diff options
author | KN4CK3R <admin@oldschoolhack.me> | 2022-07-28 05:59:39 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-28 11:59:39 +0800 |
commit | 86e5268c396bd89716b2617a4949837982c1b0c3 (patch) | |
tree | a01a04c069644694470c3159ce3daed94436ef08 /models/user | |
parent | 4604048010347ea946ae57628d694a631787ab17 (diff) | |
download | gitea-86e5268c396bd89716b2617a4949837982c1b0c3.tar.gz gitea-86e5268c396bd89716b2617a4949837982c1b0c3.zip |
Add Docker /v2/_catalog endpoint (#20469)
* Added properties for packages.
* Fixed authenticate header format.
* Added _catalog endpoint.
* Check owner visibility.
* Extracted condition.
* Added test for _catalog.
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'models/user')
-rw-r--r-- | models/user/search.go | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/models/user/search.go b/models/user/search.go index 76ff55ea26..f8e6c89f06 100644 --- a/models/user/search.go +++ b/models/user/search.go @@ -58,24 +58,7 @@ func (opts *SearchUserOptions) toSearchQueryBase() *xorm.Session { cond = cond.And(builder.In("visibility", opts.Visible)) } - if opts.Actor != nil { - // If Admin - they see all users! - if !opts.Actor.IsAdmin { - // Users can see an organization they are a member of - accessCond := builder.In("id", builder.Select("org_id").From("org_user").Where(builder.Eq{"uid": opts.Actor.ID})) - if !opts.Actor.IsRestricted { - // Not-Restricted users can see public and limited users/organizations - accessCond = accessCond.Or(builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited)) - } - // Don't forget about self - accessCond = accessCond.Or(builder.Eq{"id": opts.Actor.ID}) - cond = cond.And(accessCond) - } - } else { - // Force visibility for privacy - // Not logged in - only public users - cond = cond.And(builder.In("visibility", structs.VisibleTypePublic)) - } + cond = cond.And(BuildCanSeeUserCondition(opts.Actor)) if opts.UID > 0 { cond = cond.And(builder.Eq{"id": opts.UID}) @@ -163,3 +146,26 @@ func IterateUser(f func(user *User) error) error { } } } + +// BuildCanSeeUserCondition creates a condition which can be used to restrict results to users/orgs the actor can see +func BuildCanSeeUserCondition(actor *User) builder.Cond { + if actor != nil { + // If Admin - they see all users! + if !actor.IsAdmin { + // Users can see an organization they are a member of + cond := builder.In("`user`.id", builder.Select("org_id").From("org_user").Where(builder.Eq{"uid": actor.ID})) + if !actor.IsRestricted { + // Not-Restricted users can see public and limited users/organizations + cond = cond.Or(builder.In("`user`.visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited)) + } + // Don't forget about self + return cond.Or(builder.Eq{"`user`.id": actor.ID}) + } + + return nil + } + + // Force visibility for privacy + // Not logged in - only public users + return builder.In("`user`.visibility", structs.VisibleTypePublic) +} |