Merge pull request #960 from phsmit/access_action

Fix that owners also see actions on their repositories
This commit is contained in:
无闻 2015-02-23 13:51:02 -05:00
commit f92bfabf86

View file

@ -103,10 +103,15 @@ func Dashboard(ctx *middleware.Context) {
feeds := make([]*models.Action, 0, len(actions)) feeds := make([]*models.Action, 0, len(actions))
for _, act := range actions { for _, act := range actions {
if act.IsPrivate { if act.IsPrivate {
if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ACCESS_MODE_READ); !has { // This prevents having to retrieve the repository for each action
repo := &models.Repository{Id: act.RepoId, IsPrivate: true}
if act.RepoUserName != ctx.User.LowerName {
if has, _ := models.HasAccess(ctx.User, repo, models.ACCESS_MODE_READ); !has {
continue continue
} }
} }
}
// FIXME: cache results? // FIXME: cache results?
u, err := models.GetUserByName(act.ActUserName) u, err := models.GetUserByName(act.ActUserName)
if err != nil { if err != nil {
@ -210,14 +215,15 @@ func Profile(ctx *middleware.Context) {
if !ctx.IsSigned { if !ctx.IsSigned {
continue continue
} }
if has, _ := models.HasAccess(ctx.User, // This prevents having to retrieve the repository for each action
&models.Repository{ repo := &models.Repository{Id: act.RepoId, IsPrivate: true}
Id: act.RepoId, if act.RepoUserName != ctx.User.LowerName {
IsPrivate: true, if has, _ := models.HasAccess(ctx.User, repo, models.ACCESS_MODE_READ); !has {
}, models.ACCESS_MODE_READ); !has {
continue continue
} }
} }
}
// FIXME: cache results? // FIXME: cache results?
u, err := models.GetUserByName(act.ActUserName) u, err := models.GetUserByName(act.ActUserName)
if err != nil { if err != nil {