Merge pull request #960 from phsmit/access_action

Fix that owners also see actions on their repositories
release/v1.15
无闻 2015-02-23 13:51:02 -05:00
commit f92bfabf86
1 changed files with 14 additions and 8 deletions

View File

@ -103,10 +103,15 @@ func Dashboard(ctx *middleware.Context) {
feeds := make([]*models.Action, 0, len(actions))
for _, act := range actions {
if act.IsPrivate {
if has, _ := models.HasAccess(ctx.User, &models.Repository{Id: act.RepoId, IsPrivate: true}, models.ACCESS_MODE_READ); !has {
// This prevents having to retrieve the repository for each action
repo := &models.Repository{Id: act.RepoId, IsPrivate: true}
if act.RepoUserName != ctx.User.LowerName {
if has, _ := models.HasAccess(ctx.User, repo, models.ACCESS_MODE_READ); !has {
continue
}
}
}
// FIXME: cache results?
u, err := models.GetUserByName(act.ActUserName)
if err != nil {
@ -210,14 +215,15 @@ func Profile(ctx *middleware.Context) {
if !ctx.IsSigned {
continue
}
if has, _ := models.HasAccess(ctx.User,
&models.Repository{
Id: act.RepoId,
IsPrivate: true,
}, models.ACCESS_MODE_READ); !has {
// This prevents having to retrieve the repository for each action
repo := &models.Repository{Id: act.RepoId, IsPrivate: true}
if act.RepoUserName != ctx.User.LowerName {
if has, _ := models.HasAccess(ctx.User, repo, models.ACCESS_MODE_READ); !has {
continue
}
}
}
// FIXME: cache results?
u, err := models.GetUserByName(act.ActUserName)
if err != nil {