-	org := &organization.Organization{
-		Name: newOrgName,
-	}
-
-	unittest.AssertNotExistsBean(t, &organization.Organization{Name: newOrgName, Type: user_model.UserTypeOrganization})
-	err := organization.CreateOrganization(org, owner)
-	assert.Error(t, err)
-	assert.True(t, organization.IsErrUserNotAllowedCreateOrg(err))
-	unittest.AssertNotExistsBean(t, &organization.Organization{Name: newOrgName, Type: user_model.UserTypeOrganization})
-	unittest.CheckConsistencyFor(t, &organization.Organization{}, &organization.Team{})
-}
-
-func TestCreateOrganization3(t *testing.T) {
-	// create org with same name as existent org
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	org := &organization.Organization{Name: "user3"}                      // should already exist
-	unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: org.Name}) // sanity check
-	err := organization.CreateOrganization(org, owner)
-	assert.Error(t, err)
-	assert.True(t, user_model.IsErrUserAlreadyExist(err))
-	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
-}
-
-func TestCreateOrganization4(t *testing.T) {
-	// create org with unusable name
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	err := organization.CreateOrganization(&organization.Organization{Name: "assets"}, owner)
-	assert.Error(t, err)
-	assert.True(t, db.IsErrNameReserved(err))
-	unittest.CheckConsistencyFor(t, &organization.Organization{}, &organization.Team{})
-}
-
-func TestAddOrgUser(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-	testSuccess := func(orgID, userID int64, isPublic bool) {
-		org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: orgID}).(*user_model.User)
-		expectedNumMembers := org.NumMembers
-		if !unittest.BeanExists(t, &organization.OrgUser{OrgID: orgID, UID: userID}) {
-			expectedNumMembers++
-		}
-		assert.NoError(t, organization.AddOrgUser(orgID, userID))
-		ou := &organization.OrgUser{OrgID: orgID, UID: userID}
-		unittest.AssertExistsAndLoadBean(t, ou)
-		assert.Equal(t, isPublic, ou.IsPublic)
-		org = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: orgID}).(*user_model.User)
-		assert.EqualValues(t, expectedNumMembers, org.NumMembers)
-	}
-
-	setting.Service.DefaultOrgMemberVisible = false
-	testSuccess(3, 5, false)
-	testSuccess(3, 5, false)
-	testSuccess(6, 2, false)
-
-	setting.Service.DefaultOrgMemberVisible = true
-	testSuccess(6, 3, true)
-
-	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
-}
diff --git a/models/organization/main_test.go b/models/organization/main_test.go
index 711b86b9bd..376552cb22 100644
--- a/models/organization/main_test.go
+++ b/models/organization/main_test.go
@@ -2,26 +2,22 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package organization
+package organization_test
 
 import (
 	"path/filepath"
 	"testing"
 
 	"code.gitea.io/gitea/models/unittest"
+
+	_ "code.gitea.io/gitea/models"
+	_ "code.gitea.io/gitea/models/organization"
+	_ "code.gitea.io/gitea/models/repo"
+	_ "code.gitea.io/gitea/models/user"
 )
 
 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: filepath.Join("..", ".."),
-		FixtureFiles: []string{
-			"user.yml",
-			"org_user.yml",
-			"team.yml",
-			"team_repo.yml",
-			"team_unit.yml",
-			"team_user.yml",
-			"repository.yml",
-		},
 	})
 }
diff --git a/models/organization/org_test.go b/models/organization/org_test.go
index b408a2f36e..3a135498a3 100644
--- a/models/organization/org_test.go
+++ b/models/organization/org_test.go
@@ -2,12 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package organization
+package organization_test
 
 import (
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/organization"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
@@ -30,7 +31,7 @@ func TestUser_IsOwnedBy(t *testing.T) {
 		{2, 2, false}, // user2 is not an organization
 		{2, 3, false},
 	} {
-		org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: testCase.OrgID}).(*Organization)
+		org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: testCase.OrgID}).(*organization.Organization)
 		isOwner, err := org.IsOwnedBy(testCase.UserID)
 		assert.NoError(t, err)
 		assert.Equal(t, testCase.ExpectedOwner, isOwner)
@@ -51,7 +52,7 @@ func TestUser_IsOrgMember(t *testing.T) {
 		{2, 2, false}, // user2 is not an organization
 		{2, 3, false},
 	} {
-		org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: testCase.OrgID}).(*Organization)
+		org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: testCase.OrgID}).(*organization.Organization)
 		isMember, err := org.IsOrgMember(testCase.UserID)
 		assert.NoError(t, err)
 		assert.Equal(t, testCase.ExpectedMember, isMember)
@@ -60,35 +61,35 @@ func TestUser_IsOrgMember(t *testing.T) {
 
 func TestUser_GetTeam(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	team, err := org.GetTeam("team1")
 	assert.NoError(t, err)
 	assert.Equal(t, org.ID, team.OrgID)
 	assert.Equal(t, "team1", team.LowerName)
 
 	_, err = org.GetTeam("does not exist")
-	assert.True(t, IsErrTeamNotExist(err))
+	assert.True(t, organization.IsErrTeamNotExist(err))
 
-	nonOrg := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 2}).(*Organization)
+	nonOrg := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 2}).(*organization.Organization)
 	_, err = nonOrg.GetTeam("team")
-	assert.True(t, IsErrTeamNotExist(err))
+	assert.True(t, organization.IsErrTeamNotExist(err))
 }
 
 func TestUser_GetOwnerTeam(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	team, err := org.GetOwnerTeam()
 	assert.NoError(t, err)
 	assert.Equal(t, org.ID, team.OrgID)
 
-	nonOrg := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 2}).(*Organization)
+	nonOrg := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 2}).(*organization.Organization)
 	_, err = nonOrg.GetOwnerTeam()
-	assert.True(t, IsErrTeamNotExist(err))
+	assert.True(t, organization.IsErrTeamNotExist(err))
 }
 
 func TestUser_GetTeams(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	teams, err := org.LoadTeams()
 	assert.NoError(t, err)
 	if assert.Len(t, teams, 4) {
@@ -101,7 +102,7 @@ func TestUser_GetTeams(t *testing.T) {
 
 func TestUser_GetMembers(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	members, _, err := org.GetMembers()
 	assert.NoError(t, err)
 	if assert.Len(t, members, 3) {
@@ -114,23 +115,23 @@ func TestUser_GetMembers(t *testing.T) {
 func TestGetOrgByName(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	org, err := GetOrgByName("user3")
+	org, err := organization.GetOrgByName("user3")
 	assert.NoError(t, err)
 	assert.EqualValues(t, 3, org.ID)
 	assert.Equal(t, "user3", org.Name)
 
-	_, err = GetOrgByName("user2") // user2 is an individual
-	assert.True(t, IsErrOrgNotExist(err))
+	_, err = organization.GetOrgByName("user2") // user2 is an individual
+	assert.True(t, organization.IsErrOrgNotExist(err))
 
-	_, err = GetOrgByName("") // corner case
-	assert.True(t, IsErrOrgNotExist(err))
+	_, err = organization.GetOrgByName("") // corner case
+	assert.True(t, organization.IsErrOrgNotExist(err))
 }
 
 func TestCountOrganizations(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	expected, err := db.GetEngine(db.DefaultContext).Where("type=?", user_model.UserTypeOrganization).Count(&Organization{})
+	expected, err := db.GetEngine(db.DefaultContext).Where("type=?", user_model.UserTypeOrganization).Count(&organization.Organization{})
 	assert.NoError(t, err)
-	cnt, err := CountOrgs(FindOrgOptions{IncludePrivate: true})
+	cnt, err := organization.CountOrgs(organization.FindOrgOptions{IncludePrivate: true})
 	assert.NoError(t, err)
 	assert.Equal(t, expected, cnt)
 }
@@ -138,7 +139,7 @@ func TestCountOrganizations(t *testing.T) {
 func TestIsOrganizationOwner(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	test := func(orgID, userID int64, expected bool) {
-		isOwner, err := IsOrganizationOwner(db.DefaultContext, orgID, userID)
+		isOwner, err := organization.IsOrganizationOwner(db.DefaultContext, orgID, userID)
 		assert.NoError(t, err)
 		assert.EqualValues(t, expected, isOwner)
 	}
@@ -152,7 +153,7 @@ func TestIsOrganizationOwner(t *testing.T) {
 func TestIsOrganizationMember(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	test := func(orgID, userID int64, expected bool) {
-		isMember, err := IsOrganizationMember(db.DefaultContext, orgID, userID)
+		isMember, err := organization.IsOrganizationMember(db.DefaultContext, orgID, userID)
 		assert.NoError(t, err)
 		assert.EqualValues(t, expected, isMember)
 	}
@@ -167,7 +168,7 @@ func TestIsOrganizationMember(t *testing.T) {
 func TestIsPublicMembership(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	test := func(orgID, userID int64, expected bool) {
-		isMember, err := IsPublicMembership(orgID, userID)
+		isMember, err := organization.IsPublicMembership(orgID, userID)
 		assert.NoError(t, err)
 		assert.EqualValues(t, expected, isMember)
 	}
@@ -182,7 +183,7 @@ func TestIsPublicMembership(t *testing.T) {
 func TestFindOrgs(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	orgs, err := FindOrgs(FindOrgOptions{
+	orgs, err := organization.FindOrgs(organization.FindOrgOptions{
 		UserID:         4,
 		IncludePrivate: true,
 	})
@@ -191,14 +192,14 @@ func TestFindOrgs(t *testing.T) {
 		assert.EqualValues(t, 3, orgs[0].ID)
 	}
 
-	orgs, err = FindOrgs(FindOrgOptions{
+	orgs, err = organization.FindOrgs(organization.FindOrgOptions{
 		UserID:         4,
 		IncludePrivate: false,
 	})
 	assert.NoError(t, err)
 	assert.Len(t, orgs, 0)
 
-	total, err := CountOrgs(FindOrgOptions{
+	total, err := organization.CountOrgs(organization.FindOrgOptions{
 		UserID:         4,
 		IncludePrivate: true,
 	})
@@ -209,16 +210,16 @@ func TestFindOrgs(t *testing.T) {
 func TestGetOrgUsersByUserID(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	orgUsers, err := GetOrgUsersByUserID(5, &SearchOrganizationsOptions{All: true})
+	orgUsers, err := organization.GetOrgUsersByUserID(5, &organization.SearchOrganizationsOptions{All: true})
 	assert.NoError(t, err)
 	if assert.Len(t, orgUsers, 2) {
-		assert.Equal(t, OrgUser{
+		assert.Equal(t, organization.OrgUser{
 			ID:       orgUsers[0].ID,
 			OrgID:    6,
 			UID:      5,
 			IsPublic: true,
 		}, *orgUsers[0])
-		assert.Equal(t, OrgUser{
+		assert.Equal(t, organization.OrgUser{
 			ID:       orgUsers[1].ID,
 			OrgID:    7,
 			UID:      5,
@@ -226,12 +227,12 @@ func TestGetOrgUsersByUserID(t *testing.T) {
 		}, *orgUsers[1])
 	}
 
-	publicOrgUsers, err := GetOrgUsersByUserID(5, &SearchOrganizationsOptions{All: false})
+	publicOrgUsers, err := organization.GetOrgUsersByUserID(5, &organization.SearchOrganizationsOptions{All: false})
 	assert.NoError(t, err)
 	assert.Len(t, publicOrgUsers, 1)
 	assert.Equal(t, *orgUsers[0], *publicOrgUsers[0])
 
-	orgUsers, err = GetOrgUsersByUserID(1, &SearchOrganizationsOptions{All: true})
+	orgUsers, err = organization.GetOrgUsersByUserID(1, &organization.SearchOrganizationsOptions{All: true})
 	assert.NoError(t, err)
 	assert.Len(t, orgUsers, 0)
 }
@@ -239,20 +240,20 @@ func TestGetOrgUsersByUserID(t *testing.T) {
 func TestGetOrgUsersByOrgID(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	orgUsers, err := GetOrgUsersByOrgID(db.DefaultContext, &FindOrgMembersOpts{
+	orgUsers, err := organization.GetOrgUsersByOrgID(db.DefaultContext, &organization.FindOrgMembersOpts{
 		ListOptions: db.ListOptions{},
 		OrgID:       3,
 		PublicOnly:  false,
 	})
 	assert.NoError(t, err)
 	if assert.Len(t, orgUsers, 3) {
-		assert.Equal(t, OrgUser{
+		assert.Equal(t, organization.OrgUser{
 			ID:       orgUsers[0].ID,
 			OrgID:    3,
 			UID:      2,
 			IsPublic: true,
 		}, *orgUsers[0])
-		assert.Equal(t, OrgUser{
+		assert.Equal(t, organization.OrgUser{
 			ID:       orgUsers[1].ID,
 			OrgID:    3,
 			UID:      4,
@@ -260,7 +261,7 @@ func TestGetOrgUsersByOrgID(t *testing.T) {
 		}, *orgUsers[1])
 	}
 
-	orgUsers, err = GetOrgUsersByOrgID(db.DefaultContext, &FindOrgMembersOpts{
+	orgUsers, err = organization.GetOrgUsersByOrgID(db.DefaultContext, &organization.FindOrgMembersOpts{
 		ListOptions: db.ListOptions{},
 		OrgID:       unittest.NonexistentID,
 		PublicOnly:  false,
@@ -273,20 +274,20 @@ func TestChangeOrgUserStatus(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	testSuccess := func(orgID, userID int64, public bool) {
-		assert.NoError(t, ChangeOrgUserStatus(orgID, userID, public))
-		orgUser := unittest.AssertExistsAndLoadBean(t, &OrgUser{OrgID: orgID, UID: userID}).(*OrgUser)
+		assert.NoError(t, organization.ChangeOrgUserStatus(orgID, userID, public))
+		orgUser := unittest.AssertExistsAndLoadBean(t, &organization.OrgUser{OrgID: orgID, UID: userID}).(*organization.OrgUser)
 		assert.Equal(t, public, orgUser.IsPublic)
 	}
 
 	testSuccess(3, 2, false)
 	testSuccess(3, 2, false)
 	testSuccess(3, 4, true)
-	assert.NoError(t, ChangeOrgUserStatus(unittest.NonexistentID, unittest.NonexistentID, true))
+	assert.NoError(t, organization.ChangeOrgUserStatus(unittest.NonexistentID, unittest.NonexistentID, true))
 }
 
 func TestUser_GetUserTeamIDs(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	testSuccess := func(userID int64, expected []int64) {
 		teamIDs, err := org.GetUserTeamIDs(userID)
 		assert.NoError(t, err)
@@ -299,9 +300,9 @@ func TestUser_GetUserTeamIDs(t *testing.T) {
 
 func TestAccessibleReposEnv_CountRepos(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	testSuccess := func(userID, expectedCount int64) {
-		env, err := AccessibleReposEnv(db.DefaultContext, org, userID)
+		env, err := organization.AccessibleReposEnv(db.DefaultContext, org, userID)
 		assert.NoError(t, err)
 		count, err := env.CountRepos()
 		assert.NoError(t, err)
@@ -313,9 +314,9 @@ func TestAccessibleReposEnv_CountRepos(t *testing.T) {
 
 func TestAccessibleReposEnv_RepoIDs(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	testSuccess := func(userID, _, pageSize int64, expectedRepoIDs []int64) {
-		env, err := AccessibleReposEnv(db.DefaultContext, org, userID)
+		env, err := organization.AccessibleReposEnv(db.DefaultContext, org, userID)
 		assert.NoError(t, err)
 		repoIDs, err := env.RepoIDs(1, 100)
 		assert.NoError(t, err)
@@ -327,9 +328,9 @@ func TestAccessibleReposEnv_RepoIDs(t *testing.T) {
 
 func TestAccessibleReposEnv_Repos(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	testSuccess := func(userID int64, expectedRepoIDs []int64) {
-		env, err := AccessibleReposEnv(db.DefaultContext, org, userID)
+		env, err := organization.AccessibleReposEnv(db.DefaultContext, org, userID)
 		assert.NoError(t, err)
 		repos, err := env.Repos(1, 100)
 		assert.NoError(t, err)
@@ -346,9 +347,9 @@ func TestAccessibleReposEnv_Repos(t *testing.T) {
 
 func TestAccessibleReposEnv_MirrorRepos(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	org := unittest.AssertExistsAndLoadBean(t, &Organization{ID: 3}).(*Organization)
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
 	testSuccess := func(userID int64, expectedRepoIDs []int64) {
-		env, err := AccessibleReposEnv(db.DefaultContext, org, userID)
+		env, err := organization.AccessibleReposEnv(db.DefaultContext, org, userID)
 		assert.NoError(t, err)
 		repos, err := env.MirrorRepos()
 		assert.NoError(t, err)
@@ -369,18 +370,18 @@ func TestHasOrgVisibleTypePublic(t *testing.T) {
 	user3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)
 
 	const newOrgName = "test-org-public"
-	org := &Organization{
+	org := &organization.Organization{
 		Name:       newOrgName,
 		Visibility: structs.VisibleTypePublic,
 	}
 
 	unittest.AssertNotExistsBean(t, &user_model.User{Name: org.Name, Type: user_model.UserTypeOrganization})
-	assert.NoError(t, CreateOrganization(org, owner))
+	assert.NoError(t, organization.CreateOrganization(org, owner))
 	org = unittest.AssertExistsAndLoadBean(t,
-		&Organization{Name: org.Name, Type: user_model.UserTypeOrganization}).(*Organization)
-	test1 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), owner)
-	test2 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), user3)
-	test3 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), nil)
+		&organization.Organization{Name: org.Name, Type: user_model.UserTypeOrganization}).(*organization.Organization)
+	test1 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), owner)
+	test2 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), user3)
+	test3 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), nil)
 	assert.True(t, test1) // owner of org
 	assert.True(t, test2) // user not a part of org
 	assert.True(t, test3) // logged out user
@@ -392,18 +393,18 @@ func TestHasOrgVisibleTypeLimited(t *testing.T) {
 	user3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)
 
 	const newOrgName = "test-org-limited"
-	org := &Organization{
+	org := &organization.Organization{
 		Name:       newOrgName,
 		Visibility: structs.VisibleTypeLimited,
 	}
 
 	unittest.AssertNotExistsBean(t, &user_model.User{Name: org.Name, Type: user_model.UserTypeOrganization})
-	assert.NoError(t, CreateOrganization(org, owner))
+	assert.NoError(t, organization.CreateOrganization(org, owner))
 	org = unittest.AssertExistsAndLoadBean(t,
-		&Organization{Name: org.Name, Type: user_model.UserTypeOrganization}).(*Organization)
-	test1 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), owner)
-	test2 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), user3)
-	test3 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), nil)
+		&organization.Organization{Name: org.Name, Type: user_model.UserTypeOrganization}).(*organization.Organization)
+	test1 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), owner)
+	test2 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), user3)
+	test3 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), nil)
 	assert.True(t, test1)  // owner of org
 	assert.True(t, test2)  // user not a part of org
 	assert.False(t, test3) // logged out user
@@ -415,18 +416,18 @@ func TestHasOrgVisibleTypePrivate(t *testing.T) {
 	user3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)
 
 	const newOrgName = "test-org-private"
-	org := &Organization{
+	org := &organization.Organization{
 		Name:       newOrgName,
 		Visibility: structs.VisibleTypePrivate,
 	}
 
 	unittest.AssertNotExistsBean(t, &user_model.User{Name: org.Name, Type: user_model.UserTypeOrganization})
-	assert.NoError(t, CreateOrganization(org, owner))
+	assert.NoError(t, organization.CreateOrganization(org, owner))
 	org = unittest.AssertExistsAndLoadBean(t,
-		&Organization{Name: org.Name, Type: user_model.UserTypeOrganization}).(*Organization)
-	test1 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), owner)
-	test2 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), user3)
-	test3 := HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), nil)
+		&organization.Organization{Name: org.Name, Type: user_model.UserTypeOrganization}).(*organization.Organization)
+	test1 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), owner)
+	test2 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), user3)
+	test3 := organization.HasOrgOrUserVisible(db.DefaultContext, org.AsUser(), nil)
 	assert.True(t, test1)  // owner of org
 	assert.False(t, test2) // user not a part of org
 	assert.False(t, test3) // logged out user
@@ -435,7 +436,7 @@ func TestHasOrgVisibleTypePrivate(t *testing.T) {
 func TestGetUsersWhoCanCreateOrgRepo(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	users, err := GetUsersWhoCanCreateOrgRepo(db.DefaultContext, 3)
+	users, err := organization.GetUsersWhoCanCreateOrgRepo(db.DefaultContext, 3)
 	assert.NoError(t, err)
 	assert.Len(t, users, 2)
 	var ids []int64
@@ -444,8 +445,93 @@ func TestGetUsersWhoCanCreateOrgRepo(t *testing.T) {
 	}
 	assert.ElementsMatch(t, ids, []int64{2, 28})
 
-	users, err = GetUsersWhoCanCreateOrgRepo(db.DefaultContext, 7)
+	users, err = organization.GetUsersWhoCanCreateOrgRepo(db.DefaultContext, 7)
 	assert.NoError(t, err)
 	assert.Len(t, users, 1)
 	assert.EqualValues(t, 5, users[0].ID)
 }
+
+func TestUser_RemoveOrgRepo(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}).(*organization.Organization)
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerID: org.ID}).(*repo_model.Repository)
+
+	// remove a repo that does belong to org
+	unittest.AssertExistsAndLoadBean(t, &organization.TeamRepo{RepoID: repo.ID, OrgID: org.ID})
+	assert.NoError(t, organization.RemoveOrgRepo(db.DefaultContext, org.ID, repo.ID))
+	unittest.AssertNotExistsBean(t, &organization.TeamRepo{RepoID: repo.ID, OrgID: org.ID})
+	unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: repo.ID}) // repo should still exist
+
+	// remove a repo that does not belong to org
+	assert.NoError(t, organization.RemoveOrgRepo(db.DefaultContext, org.ID, repo.ID))
+	unittest.AssertNotExistsBean(t, &organization.TeamRepo{RepoID: repo.ID, OrgID: org.ID})
+
+	assert.NoError(t, organization.RemoveOrgRepo(db.DefaultContext, org.ID, unittest.NonexistentID))
+
+	unittest.CheckConsistencyFor(t,
+		&user_model.User{ID: org.ID},
+		&organization.Team{OrgID: org.ID},
+		&repo_model.Repository{ID: repo.ID})
+}
+
+func TestCreateOrganization(t *testing.T) {
+	// successful creation of org
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	const newOrgName = "neworg"
+	org := &organization.Organization{
+		Name: newOrgName,
+	}
+
+	unittest.AssertNotExistsBean(t, &user_model.User{Name: newOrgName, Type: user_model.UserTypeOrganization})
+	assert.NoError(t, organization.CreateOrganization(org, owner))
+	org = unittest.AssertExistsAndLoadBean(t,
+		&organization.Organization{Name: newOrgName, Type: user_model.UserTypeOrganization}).(*organization.Organization)
+	ownerTeam := unittest.AssertExistsAndLoadBean(t,
+		&organization.Team{Name: organization.OwnerTeamName, OrgID: org.ID}).(*organization.Team)
+	unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{UID: owner.ID, TeamID: ownerTeam.ID})
+	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
+}
+
+func TestCreateOrganization2(t *testing.T) {
+	// unauthorized creation of org
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
+	const newOrgName = "neworg"
+	org := &organization.Organization{
+		Name: newOrgName,
+	}
+
+	unittest.AssertNotExistsBean(t, &organization.Organization{Name: newOrgName, Type: user_model.UserTypeOrganization})
+	err := organization.CreateOrganization(org, owner)
+	assert.Error(t, err)
+	assert.True(t, organization.IsErrUserNotAllowedCreateOrg(err))
+	unittest.AssertNotExistsBean(t, &organization.Organization{Name: newOrgName, Type: user_model.UserTypeOrganization})
+	unittest.CheckConsistencyFor(t, &organization.Organization{}, &organization.Team{})
+}
+
+func TestCreateOrganization3(t *testing.T) {
+	// create org with same name as existent org
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	org := &organization.Organization{Name: "user3"}                      // should already exist
+	unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: org.Name}) // sanity check
+	err := organization.CreateOrganization(org, owner)
+	assert.Error(t, err)
+	assert.True(t, user_model.IsErrUserAlreadyExist(err))
+	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
+}
+
+func TestCreateOrganization4(t *testing.T) {
+	// create org with unusable name
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	err := organization.CreateOrganization(&organization.Organization{Name: "assets"}, owner)
+	assert.Error(t, err)
+	assert.True(t, db.IsErrNameReserved(err))
+	unittest.CheckConsistencyFor(t, &organization.Organization{}, &organization.Team{})
+}
diff --git a/models/organization/org_user_test.go b/models/organization/org_user_test.go
index 1e85f4ed22..22ee5217f9 100644
--- a/models/organization/org_user_test.go
+++ b/models/organization/org_user_test.go
@@ -2,15 +2,17 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package organization
+package organization_test
 
 import (
 	"fmt"
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -38,7 +40,7 @@ func TestUserIsPublicMember(t *testing.T) {
 func testUserIsPublicMember(t *testing.T, uid, orgID int64, expected bool) {
 	user, err := user_model.GetUserByID(uid)
 	assert.NoError(t, err)
-	is, err := IsPublicMembership(orgID, user.ID)
+	is, err := organization.IsPublicMembership(orgID, user.ID)
 	assert.NoError(t, err)
 	assert.Equal(t, expected, is)
 }
@@ -66,7 +68,7 @@ func TestIsUserOrgOwner(t *testing.T) {
 func testIsUserOrgOwner(t *testing.T, uid, orgID int64, expected bool) {
 	user, err := user_model.GetUserByID(uid)
 	assert.NoError(t, err)
-	is, err := IsOrganizationOwner(db.DefaultContext, orgID, user.ID)
+	is, err := organization.IsOrganizationOwner(db.DefaultContext, orgID, user.ID)
 	assert.NoError(t, err)
 	assert.Equal(t, expected, is)
 }
@@ -91,7 +93,7 @@ func TestUserListIsPublicMember(t *testing.T) {
 }
 
 func testUserListIsPublicMember(t *testing.T, orgID int64, expected map[int64]bool) {
-	org, err := GetOrgByID(db.DefaultContext, orgID)
+	org, err := organization.GetOrgByID(db.DefaultContext, orgID)
 	assert.NoError(t, err)
 	_, membersIsPublic, err := org.GetMembers()
 	assert.NoError(t, err)
@@ -118,9 +120,36 @@ func TestUserListIsUserOrgOwner(t *testing.T) {
 }
 
 func testUserListIsUserOrgOwner(t *testing.T, orgID int64, expected map[int64]bool) {
-	org, err := GetOrgByID(db.DefaultContext, orgID)
+	org, err := organization.GetOrgByID(db.DefaultContext, orgID)
 	assert.NoError(t, err)
 	members, _, err := org.GetMembers()
 	assert.NoError(t, err)
-	assert.Equal(t, expected, IsUserOrgOwner(members, orgID))
+	assert.Equal(t, expected, organization.IsUserOrgOwner(members, orgID))
+}
+
+func TestAddOrgUser(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	testSuccess := func(orgID, userID int64, isPublic bool) {
+		org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: orgID}).(*user_model.User)
+		expectedNumMembers := org.NumMembers
+		if !unittest.BeanExists(t, &organization.OrgUser{OrgID: orgID, UID: userID}) {
+			expectedNumMembers++
+		}
+		assert.NoError(t, organization.AddOrgUser(orgID, userID))
+		ou := &organization.OrgUser{OrgID: orgID, UID: userID}
+		unittest.AssertExistsAndLoadBean(t, ou)
+		assert.Equal(t, isPublic, ou.IsPublic)
+		org = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: orgID}).(*user_model.User)
+		assert.EqualValues(t, expectedNumMembers, org.NumMembers)
+	}
+
+	setting.Service.DefaultOrgMemberVisible = false
+	testSuccess(3, 5, false)
+	testSuccess(3, 5, false)
+	testSuccess(6, 2, false)
+
+	setting.Service.DefaultOrgMemberVisible = true
+	testSuccess(6, 3, true)
+
+	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
 }
diff --git a/models/organization/team_test.go b/models/organization/team_test.go
index 860a7107ec..829c440c29 100644
--- a/models/organization/team_test.go
+++ b/models/organization/team_test.go
@@ -2,12 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package organization
+package organization_test
 
 import (
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/unittest"
 
 	"github.com/stretchr/testify/assert"
@@ -16,22 +17,22 @@ import (
 func TestTeam_IsOwnerTeam(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	team := unittest.AssertExistsAndLoadBean(t, &Team{ID: 1}).(*Team)
+	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 1}).(*organization.Team)
 	assert.True(t, team.IsOwnerTeam())
 
-	team = unittest.AssertExistsAndLoadBean(t, &Team{ID: 2}).(*Team)
+	team = unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2}).(*organization.Team)
 	assert.False(t, team.IsOwnerTeam())
 }
 
 func TestTeam_IsMember(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	team := unittest.AssertExistsAndLoadBean(t, &Team{ID: 1}).(*Team)
+	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 1}).(*organization.Team)
 	assert.True(t, team.IsMember(2))
 	assert.False(t, team.IsMember(4))
 	assert.False(t, team.IsMember(unittest.NonexistentID))
 
-	team = unittest.AssertExistsAndLoadBean(t, &Team{ID: 2}).(*Team)
+	team = unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2}).(*organization.Team)
 	assert.True(t, team.IsMember(2))
 	assert.True(t, team.IsMember(4))
 	assert.False(t, team.IsMember(unittest.NonexistentID))
@@ -41,11 +42,11 @@ func TestTeam_GetRepositories(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	test := func(teamID int64) {
-		team := unittest.AssertExistsAndLoadBean(t, &Team{ID: teamID}).(*Team)
+		team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: teamID}).(*organization.Team)
 		assert.NoError(t, team.GetRepositoriesCtx(db.DefaultContext))
 		assert.Len(t, team.Repos, team.NumRepos)
 		for _, repo := range team.Repos {
-			unittest.AssertExistsAndLoadBean(t, &TeamRepo{TeamID: teamID, RepoID: repo.ID})
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamRepo{TeamID: teamID, RepoID: repo.ID})
 		}
 	}
 	test(1)
@@ -56,11 +57,11 @@ func TestTeam_GetMembers(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	test := func(teamID int64) {
-		team := unittest.AssertExistsAndLoadBean(t, &Team{ID: teamID}).(*Team)
+		team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: teamID}).(*organization.Team)
 		assert.NoError(t, team.GetMembersCtx(db.DefaultContext))
 		assert.Len(t, team.Members, team.NumMembers)
 		for _, member := range team.Members {
-			unittest.AssertExistsAndLoadBean(t, &TeamUser{UID: member.ID, TeamID: teamID})
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{UID: member.ID, TeamID: teamID})
 		}
 	}
 	test(1)
@@ -71,7 +72,7 @@ func TestGetTeam(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	testSuccess := func(orgID int64, name string) {
-		team, err := GetTeam(db.DefaultContext, orgID, name)
+		team, err := organization.GetTeam(db.DefaultContext, orgID, name)
 		assert.NoError(t, err)
 		assert.EqualValues(t, orgID, team.OrgID)
 		assert.Equal(t, name, team.Name)
@@ -79,9 +80,9 @@ func TestGetTeam(t *testing.T) {
 	testSuccess(3, "Owners")
 	testSuccess(3, "team1")
 
-	_, err := GetTeam(db.DefaultContext, 3, "nonexistent")
+	_, err := organization.GetTeam(db.DefaultContext, 3, "nonexistent")
 	assert.Error(t, err)
-	_, err = GetTeam(db.DefaultContext, unittest.NonexistentID, "Owners")
+	_, err = organization.GetTeam(db.DefaultContext, unittest.NonexistentID, "Owners")
 	assert.Error(t, err)
 }
 
@@ -89,7 +90,7 @@ func TestGetTeamByID(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	testSuccess := func(teamID int64) {
-		team, err := GetTeamByID(db.DefaultContext, teamID)
+		team, err := organization.GetTeamByID(db.DefaultContext, teamID)
 		assert.NoError(t, err)
 		assert.EqualValues(t, teamID, team.ID)
 	}
@@ -98,14 +99,14 @@ func TestGetTeamByID(t *testing.T) {
 	testSuccess(3)
 	testSuccess(4)
 
-	_, err := GetTeamByID(db.DefaultContext, unittest.NonexistentID)
+	_, err := organization.GetTeamByID(db.DefaultContext, unittest.NonexistentID)
 	assert.Error(t, err)
 }
 
 func TestIsTeamMember(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	test := func(orgID, teamID, userID int64, expected bool) {
-		isMember, err := IsTeamMember(db.DefaultContext, orgID, teamID, userID)
+		isMember, err := organization.IsTeamMember(db.DefaultContext, orgID, teamID, userID)
 		assert.NoError(t, err)
 		assert.Equal(t, expected, isMember)
 	}
@@ -125,14 +126,14 @@ func TestGetTeamMembers(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	test := func(teamID int64) {
-		team := unittest.AssertExistsAndLoadBean(t, &Team{ID: teamID}).(*Team)
-		members, err := GetTeamMembers(db.DefaultContext, &SearchMembersOptions{
+		team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: teamID}).(*organization.Team)
+		members, err := organization.GetTeamMembers(db.DefaultContext, &organization.SearchMembersOptions{
 			TeamID: teamID,
 		})
 		assert.NoError(t, err)
 		assert.Len(t, members, team.NumMembers)
 		for _, member := range members {
-			unittest.AssertExistsAndLoadBean(t, &TeamUser{UID: member.ID, TeamID: teamID})
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{UID: member.ID, TeamID: teamID})
 		}
 	}
 	test(1)
@@ -142,10 +143,10 @@ func TestGetTeamMembers(t *testing.T) {
 func TestGetUserTeams(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	test := func(userID int64) {
-		teams, _, err := SearchTeam(&SearchTeamOptions{UserID: userID})
+		teams, _, err := organization.SearchTeam(&organization.SearchTeamOptions{UserID: userID})
 		assert.NoError(t, err)
 		for _, team := range teams {
-			unittest.AssertExistsAndLoadBean(t, &TeamUser{TeamID: team.ID, UID: userID})
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{TeamID: team.ID, UID: userID})
 		}
 	}
 	test(2)
@@ -156,11 +157,11 @@ func TestGetUserTeams(t *testing.T) {
 func TestGetUserOrgTeams(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	test := func(orgID, userID int64) {
-		teams, err := GetUserOrgTeams(db.DefaultContext, orgID, userID)
+		teams, err := organization.GetUserOrgTeams(db.DefaultContext, orgID, userID)
 		assert.NoError(t, err)
 		for _, team := range teams {
 			assert.EqualValues(t, orgID, team.OrgID)
-			unittest.AssertExistsAndLoadBean(t, &TeamUser{TeamID: team.ID, UID: userID})
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{TeamID: team.ID, UID: userID})
 		}
 	}
 	test(3, 2)
@@ -172,8 +173,8 @@ func TestHasTeamRepo(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	test := func(teamID, repoID int64, expected bool) {
-		team := unittest.AssertExistsAndLoadBean(t, &Team{ID: teamID}).(*Team)
-		assert.Equal(t, expected, HasTeamRepo(db.DefaultContext, team.OrgID, teamID, repoID))
+		team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: teamID}).(*organization.Team)
+		assert.Equal(t, expected, organization.HasTeamRepo(db.DefaultContext, team.OrgID, teamID, repoID))
 	}
 	test(1, 1, false)
 	test(1, 3, true)
@@ -188,7 +189,7 @@ func TestUsersInTeamsCount(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	test := func(teamIDs, userIDs []int64, expected int64) {
-		count, err := UsersInTeamsCount(teamIDs, userIDs)
+		count, err := organization.UsersInTeamsCount(teamIDs, userIDs)
 		assert.NoError(t, err)
 		assert.Equal(t, expected, count)
 	}
diff --git a/models/perm/access/access_test.go b/models/perm/access/access_test.go
index a9ae9a30f4..a5e0448d3d 100644
--- a/models/perm/access/access_test.go
+++ b/models/perm/access/access_test.go
@@ -2,14 +2,18 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package access
+package access_test
 
 import (
 	"testing"
 
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/perm"
+	"code.gitea.io/gitea/models/organization"
+	perm_model "code.gitea.io/gitea/models/perm"
+	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 
@@ -35,36 +39,36 @@ func TestAccessLevel(t *testing.T) {
 	// org. owned private repo
 	repo24 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24}).(*repo_model.Repository)
 
-	level, err := AccessLevel(user2, repo1)
+	level, err := access_model.AccessLevel(user2, repo1)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeOwner, level)
+	assert.Equal(t, perm_model.AccessModeOwner, level)
 
-	level, err = AccessLevel(user2, repo3)
+	level, err = access_model.AccessLevel(user2, repo3)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeOwner, level)
+	assert.Equal(t, perm_model.AccessModeOwner, level)
 
-	level, err = AccessLevel(user5, repo1)
+	level, err = access_model.AccessLevel(user5, repo1)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeRead, level)
+	assert.Equal(t, perm_model.AccessModeRead, level)
 
-	level, err = AccessLevel(user5, repo3)
+	level, err = access_model.AccessLevel(user5, repo3)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeNone, level)
+	assert.Equal(t, perm_model.AccessModeNone, level)
 
 	// restricted user has no access to a public repo
-	level, err = AccessLevel(user29, repo1)
+	level, err = access_model.AccessLevel(user29, repo1)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeNone, level)
+	assert.Equal(t, perm_model.AccessModeNone, level)
 
 	// ... unless he's a collaborator
-	level, err = AccessLevel(user29, repo4)
+	level, err = access_model.AccessLevel(user29, repo4)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeWrite, level)
+	assert.Equal(t, perm_model.AccessModeWrite, level)
 
 	// ... or a team member
-	level, err = AccessLevel(user29, repo24)
+	level, err = access_model.AccessLevel(user29, repo24)
 	assert.NoError(t, err)
-	assert.Equal(t, perm.AccessModeRead, level)
+	assert.Equal(t, perm_model.AccessModeRead, level)
 }
 
 func TestHasAccess(t *testing.T) {
@@ -79,17 +83,17 @@ func TestHasAccess(t *testing.T) {
 	repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3}).(*repo_model.Repository)
 	assert.True(t, repo2.IsPrivate)
 
-	has, err := HasAccess(db.DefaultContext, user1.ID, repo1)
+	has, err := access_model.HasAccess(db.DefaultContext, user1.ID, repo1)
 	assert.NoError(t, err)
 	assert.True(t, has)
 
-	_, err = HasAccess(db.DefaultContext, user1.ID, repo2)
+	_, err = access_model.HasAccess(db.DefaultContext, user1.ID, repo2)
 	assert.NoError(t, err)
 
-	_, err = HasAccess(db.DefaultContext, user2.ID, repo1)
+	_, err = access_model.HasAccess(db.DefaultContext, user2.ID, repo1)
 	assert.NoError(t, err)
 
-	_, err = HasAccess(db.DefaultContext, user2.ID, repo2)
+	_, err = access_model.HasAccess(db.DefaultContext, user2.ID, repo2)
 	assert.NoError(t, err)
 }
 
@@ -101,13 +105,13 @@ func TestRepository_RecalculateAccesses(t *testing.T) {
 
 	_, err := db.GetEngine(db.DefaultContext).Delete(&repo_model.Collaboration{UserID: 2, RepoID: 3})
 	assert.NoError(t, err)
-	assert.NoError(t, RecalculateAccesses(db.DefaultContext, repo1))
+	assert.NoError(t, access_model.RecalculateAccesses(db.DefaultContext, repo1))
 
-	access := &Access{UserID: 2, RepoID: 3}
+	access := &access_model.Access{UserID: 2, RepoID: 3}
 	has, err := db.GetEngine(db.DefaultContext).Get(access)
 	assert.NoError(t, err)
 	assert.True(t, has)
-	assert.Equal(t, perm.AccessModeOwner, access.Mode)
+	assert.Equal(t, perm_model.AccessModeOwner, access.Mode)
 }
 
 func TestRepository_RecalculateAccesses2(t *testing.T) {
@@ -118,9 +122,255 @@ func TestRepository_RecalculateAccesses2(t *testing.T) {
 
 	_, err := db.GetEngine(db.DefaultContext).Delete(&repo_model.Collaboration{UserID: 4, RepoID: 4})
 	assert.NoError(t, err)
-	assert.NoError(t, RecalculateAccesses(db.DefaultContext, repo1))
+	assert.NoError(t, access_model.RecalculateAccesses(db.DefaultContext, repo1))
 
-	has, err := db.GetEngine(db.DefaultContext).Get(&Access{UserID: 4, RepoID: 4})
+	has, err := db.GetEngine(db.DefaultContext).Get(&access_model.Access{UserID: 4, RepoID: 4})
 	assert.NoError(t, err)
 	assert.False(t, has)
 }
+
+func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	// public non-organization repo
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}).(*repo_model.Repository)
+	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
+
+	// plain user
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// change to collaborator
+	assert.NoError(t, models.AddCollaborator(repo, user))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// collaborator
+	collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, collaborator)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// owner
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// admin
+	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+}
+
+func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	// private non-organization repo
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2}).(*repo_model.Repository)
+	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
+
+	// plain user
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
+	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.False(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// change to collaborator to default write access
+	assert.NoError(t, models.AddCollaborator(repo, user))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// owner
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// admin
+	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+}
+
+func TestRepoPermissionPublicOrgRepo(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	// public organization repo
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 32}).(*repo_model.Repository)
+	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
+
+	// plain user
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
+	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// change to collaborator to default write access
+	assert.NoError(t, models.AddCollaborator(repo, user))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// org member team owner
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// org member team tester
+	member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, member)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+	}
+	assert.True(t, perm.CanWrite(unit.TypeIssues))
+	assert.False(t, perm.CanWrite(unit.TypeCode))
+
+	// admin
+	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+}
+
+func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	// private organization repo
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24}).(*repo_model.Repository)
+	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
+
+	// plain user
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
+	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.False(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// change to collaborator to default write access
+	assert.NoError(t, models.AddCollaborator(repo, user))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.False(t, perm.CanWrite(unit.Type))
+	}
+
+	// org member team owner
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// update team information and then check permission
+	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5}).(*organization.Team)
+	err = organization.UpdateTeamUnits(team, nil)
+	assert.NoError(t, err)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+
+	// org member team tester
+	tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, tester)
+	assert.NoError(t, err)
+	assert.True(t, perm.CanWrite(unit.TypeIssues))
+	assert.False(t, perm.CanWrite(unit.TypeCode))
+	assert.False(t, perm.CanRead(unit.TypeCode))
+
+	// org member team reviewer
+	reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, reviewer)
+	assert.NoError(t, err)
+	assert.False(t, perm.CanRead(unit.TypeIssues))
+	assert.False(t, perm.CanWrite(unit.TypeCode))
+	assert.True(t, perm.CanRead(unit.TypeCode))
+
+	// admin
+	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
+	assert.NoError(t, err)
+	for _, unit := range repo.Units {
+		assert.True(t, perm.CanRead(unit.Type))
+		assert.True(t, perm.CanWrite(unit.Type))
+	}
+}
diff --git a/models/perm/access/main_test.go b/models/perm/access/main_test.go
index 153ac2540d..eb0abb74d1 100644
--- a/models/perm/access/main_test.go
+++ b/models/perm/access/main_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package access
+package access_test
 
 import (
 	"path/filepath"
@@ -10,23 +10,13 @@ import (
 
 	"code.gitea.io/gitea/models/unittest"
 
+	_ "code.gitea.io/gitea/models"
 	_ "code.gitea.io/gitea/models/repo"
+	_ "code.gitea.io/gitea/models/user"
 )
 
 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: filepath.Join("..", "..", ".."),
-		FixtureFiles: []string{
-			"access.yml",
-			"user.yml",
-			"repository.yml",
-			"collaboration.yml",
-			"org_user.yml",
-			"repo_unit.yml",
-			"team_user.yml",
-			"team_repo.yml",
-			"team.yml",
-			"team_unit.yml",
-		},
 	})
 }
diff --git a/models/repo/collaboration_test.go b/models/repo/collaboration_test.go
index 8cb7980a75..2e6253d561 100644
--- a/models/repo/collaboration_test.go
+++ b/models/repo/collaboration_test.go
@@ -8,6 +8,8 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/perm"
+	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 
@@ -48,3 +50,22 @@ func TestRepository_IsCollaborator(t *testing.T) {
 	test(4, 2, false)
 	test(4, 4, true)
 }
+
+func TestRepository_ChangeCollaborationAccessMode(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}).(*repo_model.Repository)
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, 4, perm.AccessModeAdmin))
+
+	collaboration := unittest.AssertExistsAndLoadBean(t, &repo_model.Collaboration{RepoID: repo.ID, UserID: 4}).(*repo_model.Collaboration)
+	assert.EqualValues(t, perm.AccessModeAdmin, collaboration.Mode)
+
+	access := unittest.AssertExistsAndLoadBean(t, &access_model.Access{UserID: 4, RepoID: repo.ID}).(*access_model.Access)
+	assert.EqualValues(t, perm.AccessModeAdmin, access.Mode)
+
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, 4, perm.AccessModeAdmin))
+
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, unittest.NonexistentID, perm.AccessModeAdmin))
+
+	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repo.ID})
+}
diff --git a/models/repo/repo_test.go b/models/repo/repo_test.go
index 8ae84eab52..6f8b282a66 100644
--- a/models/repo/repo_test.go
+++ b/models/repo/repo_test.go
@@ -9,7 +9,10 @@ import (
 
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/util"
 
 	"github.com/stretchr/testify/assert"
@@ -57,3 +60,68 @@ func TestRepoAPIURL(t *testing.T) {
 
 	assert.Equal(t, "https://try.gitea.io/api/v1/repos/user12/repo10", repo.APIURL())
 }
+
+func TestWatchRepo(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	const repoID = 3
+	const userID = 2
+
+	assert.NoError(t, repo_model.WatchRepo(db.DefaultContext, userID, repoID, true))
+	unittest.AssertExistsAndLoadBean(t, &repo_model.Watch{RepoID: repoID, UserID: userID})
+	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repoID})
+
+	assert.NoError(t, repo_model.WatchRepo(db.DefaultContext, userID, repoID, false))
+	unittest.AssertNotExistsBean(t, &repo_model.Watch{RepoID: repoID, UserID: userID})
+	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repoID})
+}
+
+func TestMetas(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	repo := &repo_model.Repository{Name: "testRepo"}
+	repo.Owner = &user_model.User{Name: "testOwner"}
+	repo.OwnerName = repo.Owner.Name
+
+	repo.Units = nil
+
+	metas := repo.ComposeMetas()
+	assert.Equal(t, "testRepo", metas["repo"])
+	assert.Equal(t, "testOwner", metas["user"])
+
+	externalTracker := repo_model.RepoUnit{
+		Type: unit.TypeExternalTracker,
+		Config: &repo_model.ExternalTrackerConfig{
+			ExternalTrackerFormat: "https://someurl.com/{user}/{repo}/{issue}",
+		},
+	}
+
+	testSuccess := func(expectedStyle string) {
+		repo.Units = []*repo_model.RepoUnit{&externalTracker}
+		repo.RenderingMetas = nil
+		metas := repo.ComposeMetas()
+		assert.Equal(t, expectedStyle, metas["style"])
+		assert.Equal(t, "testRepo", metas["repo"])
+		assert.Equal(t, "testOwner", metas["user"])
+		assert.Equal(t, "https://someurl.com/{user}/{repo}/{issue}", metas["format"])
+	}
+
+	testSuccess(markup.IssueNameStyleNumeric)
+
+	externalTracker.ExternalTrackerConfig().ExternalTrackerStyle = markup.IssueNameStyleAlphanumeric
+	testSuccess(markup.IssueNameStyleAlphanumeric)
+
+	externalTracker.ExternalTrackerConfig().ExternalTrackerStyle = markup.IssueNameStyleNumeric
+	testSuccess(markup.IssueNameStyleNumeric)
+
+	externalTracker.ExternalTrackerConfig().ExternalTrackerStyle = markup.IssueNameStyleRegexp
+	testSuccess(markup.IssueNameStyleRegexp)
+
+	repo, err := repo_model.GetRepositoryByID(3)
+	assert.NoError(t, err)
+
+	metas = repo.ComposeMetas()
+	assert.Contains(t, metas, "org")
+	assert.Contains(t, metas, "teams")
+	assert.Equal(t, "user3", metas["org"])
+	assert.Equal(t, ",owners,team1,", metas["teams"])
+}
diff --git a/models/repo_collaboration_test.go b/models/repo_collaboration_test.go
index b90490de92..4cf4d61218 100644
--- a/models/repo_collaboration_test.go
+++ b/models/repo_collaboration_test.go
@@ -8,8 +8,6 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/perm"
-	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
@@ -32,25 +30,6 @@ func TestRepository_AddCollaborator(t *testing.T) {
 	testSuccess(3, 4)
 }
 
-func TestRepository_ChangeCollaborationAccessMode(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}).(*repo_model.Repository)
-	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, 4, perm.AccessModeAdmin))
-
-	collaboration := unittest.AssertExistsAndLoadBean(t, &repo_model.Collaboration{RepoID: repo.ID, UserID: 4}).(*repo_model.Collaboration)
-	assert.EqualValues(t, perm.AccessModeAdmin, collaboration.Mode)
-
-	access := unittest.AssertExistsAndLoadBean(t, &access_model.Access{UserID: 4, RepoID: repo.ID}).(*access_model.Access)
-	assert.EqualValues(t, perm.AccessModeAdmin, access.Mode)
-
-	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, 4, perm.AccessModeAdmin))
-
-	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, unittest.NonexistentID, perm.AccessModeAdmin))
-
-	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repo.ID})
-}
-
 func TestRepository_DeleteCollaboration(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
diff --git a/models/repo_permission_test.go b/models/repo_permission_test.go
deleted file mode 100644
index 80919e7cf1..0000000000
--- a/models/repo_permission_test.go
+++ /dev/null
@@ -1,266 +0,0 @@
-// Copyright 2018 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package models
-
-import (
-	"testing"
-
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/organization"
-	perm_model "code.gitea.io/gitea/models/perm"
-	access_model "code.gitea.io/gitea/models/perm/access"
-	repo_model "code.gitea.io/gitea/models/repo"
-	"code.gitea.io/gitea/models/unit"
-	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestRepoPermissionPublicNonOrgRepo(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	// public non-organization repo
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}).(*repo_model.Repository)
-	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
-
-	// plain user
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// change to collaborator
-	assert.NoError(t, AddCollaborator(repo, user))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// collaborator
-	collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, collaborator)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// owner
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// admin
-	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-}
-
-func TestRepoPermissionPrivateNonOrgRepo(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	// private non-organization repo
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2}).(*repo_model.Repository)
-	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
-
-	// plain user
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)
-	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.False(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// change to collaborator to default write access
-	assert.NoError(t, AddCollaborator(repo, user))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// owner
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// admin
-	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-}
-
-func TestRepoPermissionPublicOrgRepo(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	// public organization repo
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 32}).(*repo_model.Repository)
-	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
-
-	// plain user
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
-	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// change to collaborator to default write access
-	assert.NoError(t, AddCollaborator(repo, user))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// org member team owner
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// org member team tester
-	member := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, member)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-	}
-	assert.True(t, perm.CanWrite(unit.TypeIssues))
-	assert.False(t, perm.CanWrite(unit.TypeCode))
-
-	// admin
-	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-}
-
-func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	// private organization repo
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24}).(*repo_model.Repository)
-	assert.NoError(t, repo.LoadUnits(db.DefaultContext))
-
-	// plain user
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
-	perm, err := access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.False(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// change to collaborator to default write access
-	assert.NoError(t, AddCollaborator(repo, user))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(repo, user.ID, perm_model.AccessModeRead))
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, user)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.False(t, perm.CanWrite(unit.Type))
-	}
-
-	// org member team owner
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// update team information and then check permission
-	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5}).(*organization.Team)
-	err = organization.UpdateTeamUnits(team, nil)
-	assert.NoError(t, err)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, owner)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
-	// org member team tester
-	tester := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, tester)
-	assert.NoError(t, err)
-	assert.True(t, perm.CanWrite(unit.TypeIssues))
-	assert.False(t, perm.CanWrite(unit.TypeCode))
-	assert.False(t, perm.CanRead(unit.TypeCode))
-
-	// org member team reviewer
-	reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, reviewer)
-	assert.NoError(t, err)
-	assert.False(t, perm.CanRead(unit.TypeIssues))
-	assert.False(t, perm.CanWrite(unit.TypeCode))
-	assert.True(t, perm.CanRead(unit.TypeCode))
-
-	// admin
-	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-	perm, err = access_model.GetUserRepoPermission(db.DefaultContext, repo, admin)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-}
diff --git a/models/repo_test.go b/models/repo_test.go
index f554ff16a6..a8358e307d 100644
--- a/models/repo_test.go
+++ b/models/repo_test.go
@@ -8,11 +8,7 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
-	repo_model "code.gitea.io/gitea/models/repo"
-	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/markup"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -22,71 +18,6 @@ func TestCheckRepoStats(t *testing.T) {
 	assert.NoError(t, CheckRepoStats(db.DefaultContext))
 }
 
-func TestWatchRepo(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-	const repoID = 3
-	const userID = 2
-
-	assert.NoError(t, repo_model.WatchRepo(db.DefaultContext, userID, repoID, true))
-	unittest.AssertExistsAndLoadBean(t, &repo_model.Watch{RepoID: repoID, UserID: userID})
-	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repoID})
-
-	assert.NoError(t, repo_model.WatchRepo(db.DefaultContext, userID, repoID, false))
-	unittest.AssertNotExistsBean(t, &repo_model.Watch{RepoID: repoID, UserID: userID})
-	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repoID})
-}
-
-func TestMetas(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	repo := &repo_model.Repository{Name: "testRepo"}
-	repo.Owner = &user_model.User{Name: "testOwner"}
-	repo.OwnerName = repo.Owner.Name
-
-	repo.Units = nil
-
-	metas := repo.ComposeMetas()
-	assert.Equal(t, "testRepo", metas["repo"])
-	assert.Equal(t, "testOwner", metas["user"])
-
-	externalTracker := repo_model.RepoUnit{
-		Type: unit.TypeExternalTracker,
-		Config: &repo_model.ExternalTrackerConfig{
-			ExternalTrackerFormat: "https://someurl.com/{user}/{repo}/{issue}",
-		},
-	}
-
-	testSuccess := func(expectedStyle string) {
-		repo.Units = []*repo_model.RepoUnit{&externalTracker}
-		repo.RenderingMetas = nil
-		metas := repo.ComposeMetas()
-		assert.Equal(t, expectedStyle, metas["style"])
-		assert.Equal(t, "testRepo", metas["repo"])
-		assert.Equal(t, "testOwner", metas["user"])
-		assert.Equal(t, "https://someurl.com/{user}/{repo}/{issue}", metas["format"])
-	}
-
-	testSuccess(markup.IssueNameStyleNumeric)
-
-	externalTracker.ExternalTrackerConfig().ExternalTrackerStyle = markup.IssueNameStyleAlphanumeric
-	testSuccess(markup.IssueNameStyleAlphanumeric)
-
-	externalTracker.ExternalTrackerConfig().ExternalTrackerStyle = markup.IssueNameStyleNumeric
-	testSuccess(markup.IssueNameStyleNumeric)
-
-	externalTracker.ExternalTrackerConfig().ExternalTrackerStyle = markup.IssueNameStyleRegexp
-	testSuccess(markup.IssueNameStyleRegexp)
-
-	repo, err := repo_model.GetRepositoryByID(3)
-	assert.NoError(t, err)
-
-	metas = repo.ComposeMetas()
-	assert.Contains(t, metas, "org")
-	assert.Contains(t, metas, "teams")
-	assert.Equal(t, "user3", metas["org"])
-	assert.Equal(t, ",owners,team1,", metas["teams"])
-}
-
 func TestDoctorUserStarNum(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
diff --git a/models/user/email_address_test.go b/models/user/email_address_test.go
index 79de4c0b48..471598c897 100644
--- a/models/user/email_address_test.go
+++ b/models/user/email_address_test.go
@@ -2,13 +2,14 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package user
+package user_test
 
 import (
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/util"
 
 	"github.com/stretchr/testify/assert"
@@ -17,14 +18,14 @@ import (
 func TestGetEmailAddresses(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	emails, _ := GetEmailAddresses(int64(1))
+	emails, _ := user_model.GetEmailAddresses(int64(1))
 	if assert.Len(t, emails, 3) {
 		assert.True(t, emails[0].IsPrimary)
 		assert.True(t, emails[2].IsActivated)
 		assert.False(t, emails[2].IsPrimary)
 	}
 
-	emails, _ = GetEmailAddresses(int64(2))
+	emails, _ = user_model.GetEmailAddresses(int64(2))
 	if assert.Len(t, emails, 2) {
 		assert.True(t, emails[0].IsPrimary)
 		assert.True(t, emails[0].IsActivated)
@@ -34,18 +35,18 @@ func TestGetEmailAddresses(t *testing.T) {
 func TestIsEmailUsed(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	isExist, _ := IsEmailUsed(db.DefaultContext, "")
+	isExist, _ := user_model.IsEmailUsed(db.DefaultContext, "")
 	assert.True(t, isExist)
-	isExist, _ = IsEmailUsed(db.DefaultContext, "user11@example.com")
+	isExist, _ = user_model.IsEmailUsed(db.DefaultContext, "user11@example.com")
 	assert.True(t, isExist)
-	isExist, _ = IsEmailUsed(db.DefaultContext, "user1234567890@example.com")
+	isExist, _ = user_model.IsEmailUsed(db.DefaultContext, "user1234567890@example.com")
 	assert.False(t, isExist)
 }
 
 func TestAddEmailAddress(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	assert.NoError(t, AddEmailAddress(db.DefaultContext, &EmailAddress{
+	assert.NoError(t, user_model.AddEmailAddress(db.DefaultContext, &user_model.EmailAddress{
 		Email:       "user1234567890@example.com",
 		LowerEmail:  "user1234567890@example.com",
 		IsPrimary:   true,
@@ -53,55 +54,55 @@ func TestAddEmailAddress(t *testing.T) {
 	}))
 
 	// ErrEmailAlreadyUsed
-	err := AddEmailAddress(db.DefaultContext, &EmailAddress{
+	err := user_model.AddEmailAddress(db.DefaultContext, &user_model.EmailAddress{
 		Email:      "user1234567890@example.com",
 		LowerEmail: "user1234567890@example.com",
 	})
 	assert.Error(t, err)
-	assert.True(t, IsErrEmailAlreadyUsed(err))
+	assert.True(t, user_model.IsErrEmailAlreadyUsed(err))
 }
 
 func TestAddEmailAddresses(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	// insert multiple email address
-	emails := make([]*EmailAddress, 2)
-	emails[0] = &EmailAddress{
+	emails := make([]*user_model.EmailAddress, 2)
+	emails[0] = &user_model.EmailAddress{
 		Email:       "user1234@example.com",
 		LowerEmail:  "user1234@example.com",
 		IsActivated: true,
 	}
-	emails[1] = &EmailAddress{
+	emails[1] = &user_model.EmailAddress{
 		Email:       "user5678@example.com",
 		LowerEmail:  "user5678@example.com",
 		IsActivated: true,
 	}
-	assert.NoError(t, AddEmailAddresses(emails))
+	assert.NoError(t, user_model.AddEmailAddresses(emails))
 
 	// ErrEmailAlreadyUsed
-	err := AddEmailAddresses(emails)
+	err := user_model.AddEmailAddresses(emails)
 	assert.Error(t, err)
-	assert.True(t, IsErrEmailAlreadyUsed(err))
+	assert.True(t, user_model.IsErrEmailAlreadyUsed(err))
 }
 
 func TestDeleteEmailAddress(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	assert.NoError(t, DeleteEmailAddress(&EmailAddress{
+	assert.NoError(t, user_model.DeleteEmailAddress(&user_model.EmailAddress{
 		UID:        int64(1),
 		ID:         int64(33),
 		Email:      "user1-2@example.com",
 		LowerEmail: "user1-2@example.com",
 	}))
 
-	assert.NoError(t, DeleteEmailAddress(&EmailAddress{
+	assert.NoError(t, user_model.DeleteEmailAddress(&user_model.EmailAddress{
 		UID:        int64(1),
 		Email:      "user1-3@example.com",
 		LowerEmail: "user1-3@example.com",
 	}))
 
 	// Email address does not exist
-	err := DeleteEmailAddress(&EmailAddress{
+	err := user_model.DeleteEmailAddress(&user_model.EmailAddress{
 		UID:        int64(1),
 		Email:      "user1234567890@example.com",
 		LowerEmail: "user1234567890@example.com",
@@ -113,70 +114,70 @@ func TestDeleteEmailAddresses(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	// delete multiple email address
-	emails := make([]*EmailAddress, 2)
-	emails[0] = &EmailAddress{
+	emails := make([]*user_model.EmailAddress, 2)
+	emails[0] = &user_model.EmailAddress{
 		UID:        int64(2),
 		ID:         int64(3),
 		Email:      "user2@example.com",
 		LowerEmail: "user2@example.com",
 	}
-	emails[1] = &EmailAddress{
+	emails[1] = &user_model.EmailAddress{
 		UID:        int64(2),
 		Email:      "user2-2@example.com",
 		LowerEmail: "user2-2@example.com",
 	}
-	assert.NoError(t, DeleteEmailAddresses(emails))
+	assert.NoError(t, user_model.DeleteEmailAddresses(emails))
 
 	// ErrEmailAlreadyUsed
-	err := DeleteEmailAddresses(emails)
+	err := user_model.DeleteEmailAddresses(emails)
 	assert.Error(t, err)
 }
 
 func TestMakeEmailPrimary(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	email := &EmailAddress{
+	email := &user_model.EmailAddress{
 		Email: "user567890@example.com",
 	}
-	err := MakeEmailPrimary(email)
+	err := user_model.MakeEmailPrimary(email)
 	assert.Error(t, err)
-	assert.EqualError(t, err, ErrEmailAddressNotExist{Email: email.Email}.Error())
+	assert.EqualError(t, err, user_model.ErrEmailAddressNotExist{Email: email.Email}.Error())
 
-	email = &EmailAddress{
+	email = &user_model.EmailAddress{
 		Email: "user11@example.com",
 	}
-	err = MakeEmailPrimary(email)
+	err = user_model.MakeEmailPrimary(email)
 	assert.Error(t, err)
-	assert.EqualError(t, err, ErrEmailNotActivated.Error())
+	assert.EqualError(t, err, user_model.ErrEmailNotActivated.Error())
 
-	email = &EmailAddress{
+	email = &user_model.EmailAddress{
 		Email: "user9999999@example.com",
 	}
-	err = MakeEmailPrimary(email)
+	err = user_model.MakeEmailPrimary(email)
 	assert.Error(t, err)
-	assert.True(t, IsErrUserNotExist(err))
+	assert.True(t, user_model.IsErrUserNotExist(err))
 
-	email = &EmailAddress{
+	email = &user_model.EmailAddress{
 		Email: "user101@example.com",
 	}
-	err = MakeEmailPrimary(email)
+	err = user_model.MakeEmailPrimary(email)
 	assert.NoError(t, err)
 
-	user, _ := GetUserByID(int64(10))
+	user, _ := user_model.GetUserByID(int64(10))
 	assert.Equal(t, "user101@example.com", user.Email)
 }
 
 func TestActivate(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	email := &EmailAddress{
+	email := &user_model.EmailAddress{
 		ID:    int64(1),
 		UID:   int64(1),
 		Email: "user11@example.com",
 	}
-	assert.NoError(t, ActivateEmail(email))
+	assert.NoError(t, user_model.ActivateEmail(email))
 
-	emails, _ := GetEmailAddresses(int64(1))
+	emails, _ := user_model.GetEmailAddresses(int64(1))
 	assert.Len(t, emails, 3)
 	assert.True(t, emails[0].IsActivated)
 	assert.True(t, emails[0].IsPrimary)
@@ -189,17 +190,17 @@ func TestListEmails(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	// Must find all users and their emails
-	opts := &SearchEmailOptions{
+	opts := &user_model.SearchEmailOptions{
 		ListOptions: db.ListOptions{
 			PageSize: 10000,
 		},
 	}
-	emails, count, err := SearchEmails(opts)
+	emails, count, err := user_model.SearchEmails(opts)
 	assert.NoError(t, err)
 	assert.NotEqual(t, int64(0), count)
 	assert.True(t, count > 5)
 
-	contains := func(match func(s *SearchEmailResult) bool) bool {
+	contains := func(match func(s *user_model.SearchEmailResult) bool) bool {
 		for _, v := range emails {
 			if match(v) {
 				return true
@@ -208,46 +209,46 @@ func TestListEmails(t *testing.T) {
 		return false
 	}
 
-	assert.True(t, contains(func(s *SearchEmailResult) bool { return s.UID == 18 }))
+	assert.True(t, contains(func(s *user_model.SearchEmailResult) bool { return s.UID == 18 }))
 	// 'user3' is an organization
-	assert.False(t, contains(func(s *SearchEmailResult) bool { return s.UID == 3 }))
+	assert.False(t, contains(func(s *user_model.SearchEmailResult) bool { return s.UID == 3 }))
 
 	// Must find no records
-	opts = &SearchEmailOptions{Keyword: "NOTFOUND"}
-	emails, count, err = SearchEmails(opts)
+	opts = &user_model.SearchEmailOptions{Keyword: "NOTFOUND"}
+	emails, count, err = user_model.SearchEmails(opts)
 	assert.NoError(t, err)
 	assert.Equal(t, int64(0), count)
 
 	// Must find users 'user2', 'user28', etc.
-	opts = &SearchEmailOptions{Keyword: "user2"}
-	emails, count, err = SearchEmails(opts)
+	opts = &user_model.SearchEmailOptions{Keyword: "user2"}
+	emails, count, err = user_model.SearchEmails(opts)
 	assert.NoError(t, err)
 	assert.NotEqual(t, int64(0), count)
-	assert.True(t, contains(func(s *SearchEmailResult) bool { return s.UID == 2 }))
-	assert.True(t, contains(func(s *SearchEmailResult) bool { return s.UID == 27 }))
+	assert.True(t, contains(func(s *user_model.SearchEmailResult) bool { return s.UID == 2 }))
+	assert.True(t, contains(func(s *user_model.SearchEmailResult) bool { return s.UID == 27 }))
 
 	// Must find only primary addresses (i.e. from the `user` table)
-	opts = &SearchEmailOptions{IsPrimary: util.OptionalBoolTrue}
-	emails, _, err = SearchEmails(opts)
+	opts = &user_model.SearchEmailOptions{IsPrimary: util.OptionalBoolTrue}
+	emails, _, err = user_model.SearchEmails(opts)
 	assert.NoError(t, err)
-	assert.True(t, contains(func(s *SearchEmailResult) bool { return s.IsPrimary }))
-	assert.False(t, contains(func(s *SearchEmailResult) bool { return !s.IsPrimary }))
+	assert.True(t, contains(func(s *user_model.SearchEmailResult) bool { return s.IsPrimary }))
+	assert.False(t, contains(func(s *user_model.SearchEmailResult) bool { return !s.IsPrimary }))
 
 	// Must find only inactive addresses (i.e. not validated)
-	opts = &SearchEmailOptions{IsActivated: util.OptionalBoolFalse}
-	emails, _, err = SearchEmails(opts)
+	opts = &user_model.SearchEmailOptions{IsActivated: util.OptionalBoolFalse}
+	emails, _, err = user_model.SearchEmails(opts)
 	assert.NoError(t, err)
-	assert.True(t, contains(func(s *SearchEmailResult) bool { return !s.IsActivated }))
-	assert.False(t, contains(func(s *SearchEmailResult) bool { return s.IsActivated }))
+	assert.True(t, contains(func(s *user_model.SearchEmailResult) bool { return !s.IsActivated }))
+	assert.False(t, contains(func(s *user_model.SearchEmailResult) bool { return s.IsActivated }))
 
 	// Must find more than one page, but retrieve only one
-	opts = &SearchEmailOptions{
+	opts = &user_model.SearchEmailOptions{
 		ListOptions: db.ListOptions{
 			PageSize: 5,
 			Page:     1,
 		},
 	}
-	emails, count, err = SearchEmails(opts)
+	emails, count, err = user_model.SearchEmails(opts)
 	assert.NoError(t, err)
 	assert.Len(t, emails, 5)
 	assert.Greater(t, count, int64(len(emails)))
@@ -278,32 +279,32 @@ func TestEmailAddressValidate(t *testing.T) {
 		`first|last@iana.org`:            nil,
 		`first}last@iana.org`:            nil,
 		`first~last@iana.org`:            nil,
-		`first;last@iana.org`:            ErrEmailCharIsNotSupported{`first;last@iana.org`},
-		".233@qq.com":                    ErrEmailInvalid{".233@qq.com"},
-		"!233@qq.com":                    ErrEmailInvalid{"!233@qq.com"},
-		"#233@qq.com":                    ErrEmailInvalid{"#233@qq.com"},
-		"$233@qq.com":                    ErrEmailInvalid{"$233@qq.com"},
-		"%233@qq.com":                    ErrEmailInvalid{"%233@qq.com"},
-		"&233@qq.com":                    ErrEmailInvalid{"&233@qq.com"},
-		"'233@qq.com":                    ErrEmailInvalid{"'233@qq.com"},
-		"*233@qq.com":                    ErrEmailInvalid{"*233@qq.com"},
-		"+233@qq.com":                    ErrEmailInvalid{"+233@qq.com"},
-		"/233@qq.com":                    ErrEmailInvalid{"/233@qq.com"},
-		"=233@qq.com":                    ErrEmailInvalid{"=233@qq.com"},
-		"?233@qq.com":                    ErrEmailInvalid{"?233@qq.com"},
-		"^233@qq.com":                    ErrEmailInvalid{"^233@qq.com"},
-		"`233@qq.com":                    ErrEmailInvalid{"`233@qq.com"},
-		"{233@qq.com":                    ErrEmailInvalid{"{233@qq.com"},
-		"|233@qq.com":                    ErrEmailInvalid{"|233@qq.com"},
-		"}233@qq.com":                    ErrEmailInvalid{"}233@qq.com"},
-		"~233@qq.com":                    ErrEmailInvalid{"~233@qq.com"},
-		";233@qq.com":                    ErrEmailCharIsNotSupported{";233@qq.com"},
-		"Foo <foo@bar.com>":              ErrEmailCharIsNotSupported{"Foo <foo@bar.com>"},
-		string([]byte{0xE2, 0x84, 0xAA}): ErrEmailCharIsNotSupported{string([]byte{0xE2, 0x84, 0xAA})},
+		`first;last@iana.org`:            user_model.ErrEmailCharIsNotSupported{`first;last@iana.org`},
+		".233@qq.com":                    user_model.ErrEmailInvalid{".233@qq.com"},
+		"!233@qq.com":                    user_model.ErrEmailInvalid{"!233@qq.com"},
+		"#233@qq.com":                    user_model.ErrEmailInvalid{"#233@qq.com"},
+		"$233@qq.com":                    user_model.ErrEmailInvalid{"$233@qq.com"},
+		"%233@qq.com":                    user_model.ErrEmailInvalid{"%233@qq.com"},
+		"&233@qq.com":                    user_model.ErrEmailInvalid{"&233@qq.com"},
+		"'233@qq.com":                    user_model.ErrEmailInvalid{"'233@qq.com"},
+		"*233@qq.com":                    user_model.ErrEmailInvalid{"*233@qq.com"},
+		"+233@qq.com":                    user_model.ErrEmailInvalid{"+233@qq.com"},
+		"/233@qq.com":                    user_model.ErrEmailInvalid{"/233@qq.com"},
+		"=233@qq.com":                    user_model.ErrEmailInvalid{"=233@qq.com"},
+		"?233@qq.com":                    user_model.ErrEmailInvalid{"?233@qq.com"},
+		"^233@qq.com":                    user_model.ErrEmailInvalid{"^233@qq.com"},
+		"`233@qq.com":                    user_model.ErrEmailInvalid{"`233@qq.com"},
+		"{233@qq.com":                    user_model.ErrEmailInvalid{"{233@qq.com"},
+		"|233@qq.com":                    user_model.ErrEmailInvalid{"|233@qq.com"},
+		"}233@qq.com":                    user_model.ErrEmailInvalid{"}233@qq.com"},
+		"~233@qq.com":                    user_model.ErrEmailInvalid{"~233@qq.com"},
+		";233@qq.com":                    user_model.ErrEmailCharIsNotSupported{";233@qq.com"},
+		"Foo <foo@bar.com>":              user_model.ErrEmailCharIsNotSupported{"Foo <foo@bar.com>"},
+		string([]byte{0xE2, 0x84, 0xAA}): user_model.ErrEmailCharIsNotSupported{string([]byte{0xE2, 0x84, 0xAA})},
 	}
 	for kase, err := range kases {
 		t.Run(kase, func(t *testing.T) {
-			assert.EqualValues(t, err, ValidateEmail(kase))
+			assert.EqualValues(t, err, user_model.ValidateEmail(kase))
 		})
 	}
 }
diff --git a/models/user/follow_test.go b/models/user/follow_test.go
index 538c7b18a2..ad2f7cf742 100644
--- a/models/user/follow_test.go
+++ b/models/user/follow_test.go
@@ -2,21 +2,22 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package user
+package user_test
 
 import (
 	"testing"
 
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 
 	"github.com/stretchr/testify/assert"
 )
 
 func TestIsFollowing(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	assert.True(t, IsFollowing(4, 2))
-	assert.False(t, IsFollowing(2, 4))
-	assert.False(t, IsFollowing(5, unittest.NonexistentID))
-	assert.False(t, IsFollowing(unittest.NonexistentID, 5))
-	assert.False(t, IsFollowing(unittest.NonexistentID, unittest.NonexistentID))
+	assert.True(t, user_model.IsFollowing(4, 2))
+	assert.False(t, user_model.IsFollowing(2, 4))
+	assert.False(t, user_model.IsFollowing(5, unittest.NonexistentID))
+	assert.False(t, user_model.IsFollowing(unittest.NonexistentID, 5))
+	assert.False(t, user_model.IsFollowing(unittest.NonexistentID, unittest.NonexistentID))
 }
diff --git a/models/user/main_test.go b/models/user/main_test.go
index 09af550a95..b2416a3e0a 100644
--- a/models/user/main_test.go
+++ b/models/user/main_test.go
@@ -2,26 +2,20 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package user
+package user_test
 
 import (
 	"path/filepath"
 	"testing"
 
 	"code.gitea.io/gitea/models/unittest"
+
+	_ "code.gitea.io/gitea/models"
+	_ "code.gitea.io/gitea/models/user"
 )
 
 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: filepath.Join("..", ".."),
-		FixtureFiles: []string{
-			"email_address.yml",
-			"user_redirect.yml",
-			"follow.yml",
-			"user_open_id.yml",
-			"two_factor.yml",
-			"oauth2_application.yml",
-			"user.yml",
-		},
 	})
 }
diff --git a/models/user/openid_test.go b/models/user/openid_test.go
index ba678ef864..d20b72d19a 100644
--- a/models/user/openid_test.go
+++ b/models/user/openid_test.go
@@ -2,12 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package user
+package user_test
 
 import (
 	"testing"
 
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -15,7 +16,7 @@ import (
 func TestGetUserOpenIDs(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	oids, err := GetUserOpenIDs(int64(1))
+	oids, err := user_model.GetUserOpenIDs(int64(1))
 	if assert.NoError(t, err) && assert.Len(t, oids, 2) {
 		assert.Equal(t, "https://user1.domain1.tld/", oids[0].URI)
 		assert.False(t, oids[0].Show)
@@ -23,7 +24,7 @@ func TestGetUserOpenIDs(t *testing.T) {
 		assert.True(t, oids[1].Show)
 	}
 
-	oids, err = GetUserOpenIDs(int64(2))
+	oids, err = user_model.GetUserOpenIDs(int64(2))
 	if assert.NoError(t, err) && assert.Len(t, oids, 1) {
 		assert.Equal(t, "https://domain1.tld/user2/", oids[0].URI)
 		assert.True(t, oids[0].Show)
@@ -32,28 +33,28 @@ func TestGetUserOpenIDs(t *testing.T) {
 
 func TestToggleUserOpenIDVisibility(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	oids, err := GetUserOpenIDs(int64(2))
+	oids, err := user_model.GetUserOpenIDs(int64(2))
 	if !assert.NoError(t, err) || !assert.Len(t, oids, 1) {
 		return
 	}
 	assert.True(t, oids[0].Show)
 
-	err = ToggleUserOpenIDVisibility(oids[0].ID)
+	err = user_model.ToggleUserOpenIDVisibility(oids[0].ID)
 	if !assert.NoError(t, err) {
 		return
 	}
 
-	oids, err = GetUserOpenIDs(int64(2))
+	oids, err = user_model.GetUserOpenIDs(int64(2))
 	if !assert.NoError(t, err) || !assert.Len(t, oids, 1) {
 		return
 	}
 	assert.False(t, oids[0].Show)
-	err = ToggleUserOpenIDVisibility(oids[0].ID)
+	err = user_model.ToggleUserOpenIDVisibility(oids[0].ID)
 	if !assert.NoError(t, err) {
 		return
 	}
 
-	oids, err = GetUserOpenIDs(int64(2))
+	oids, err = user_model.GetUserOpenIDs(int64(2))
 	if !assert.NoError(t, err) {
 		return
 	}
diff --git a/models/user/redirect_test.go b/models/user/redirect_test.go
index 82a0a0a2e2..a5b19d4f04 100644
--- a/models/user/redirect_test.go
+++ b/models/user/redirect_test.go
@@ -2,12 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package user
+package user_test
 
 import (
 	"testing"
 
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -15,10 +16,10 @@ import (
 func TestLookupUserRedirect(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	userID, err := LookupUserRedirect("olduser1")
+	userID, err := user_model.LookupUserRedirect("olduser1")
 	assert.NoError(t, err)
 	assert.EqualValues(t, 1, userID)
 
-	_, err = LookupUserRedirect("doesnotexist")
-	assert.True(t, IsErrUserRedirectNotExist(err))
+	_, err = user_model.LookupUserRedirect("doesnotexist")
+	assert.True(t, user_model.IsErrUserRedirectNotExist(err))
 }
diff --git a/models/user/setting_test.go b/models/user/setting_test.go
index 0b42e0fe2a..f0083038df 100644
--- a/models/user/setting_test.go
+++ b/models/user/setting_test.go
@@ -2,12 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package user
+package user_test
 
 import (
 	"testing"
 
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -16,44 +17,44 @@ func TestSettings(t *testing.T) {
 	keyName := "test_user_setting"
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	newSetting := &Setting{UserID: 99, SettingKey: keyName, SettingValue: "Gitea User Setting Test"}
+	newSetting := &user_model.Setting{UserID: 99, SettingKey: keyName, SettingValue: "Gitea User Setting Test"}
 
 	// create setting
-	err := SetUserSetting(newSetting.UserID, newSetting.SettingKey, newSetting.SettingValue)
+	err := user_model.SetUserSetting(newSetting.UserID, newSetting.SettingKey, newSetting.SettingValue)
 	assert.NoError(t, err)
 	// test about saving unchanged values
-	err = SetUserSetting(newSetting.UserID, newSetting.SettingKey, newSetting.SettingValue)
+	err = user_model.SetUserSetting(newSetting.UserID, newSetting.SettingKey, newSetting.SettingValue)
 	assert.NoError(t, err)
 
 	// get specific setting
-	settings, err := GetUserSettings(99, []string{keyName})
+	settings, err := user_model.GetUserSettings(99, []string{keyName})
 	assert.NoError(t, err)
 	assert.Len(t, settings, 1)
 	assert.EqualValues(t, newSetting.SettingValue, settings[keyName].SettingValue)
 
-	settingValue, err := GetUserSetting(99, keyName)
+	settingValue, err := user_model.GetUserSetting(99, keyName)
 	assert.NoError(t, err)
 	assert.EqualValues(t, newSetting.SettingValue, settingValue)
 
-	settingValue, err = GetUserSetting(99, "no_such")
+	settingValue, err = user_model.GetUserSetting(99, "no_such")
 	assert.NoError(t, err)
 	assert.EqualValues(t, "", settingValue)
 
 	// updated setting
-	updatedSetting := &Setting{UserID: 99, SettingKey: keyName, SettingValue: "Updated"}
-	err = SetUserSetting(updatedSetting.UserID, updatedSetting.SettingKey, updatedSetting.SettingValue)
+	updatedSetting := &user_model.Setting{UserID: 99, SettingKey: keyName, SettingValue: "Updated"}
+	err = user_model.SetUserSetting(updatedSetting.UserID, updatedSetting.SettingKey, updatedSetting.SettingValue)
 	assert.NoError(t, err)
 
 	// get all settings
-	settings, err = GetUserAllSettings(99)
+	settings, err = user_model.GetUserAllSettings(99)
 	assert.NoError(t, err)
 	assert.Len(t, settings, 1)
 	assert.EqualValues(t, updatedSetting.SettingValue, settings[updatedSetting.SettingKey].SettingValue)
 
 	// delete setting
-	err = DeleteUserSetting(99, keyName)
+	err = user_model.DeleteUserSetting(99, keyName)
 	assert.NoError(t, err)
-	settings, err = GetUserAllSettings(99)
+	settings, err = user_model.GetUserAllSettings(99)
 	assert.NoError(t, err)
 	assert.Len(t, settings, 0)
 }
diff --git a/models/user/user_test.go b/models/user/user_test.go
index 0dbf2fc205..4994ac53ab 100644
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package user
+package user_test
 
 import (
 	"math/rand"
@@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
@@ -22,7 +23,7 @@ import (
 func TestOAuth2Application_LoadUser(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	app := unittest.AssertExistsAndLoadBean(t, &auth.OAuth2Application{ID: 1}).(*auth.OAuth2Application)
-	user, err := GetUserByID(app.UID)
+	user, err := user_model.GetUserByID(app.UID)
 	assert.NoError(t, err)
 	assert.NotNil(t, user)
 }
@@ -31,19 +32,19 @@ func TestGetUserEmailsByNames(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	// ignore none active user email
-	assert.Equal(t, []string{"user8@example.com"}, GetUserEmailsByNames(db.DefaultContext, []string{"user8", "user9"}))
-	assert.Equal(t, []string{"user8@example.com", "user5@example.com"}, GetUserEmailsByNames(db.DefaultContext, []string{"user8", "user5"}))
+	assert.Equal(t, []string{"user8@example.com"}, user_model.GetUserEmailsByNames(db.DefaultContext, []string{"user8", "user9"}))
+	assert.Equal(t, []string{"user8@example.com", "user5@example.com"}, user_model.GetUserEmailsByNames(db.DefaultContext, []string{"user8", "user5"}))
 
-	assert.Equal(t, []string{"user8@example.com"}, GetUserEmailsByNames(db.DefaultContext, []string{"user8", "user7"}))
+	assert.Equal(t, []string{"user8@example.com"}, user_model.GetUserEmailsByNames(db.DefaultContext, []string{"user8", "user7"}))
 }
 
 func TestCanCreateOrganization(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	admin := unittest.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
+	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
 	assert.True(t, admin.CanCreateOrganization())
 
-	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	assert.True(t, user.CanCreateOrganization())
 	// Disable user create organization permission.
 	user.AllowCreateOrganization = false
@@ -57,8 +58,8 @@ func TestCanCreateOrganization(t *testing.T) {
 
 func TestSearchUsers(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	testSuccess := func(opts *SearchUserOptions, expectedUserOrOrgIDs []int64) {
-		users, _, err := SearchUsers(opts)
+	testSuccess := func(opts *user_model.SearchUserOptions, expectedUserOrOrgIDs []int64) {
+		users, _, err := user_model.SearchUsers(opts)
 		assert.NoError(t, err)
 		if assert.Len(t, users, len(expectedUserOrOrgIDs), opts) {
 			for i, expectedID := range expectedUserOrOrgIDs {
@@ -68,58 +69,58 @@ func TestSearchUsers(t *testing.T) {
 	}
 
 	// test orgs
-	testOrgSuccess := func(opts *SearchUserOptions, expectedOrgIDs []int64) {
-		opts.Type = UserTypeOrganization
+	testOrgSuccess := func(opts *user_model.SearchUserOptions, expectedOrgIDs []int64) {
+		opts.Type = user_model.UserTypeOrganization
 		testSuccess(opts, expectedOrgIDs)
 	}
 
-	testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1, PageSize: 2}},
+	testOrgSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1, PageSize: 2}},
 		[]int64{3, 6})
 
-	testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 2, PageSize: 2}},
+	testOrgSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 2, PageSize: 2}},
 		[]int64{7, 17})
 
-	testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 3, PageSize: 2}},
+	testOrgSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 3, PageSize: 2}},
 		[]int64{19, 25})
 
-	testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 4, PageSize: 2}},
+	testOrgSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 4, PageSize: 2}},
 		[]int64{26})
 
-	testOrgSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 5, PageSize: 2}},
+	testOrgSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 5, PageSize: 2}},
 		[]int64{})
 
 	// test users
-	testUserSuccess := func(opts *SearchUserOptions, expectedUserIDs []int64) {
-		opts.Type = UserTypeIndividual
+	testUserSuccess := func(opts *user_model.SearchUserOptions, expectedUserIDs []int64) {
+		opts.Type = user_model.UserTypeIndividual
 		testSuccess(opts, expectedUserIDs)
 	}
 
-	testUserSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}},
+	testUserSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}},
 		[]int64{1, 2, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30, 32})
 
-	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolFalse},
+	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolFalse},
 		[]int64{9})
 
-	testUserSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
 		[]int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 28, 29, 30, 32})
 
-	testUserSuccess(&SearchUserOptions{Keyword: "user1", OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{Keyword: "user1", OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
 		[]int64{1, 10, 11, 12, 13, 14, 15, 16, 18})
 
 	// order by name asc default
-	testUserSuccess(&SearchUserOptions{Keyword: "user1", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{Keyword: "user1", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
 		[]int64{1, 10, 11, 12, 13, 14, 15, 16, 18})
 
-	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsAdmin: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsAdmin: util.OptionalBoolTrue},
 		[]int64{1})
 
-	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsRestricted: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsRestricted: util.OptionalBoolTrue},
 		[]int64{29, 30})
 
-	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsProhibitLogin: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsProhibitLogin: util.OptionalBoolTrue},
 		[]int64{30})
 
-	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsTwoFactorEnabled: util.OptionalBoolTrue},
+	testUserSuccess(&user_model.SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsTwoFactorEnabled: util.OptionalBoolTrue},
 		[]int64{24})
 }
 
@@ -130,34 +131,34 @@ func TestEmailNotificationPreferences(t *testing.T) {
 		expected string
 		userID   int64
 	}{
-		{EmailNotificationsEnabled, 1},
-		{EmailNotificationsEnabled, 2},
-		{EmailNotificationsOnMention, 3},
-		{EmailNotificationsOnMention, 4},
-		{EmailNotificationsEnabled, 5},
-		{EmailNotificationsEnabled, 6},
-		{EmailNotificationsDisabled, 7},
-		{EmailNotificationsEnabled, 8},
-		{EmailNotificationsOnMention, 9},
+		{user_model.EmailNotificationsEnabled, 1},
+		{user_model.EmailNotificationsEnabled, 2},
+		{user_model.EmailNotificationsOnMention, 3},
+		{user_model.EmailNotificationsOnMention, 4},
+		{user_model.EmailNotificationsEnabled, 5},
+		{user_model.EmailNotificationsEnabled, 6},
+		{user_model.EmailNotificationsDisabled, 7},
+		{user_model.EmailNotificationsEnabled, 8},
+		{user_model.EmailNotificationsOnMention, 9},
 	} {
-		user := unittest.AssertExistsAndLoadBean(t, &User{ID: test.userID}).(*User)
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: test.userID}).(*user_model.User)
 		assert.Equal(t, test.expected, user.EmailNotifications())
 
 		// Try all possible settings
-		assert.NoError(t, SetEmailNotifications(user, EmailNotificationsEnabled))
-		assert.Equal(t, EmailNotificationsEnabled, user.EmailNotifications())
+		assert.NoError(t, user_model.SetEmailNotifications(user, user_model.EmailNotificationsEnabled))
+		assert.Equal(t, user_model.EmailNotificationsEnabled, user.EmailNotifications())
 
-		assert.NoError(t, SetEmailNotifications(user, EmailNotificationsOnMention))
-		assert.Equal(t, EmailNotificationsOnMention, user.EmailNotifications())
+		assert.NoError(t, user_model.SetEmailNotifications(user, user_model.EmailNotificationsOnMention))
+		assert.Equal(t, user_model.EmailNotificationsOnMention, user.EmailNotifications())
 
-		assert.NoError(t, SetEmailNotifications(user, EmailNotificationsDisabled))
-		assert.Equal(t, EmailNotificationsDisabled, user.EmailNotifications())
+		assert.NoError(t, user_model.SetEmailNotifications(user, user_model.EmailNotificationsDisabled))
+		assert.Equal(t, user_model.EmailNotificationsDisabled, user.EmailNotifications())
 	}
 }
 
 func TestHashPasswordDeterministic(t *testing.T) {
 	b := make([]byte, 16)
-	u := &User{}
+	u := &user_model.User{}
 	algos := []string{"argon2", "pbkdf2", "scrypt", "bcrypt"}
 	for j := 0; j < len(algos); j++ {
 		u.PasswdHashAlgo = algos[j]
@@ -184,7 +185,7 @@ func BenchmarkHashPassword(b *testing.B) {
 	// BenchmarkHashPassword ensures that it takes a reasonable amount of time
 	// to hash a password - in order to protect from brute-force attacks.
 	pass := "password1337"
-	u := &User{Passwd: pass}
+	u := &user_model.User{Passwd: pass}
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		u.SetPassword(pass)
@@ -192,7 +193,7 @@ func BenchmarkHashPassword(b *testing.B) {
 }
 
 func TestNewGitSig(t *testing.T) {
-	users := make([]*User, 0, 20)
+	users := make([]*user_model.User, 0, 20)
 	err := db.GetEngine(db.DefaultContext).Find(&users)
 	assert.NoError(t, err)
 
@@ -206,7 +207,7 @@ func TestNewGitSig(t *testing.T) {
 }
 
 func TestDisplayName(t *testing.T) {
-	users := make([]*User, 0, 20)
+	users := make([]*user_model.User, 0, 20)
 	err := db.GetEngine(db.DefaultContext).Find(&users)
 	assert.NoError(t, err)
 
@@ -221,7 +222,7 @@ func TestDisplayName(t *testing.T) {
 }
 
 func TestCreateUserInvalidEmail(t *testing.T) {
-	user := &User{
+	user := &user_model.User{
 		Name:               "GiteaBot",
 		Email:              "GiteaBot@gitea.io\r\n",
 		Passwd:             ";p['////..-++']",
@@ -230,35 +231,35 @@ func TestCreateUserInvalidEmail(t *testing.T) {
 		MustChangePassword: false,
 	}
 
-	err := CreateUser(user)
+	err := user_model.CreateUser(user)
 	assert.Error(t, err)
-	assert.True(t, IsErrEmailCharIsNotSupported(err))
+	assert.True(t, user_model.IsErrEmailCharIsNotSupported(err))
 }
 
 func TestCreateUserEmailAlreadyUsed(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 
 	// add new user with user2's email
 	user.Name = "testuser"
 	user.LowerName = strings.ToLower(user.Name)
 	user.ID = 0
-	err := CreateUser(user)
+	err := user_model.CreateUser(user)
 	assert.Error(t, err)
-	assert.True(t, IsErrEmailAlreadyUsed(err))
+	assert.True(t, user_model.IsErrEmailAlreadyUsed(err))
 }
 
 func TestGetUserIDsByNames(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
 	// ignore non existing
-	IDs, err := GetUserIDsByNames([]string{"user1", "user2", "none_existing_user"}, true)
+	IDs, err := user_model.GetUserIDsByNames([]string{"user1", "user2", "none_existing_user"}, true)
 	assert.NoError(t, err)
 	assert.Equal(t, []int64{1, 2}, IDs)
 
 	// ignore non existing
-	IDs, err = GetUserIDsByNames([]string{"user1", "do_not_exist"}, false)
+	IDs, err = user_model.GetUserIDsByNames([]string{"user1", "do_not_exist"}, false)
 	assert.Error(t, err)
 	assert.Equal(t, []int64(nil), IDs)
 }
@@ -266,14 +267,14 @@ func TestGetUserIDsByNames(t *testing.T) {
 func TestGetMaileableUsersByIDs(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	results, err := GetMaileableUsersByIDs([]int64{1, 4}, false)
+	results, err := user_model.GetMaileableUsersByIDs([]int64{1, 4}, false)
 	assert.NoError(t, err)
 	assert.Len(t, results, 1)
 	if len(results) > 1 {
 		assert.Equal(t, results[0].ID, 1)
 	}
 
-	results, err = GetMaileableUsersByIDs([]int64{1, 4}, true)
+	results, err = user_model.GetMaileableUsersByIDs([]int64{1, 4}, true)
 	assert.NoError(t, err)
 	assert.Len(t, results, 2)
 	if len(results) > 2 {
@@ -284,36 +285,36 @@ func TestGetMaileableUsersByIDs(t *testing.T) {
 
 func TestUpdateUser(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 
 	user.KeepActivityPrivate = true
-	assert.NoError(t, UpdateUser(db.DefaultContext, user, false))
-	user = unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	assert.NoError(t, user_model.UpdateUser(db.DefaultContext, user, false))
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	assert.True(t, user.KeepActivityPrivate)
 
 	setting.Service.AllowedUserVisibilityModesSlice = []bool{true, false, false}
 	user.KeepActivityPrivate = false
 	user.Visibility = structs.VisibleTypePrivate
-	assert.Error(t, UpdateUser(db.DefaultContext, user, false))
-	user = unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	assert.Error(t, user_model.UpdateUser(db.DefaultContext, user, false))
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	assert.True(t, user.KeepActivityPrivate)
 
 	user.Email = "no mail@mail.org"
-	assert.Error(t, UpdateUser(db.DefaultContext, user, true))
+	assert.Error(t, user_model.UpdateUser(db.DefaultContext, user, true))
 }
 
 func TestNewUserRedirect(t *testing.T) {
 	// redirect to a completely new name
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
-	assert.NoError(t, NewUserRedirect(db.DefaultContext, user.ID, user.Name, "newusername"))
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+	assert.NoError(t, user_model.NewUserRedirect(db.DefaultContext, user.ID, user.Name, "newusername"))
 
-	unittest.AssertExistsAndLoadBean(t, &Redirect{
+	unittest.AssertExistsAndLoadBean(t, &user_model.Redirect{
 		LowerName:      user.LowerName,
 		RedirectUserID: user.ID,
 	})
-	unittest.AssertExistsAndLoadBean(t, &Redirect{
+	unittest.AssertExistsAndLoadBean(t, &user_model.Redirect{
 		LowerName:      "olduser1",
 		RedirectUserID: user.ID,
 	})
@@ -323,14 +324,14 @@ func TestNewUserRedirect2(t *testing.T) {
 	// redirect to previously used name
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
-	assert.NoError(t, NewUserRedirect(db.DefaultContext, user.ID, user.Name, "olduser1"))
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+	assert.NoError(t, user_model.NewUserRedirect(db.DefaultContext, user.ID, user.Name, "olduser1"))
 
-	unittest.AssertExistsAndLoadBean(t, &Redirect{
+	unittest.AssertExistsAndLoadBean(t, &user_model.Redirect{
 		LowerName:      user.LowerName,
 		RedirectUserID: user.ID,
 	})
-	unittest.AssertNotExistsBean(t, &Redirect{
+	unittest.AssertNotExistsBean(t, &user_model.Redirect{
 		LowerName:      "olduser1",
 		RedirectUserID: user.ID,
 	})
@@ -340,10 +341,10 @@ func TestNewUserRedirect3(t *testing.T) {
 	// redirect for a previously-unredirected user
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
-	assert.NoError(t, NewUserRedirect(db.DefaultContext, user.ID, user.Name, "newusername"))
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	assert.NoError(t, user_model.NewUserRedirect(db.DefaultContext, user.ID, user.Name, "newusername"))
 
-	unittest.AssertExistsAndLoadBean(t, &Redirect{
+	unittest.AssertExistsAndLoadBean(t, &user_model.Redirect{
 		LowerName:      user.LowerName,
 		RedirectUserID: user.ID,
 	})
@@ -352,18 +353,47 @@ func TestNewUserRedirect3(t *testing.T) {
 func TestGetUserByOpenID(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	_, err := GetUserByOpenID("https://unknown")
+	_, err := user_model.GetUserByOpenID("https://unknown")
 	if assert.Error(t, err) {
-		assert.True(t, IsErrUserNotExist(err))
+		assert.True(t, user_model.IsErrUserNotExist(err))
 	}
 
-	user, err := GetUserByOpenID("https://user1.domain1.tld")
+	user, err := user_model.GetUserByOpenID("https://user1.domain1.tld")
 	if assert.NoError(t, err) {
 		assert.Equal(t, int64(1), user.ID)
 	}
 
-	user, err = GetUserByOpenID("https://domain1.tld/user2/")
+	user, err = user_model.GetUserByOpenID("https://domain1.tld/user2/")
 	if assert.NoError(t, err) {
 		assert.Equal(t, int64(2), user.ID)
 	}
 }
+
+func TestFollowUser(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	testSuccess := func(followerID, followedID int64) {
+		assert.NoError(t, user_model.FollowUser(followerID, followedID))
+		unittest.AssertExistsAndLoadBean(t, &user_model.Follow{UserID: followerID, FollowID: followedID})
+	}
+	testSuccess(4, 2)
+	testSuccess(5, 2)
+
+	assert.NoError(t, user_model.FollowUser(2, 2))
+
+	unittest.CheckConsistencyFor(t, &user_model.User{})
+}
+
+func TestUnfollowUser(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	testSuccess := func(followerID, followedID int64) {
+		assert.NoError(t, user_model.UnfollowUser(followerID, followedID))
+		unittest.AssertNotExistsBean(t, &user_model.Follow{UserID: followerID, FollowID: followedID})
+	}
+	testSuccess(4, 2)
+	testSuccess(5, 2)
+	testSuccess(2, 2)
+
+	unittest.CheckConsistencyFor(t, &user_model.User{})
+}
diff --git a/models/user_test.go b/models/user_test.go
deleted file mode 100644
index bf6f71895e..0000000000
--- a/models/user_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright 2017 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package models
-
-import (
-	"testing"
-
-	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestFollowUser(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	testSuccess := func(followerID, followedID int64) {
-		assert.NoError(t, user_model.FollowUser(followerID, followedID))
-		unittest.AssertExistsAndLoadBean(t, &user_model.Follow{UserID: followerID, FollowID: followedID})
-	}
-	testSuccess(4, 2)
-	testSuccess(5, 2)
-
-	assert.NoError(t, user_model.FollowUser(2, 2))
-
-	unittest.CheckConsistencyFor(t, &user_model.User{})
-}
-
-func TestUnfollowUser(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	testSuccess := func(followerID, followedID int64) {
-		assert.NoError(t, user_model.UnfollowUser(followerID, followedID))
-		unittest.AssertNotExistsBean(t, &user_model.Follow{UserID: followerID, FollowID: followedID})
-	}
-	testSuccess(4, 2)
-	testSuccess(5, 2)
-	testSuccess(2, 2)
-
-	unittest.CheckConsistencyFor(t, &user_model.User{})
-}
diff --git a/services/gitdiff/main_test.go b/services/gitdiff/main_test.go
index 17d0da6276..0d36a600f6 100644
--- a/services/gitdiff/main_test.go
+++ b/services/gitdiff/main_test.go
@@ -8,8 +8,9 @@ import (
 	"path/filepath"
 	"testing"
 
-	_ "code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
+
+	_ "code.gitea.io/gitea/models"
 )
 
 func TestMain(m *testing.M) {