Ensure that feeds are appropriately restricted (#10018)
* Always limit results by what is accessible to the user * Change signature of AccessibleRepoIDsQuery * Ensure that user with ID <= 0 is handled * Update models/repo_list.go
This commit is contained in:
@ -312,8 +312,8 @@ func GetFeeds(opts GetFeedsOptions) ([]*Action, error) {
|
||||
}
|
||||
|
||||
cond = cond.And(builder.In("repo_id", repoIDs))
|
||||
} else if opts.Actor != nil {
|
||||
cond = cond.And(builder.In("repo_id", opts.Actor.AccessibleRepoIDsQuery()))
|
||||
} else {
|
||||
cond = cond.And(builder.In("repo_id", AccessibleRepoIDsQuery(opts.Actor)))
|
||||
}
|
||||
|
||||
cond = cond.And(builder.Eq{"user_id": opts.RequestedUser.ID})
|
||||
|
Reference in New Issue
Block a user