Merge pull request #960 from phsmit/access_action

Fix that owners also see actions on their repositories
release/v1.15
无闻 2015-02-23 13:51:02 -05:00
commit f92bfabf86
1 changed files with 14 additions and 8 deletions

View File

@ -103,9 +103,14 @@ func Dashboard(ctx *middleware.Context) {
feeds := make([]*models.Action, 0, len(actions)) feeds := make([]*models.Action, 0, len(actions))
for _, act := range actions { for _, act := range actions {
if act.IsPrivate { if act.IsPrivate {
if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ACCESS_MODE_READ); !has { // This prevents having to retrieve the repository for each action
continue repo := &models.Repository{Id: act.RepoId, IsPrivate: true}
if act.RepoUserName != ctx.User.LowerName {
if has, _ := models.HasAccess(ctx.User, repo, models.ACCESS_MODE_READ); !has {
continue
}
} }
} }
// FIXME: cache results? // FIXME: cache results?
u, err := models.GetUserByName(act.ActUserName) u, err := models.GetUserByName(act.ActUserName)
@ -210,13 +215,14 @@ func Profile(ctx *middleware.Context) {
if !ctx.IsSigned { if !ctx.IsSigned {
continue continue
} }
if has, _ := models.HasAccess(ctx.User, // This prevents having to retrieve the repository for each action
&models.Repository{ repo := &models.Repository{Id: act.RepoId, IsPrivate: true}
Id: act.RepoId, if act.RepoUserName != ctx.User.LowerName {
IsPrivate: true, if has, _ := models.HasAccess(ctx.User, repo, models.ACCESS_MODE_READ); !has {
}, models.ACCESS_MODE_READ); !has { continue
continue }
} }
} }
// FIXME: cache results? // FIXME: cache results?
u, err := models.GetUserByName(act.ActUserName) u, err := models.GetUserByName(act.ActUserName)