Fix commits pushed with deploy keys not shown in dashboard (#24521)
Fix #21324
In the current logic, if the `Actor` user is not an admin user, all
activities from private organizations won't be shown even if the `Actor`
user is a member of the organization.
As mentioned in the issue, when using deploy key to make a commit and
push, the activity's `act_user_id` will be the id of the organization so
the activity won't be shown to non-admin users because the visibility of
the organization is private.
55a5717760/models/activities/action.go (L490-L503)
This PR improves this logic so the activities of private organizations
can be shown.
This commit is contained in:
parent
8030614386
commit
29637b03b2
1 changed files with 21 additions and 6 deletions
|
@ -494,12 +494,27 @@ func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) {
|
|||
).From("`user`"),
|
||||
))
|
||||
} else if !opts.Actor.IsAdmin {
|
||||
cond = cond.And(builder.In("act_user_id",
|
||||
builder.Select("`user`.id").Where(
|
||||
uidCond := builder.Select("`user`.id").From("`user`").Where(
|
||||
builder.Eq{"keep_activity_private": false}.
|
||||
And(builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))).
|
||||
Or(builder.Eq{"id": opts.Actor.ID}).From("`user`"),
|
||||
))
|
||||
Or(builder.Eq{"id": opts.Actor.ID})
|
||||
|
||||
if opts.RequestedUser != nil {
|
||||
if opts.RequestedUser.IsOrganization() {
|
||||
// An organization can always see the activities whose `act_user_id` is the same as its id.
|
||||
uidCond = uidCond.Or(builder.Eq{"id": opts.RequestedUser.ID})
|
||||
} else {
|
||||
// A user can always see the activities of the organizations to which the user belongs.
|
||||
uidCond = uidCond.Or(
|
||||
builder.Eq{"type": user_model.UserTypeOrganization}.
|
||||
And(builder.In("`user`.id", builder.Select("org_id").
|
||||
Where(builder.Eq{"uid": opts.RequestedUser.ID}).
|
||||
From("team_user"))),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
cond = cond.And(builder.In("act_user_id", uidCond))
|
||||
}
|
||||
|
||||
// check readable repositories by doer/actor
|
||||
|
|
Loading…
Reference in a new issue