Fix that owners also see actions on their repositories
This is a balance between speed and nice code, where speed has won. To prevent a repository query for each action the ownername is match with the current user. It would be "cleaner" or "better" if we fetch the repository each time. Another option is to add the RepoOwnerID to action
This commit is contained in:
parent
cd6a2b78a7
commit
455fad0fbd
1 changed files with 12 additions and 6 deletions
|
@ -103,7 +103,12 @@ func Dashboard(ctx *middleware.Context) {
|
|||
feeds := make([]*models.Action, 0, len(actions))
|
||||
for _, act := range actions {
|
||||
if act.IsPrivate {
|
||||
if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ACCESS_MODE_READ); !has {
|
||||
repo := &models.Repository{Id: act.RepoId, IsPrivate: true}
|
||||
// This prevents having to retrieve the repository for each action
|
||||
if act.RepoUserName == ctx.User.LowerName {
|
||||
repo.OwnerId = ctx.User.Id
|
||||
}
|
||||
if has, _ := models.HasAccess(ctx.User, repo, models.ACCESS_MODE_READ); !has {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
@ -210,11 +215,12 @@ func Profile(ctx *middleware.Context) {
|
|||
if !ctx.IsSigned {
|
||||
continue
|
||||
}
|
||||
if has, _ := models.HasAccess(ctx.User,
|
||||
&models.Repository{
|
||||
Id: act.RepoId,
|
||||
IsPrivate: true,
|
||||
}, models.ACCESS_MODE_READ); !has {
|
||||
repo := &models.Repository{Id: act.RepoId, IsPrivate: true}
|
||||
// This prevents having to retrieve the repository for each action
|
||||
if act.RepoUserName == ctx.User.LowerName {
|
||||
repo.OwnerId = ctx.User.Id
|
||||
}
|
||||
if has, _ := models.HasAccess(ctx.User, repo, models.ACCESS_MODE_READ); !has {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue