Allow all members of private orgs to see public repos (#11442) (#11459)

* Allow all members of private orgs to see public repos (#11442)

Backport (#11442)

Allow all members of private orgs to see public repos

Fix #10144

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update models/repo_list.go

* Oops missed the repos we own!

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2020-05-17 23:53:09 +01:00 committed by GitHub
parent 2cb3db2d20
commit 42a46cff35
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -340,41 +340,39 @@ func SearchRepositoryByCondition(opts *SearchRepoOptions, cond builder.Cond) (Re
// accessibleRepositoryCondition takes a user a returns a condition for checking if a repository is accessible
func accessibleRepositoryCondition(userID int64) builder.Cond {
if userID <= 0 {
// Public repositories that are not in private or limited organizations
return builder.And(
builder.Eq{"`repository`.is_private": false},
builder.Or(
// A. Aren't in organisations __OR__
builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization})),
// B. Is a public organisation.
builder.In("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"visibility": structs.VisibleTypePublic}))),
)
builder.NotIn("`repository`.owner_id",
builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization}).And(builder.Neq{"visibility": structs.VisibleTypePublic})))
}
return builder.Or(
// 1. Be able to see all non-private repositories that either:
// 1. All public repositories that are not in private organizations
builder.And(
builder.Eq{"`repository`.is_private": false},
builder.Or(
// A. Aren't in organisations __OR__
builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization})),
// B. Isn't a private organisation. (Limited is OK because we're logged in)
builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"visibility": structs.VisibleTypePrivate}))),
),
// 2. Be able to see all repositories that we have access to
builder.Or(
builder.In("`repository`.id", builder.Select("repo_id").
From("`access`").
Where(builder.And(
builder.Eq{"user_id": userID},
builder.Gt{"mode": int(AccessModeNone)}))),
builder.In("`repository`.id", builder.Select("id").
From("`repository`").
Where(builder.Eq{"owner_id": userID}))),
// 3. Be able to see all repositories that we are in a team
builder.NotIn("`repository`.owner_id",
builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization}).And(builder.Eq{"visibility": structs.VisibleTypePrivate}))),
// 2. Be able to see all repositories that we own
builder.Eq{"`repository`.owner_id": userID},
// 3. Be able to see all repositories that we have access to
builder.In("`repository`.id", builder.Select("repo_id").
From("`access`").
Where(builder.And(
builder.Eq{"user_id": userID},
builder.Gt{"mode": int(AccessModeNone)}))),
// 4. Be able to see all repositories that we are in a team
builder.In("`repository`.id", builder.Select("`team_repo`.repo_id").
From("team_repo").
Where(builder.Eq{"`team_user`.uid": userID}).
Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id")))
Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id")),
// 5. Be able to see all public repos in private organizations that we are an org_user of
builder.And(builder.Eq{"`repository`.is_private": false},
builder.In("`repository`.owner_id",
builder.Select("`org_user`.org_id").
From("org_user").
Where(builder.Eq{"`org_user`.uid": userID}))),
)
}
// SearchRepositoryByName takes keyword and part of repository name to search,