Convert User expose ID each time (#12855) (#12883)

* Convert User expose ID each time (#12855)

* git blame tells me a lot of gitea things happen here around 2018, add header

* move user code int its own file

* expose user id

* adopt things from APIFormat

* fix test

* CI.restart()

* No Refactor

* CI.restart()

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
pull/12894/head
6543 2020-09-18 18:56:16 +02:00 committed by GitHub
parent 65aef7b35f
commit a98bf03204
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 4 deletions

View File

@ -43,7 +43,7 @@ func TestAPIPullReview(t *testing.T) {
assert.EqualValues(t, 10, reviews[5].ID)
assert.EqualValues(t, "REQUEST_CHANGES", reviews[5].State)
assert.EqualValues(t, 1, reviews[5].CodeCommentsCount)
assert.EqualValues(t, 0, reviews[5].Reviewer.ID) // ghost user
assert.EqualValues(t, -1, reviews[5].Reviewer.ID) // ghost user
assert.EqualValues(t, false, reviews[5].Stale)
assert.EqualValues(t, true, reviews[5].Official)

View File

@ -5,9 +5,12 @@
package integrations
import (
"fmt"
"net/http"
"testing"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/setting"
api "code.gitea.io/gitea/modules/structs"
"github.com/stretchr/testify/assert"
@ -45,8 +48,14 @@ func TestAPIUserSearchNotLoggedIn(t *testing.T) {
var results SearchResults
DecodeJSON(t, resp, &results)
assert.NotEmpty(t, results.Data)
var modelUser *models.User
for _, user := range results.Data {
assert.Contains(t, user.UserName, query)
assert.Empty(t, user.Email)
modelUser = models.AssertExistsAndLoadBean(t, &models.User{ID: user.ID}).(*models.User)
if modelUser.KeepEmailPrivate {
assert.EqualValues(t, fmt.Sprintf("%s@%s", modelUser.LowerName, setting.Service.NoReplyAddress), user.Email)
} else {
assert.EqualValues(t, modelUser.Email, user.Email)
}
}
}

View File

@ -1,4 +1,5 @@
// Copyright 2015 The Gogs Authors. All rights reserved.
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
@ -335,9 +336,11 @@ func ToTeam(team *models.Team) *api.Team {
// signed shall only be set if requester is logged in. authed shall only be set if user is site admin or user himself
func ToUser(user *models.User, signed, authed bool) *api.User {
result := &api.User{
ID: user.ID,
UserName: user.Name,
AvatarURL: user.AvatarLink(),
FullName: markup.Sanitize(user.FullName),
Email: user.GetEmail(),
AvatarURL: user.AvatarLink(),
Created: user.CreatedUnix.AsTime(),
}
// hide primary email if API caller is anonymous or user keep email private
@ -346,7 +349,6 @@ func ToUser(user *models.User, signed, authed bool) *api.User {
}
// only site admin will get these information and possibly user himself
if authed {
result.ID = user.ID
result.IsAdmin = user.IsAdmin
result.LastLogin = user.LastLoginUnix.AsTime()
result.Language = user.Language