From 29637b03b2976580613550aef878cc31139c3abf Mon Sep 17 00:00:00 2001 From: Zettat123 Date: Wed, 10 May 2023 12:14:58 +0800 Subject: [PATCH] Fix commits pushed with deploy keys not shown in dashboard (#24521) Fix #21324 In the current logic, if the `Actor` user is not an admin user, all activities from private organizations won't be shown even if the `Actor` user is a member of the organization. As mentioned in the issue, when using deploy key to make a commit and push, the activity's `act_user_id` will be the id of the organization so the activity won't be shown to non-admin users because the visibility of the organization is private. https://github.com/go-gitea/gitea/blob/55a57177600028ba8e4a480a08f1ee4d69d219d6/models/activities/action.go#L490-L503 This PR improves this logic so the activities of private organizations can be shown. --- models/activities/action.go | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/models/activities/action.go b/models/activities/action.go index f75ab55982..33e476e34d 100644 --- a/models/activities/action.go +++ b/models/activities/action.go @@ -494,12 +494,27 @@ func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) { ).From("`user`"), )) } else if !opts.Actor.IsAdmin { - cond = cond.And(builder.In("act_user_id", - builder.Select("`user`.id").Where( - builder.Eq{"keep_activity_private": false}. - And(builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))). - Or(builder.Eq{"id": opts.Actor.ID}).From("`user`"), - )) + uidCond := builder.Select("`user`.id").From("`user`").Where( + builder.Eq{"keep_activity_private": false}. + And(builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))). + Or(builder.Eq{"id": opts.Actor.ID}) + + if opts.RequestedUser != nil { + if opts.RequestedUser.IsOrganization() { + // An organization can always see the activities whose `act_user_id` is the same as its id. + uidCond = uidCond.Or(builder.Eq{"id": opts.RequestedUser.ID}) + } else { + // A user can always see the activities of the organizations to which the user belongs. + uidCond = uidCond.Or( + builder.Eq{"type": user_model.UserTypeOrganization}. + And(builder.In("`user`.id", builder.Select("org_id"). + Where(builder.Eq{"uid": opts.RequestedUser.ID}). + From("team_user"))), + ) + } + } + + cond = cond.And(builder.In("act_user_id", uidCond)) } // check readable repositories by doer/actor