diff options
author | Norwin <noerw@users.noreply.github.com> | 2020-12-22 02:53:37 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-22 03:53:37 +0100 |
commit | f6bec8529697bdb89ebcd0901ba093f06aa9ac46 (patch) | |
tree | d742367805a8296411211d5157c505f252f24dbf /routers | |
parent | 2c9dd71140474b1f83f068bece40b25e94240ab4 (diff) | |
download | gitea-f6bec8529697bdb89ebcd0901ba093f06aa9ac46.tar.gz gitea-f6bec8529697bdb89ebcd0901ba093f06aa9ac46.zip |
rework heatmap permissions (#14080)
* now uses the same permission model as for the activity feed:
only include activities in repos, that the doer has access to.
this might be somewhat slower.
* also improves handling of user.KeepActivityPrivate (still shows
the heatmap to self & admins)
* extend tests
* adjust integration test to new behaviour
* add access to actions for admins
* extend heatmap unit tests
Diffstat (limited to 'routers')
-rw-r--r-- | routers/api/v1/user/user.go | 2 | ||||
-rw-r--r-- | routers/user/home.go | 2 | ||||
-rw-r--r-- | routers/user/profile.go | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/routers/api/v1/user/user.go b/routers/api/v1/user/user.go index b552c1353a..07d5e9112b 100644 --- a/routers/api/v1/user/user.go +++ b/routers/api/v1/user/user.go @@ -166,7 +166,7 @@ func GetUserHeatmapData(ctx *context.APIContext) { return } - heatmap, err := models.GetUserHeatmapDataByUser(user) + heatmap, err := models.GetUserHeatmapDataByUser(user, ctx.User) if err != nil { ctx.Error(http.StatusInternalServerError, "GetUserHeatmapDataByUser", err) return diff --git a/routers/user/home.go b/routers/user/home.go index 46532f82b9..92a9138475 100644 --- a/routers/user/home.go +++ b/routers/user/home.go @@ -115,7 +115,7 @@ func Dashboard(ctx *context.Context) { // no heatmap access for admins; GetUserHeatmapDataByUser ignores the calling user // so everyone would get the same empty heatmap if setting.Service.EnableUserHeatmap && !ctxUser.KeepActivityPrivate { - data, err := models.GetUserHeatmapDataByUser(ctxUser) + data, err := models.GetUserHeatmapDataByUser(ctxUser, ctx.User) if err != nil { ctx.ServerError("GetUserHeatmapDataByUser", err) return diff --git a/routers/user/profile.go b/routers/user/profile.go index 36f3d0735d..bd5b359272 100644 --- a/routers/user/profile.go +++ b/routers/user/profile.go @@ -98,7 +98,7 @@ func Profile(ctx *context.Context) { // no heatmap access for admins; GetUserHeatmapDataByUser ignores the calling user // so everyone would get the same empty heatmap if setting.Service.EnableUserHeatmap && !ctxUser.KeepActivityPrivate { - data, err := models.GetUserHeatmapDataByUser(ctxUser) + data, err := models.GetUserHeatmapDataByUser(ctxUser, ctx.User) if err != nil { ctx.ServerError("GetUserHeatmapDataByUser", err) return |