Only show activities for repositories on dashboard, that the user has access to

This commit is contained in:
Florian Kaiser 2016-02-06 07:52:21 +00:00
parent 90e9e3c89d
commit 45db167f7a
3 changed files with 24 additions and 7 deletions

View File

@ -593,12 +593,29 @@ func MergePullRequestAction(actUser *User, repo *Repository, pull *Issue) error
} }
// GetFeeds returns action list of given user in given context. // GetFeeds returns action list of given user in given context.
func GetFeeds(uid, offset int64, isProfile bool) ([]*Action, error) { // ctxUserID is the user who's requesting, userID is the user/org that is requested.
// ctxUserID can be -1, if isProfile is true or in order to skip the permission check.
func GetFeeds(ctxUserID, userID, offset int64, isProfile bool) ([]*Action, error) {
actions := make([]*Action, 0, 20) actions := make([]*Action, 0, 20)
sess := x.Limit(20, int(offset)).Desc("id").Where("user_id=?", uid) sess := x.Limit(20, int(offset)).Desc("id").Where("user_id=?", userID)
if isProfile { if isProfile {
sess.And("is_private=?", false).And("act_user_id=?", uid) sess.And("is_private=?", false).And("act_user_id=?", userID)
} else if ctxUserID != -1 {
ctxUser := &User{Id: userID}
if err := ctxUser.GetUserRepositories(ctxUserID); err != nil {
return nil, err
} }
var repoIDs []int64
for _, repo := range ctxUser.Repos {
repoIDs = append(repoIDs, repo.ID)
}
if len(repoIDs) > 0 {
sess.In("repo_id", repoIDs)
}
}
err := sess.Find(&actions) err := sess.Find(&actions)
return actions, err return actions, err
} }

View File

@ -51,8 +51,8 @@ func getDashboardContextUser(ctx *middleware.Context) *models.User {
return ctxUser return ctxUser
} }
func retrieveFeeds(ctx *middleware.Context, uid, offset int64, isProfile bool) { func retrieveFeeds(ctx *middleware.Context, ctxUserID, userID, offset int64, isProfile bool) {
actions, err := models.GetFeeds(uid, offset, isProfile) actions, err := models.GetFeeds(ctxUserID, userID, offset, isProfile)
if err != nil { if err != nil {
ctx.Handle(500, "GetFeeds", err) ctx.Handle(500, "GetFeeds", err)
return return
@ -140,7 +140,7 @@ func Dashboard(ctx *middleware.Context) {
ctx.Data["MirrorCount"] = len(mirrors) ctx.Data["MirrorCount"] = len(mirrors)
ctx.Data["Mirrors"] = mirrors ctx.Data["Mirrors"] = mirrors
retrieveFeeds(ctx, ctxUser.Id, 0, false) retrieveFeeds(ctx, ctx.User.Id, ctxUser.Id, 0, false)
if ctx.Written() { if ctx.Written() {
return return
} }

View File

@ -86,7 +86,7 @@ func Profile(ctx *middleware.Context) {
ctx.Data["TabName"] = tab ctx.Data["TabName"] = tab
switch tab { switch tab {
case "activity": case "activity":
retrieveFeeds(ctx, u.Id, 0, true) retrieveFeeds(ctx, -1, u.Id, 0, true)
if ctx.Written() { if ctx.Written() {
return return
} }