mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-10 12:15:43 +01:00
Only show repositories the user has access to, on the organization home
This commit is contained in:
parent
8436d69eaf
commit
5eafe2b17e
2 changed files with 42 additions and 6 deletions
|
@ -9,6 +9,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
"github.com/go-xorm/xorm"
|
"github.com/go-xorm/xorm"
|
||||||
)
|
)
|
||||||
|
@ -1028,3 +1029,39 @@ func removeOrgRepo(e Engine, orgID, repoID int64) error {
|
||||||
func RemoveOrgRepo(orgID, repoID int64) error {
|
func RemoveOrgRepo(orgID, repoID int64) error {
|
||||||
return removeOrgRepo(x, orgID, repoID)
|
return removeOrgRepo(x, orgID, repoID)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (org *User) getUserRepositories(userID int64) (err error) {
|
||||||
|
teams := make([]*Team, 0, 10)
|
||||||
|
if err := x.Cols("`team`.id").
|
||||||
|
Where("`team_user`.org_id=?", org.Id).
|
||||||
|
And("`team_user`.uid=?", userID).
|
||||||
|
Join("INNER", "`team_user`", "`team_user`.team_id=`team`.id").
|
||||||
|
Find(&teams); err != nil {
|
||||||
|
return fmt.Errorf("get team: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
var teamIDs []string
|
||||||
|
for _, team := range teams {
|
||||||
|
s := strconv.FormatInt(team.ID, 32)
|
||||||
|
teamIDs = append(teamIDs, s)
|
||||||
|
}
|
||||||
|
|
||||||
|
// The "in" clause it not vulnerable to SQL injection because we
|
||||||
|
// convert it from int64 a few lines above. Sadly, xorm does not support
|
||||||
|
// "in" clauses as a function, so we have to build our own (for now).
|
||||||
|
if err := x.Cols("`repository`.*").
|
||||||
|
Where("`team_repo`.team_id in (" + strings.Join(teamIDs, ",") + ")").
|
||||||
|
Join("INNER", "`team_repo`", "`team_repo`.repo_id=`repository`.id").
|
||||||
|
GroupBy("`repository`.id").
|
||||||
|
Find(&org.Repos); err != nil {
|
||||||
|
return fmt.Errorf("get repositories: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetUserRepositories gets all repositories of an organization,
|
||||||
|
// that the user with the given userID has access to.
|
||||||
|
func (org *User) GetUserRepositories(userID int64) (err error) {
|
||||||
|
return org.getUserRepositories(userID)
|
||||||
|
}
|
||||||
|
|
|
@ -314,20 +314,19 @@ func showOrgProfile(ctx *middleware.Context) {
|
||||||
org := ctx.Org.Organization
|
org := ctx.Org.Organization
|
||||||
ctx.Data["Title"] = org.FullName
|
ctx.Data["Title"] = org.FullName
|
||||||
|
|
||||||
repos, err := models.GetRepositories(org.Id, ctx.IsSigned && (ctx.User.IsAdmin || org.IsOrgMember(ctx.User.Id)))
|
if err := org.GetUserRepositories(ctx.User.Id); err != nil {
|
||||||
if err != nil {
|
ctx.Handle(500, "GetUserRepositories", err)
|
||||||
ctx.Handle(500, "GetRepositories", err)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ctx.Data["Repos"] = repos
|
ctx.Data["Repos"] = org.Repos
|
||||||
|
|
||||||
if err = org.GetMembers(); err != nil {
|
if err := org.GetMembers(); err != nil {
|
||||||
ctx.Handle(500, "GetMembers", err)
|
ctx.Handle(500, "GetMembers", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ctx.Data["Members"] = org.Members
|
ctx.Data["Members"] = org.Members
|
||||||
|
|
||||||
if err = org.GetTeams(); err != nil {
|
if err := org.GetTeams(); err != nil {
|
||||||
ctx.Handle(500, "GetTeams", err)
|
ctx.Handle(500, "GetTeams", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue