mirror of https://github.com/go-gitea/gitea.git
use already existing GetUserRepoPermission
This commit is contained in:
parent
4a433ef478
commit
f46c58a74e
|
@ -23,6 +23,7 @@ import (
|
||||||
"code.gitea.io/gitea/modules/base"
|
"code.gitea.io/gitea/modules/base"
|
||||||
"code.gitea.io/gitea/modules/git"
|
"code.gitea.io/gitea/modules/git"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
|
"code.gitea.io/gitea/modules/optional"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
"code.gitea.io/gitea/modules/structs"
|
"code.gitea.io/gitea/modules/structs"
|
||||||
"code.gitea.io/gitea/modules/timeutil"
|
"code.gitea.io/gitea/modules/timeutil"
|
||||||
|
@ -468,21 +469,32 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, err
|
||||||
return nil, 0, fmt.Errorf("LoadAttributes: %w", err)
|
return nil, 0, fmt.Errorf("LoadAttributes: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
isOrgMemberMap := make(map[int64]bool, 0)
|
|
||||||
isPrivateForActor := true
|
|
||||||
if opts.Actor != nil && opts.RequestedUser != nil {
|
if opts.Actor != nil && opts.RequestedUser != nil {
|
||||||
isPrivateForActor = !opts.Actor.IsAdmin && opts.Actor.ID != opts.RequestedUser.ID
|
isPrivateForActor := !opts.Actor.IsAdmin && opts.Actor.ID != opts.RequestedUser.ID
|
||||||
isOrgMemberMap, err = organization.IsOrganizationsMember(ctx, actions.GetOrgIDs(), opts.Actor.ID)
|
|
||||||
if err != nil {
|
// cache user repo read permissions
|
||||||
return nil, 0, err
|
canReadRepo := make(map[int64]optional.Option[bool], 0)
|
||||||
|
|
||||||
|
for _, action := range actions {
|
||||||
|
action.IsPrivateView = isPrivateForActor && action.IsPrivate
|
||||||
|
|
||||||
|
if action.IsPrivateView && action.Repo.Owner.IsOrganization() {
|
||||||
|
if !canReadRepo[action.Repo.ID].Has() {
|
||||||
|
perm, err := access_model.GetUserRepoPermission(ctx, action.Repo, opts.Actor)
|
||||||
|
if err != nil {
|
||||||
|
return nil, 0, fmt.Errorf("GetUserRepoPermission: %w", err)
|
||||||
|
}
|
||||||
|
canRead := perm.CanRead(unit.TypeCode)
|
||||||
|
action.IsPrivateView = !canRead
|
||||||
|
canReadRepo[action.Repo.ID] = optional.Option[bool]{canRead}
|
||||||
|
}
|
||||||
|
|
||||||
|
action.IsPrivateView = !canReadRepo[action.Repo.ID].Value()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
} else {
|
||||||
|
for _, action := range actions {
|
||||||
for _, action := range actions {
|
action.IsPrivateView = action.IsPrivate
|
||||||
action.IsPrivateView = isPrivateForActor && action.IsPrivate
|
|
||||||
|
|
||||||
if action.IsPrivateView && action.Repo.Owner.IsOrganization() {
|
|
||||||
action.IsPrivateView = !isOrgMemberMap[action.Repo.Owner.ID]
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -491,8 +503,13 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, int64, err
|
||||||
|
|
||||||
// ActivityReadable return whether doer can read activities of user
|
// ActivityReadable return whether doer can read activities of user
|
||||||
func ActivityReadable(user, doer *user_model.User) bool {
|
func ActivityReadable(user, doer *user_model.User) bool {
|
||||||
return !user.ActivityVisibility.ShowNone() ||
|
if doer != nil && (doer.IsAdmin || user.ID == doer.ID) {
|
||||||
doer != nil && (doer.IsAdmin || user.ID == doer.ID)
|
return true
|
||||||
|
}
|
||||||
|
if user.ActivityVisibility.ShowNone() {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
func activityQueryCondition(ctx context.Context, opts GetFeedsOptions) (builder.Cond, error) {
|
func activityQueryCondition(ctx context.Context, opts GetFeedsOptions) (builder.Cond, error) {
|
||||||
|
|
|
@ -53,16 +53,6 @@ func (actions ActionList) getRepoIDs() []int64 {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (actions ActionList) GetOrgIDs() []int64 {
|
|
||||||
orgIDs := make(container.Set[int64], len(actions))
|
|
||||||
for _, action := range actions {
|
|
||||||
if action.Repo.Owner.IsOrganization() {
|
|
||||||
orgIDs.Add(action.Repo.Owner.ID)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return orgIDs.Values()
|
|
||||||
}
|
|
||||||
|
|
||||||
func (actions ActionList) LoadRepositories(ctx context.Context) error {
|
func (actions ActionList) LoadRepositories(ctx context.Context) error {
|
||||||
if len(actions) == 0 {
|
if len(actions) == 0 {
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -77,27 +77,6 @@ func IsOrganizationMember(ctx context.Context, orgID, uid int64) (bool, error) {
|
||||||
Exist()
|
Exist()
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsOrganizationsMember returns a map with key of orgID and value is true if given user is member of organization.
|
|
||||||
func IsOrganizationsMember(ctx context.Context, orgIDs []int64, uid int64) (map[int64]bool, error) {
|
|
||||||
var orgUsers []*OrgUser
|
|
||||||
|
|
||||||
err := db.GetEngine(ctx).
|
|
||||||
Where("uid=?", uid).
|
|
||||||
And(builder.In("org_id", orgIDs)).
|
|
||||||
Table("org_user").
|
|
||||||
Find(&orgUsers)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
memberMap := make(map[int64]bool, len(orgIDs))
|
|
||||||
for _, orgUser := range orgUsers {
|
|
||||||
memberMap[orgUser.OrgID] = true
|
|
||||||
}
|
|
||||||
|
|
||||||
return memberMap, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsPublicMembership returns true if the given user's membership of given org is public.
|
// IsPublicMembership returns true if the given user's membership of given org is public.
|
||||||
func IsPublicMembership(ctx context.Context, orgID, uid int64) (bool, error) {
|
func IsPublicMembership(ctx context.Context, orgID, uid int64) (bool, error) {
|
||||||
return db.GetEngine(ctx).
|
return db.GetEngine(ctx).
|
||||||
|
|
Loading…
Reference in New Issue