diff options
| author | Norwin <noerw@users.noreply.github.com> | 2020-12-22 02:53:37 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-22 03:53:37 +0100 |
| commit | f6bec8529697bdb89ebcd0901ba093f06aa9ac46 (patch) | |
| tree | d742367805a8296411211d5157c505f252f24dbf /models/user_heatmap.go | |
| parent | 2c9dd71140474b1f83f068bece40b25e94240ab4 (diff) | |
| download | gitea-f6bec8529697bdb89ebcd0901ba093f06aa9ac46.tar.gz gitea-f6bec8529697bdb89ebcd0901ba093f06aa9ac46.zip | |
rework heatmap permissions (#14080)
* now uses the same permission model as for the activity feed:
only include activities in repos, that the doer has access to.
this might be somewhat slower.
* also improves handling of user.KeepActivityPrivate (still shows
the heatmap to self & admins)
* extend tests
* adjust integration test to new behaviour
* add access to actions for admins
* extend heatmap unit tests
Diffstat (limited to 'models/user_heatmap.go')
| -rw-r--r-- | models/user_heatmap.go | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/models/user_heatmap.go b/models/user_heatmap.go index ce3ec029ca..425817e6d1 100644 --- a/models/user_heatmap.go +++ b/models/user_heatmap.go @@ -16,10 +16,10 @@ type UserHeatmapData struct { } // GetUserHeatmapDataByUser returns an array of UserHeatmapData -func GetUserHeatmapDataByUser(user *User) ([]*UserHeatmapData, error) { +func GetUserHeatmapDataByUser(user *User, doer *User) ([]*UserHeatmapData, error) { hdata := make([]*UserHeatmapData, 0) - if user.KeepActivityPrivate { + if !activityReadable(user, doer) { return hdata, nil } @@ -37,22 +37,26 @@ func GetUserHeatmapDataByUser(user *User) ([]*UserHeatmapData, error) { groupByName = groupBy } - sess := x.Select(groupBy+" AS timestamp, count(user_id) as contributions"). - Table("action"). - Where("user_id = ?", user.ID). - And("created_unix > ?", (timeutil.TimeStampNow() - 31536000)) - - // * Heatmaps for individual users only include actions that the user themself - // did. - // * For organizations actions by all users that were made in owned - // repositories are counted. - if user.Type == UserTypeIndividual { - sess = sess.And("act_user_id = ?", user.ID) + cond, err := activityQueryCondition(GetFeedsOptions{ + RequestedUser: user, + Actor: doer, + IncludePrivate: true, // don't filter by private, as we already filter by repo access + IncludeDeleted: true, + // * Heatmaps for individual users only include actions that the user themself did. + // * For organizations actions by all users that were made in owned + // repositories are counted. + OnlyPerformedBy: !user.IsOrganization(), + }) + if err != nil { + return nil, err } - err := sess.GroupBy(groupByName). + return hdata, x. + Select(groupBy+" AS timestamp, count(user_id) as contributions"). + Table("action"). + Where(cond). + And("created_unix > ?", (timeutil.TimeStampNow() - 31536000)). + GroupBy(groupByName). OrderBy("timestamp"). Find(&hdata) - - return hdata, err } |