* Ensure that feeds are appropriately restricted * Placate golangci-lint
This commit is contained in:
parent
4b11f967bd
commit
895d92ffe5
4 changed files with 38 additions and 7 deletions
|
@ -432,6 +432,8 @@ func GetFeeds(opts GetFeedsOptions) ([]*Action, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cond = cond.And(builder.In("repo_id", repoIDs))
|
cond = cond.And(builder.In("repo_id", repoIDs))
|
||||||
|
} else {
|
||||||
|
cond = cond.And(builder.In("repo_id", AccessibleRepoIDsQuery(opts.RequestingUserID)))
|
||||||
}
|
}
|
||||||
|
|
||||||
cond = cond.And(builder.Eq{"user_id": opts.RequestedUser.ID})
|
cond = cond.And(builder.Eq{"user_id": opts.RequestedUser.ID})
|
||||||
|
|
|
@ -315,6 +315,17 @@ func SearchRepository(opts *SearchRepoOptions) (RepositoryList, int64, error) {
|
||||||
|
|
||||||
// accessibleRepositoryCondition takes a user a returns a condition for checking if a repository is accessible
|
// accessibleRepositoryCondition takes a user a returns a condition for checking if a repository is accessible
|
||||||
func accessibleRepositoryCondition(userID int64) builder.Cond {
|
func accessibleRepositoryCondition(userID int64) builder.Cond {
|
||||||
|
if userID <= 0 {
|
||||||
|
return builder.And(
|
||||||
|
builder.Eq{"`repository`.is_private": false},
|
||||||
|
builder.Or(
|
||||||
|
// A. Aren't in organisations __OR__
|
||||||
|
builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization})),
|
||||||
|
// B. Is a public organisation.
|
||||||
|
builder.In("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"visibility": structs.VisibleTypePublic}))),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
return builder.Or(
|
return builder.Or(
|
||||||
// 1. Be able to see all non-private repositories that either:
|
// 1. Be able to see all non-private repositories that either:
|
||||||
builder.And(
|
builder.And(
|
||||||
|
@ -349,6 +360,12 @@ func SearchRepositoryByName(opts *SearchRepoOptions) (RepositoryList, int64, err
|
||||||
return SearchRepository(opts)
|
return SearchRepository(opts)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// AccessibleRepoIDsQuery queries accessible repository ids. Usable as a subquery wherever repo ids need to be filtered.
|
||||||
|
func AccessibleRepoIDsQuery(userID int64) *builder.Builder {
|
||||||
|
// NB: Please note this code needs to still work if user is nil
|
||||||
|
return builder.Select("id").From("repository").Where(accessibleRepositoryCondition(userID))
|
||||||
|
}
|
||||||
|
|
||||||
// FindUserAccessibleRepoIDs find all accessible repositories' ID by user's id
|
// FindUserAccessibleRepoIDs find all accessible repositories' ID by user's id
|
||||||
func FindUserAccessibleRepoIDs(userID int64) ([]int64, error) {
|
func FindUserAccessibleRepoIDs(userID int64) ([]int64, error) {
|
||||||
var accessCond builder.Cond = builder.Eq{"is_private": false}
|
var accessCond builder.Cond = builder.Eq{"is_private": false}
|
||||||
|
|
|
@ -142,11 +142,17 @@ func Dashboard(ctx *context.Context) {
|
||||||
ctx.Data["MirrorCount"] = len(mirrors)
|
ctx.Data["MirrorCount"] = len(mirrors)
|
||||||
ctx.Data["Mirrors"] = mirrors
|
ctx.Data["Mirrors"] = mirrors
|
||||||
|
|
||||||
|
requestingUserID := int64(0)
|
||||||
|
if ctx.User != nil {
|
||||||
|
requestingUserID = ctx.User.ID
|
||||||
|
}
|
||||||
|
|
||||||
retrieveFeeds(ctx, models.GetFeedsOptions{
|
retrieveFeeds(ctx, models.GetFeedsOptions{
|
||||||
RequestedUser: ctxUser,
|
RequestedUser: ctxUser,
|
||||||
IncludePrivate: true,
|
RequestingUserID: requestingUserID,
|
||||||
OnlyPerformedBy: false,
|
IncludePrivate: true,
|
||||||
IncludeDeleted: false,
|
OnlyPerformedBy: false,
|
||||||
|
IncludeDeleted: false,
|
||||||
})
|
})
|
||||||
|
|
||||||
if ctx.Written() {
|
if ctx.Written() {
|
||||||
|
|
|
@ -156,14 +156,20 @@ func Profile(ctx *context.Context) {
|
||||||
orderBy = models.SearchOrderByRecentUpdated
|
orderBy = models.SearchOrderByRecentUpdated
|
||||||
}
|
}
|
||||||
|
|
||||||
|
requestingUserID := int64(0)
|
||||||
|
if ctx.User != nil {
|
||||||
|
requestingUserID = ctx.User.ID
|
||||||
|
}
|
||||||
|
|
||||||
keyword := strings.Trim(ctx.Query("q"), " ")
|
keyword := strings.Trim(ctx.Query("q"), " ")
|
||||||
ctx.Data["Keyword"] = keyword
|
ctx.Data["Keyword"] = keyword
|
||||||
switch tab {
|
switch tab {
|
||||||
case "activity":
|
case "activity":
|
||||||
retrieveFeeds(ctx, models.GetFeedsOptions{RequestedUser: ctxUser,
|
retrieveFeeds(ctx, models.GetFeedsOptions{RequestedUser: ctxUser,
|
||||||
IncludePrivate: showPrivate,
|
RequestingUserID: requestingUserID,
|
||||||
OnlyPerformedBy: true,
|
IncludePrivate: showPrivate,
|
||||||
IncludeDeleted: false,
|
OnlyPerformedBy: true,
|
||||||
|
IncludeDeleted: false,
|
||||||
})
|
})
|
||||||
if ctx.Written() {
|
if ctx.Written() {
|
||||||
return
|
return
|
||||||
|
|
Reference in a new issue