Simplify visibility checks (#20406)
Was looking into the visibility checks because I need them for something different and noticed the checks are more complicated than they have to be. The rule is just: user/org is visible if - The doer is a member of the org, regardless of the org visibility - The doer is not restricted and the user/org is public or limited
This commit is contained in:
		
							parent
							
								
									e5ef7c2a91
								
							
						
					
					
						commit
						7690de56f7
					
				
					 1 changed files with 4 additions and 11 deletions
				
			
		|  | @ -59,25 +59,18 @@ func (opts *SearchUserOptions) toSearchQueryBase() *xorm.Session { | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	if opts.Actor != nil { | 	if opts.Actor != nil { | ||||||
| 		exprCond := builder.Expr("org_user.org_id = `user`.id") |  | ||||||
| 
 |  | ||||||
| 		// If Admin - they see all users! | 		// If Admin - they see all users! | ||||||
| 		if !opts.Actor.IsAdmin { | 		if !opts.Actor.IsAdmin { | ||||||
| 			// Force visibility for privacy | 			// Users can see an organization they are a member of | ||||||
| 			var accessCond builder.Cond | 			accessCond := builder.In("id", builder.Select("org_id").From("org_user").Where(builder.Eq{"uid": opts.Actor.ID})) | ||||||
| 			if !opts.Actor.IsRestricted { | 			if !opts.Actor.IsRestricted { | ||||||
| 				accessCond = builder.Or( | 				// Not-Restricted users can see public and limited users/organizations | ||||||
| 					builder.In("id", builder.Select("org_id").From("org_user").LeftJoin("`user`", exprCond).Where(builder.And(builder.Eq{"uid": opts.Actor.ID}, builder.Eq{"visibility": structs.VisibleTypePrivate}))), | 				accessCond = accessCond.Or(builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited)) | ||||||
| 					builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited)) |  | ||||||
| 			} else { |  | ||||||
| 				// restricted users only see orgs they are a member of |  | ||||||
| 				accessCond = builder.In("id", builder.Select("org_id").From("org_user").LeftJoin("`user`", exprCond).Where(builder.And(builder.Eq{"uid": opts.Actor.ID}))) |  | ||||||
| 			} | 			} | ||||||
| 			// Don't forget about self | 			// Don't forget about self | ||||||
| 			accessCond = accessCond.Or(builder.Eq{"id": opts.Actor.ID}) | 			accessCond = accessCond.Or(builder.Eq{"id": opts.Actor.ID}) | ||||||
| 			cond = cond.And(accessCond) | 			cond = cond.And(accessCond) | ||||||
| 		} | 		} | ||||||
| 
 |  | ||||||
| 	} else { | 	} else { | ||||||
| 		// Force visibility for privacy | 		// Force visibility for privacy | ||||||
| 		// Not logged in - only public users | 		// Not logged in - only public users | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue
	
	 KN4CK3R
						KN4CK3R