aboutsummaryrefslogtreecommitdiffstats
path: root/models/user
diff options
context:
space:
mode:
authorKN4CK3R <admin@oldschoolhack.me>2022-07-28 05:59:39 +0200
committerGitHub <noreply@github.com>2022-07-28 11:59:39 +0800
commit86e5268c396bd89716b2617a4949837982c1b0c3 (patch)
treea01a04c069644694470c3159ce3daed94436ef08 /models/user
parent4604048010347ea946ae57628d694a631787ab17 (diff)
downloadgitea-86e5268c396bd89716b2617a4949837982c1b0c3.tar.gz
gitea-86e5268c396bd89716b2617a4949837982c1b0c3.zip
Add Docker /v2/_catalog endpoint (#20469)
* Added properties for packages. * Fixed authenticate header format. * Added _catalog endpoint. * Check owner visibility. * Extracted condition. * Added test for _catalog. Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'models/user')
-rw-r--r--models/user/search.go42
1 files changed, 24 insertions, 18 deletions
diff --git a/models/user/search.go b/models/user/search.go
index 76ff55ea26..f8e6c89f06 100644
--- a/models/user/search.go
+++ b/models/user/search.go
@@ -58,24 +58,7 @@ func (opts *SearchUserOptions) toSearchQueryBase() *xorm.Session {
cond = cond.And(builder.In("visibility", opts.Visible))
}
- if opts.Actor != nil {
- // If Admin - they see all users!
- if !opts.Actor.IsAdmin {
- // Users can see an organization they are a member of
- accessCond := builder.In("id", builder.Select("org_id").From("org_user").Where(builder.Eq{"uid": opts.Actor.ID}))
- if !opts.Actor.IsRestricted {
- // Not-Restricted users can see public and limited users/organizations
- accessCond = accessCond.Or(builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))
- }
- // Don't forget about self
- accessCond = accessCond.Or(builder.Eq{"id": opts.Actor.ID})
- cond = cond.And(accessCond)
- }
- } else {
- // Force visibility for privacy
- // Not logged in - only public users
- cond = cond.And(builder.In("visibility", structs.VisibleTypePublic))
- }
+ cond = cond.And(BuildCanSeeUserCondition(opts.Actor))
if opts.UID > 0 {
cond = cond.And(builder.Eq{"id": opts.UID})
@@ -163,3 +146,26 @@ func IterateUser(f func(user *User) error) error {
}
}
}
+
+// BuildCanSeeUserCondition creates a condition which can be used to restrict results to users/orgs the actor can see
+func BuildCanSeeUserCondition(actor *User) builder.Cond {
+ if actor != nil {
+ // If Admin - they see all users!
+ if !actor.IsAdmin {
+ // Users can see an organization they are a member of
+ cond := builder.In("`user`.id", builder.Select("org_id").From("org_user").Where(builder.Eq{"uid": actor.ID}))
+ if !actor.IsRestricted {
+ // Not-Restricted users can see public and limited users/organizations
+ cond = cond.Or(builder.In("`user`.visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))
+ }
+ // Don't forget about self
+ return cond.Or(builder.Eq{"`user`.id": actor.ID})
+ }
+
+ return nil
+ }
+
+ // Force visibility for privacy
+ // Not logged in - only public users
+ return builder.In("`user`.visibility", structs.VisibleTypePublic)
+}