From 57c7a263f14246ce03455e1c43444d083f8620ba Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Sat, 16 May 2020 23:40:32 +0100 Subject: [PATCH 1/2] Allow all members of private orgs to see public repos Fix #10144 Signed-off-by: Andrew Thornton --- models/repo_list.go | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/models/repo_list.go b/models/repo_list.go index a676ae5c46c48..860861846f3df 100644 --- a/models/repo_list.go +++ b/models/repo_list.go @@ -401,21 +401,26 @@ func accessibleRepositoryCondition(user *User) builder.Cond { } if user != nil { - // 2. Be able to see all repositories that we have access to - cond = cond.Or(builder.Or( + cond = cond.Or( + // 2. Be able to see all repositories that we have access to builder.In("`repository`.id", builder.Select("repo_id"). From("`access`"). Where(builder.And( builder.Eq{"user_id": user.ID}, builder.Gt{"mode": int(AccessModeNone)}))), - builder.In("`repository`.id", builder.Select("id"). - From("`repository`"). - Where(builder.Eq{"owner_id": user.ID})))) - // 3. Be able to see all repositories that we are in a team - cond = cond.Or(builder.In("`repository`.id", builder.Select("`team_repo`.repo_id"). - From("team_repo"). - Where(builder.Eq{"`team_user`.uid": user.ID}). - Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id"))) + // 3. Repositories that we directly own + builder.Eq{"`repository`.owner_id": user.ID}, + // 4. Be able to see all repositories that we are in a team + builder.In("`repository`.id", builder.Select("`team_repo`.repo_id"). + From("team_repo"). + Where(builder.Eq{"`team_user`.uid": user.ID}). + Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id")), + // 5. Be able to see all public repos in public repos of organizations that we are an org_user of + builder.And(builder.Eq{"`repository`.is_private": false}, + builder.In("`repository`.owner_id", + builder.Select("`org_user`.org_id"). + From("org_user"). + Where(builder.Eq{"`org_user`.uid": user.ID})))) } return cond From 24aeeb804347a25023ed1ce312daf81fd9b0080f Mon Sep 17 00:00:00 2001 From: Lauris BH Date: Sun, 17 May 2020 10:27:15 +0300 Subject: [PATCH 2/2] Update models/repo_list.go --- models/repo_list.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/repo_list.go b/models/repo_list.go index 860861846f3df..316e6d084c8f4 100644 --- a/models/repo_list.go +++ b/models/repo_list.go @@ -415,7 +415,7 @@ func accessibleRepositoryCondition(user *User) builder.Cond { From("team_repo"). Where(builder.Eq{"`team_user`.uid": user.ID}). Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id")), - // 5. Be able to see all public repos in public repos of organizations that we are an org_user of + // 5. Be able to see all public repos in private organizations that we are an org_user of builder.And(builder.Eq{"`repository`.is_private": false}, builder.In("`repository`.owner_id", builder.Select("`org_user`.org_id").