Everyone can see public repos

This commit is contained in:
Florian Kaiser 2016-01-31 18:13:39 +00:00
parent 9cf95e4e37
commit bba1847a8e
2 changed files with 27 additions and 8 deletions

View File

@ -9,6 +9,7 @@ import (
"fmt" "fmt"
"os" "os"
"strings" "strings"
"strconv"
"github.com/go-xorm/xorm" "github.com/go-xorm/xorm"
) )
@ -1039,14 +1040,24 @@ func (org *User) getUserRepositories(userID int64) (err error) {
return fmt.Errorf("getUserRepositories: get teams: %v", err) return fmt.Errorf("getUserRepositories: get teams: %v", err)
} }
var teamIDs []int64 var teamIDs []string
for _, team := range teams { for _, team := range teams {
teamIDs = append(teamIDs, team.ID) teamIDs = append(teamIDs, strconv.FormatInt(team.ID, 10))
}
if len(teamIDs) == 0 {
// user has no team but "IN ()" is invalid SQL
teamIDs = append(teamIDs, "0") // there is no repo with id=0
} }
// Due to a bug in xorm using IN() together with OR() is impossible.
// As a workaround, we have to build the IN statement on our own, until this is fixed.
// https://github.com/go-xorm/xorm/issues/342
if err := x.Cols("`repository`.*"). if err := x.Cols("`repository`.*").
In("`team_repo`.team_id", teamIDs).
Join("INNER", "`team_repo`", "`team_repo`.repo_id=`repository`.id"). Join("INNER", "`team_repo`", "`team_repo`.repo_id=`repository`.id").
Where("`repository`.owner_id=?", org.Id).
And("`repository`.is_private=?", false).
Or("`team_repo`.team_id=(?)", strings.Join(teamIDs, ",")).
GroupBy("`repository`.id"). GroupBy("`repository`.id").
Find(&org.Repos); err != nil { Find(&org.Repos); err != nil {
return fmt.Errorf("getUserRepositories: get repositories: %v", err) return fmt.Errorf("getUserRepositories: get repositories: %v", err)

View File

@ -312,14 +312,22 @@ func showOrgProfile(ctx *middleware.Context) {
} }
org := ctx.Org.Organization org := ctx.Org.Organization
userId := ctx.User.Id
ctx.Data["Title"] = org.FullName ctx.Data["Title"] = org.FullName
if err := org.GetUserRepositories(userId); err != nil { if ctx.IsSigned {
ctx.Handle(500, "GetUserRepositories", err) if err := org.GetUserRepositories(ctx.User.Id); err != nil {
return ctx.Handle(500, "GetUserRepositories", err)
return
}
ctx.Data["Repos"] = org.Repos
} else {
if repos, err := models.GetRepositories(org.Id, false); err != nil {
ctx.Handle(500, "GetRepositories", err)
return
} else {
ctx.Data["Repos"] = repos
}
} }
ctx.Data["Repos"] = org.Repos
if err := org.GetMembers(); err != nil { if err := org.GetMembers(); err != nil {
ctx.Handle(500, "GetMembers", err) ctx.Handle(500, "GetMembers", err)