HotFix: Hide private partisipation in Orgs (#13994) (#14031)

* HotFix: Hide private partisipation in Orgs

Co-authored-by: zeripath <art27@cantab.net>
pull/14047/head
6543 2020-12-17 21:32:24 +00:00 committed by GitHub
parent b8a2cd9f40
commit df11075389
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 40 additions and 11 deletions

View File

@ -551,6 +551,7 @@ func (u *User) GetOwnedOrganizations() (err error) {
} }
// GetOrganizations returns paginated organizations that user belongs to. // GetOrganizations returns paginated organizations that user belongs to.
// TODO: does not respect All and show orgs you privately participate
func (u *User) GetOrganizations(opts *SearchOrganizationsOptions) error { func (u *User) GetOrganizations(opts *SearchOrganizationsOptions) error {
sess := x.NewSession() sess := x.NewSession()
defer sess.Close() defer sess.Close()

View File

@ -17,19 +17,28 @@ import (
"code.gitea.io/gitea/routers/api/v1/utils" "code.gitea.io/gitea/routers/api/v1/utils"
) )
func listUserOrgs(ctx *context.APIContext, u *models.User, all bool) { func listUserOrgs(ctx *context.APIContext, u *models.User) {
if err := u.GetOrganizations(&models.SearchOrganizationsOptions{
ListOptions: utils.GetListOptions(ctx), listOptions := utils.GetListOptions(ctx)
All: all, showPrivate := ctx.IsSigned && (ctx.User.IsAdmin || ctx.User.ID == u.ID)
}); err != nil {
ctx.Error(http.StatusInternalServerError, "GetOrganizations", err) orgs, err := models.GetOrgsByUserID(u.ID, showPrivate)
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetOrgsByUserID", err)
return return
} }
maxResults := len(orgs)
apiOrgs := make([]*api.Organization, len(u.Orgs)) orgs = utils.PaginateUserSlice(orgs, listOptions.Page, listOptions.PageSize)
for i := range u.Orgs {
apiOrgs[i] = convert.ToOrganization(u.Orgs[i]) apiOrgs := make([]*api.Organization, len(orgs))
for i := range orgs {
apiOrgs[i] = convert.ToOrganization(orgs[i])
} }
ctx.SetLinkHeader(int(maxResults), listOptions.PageSize)
ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", maxResults))
ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
ctx.JSON(http.StatusOK, &apiOrgs) ctx.JSON(http.StatusOK, &apiOrgs)
} }
@ -53,7 +62,7 @@ func ListMyOrgs(ctx *context.APIContext) {
// "200": // "200":
// "$ref": "#/responses/OrganizationList" // "$ref": "#/responses/OrganizationList"
listUserOrgs(ctx, ctx.User, true) listUserOrgs(ctx, ctx.User)
} }
// ListUserOrgs list user's orgs // ListUserOrgs list user's orgs
@ -85,7 +94,7 @@ func ListUserOrgs(ctx *context.APIContext) {
if ctx.Written() { if ctx.Written() {
return return
} }
listUserOrgs(ctx, u, ctx.User != nil && (ctx.User.IsAdmin || ctx.User.ID == u.ID)) listUserOrgs(ctx, u)
} }
// GetAll return list of all public organizations // GetAll return list of all public organizations

View File

@ -66,3 +66,22 @@ func GetListOptions(ctx *context.APIContext) models.ListOptions {
PageSize: convert.ToCorrectPageSize(ctx.QueryInt("limit")), PageSize: convert.ToCorrectPageSize(ctx.QueryInt("limit")),
} }
} }
// PaginateUserSlice cut a slice of Users as per pagination options
// TODO: make it generic
func PaginateUserSlice(items []*models.User, page, pageSize int) []*models.User {
if page != 0 {
page--
}
if page*pageSize >= len(items) {
return items[len(items):]
}
items = items[page*pageSize:]
if len(items) > pageSize {
return items[:pageSize]
}
return items
}