Ensure that feeds are appropriately restricted (#10018)

* Always limit results by what is accessible to the user * Change signature of AccessibleRepoIDsQuery * Ensure that user with ID <= 0 is handled * Update models/repo_list.go
author: zeripath <art27@cantab.net> 2020-01-28 11:39:37 +0000
committer: GitHub <noreply@github.com> 2020-01-28 11:39:37 +0000
commit: 206a031b38a766d0ce89ae94a304f7d418ccdafb (patch)
tree: 4defd0fc5d07792b0d624400d196af670eb2446c /models/action.go
parent: 797e6f8f4ccc93e25bddb969a5e1358ed52c5f0a (diff)
download: gitea-206a031b38a766d0ce89ae94a304f7d418ccdafb.tar.gz
gitea-206a031b38a766d0ce89ae94a304f7d418ccdafb.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/models/action.go b/models/action.go
index 1a6ff75603..b8694aad73 100644
--- a/models/action.go
+++ b/models/action.go
@@ -312,8 +312,8 @@ func GetFeeds(opts GetFeedsOptions) ([]*Action, error) {
 		}
 
 		cond = cond.And(builder.In("repo_id", repoIDs))
-	} else if opts.Actor != nil {
-		cond = cond.And(builder.In("repo_id", opts.Actor.AccessibleRepoIDsQuery()))
+	} else {
+		cond = cond.And(builder.In("repo_id", AccessibleRepoIDsQuery(opts.Actor)))
 	}
 
 	cond = cond.And(builder.Eq{"user_id": opts.RequestedUser.ID})
author	zeripath <art27@cantab.net>	2020-01-28 11:39:37 +0000
committer	GitHub <noreply@github.com>	2020-01-28 11:39:37 +0000
commit	206a031b38a766d0ce89ae94a304f7d418ccdafb (patch)
tree	4defd0fc5d07792b0d624400d196af670eb2446c /models/action.go
parent	797e6f8f4ccc93e25bddb969a5e1358ed52c5f0a (diff)
download	gitea-206a031b38a766d0ce89ae94a304f7d418ccdafb.tar.gz gitea-206a031b38a766d0ce89ae94a304f7d418ccdafb.zip