MarcoBuster/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-02-13 09:57:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

restricted users only see repos in orgs witch there team was assigned to

Browse Source
This commit is contained in:
m.huber 2023-11-13 20:06:14 +01:00
parent 0c655c4ff0
commit 5bc3b8655c
No known key found for this signature in database
GPG Key ID: B8BE6D610E61C862
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
models/repo/repo_list.go
View File

@ -652,12 +652,12 @@ func AccessibleRepositoryCondition(user *user_model.User, unitType unit.Type) bu
userOrgTeamUnitRepoCond("`repository`.id", user.ID, unitType),
)
}
cond = cond.Or(
// 4. Repositories that we directly own
builder.Eq{"`repository`.owner_id": user.ID},
// 4. Repositories that we directly own
cond = cond.Or(builder.Eq{"`repository`.owner_id": user.ID})
if !user.IsRestricted {
// 5. Be able to see all public repos in private organizations that we are an org_user of
userOrgPublicRepoCond(user.ID),
)
cond = cond.Or(userOrgPublicRepoCond(user.ID))
}
}
return cond

3
models/user/search.go
View File

@ -160,7 +160,8 @@ func BuildCanSeeUserCondition(actor *User) builder.Cond {
// or private users who do follow them
cond = cond.Or(builder.Eq{
"`user`.visibility": structs.VisibleTypePrivate,
"`user`.id": builder.Select("follow.user_id").From("follow").Where(builder.Eq{"follow.follow_id": actor.ID})})
"`user`.id": builder.Select("follow.user_id").From("follow").Where(builder.Eq{"follow.follow_id": actor.ID}),
})
}
// Don't forget about self
return cond.Or(builder.Eq{"`user`.id": actor.ID})