Simplify visibility checks (#20406)
Was looking into the visibility checks because I need them for something different and noticed the checks are more complicated than they have to be. The rule is just: user/org is visible if - The doer is a member of the org, regardless of the org visibility - The doer is not restricted and the user/org is public or limited
This commit is contained in:
parent
e5ef7c2a91
commit
7690de56f7
1 changed files with 4 additions and 11 deletions
|
@ -59,25 +59,18 @@ func (opts *SearchUserOptions) toSearchQueryBase() *xorm.Session {
|
||||||
}
|
}
|
||||||
|
|
||||||
if opts.Actor != nil {
|
if opts.Actor != nil {
|
||||||
exprCond := builder.Expr("org_user.org_id = `user`.id")
|
|
||||||
|
|
||||||
// If Admin - they see all users!
|
// If Admin - they see all users!
|
||||||
if !opts.Actor.IsAdmin {
|
if !opts.Actor.IsAdmin {
|
||||||
// Force visibility for privacy
|
// Users can see an organization they are a member of
|
||||||
var accessCond builder.Cond
|
accessCond := builder.In("id", builder.Select("org_id").From("org_user").Where(builder.Eq{"uid": opts.Actor.ID}))
|
||||||
if !opts.Actor.IsRestricted {
|
if !opts.Actor.IsRestricted {
|
||||||
accessCond = builder.Or(
|
// Not-Restricted users can see public and limited users/organizations
|
||||||
builder.In("id", builder.Select("org_id").From("org_user").LeftJoin("`user`", exprCond).Where(builder.And(builder.Eq{"uid": opts.Actor.ID}, builder.Eq{"visibility": structs.VisibleTypePrivate}))),
|
accessCond = accessCond.Or(builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))
|
||||||
builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))
|
|
||||||
} else {
|
|
||||||
// restricted users only see orgs they are a member of
|
|
||||||
accessCond = builder.In("id", builder.Select("org_id").From("org_user").LeftJoin("`user`", exprCond).Where(builder.And(builder.Eq{"uid": opts.Actor.ID})))
|
|
||||||
}
|
}
|
||||||
// Don't forget about self
|
// Don't forget about self
|
||||||
accessCond = accessCond.Or(builder.Eq{"id": opts.Actor.ID})
|
accessCond = accessCond.Or(builder.Eq{"id": opts.Actor.ID})
|
||||||
cond = cond.And(accessCond)
|
cond = cond.And(accessCond)
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
// Force visibility for privacy
|
// Force visibility for privacy
|
||||||
// Not logged in - only public users
|
// Not logged in - only public users
|
||||||
|
|
Reference in a new issue