Fix user visible check (#21210)
Fixes #21206 If user and viewer are equal the method should return true. Also the common organization check was wrong as `count` can never be less then 0. Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
parent
a196302472
commit
1b630ff7cd
9 changed files with 109 additions and 5 deletions
|
@ -124,3 +124,15 @@
|
||||||
repo_id: 24
|
repo_id: 24
|
||||||
mode: 1
|
mode: 1
|
||||||
|
|
||||||
|
-
|
||||||
|
id: 22
|
||||||
|
user_id: 31
|
||||||
|
repo_id: 27
|
||||||
|
mode: 4
|
||||||
|
|
||||||
|
-
|
||||||
|
id: 23
|
||||||
|
user_id: 31
|
||||||
|
repo_id: 28
|
||||||
|
mode: 4
|
||||||
|
|
||||||
|
|
|
@ -12,3 +12,8 @@
|
||||||
id: 3
|
id: 3
|
||||||
user_id: 2
|
user_id: 2
|
||||||
follow_id: 8
|
follow_id: 8
|
||||||
|
|
||||||
|
-
|
||||||
|
id: 4
|
||||||
|
user_id: 31
|
||||||
|
follow_id: 33
|
||||||
|
|
|
@ -69,3 +69,9 @@
|
||||||
uid: 2
|
uid: 2
|
||||||
org_id: 17
|
org_id: 17
|
||||||
is_public: true
|
is_public: true
|
||||||
|
|
||||||
|
-
|
||||||
|
id: 13
|
||||||
|
uid: 31
|
||||||
|
org_id: 19
|
||||||
|
is_public: true
|
||||||
|
|
|
@ -55,7 +55,7 @@
|
||||||
name: Owners
|
name: Owners
|
||||||
authorize: 4 # owner
|
authorize: 4 # owner
|
||||||
num_repos: 2
|
num_repos: 2
|
||||||
num_members: 1
|
num_members: 2
|
||||||
can_create_org_repo: true
|
can_create_org_repo: true
|
||||||
|
|
||||||
-
|
-
|
||||||
|
|
|
@ -87,3 +87,9 @@
|
||||||
org_id: 17
|
org_id: 17
|
||||||
team_id: 9
|
team_id: 9
|
||||||
uid: 29
|
uid: 29
|
||||||
|
|
||||||
|
-
|
||||||
|
id: 16
|
||||||
|
org_id: 19
|
||||||
|
team_id: 6
|
||||||
|
uid: 31
|
||||||
|
|
|
@ -345,7 +345,7 @@
|
||||||
avatar_email: user19@example.com
|
avatar_email: user19@example.com
|
||||||
num_repos: 2
|
num_repos: 2
|
||||||
is_active: true
|
is_active: true
|
||||||
num_members: 1
|
num_members: 2
|
||||||
num_teams: 1
|
num_teams: 1
|
||||||
|
|
||||||
-
|
-
|
||||||
|
@ -572,6 +572,8 @@
|
||||||
avatar: avatar31
|
avatar: avatar31
|
||||||
avatar_email: user31@example.com
|
avatar_email: user31@example.com
|
||||||
num_repos: 0
|
num_repos: 0
|
||||||
|
num_followers: 0
|
||||||
|
num_following: 1
|
||||||
is_active: true
|
is_active: true
|
||||||
|
|
||||||
-
|
-
|
||||||
|
@ -590,3 +592,23 @@
|
||||||
avatar_email: user30@example.com
|
avatar_email: user30@example.com
|
||||||
num_repos: 0
|
num_repos: 0
|
||||||
is_active: true
|
is_active: true
|
||||||
|
|
||||||
|
-
|
||||||
|
id: 33
|
||||||
|
lower_name: user33
|
||||||
|
name: user33
|
||||||
|
login_name: user33
|
||||||
|
full_name: User 33 (Limited Visibility)
|
||||||
|
email: user33@example.com
|
||||||
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
|
type: 0 # individual
|
||||||
|
salt: ZogKvWdyEx
|
||||||
|
is_admin: false
|
||||||
|
visibility: 1
|
||||||
|
avatar: avatar33
|
||||||
|
avatar_email: user33@example.com
|
||||||
|
num_repos: 0
|
||||||
|
num_followers: 1
|
||||||
|
num_following: 0
|
||||||
|
is_active: true
|
||||||
|
|
|
@ -1267,7 +1267,7 @@ func isUserVisibleToViewerCond(viewer *User) builder.Cond {
|
||||||
|
|
||||||
// IsUserVisibleToViewer check if viewer is able to see user profile
|
// IsUserVisibleToViewer check if viewer is able to see user profile
|
||||||
func IsUserVisibleToViewer(ctx context.Context, u, viewer *User) bool {
|
func IsUserVisibleToViewer(ctx context.Context, u, viewer *User) bool {
|
||||||
if viewer != nil && viewer.IsAdmin {
|
if viewer != nil && (viewer.IsAdmin || viewer.ID == u.ID) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1306,7 +1306,7 @@ func IsUserVisibleToViewer(ctx context.Context, u, viewer *User) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
if count < 0 {
|
if count == 0 {
|
||||||
// No common organization
|
// No common organization
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -400,3 +400,56 @@ func TestUnfollowUser(t *testing.T) {
|
||||||
|
|
||||||
unittest.CheckConsistencyFor(t, &user_model.User{})
|
unittest.CheckConsistencyFor(t, &user_model.User{})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestIsUserVisibleToViewer(t *testing.T) {
|
||||||
|
assert.NoError(t, unittest.PrepareTestDatabase())
|
||||||
|
|
||||||
|
user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) // admin, public
|
||||||
|
user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}) // normal, public
|
||||||
|
user20 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}) // public, same team as user31
|
||||||
|
user29 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 29}) // public, is restricted
|
||||||
|
user31 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 31}) // private, same team as user20
|
||||||
|
user33 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 33}) // limited, follows 31
|
||||||
|
|
||||||
|
test := func(u, viewer *user_model.User, expected bool) {
|
||||||
|
name := func(u *user_model.User) string {
|
||||||
|
if u == nil {
|
||||||
|
return "<nil>"
|
||||||
|
}
|
||||||
|
return u.Name
|
||||||
|
}
|
||||||
|
assert.Equal(t, expected, user_model.IsUserVisibleToViewer(db.DefaultContext, u, viewer), "user %v should be visible to viewer %v: %v", name(u), name(viewer), expected)
|
||||||
|
}
|
||||||
|
|
||||||
|
// admin viewer
|
||||||
|
test(user1, user1, true)
|
||||||
|
test(user20, user1, true)
|
||||||
|
test(user31, user1, true)
|
||||||
|
test(user33, user1, true)
|
||||||
|
|
||||||
|
// non admin viewer
|
||||||
|
test(user4, user4, true)
|
||||||
|
test(user20, user4, true)
|
||||||
|
test(user31, user4, false)
|
||||||
|
test(user33, user4, true)
|
||||||
|
test(user4, nil, true)
|
||||||
|
|
||||||
|
// public user
|
||||||
|
test(user4, user20, true)
|
||||||
|
test(user4, user31, true)
|
||||||
|
test(user4, user33, true)
|
||||||
|
|
||||||
|
// limited user
|
||||||
|
test(user33, user33, true)
|
||||||
|
test(user33, user4, true)
|
||||||
|
test(user33, user29, false)
|
||||||
|
test(user33, nil, false)
|
||||||
|
|
||||||
|
// private user
|
||||||
|
test(user31, user31, true)
|
||||||
|
test(user31, user4, false)
|
||||||
|
test(user31, user20, true)
|
||||||
|
test(user31, user29, false)
|
||||||
|
test(user31, user33, true)
|
||||||
|
test(user31, nil, false)
|
||||||
|
}
|
||||||
|
|
|
@ -32,7 +32,7 @@ func TestNodeinfo(t *testing.T) {
|
||||||
DecodeJSON(t, resp, &nodeinfo)
|
DecodeJSON(t, resp, &nodeinfo)
|
||||||
assert.True(t, nodeinfo.OpenRegistrations)
|
assert.True(t, nodeinfo.OpenRegistrations)
|
||||||
assert.Equal(t, "gitea", nodeinfo.Software.Name)
|
assert.Equal(t, "gitea", nodeinfo.Software.Name)
|
||||||
assert.Equal(t, 23, nodeinfo.Usage.Users.Total)
|
assert.Equal(t, 24, nodeinfo.Usage.Users.Total)
|
||||||
assert.Equal(t, 17, nodeinfo.Usage.LocalPosts)
|
assert.Equal(t, 17, nodeinfo.Usage.LocalPosts)
|
||||||
assert.Equal(t, 2, nodeinfo.Usage.LocalComments)
|
assert.Equal(t, 2, nodeinfo.Usage.LocalComments)
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue