From 86e5268c396bd89716b2617a4949837982c1b0c3 Mon Sep 17 00:00:00 2001 From: KN4CK3R Date: Thu, 28 Jul 2022 05:59:39 +0200 Subject: Add Docker /v2/_catalog endpoint (#20469) * Added properties for packages. * Fixed authenticate header format. * Added _catalog endpoint. * Check owner visibility. * Extracted condition. * Added test for _catalog. Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao Co-authored-by: Lauris BH Co-authored-by: wxiaoguang --- models/user/search.go | 42 ++++++++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 18 deletions(-) (limited to 'models/user') diff --git a/models/user/search.go b/models/user/search.go index 76ff55ea26..f8e6c89f06 100644 --- a/models/user/search.go +++ b/models/user/search.go @@ -58,24 +58,7 @@ func (opts *SearchUserOptions) toSearchQueryBase() *xorm.Session { cond = cond.And(builder.In("visibility", opts.Visible)) } - if opts.Actor != nil { - // If Admin - they see all users! - if !opts.Actor.IsAdmin { - // Users can see an organization they are a member of - accessCond := builder.In("id", builder.Select("org_id").From("org_user").Where(builder.Eq{"uid": opts.Actor.ID})) - if !opts.Actor.IsRestricted { - // Not-Restricted users can see public and limited users/organizations - accessCond = accessCond.Or(builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited)) - } - // Don't forget about self - accessCond = accessCond.Or(builder.Eq{"id": opts.Actor.ID}) - cond = cond.And(accessCond) - } - } else { - // Force visibility for privacy - // Not logged in - only public users - cond = cond.And(builder.In("visibility", structs.VisibleTypePublic)) - } + cond = cond.And(BuildCanSeeUserCondition(opts.Actor)) if opts.UID > 0 { cond = cond.And(builder.Eq{"id": opts.UID}) @@ -163,3 +146,26 @@ func IterateUser(f func(user *User) error) error { } } } + +// BuildCanSeeUserCondition creates a condition which can be used to restrict results to users/orgs the actor can see +func BuildCanSeeUserCondition(actor *User) builder.Cond { + if actor != nil { + // If Admin - they see all users! + if !actor.IsAdmin { + // Users can see an organization they are a member of + cond := builder.In("`user`.id", builder.Select("org_id").From("org_user").Where(builder.Eq{"uid": actor.ID})) + if !actor.IsRestricted { + // Not-Restricted users can see public and limited users/organizations + cond = cond.Or(builder.In("`user`.visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited)) + } + // Don't forget about self + return cond.Or(builder.Eq{"`user`.id": actor.ID}) + } + + return nil + } + + // Force visibility for privacy + // Not logged in - only public users + return builder.In("`user`.visibility", structs.VisibleTypePublic) +} -- cgit v1.2.3