var cond = builder.NewCond()
if user == nil || !user.IsRestricted {
+ var orgVisibilityLimit = structs.VisibleTypePrivate
+ if user == nil {
+ orgVisibilityLimit = structs.VisibleTypeLimited
+ }
// 1. Be able to see all non-private repositories that either:
cond = cond.Or(builder.And(
builder.Eq{"`repository`.is_private": false},
builder.Or(
// A. Aren't in organisations __OR__
builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization})),
- // B. Isn't a private organisation. (Limited is OK because we're logged in)
- builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"visibility": structs.VisibleTypePrivate})))))
+ // B. Isn't a private organisation. Limited is OK as long as we're logged in.
+ builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Gte{"visibility": orgVisibilityLimit})))))
}
if user != nil {