Allow all members of private orgs to see public repos (#11442) (#11459)

* Allow all members of private orgs to see public repos (#11442)

Backport (#11442)

Allow all members of private orgs to see public repos

Fix #10144

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update models/repo_list.go

* Oops missed the repos we own!

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2020-05-17 23:53:09 +01:00 committed by GitHub
parent 2cb3db2d20
commit 42a46cff35
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 25 deletions

View File

@ -340,41 +340,39 @@ func SearchRepositoryByCondition(opts *SearchRepoOptions, cond builder.Cond) (Re
// accessibleRepositoryCondition takes a user a returns a condition for checking if a repository is accessible // accessibleRepositoryCondition takes a user a returns a condition for checking if a repository is accessible
func accessibleRepositoryCondition(userID int64) builder.Cond { func accessibleRepositoryCondition(userID int64) builder.Cond {
if userID <= 0 { if userID <= 0 {
// Public repositories that are not in private or limited organizations
return builder.And( return builder.And(
builder.Eq{"`repository`.is_private": false}, builder.Eq{"`repository`.is_private": false},
builder.Or( builder.NotIn("`repository`.owner_id",
// A. Aren't in organisations __OR__ builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization}).And(builder.Neq{"visibility": structs.VisibleTypePublic})))
builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization})),
// B. Is a public organisation.
builder.In("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"visibility": structs.VisibleTypePublic}))),
)
} }
return builder.Or( return builder.Or(
// 1. Be able to see all non-private repositories that either: // 1. All public repositories that are not in private organizations
builder.And( builder.And(
builder.Eq{"`repository`.is_private": false}, builder.Eq{"`repository`.is_private": false},
builder.Or( builder.NotIn("`repository`.owner_id",
// A. Aren't in organisations __OR__ builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization}).And(builder.Eq{"visibility": structs.VisibleTypePrivate}))),
builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization})), // 2. Be able to see all repositories that we own
// B. Isn't a private organisation. (Limited is OK because we're logged in) builder.Eq{"`repository`.owner_id": userID},
builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"visibility": structs.VisibleTypePrivate}))), // 3. Be able to see all repositories that we have access to
), builder.In("`repository`.id", builder.Select("repo_id").
// 2. Be able to see all repositories that we have access to From("`access`").
builder.Or( Where(builder.And(
builder.In("`repository`.id", builder.Select("repo_id"). builder.Eq{"user_id": userID},
From("`access`"). builder.Gt{"mode": int(AccessModeNone)}))),
Where(builder.And( // 4. Be able to see all repositories that we are in a team
builder.Eq{"user_id": userID},
builder.Gt{"mode": int(AccessModeNone)}))),
builder.In("`repository`.id", builder.Select("id").
From("`repository`").
Where(builder.Eq{"owner_id": userID}))),
// 3. Be able to see all repositories that we are in a team
builder.In("`repository`.id", builder.Select("`team_repo`.repo_id"). builder.In("`repository`.id", builder.Select("`team_repo`.repo_id").
From("team_repo"). From("team_repo").
Where(builder.Eq{"`team_user`.uid": userID}). Where(builder.Eq{"`team_user`.uid": userID}).
Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id"))) Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id")),
// 5. Be able to see all public repos in private organizations that we are an org_user of
builder.And(builder.Eq{"`repository`.is_private": false},
builder.In("`repository`.owner_id",
builder.Select("`org_user`.org_id").
From("org_user").
Where(builder.Eq{"`org_user`.uid": userID}))),
)
} }
// SearchRepositoryByName takes keyword and part of repository name to search, // SearchRepositoryByName takes keyword and part of repository name to search,