diff options
| author | Norwin <noerw@users.noreply.github.com> | 2020-12-22 02:53:37 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-22 03:53:37 +0100 |
| commit | f6bec8529697bdb89ebcd0901ba093f06aa9ac46 (patch) | |
| tree | d742367805a8296411211d5157c505f252f24dbf /models/action.go | |
| parent | 2c9dd71140474b1f83f068bece40b25e94240ab4 (diff) | |
| download | gitea-f6bec8529697bdb89ebcd0901ba093f06aa9ac46.tar.gz gitea-f6bec8529697bdb89ebcd0901ba093f06aa9ac46.zip | |
rework heatmap permissions (#14080)
* now uses the same permission model as for the activity feed:
only include activities in repos, that the doer has access to.
this might be somewhat slower.
* also improves handling of user.KeepActivityPrivate (still shows
the heatmap to self & admins)
* extend tests
* adjust integration test to new behaviour
* add access to actions for admins
* extend heatmap unit tests
Diffstat (limited to 'models/action.go')
| -rw-r--r-- | models/action.go | 78 |
1 files changed, 49 insertions, 29 deletions
diff --git a/models/action.go b/models/action.go index 5546409241..c39fdc397a 100644 --- a/models/action.go +++ b/models/action.go @@ -298,32 +298,63 @@ type GetFeedsOptions struct { // GetFeeds returns actions according to the provided options func GetFeeds(opts GetFeedsOptions) ([]*Action, error) { - cond := builder.NewCond() + if !activityReadable(opts.RequestedUser, opts.Actor) { + return make([]*Action, 0), nil + } - var repoIDs []int64 - var actorID int64 + cond, err := activityQueryCondition(opts) + if err != nil { + return nil, err + } - if opts.Actor != nil { - actorID = opts.Actor.ID + actions := make([]*Action, 0, setting.UI.FeedPagingNum) + + if err := x.Limit(setting.UI.FeedPagingNum).Desc("id").Where(cond).Find(&actions); err != nil { + return nil, fmt.Errorf("Find: %v", err) } - if opts.RequestedUser.IsOrganization() { - env, err := opts.RequestedUser.AccessibleReposEnv(actorID) - if err != nil { - return nil, fmt.Errorf("AccessibleReposEnv: %v", err) - } - if repoIDs, err = env.RepoIDs(1, opts.RequestedUser.NumRepos); err != nil { - return nil, fmt.Errorf("GetUserRepositories: %v", err) + if err := ActionList(actions).LoadAttributes(); err != nil { + return nil, fmt.Errorf("LoadAttributes: %v", err) + } + + return actions, nil +} + +func activityReadable(user *User, doer *User) bool { + var doerID int64 + if doer != nil { + doerID = doer.ID + } + if doer == nil || !doer.IsAdmin { + if user.KeepActivityPrivate && doerID != user.ID { + return false } + } + return true +} - cond = cond.And(builder.In("repo_id", repoIDs)) - } else { - cond = cond.And(builder.In("repo_id", AccessibleRepoIDsQuery(opts.Actor))) +func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) { + cond := builder.NewCond() + + var repoIDs []int64 + var actorID int64 + if opts.Actor != nil { + actorID = opts.Actor.ID } + // check readable repositories by doer/actor if opts.Actor == nil || !opts.Actor.IsAdmin { - if opts.RequestedUser.KeepActivityPrivate && actorID != opts.RequestedUser.ID { - return make([]*Action, 0), nil + if opts.RequestedUser.IsOrganization() { + env, err := opts.RequestedUser.AccessibleReposEnv(actorID) + if err != nil { + return nil, fmt.Errorf("AccessibleReposEnv: %v", err) + } + if repoIDs, err = env.RepoIDs(1, opts.RequestedUser.NumRepos); err != nil { + return nil, fmt.Errorf("GetUserRepositories: %v", err) + } + cond = cond.And(builder.In("repo_id", repoIDs)) + } else { + cond = cond.And(builder.In("repo_id", AccessibleRepoIDsQuery(opts.Actor))) } } @@ -335,20 +366,9 @@ func GetFeeds(opts GetFeedsOptions) ([]*Action, error) { if !opts.IncludePrivate { cond = cond.And(builder.Eq{"is_private": false}) } - if !opts.IncludeDeleted { cond = cond.And(builder.Eq{"is_deleted": false}) } - actions := make([]*Action, 0, setting.UI.FeedPagingNum) - - if err := x.Limit(setting.UI.FeedPagingNum).Desc("id").Where(cond).Find(&actions); err != nil { - return nil, fmt.Errorf("Find: %v", err) - } - - if err := ActionList(actions).LoadAttributes(); err != nil { - return nil, fmt.Errorf("LoadAttributes: %v", err) - } - - return actions, nil + return cond, nil } |