Do not allow Ghost access to limited visible user/org (#21849)
The Ghost user should not be allowed to have access to a limited visible user/org. Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
parent
43ab9324c5
commit
88d5275614
1 changed files with 3 additions and 2 deletions
|
@ -458,8 +458,9 @@ func CountOrgs(opts FindOrgOptions) (int64, error) {
|
||||||
|
|
||||||
// HasOrgOrUserVisible tells if the given user can see the given org or user
|
// HasOrgOrUserVisible tells if the given user can see the given org or user
|
||||||
func HasOrgOrUserVisible(ctx context.Context, orgOrUser, user *user_model.User) bool {
|
func HasOrgOrUserVisible(ctx context.Context, orgOrUser, user *user_model.User) bool {
|
||||||
// Not SignedUser
|
// If user is nil, it's an anonymous user/request.
|
||||||
if user == nil {
|
// The Ghost user is handled like an anonymous user.
|
||||||
|
if user == nil || user.IsGhost() {
|
||||||
return orgOrUser.Visibility == structs.VisibleTypePublic
|
return orgOrUser.Visibility == structs.VisibleTypePublic
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue