session := loginUser(t, privateActivityTestUser)
hasContent := testPrivateActivityHelperHasHeatmapContentFromSession(t, session)
- assert.False(t, hasContent, "user should have no heatmap content")
+ assert.True(t, hasContent, "user should see their own heatmap content")
}
func TestPrivateActivityYesHeatmapHasNoContentForOtherUser(t *testing.T) {
session := loginUser(t, privateActivityTestOtherUser)
hasContent := testPrivateActivityHelperHasHeatmapContentFromSession(t, session)
- assert.False(t, hasContent, "user should have no heatmap content")
+ assert.False(t, hasContent, "other user should not see heatmap content")
}
func TestPrivateActivityYesHeatmapHasNoContentForAdmin(t *testing.T) {
session := loginUser(t, privateActivityTestAdmin)
hasContent := testPrivateActivityHelperHasHeatmapContentFromSession(t, session)
- assert.False(t, hasContent, "user should have no heatmap content")
+ assert.True(t, hasContent, "heatmap should show content for admin")
}
// GetFeeds returns actions according to the provided options
func GetFeeds(opts GetFeedsOptions) ([]*Action, error) {
- cond := builder.NewCond()
+ if !activityReadable(opts.RequestedUser, opts.Actor) {
+ return make([]*Action, 0), nil
+ }
- var repoIDs []int64
- var actorID int64
+ cond, err := activityQueryCondition(opts)
+ if err != nil {
+ return nil, err
+ }
- if opts.Actor != nil {
- actorID = opts.Actor.ID
+ actions := make([]*Action, 0, setting.UI.FeedPagingNum)
+
+ if err := x.Limit(setting.UI.FeedPagingNum).Desc("id").Where(cond).Find(&actions); err != nil {
+ return nil, fmt.Errorf("Find: %v", err)
}
- if opts.RequestedUser.IsOrganization() {
- env, err := opts.RequestedUser.AccessibleReposEnv(actorID)
- if err != nil {
- return nil, fmt.Errorf("AccessibleReposEnv: %v", err)
- }
- if repoIDs, err = env.RepoIDs(1, opts.RequestedUser.NumRepos); err != nil {
- return nil, fmt.Errorf("GetUserRepositories: %v", err)
+ if err := ActionList(actions).LoadAttributes(); err != nil {
+ return nil, fmt.Errorf("LoadAttributes: %v", err)
+ }
+
+ return actions, nil
+}
+
+func activityReadable(user *User, doer *User) bool {
+ var doerID int64
+ if doer != nil {
+ doerID = doer.ID
+ }
+ if doer == nil || !doer.IsAdmin {
+ if user.KeepActivityPrivate && doerID != user.ID {
+ return false
}
+ }
+ return true
+}
- cond = cond.And(builder.In("repo_id", repoIDs))
- } else {
- cond = cond.And(builder.In("repo_id", AccessibleRepoIDsQuery(opts.Actor)))
+func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) {
+ cond := builder.NewCond()
+
+ var repoIDs []int64
+ var actorID int64
+ if opts.Actor != nil {
+ actorID = opts.Actor.ID
}
+ // check readable repositories by doer/actor
if opts.Actor == nil || !opts.Actor.IsAdmin {
- if opts.RequestedUser.KeepActivityPrivate && actorID != opts.RequestedUser.ID {
- return make([]*Action, 0), nil
+ if opts.RequestedUser.IsOrganization() {
+ env, err := opts.RequestedUser.AccessibleReposEnv(actorID)
+ if err != nil {
+ return nil, fmt.Errorf("AccessibleReposEnv: %v", err)
+ }
+ if repoIDs, err = env.RepoIDs(1, opts.RequestedUser.NumRepos); err != nil {
+ return nil, fmt.Errorf("GetUserRepositories: %v", err)
+ }
+ cond = cond.And(builder.In("repo_id", repoIDs))
+ } else {
+ cond = cond.And(builder.In("repo_id", AccessibleRepoIDsQuery(opts.Actor)))
}
}
if !opts.IncludePrivate {
cond = cond.And(builder.Eq{"is_private": false})
}
-
if !opts.IncludeDeleted {
cond = cond.And(builder.Eq{"is_deleted": false})
}
- actions := make([]*Action, 0, setting.UI.FeedPagingNum)
-
- if err := x.Limit(setting.UI.FeedPagingNum).Desc("id").Where(cond).Find(&actions); err != nil {
- return nil, fmt.Errorf("Find: %v", err)
- }
-
- if err := ActionList(actions).LoadAttributes(); err != nil {
- return nil, fmt.Errorf("LoadAttributes: %v", err)
- }
-
- return actions, nil
+ return cond, nil
}
act_user_id: 11
repo_id: 9
is_private: false
+
+-
+ id: 4
+ user_id: 16
+ op_type: 12 # close issue
+ act_user_id: 16
+ repo_id: 22
+ is_private: true
+ created_unix: 1603267920
}
// GetUserHeatmapDataByUser returns an array of UserHeatmapData
-func GetUserHeatmapDataByUser(user *User) ([]*UserHeatmapData, error) {
+func GetUserHeatmapDataByUser(user *User, doer *User) ([]*UserHeatmapData, error) {
hdata := make([]*UserHeatmapData, 0)
- if user.KeepActivityPrivate {
+ if !activityReadable(user, doer) {
return hdata, nil
}
groupByName = groupBy
}
- sess := x.Select(groupBy+" AS timestamp, count(user_id) as contributions").
- Table("action").
- Where("user_id = ?", user.ID).
- And("created_unix > ?", (timeutil.TimeStampNow() - 31536000))
-
- // * Heatmaps for individual users only include actions that the user themself
- // did.
- // * For organizations actions by all users that were made in owned
- // repositories are counted.
- if user.Type == UserTypeIndividual {
- sess = sess.And("act_user_id = ?", user.ID)
+ cond, err := activityQueryCondition(GetFeedsOptions{
+ RequestedUser: user,
+ Actor: doer,
+ IncludePrivate: true, // don't filter by private, as we already filter by repo access
+ IncludeDeleted: true,
+ // * Heatmaps for individual users only include actions that the user themself did.
+ // * For organizations actions by all users that were made in owned
+ // repositories are counted.
+ OnlyPerformedBy: !user.IsOrganization(),
+ })
+ if err != nil {
+ return nil, err
}
- err := sess.GroupBy(groupByName).
+ return hdata, x.
+ Select(groupBy+" AS timestamp, count(user_id) as contributions").
+ Table("action").
+ Where(cond).
+ And("created_unix > ?", (timeutil.TimeStampNow() - 31536000)).
+ GroupBy(groupByName).
OrderBy("timestamp").
Find(&hdata)
-
- return hdata, err
}
import (
"encoding/json"
+ "fmt"
"testing"
"github.com/stretchr/testify/assert"
func TestGetUserHeatmapDataByUser(t *testing.T) {
testCases := []struct {
userID int64
+ doerID int64
CountResult int
JSONResult string
}{
- {2, 1, `[{"timestamp":1603152000,"contributions":1}]`},
- {3, 0, `[]`},
+ {2, 2, 1, `[{"timestamp":1603152000,"contributions":1}]`}, // self looks at action in private repo
+ {2, 1, 1, `[{"timestamp":1603152000,"contributions":1}]`}, // admin looks at action in private repo
+ {2, 3, 0, `[]`}, // other user looks at action in private repo
+ {2, 0, 0, `[]`}, // nobody looks at action in private repo
+ {16, 15, 1, `[{"timestamp":1603238400,"contributions":1}]`}, // collaborator looks at action in private repo
+ {3, 3, 0, `[]`}, // no action action not performed by target user
}
// Prepare
assert.NoError(t, PrepareTestDatabase())
- for _, tc := range testCases {
-
- // Insert some action
+ for i, tc := range testCases {
user := AssertExistsAndLoadBean(t, &User{ID: tc.userID}).(*User)
+ doer := &User{ID: tc.doerID}
+ _, err := loadBeanIfExists(doer)
+ assert.NoError(t, err)
+ if tc.doerID == 0 {
+ doer = nil
+ }
+
// get the action for comparison
actions, err := GetFeeds(GetFeedsOptions{
RequestedUser: user,
- Actor: user,
+ Actor: doer,
IncludePrivate: true,
- OnlyPerformedBy: false,
+ OnlyPerformedBy: true,
IncludeDeleted: true,
})
assert.NoError(t, err)
// Get the heatmap and compare
- heatmap, err := GetUserHeatmapDataByUser(user)
+ heatmap, err := GetUserHeatmapDataByUser(user, doer)
assert.NoError(t, err)
assert.Equal(t, len(actions), len(heatmap), "invalid action count: did the test data became too old?")
- assert.Equal(t, tc.CountResult, len(heatmap))
+ assert.Equal(t, tc.CountResult, len(heatmap), fmt.Sprintf("testcase %d", i))
//Test JSON rendering
jsonData, err := json.Marshal(heatmap)
return
}
- heatmap, err := models.GetUserHeatmapDataByUser(user)
+ heatmap, err := models.GetUserHeatmapDataByUser(user, ctx.User)
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserHeatmapDataByUser", err)
return
// no heatmap access for admins; GetUserHeatmapDataByUser ignores the calling user
// so everyone would get the same empty heatmap
if setting.Service.EnableUserHeatmap && !ctxUser.KeepActivityPrivate {
- data, err := models.GetUserHeatmapDataByUser(ctxUser)
+ data, err := models.GetUserHeatmapDataByUser(ctxUser, ctx.User)
if err != nil {
ctx.ServerError("GetUserHeatmapDataByUser", err)
return
// no heatmap access for admins; GetUserHeatmapDataByUser ignores the calling user
// so everyone would get the same empty heatmap
if setting.Service.EnableUserHeatmap && !ctxUser.KeepActivityPrivate {
- data, err := models.GetUserHeatmapDataByUser(ctxUser)
+ data, err := models.GetUserHeatmapDataByUser(ctxUser, ctx.User)
if err != nil {
ctx.ServerError("GetUserHeatmapDataByUser", err)
return
projects / gitea.git / commitdiff