Merge pull request #960 from phsmit/access_action
Fix that owners also see actions on their repositoriesrelease/v1.15
commit
f92bfabf86
|
@ -103,9 +103,14 @@ func Dashboard(ctx *middleware.Context) {
|
|||
feeds := make([]*models.Action, 0, len(actions))
|
||||
for _, act := range actions {
|
||||
if act.IsPrivate {
|
||||
if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ACCESS_MODE_READ); !has {
|
||||
continue
|
||||
// This prevents having to retrieve the repository for each action
|
||||
repo := &models.Repository{Id: act.RepoId, IsPrivate: true}
|
||||
if act.RepoUserName != ctx.User.LowerName {
|
||||
if has, _ := models.HasAccess(ctx.User, repo, models.ACCESS_MODE_READ); !has {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
// FIXME: cache results?
|
||||
u, err := models.GetUserByName(act.ActUserName)
|
||||
|
@ -210,13 +215,14 @@ func Profile(ctx *middleware.Context) {
|
|||
if !ctx.IsSigned {
|
||||
continue
|
||||
}
|
||||
if has, _ := models.HasAccess(ctx.User,
|
||||
&models.Repository{
|
||||
Id: act.RepoId,
|
||||
IsPrivate: true,
|
||||
}, models.ACCESS_MODE_READ); !has {
|
||||
continue
|
||||
// This prevents having to retrieve the repository for each action
|
||||
repo := &models.Repository{Id: act.RepoId, IsPrivate: true}
|
||||
if act.RepoUserName != ctx.User.LowerName {
|
||||
if has, _ := models.HasAccess(ctx.User, repo, models.ACCESS_MODE_READ); !has {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
// FIXME: cache results?
|
||||
u, err := models.GetUserByName(act.ActUserName)
|
||||
|
|
Loading…
Reference in New Issue