diff options
author | Gusted <williamzijl7@hotmail.com> | 2022-08-21 18:24:05 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-21 17:24:05 +0100 |
commit | 0b4c166e8a90beeb1e71ee2fc16b3a240517c82d (patch) | |
tree | 607869cf2ed3caf90cb9981ab04a8fbba8e58043 /models/organization/team.go | |
parent | 6d3181406d87503dbd15e4a7c764c8963f13977f (diff) | |
download | gitea-0b4c166e8a90beeb1e71ee2fc16b3a240517c82d.tar.gz gitea-0b4c166e8a90beeb1e71ee2fc16b3a240517c82d.zip |
Fix SQL Query for `SearchTeam` (#20844)
- Currently the function takes in the `UserID` option, but isn't being
used within the SQL query. This patch fixes that by checking that only
teams are being returned that the user belongs to.
Fix #20829
Co-authored-by: delvh <dev.lh@web.de>
Diffstat (limited to 'models/organization/team.go')
-rw-r--r-- | models/organization/team.go | 37 |
1 files changed, 25 insertions, 12 deletions
diff --git a/models/organization/team.go b/models/organization/team.go index 0b53c84d67..6787b9e0fa 100644 --- a/models/organization/team.go +++ b/models/organization/team.go @@ -96,16 +96,7 @@ type SearchTeamOptions struct { IncludeDesc bool } -// SearchTeam search for teams. Caller is responsible to check permissions. -func SearchTeam(opts *SearchTeamOptions) ([]*Team, int64, error) { - if opts.Page <= 0 { - opts.Page = 1 - } - if opts.PageSize == 0 { - // Default limit - opts.PageSize = 10 - } - +func (opts *SearchTeamOptions) toCond() builder.Cond { cond := builder.NewCond() if len(opts.Keyword) > 0 { @@ -117,10 +108,28 @@ func SearchTeam(opts *SearchTeamOptions) ([]*Team, int64, error) { cond = cond.And(keywordCond) } - cond = cond.And(builder.Eq{"org_id": opts.OrgID}) + if opts.OrgID > 0 { + cond = cond.And(builder.Eq{"`team`.org_id": opts.OrgID}) + } + + if opts.UserID > 0 { + cond = cond.And(builder.Eq{"team_user.uid": opts.UserID}) + } + + return cond +} +// SearchTeam search for teams. Caller is responsible to check permissions. +func SearchTeam(opts *SearchTeamOptions) ([]*Team, int64, error) { sess := db.GetEngine(db.DefaultContext) + opts.SetDefaultValues() + cond := opts.toCond() + + if opts.UserID > 0 { + sess = sess.Join("INNER", "team_user", "team_user.team_id = team.id") + } + count, err := sess. Where(cond). Count(new(Team)) @@ -128,7 +137,10 @@ func SearchTeam(opts *SearchTeamOptions) ([]*Team, int64, error) { return nil, 0, err } - sess = sess.Where(cond) + if opts.UserID > 0 { + sess = sess.Join("INNER", "team_user", "team_user.team_id = team.id") + } + if opts.PageSize == -1 { opts.PageSize = int(count) } else { @@ -137,6 +149,7 @@ func SearchTeam(opts *SearchTeamOptions) ([]*Team, int64, error) { teams := make([]*Team, 0, opts.PageSize) if err = sess. + Where(cond). OrderBy("lower_name"). Find(&teams); err != nil { return nil, 0, err |