Fix that owners also see actions on their repositories

This is a balance between speed and nice code, where speed has won. To prevent a repository query for each action the ownername is match with the current user.

It would be "cleaner" or "better" if we fetch the repository each time. Another option is to add the RepoOwnerID to action

diff --git a/routers/user/home.go b/routers/user/home.go
index 35407534f977374d1db248c3043d2015543b0bac..574c6387dcdeb1688ff0c59f0890e50851dbc6f0 100644 (file)
--- a/routers/user/home.go
+++ b/routers/user/home.go
@@ -103,7 +103,12 @@ func Dashboard(ctx *middleware.Context) {
        feeds := make([]*models.Action, 0, len(actions))
        for _, act := range actions {
                if act.IsPrivate {
-                       if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ACCESS_MODE_READ); !has {
+                       repo := &models.Repository{Id: act.RepoId, IsPrivate: true}
+                       // This prevents having to retrieve the repository for each action
+                       if act.RepoUserName == ctx.User.LowerName {
+                               repo.OwnerId = ctx.User.Id
+                       }
+                       if has, _ := models.HasAccess(ctx.User, repo, models.ACCESS_MODE_READ); !has {
                                continue
                        }
                }
@@ -210,11 +215,12 @@ func Profile(ctx *middleware.Context) {
                                if !ctx.IsSigned {
                                        continue
                                }
-                               if has, _ := models.HasAccess(ctx.User,
-                                       &models.Repository{
-                                               Id:        act.RepoId,
-                                               IsPrivate: true,
-                                       }, models.ACCESS_MODE_READ); !has {
+                               repo := &models.Repository{Id: act.RepoId, IsPrivate: true}
+                               // This prevents having to retrieve the repository for each action
+                               if act.RepoUserName == ctx.User.LowerName {
+                                       repo.OwnerId = ctx.User.Id
+                               }
+                               if has, _ := models.HasAccess(ctx.User, repo, models.ACCESS_MODE_READ); !has {
                                        continue
                                }
                        }