Skip to content

Commit f563bdf

Browse files
wxiaoguangwxiaoguang
committed
fix
1 parent 322cb04 commit f563bdf

File tree

3 files changed

+27
-10
lines changed

3 files changed

+27
-10
lines changed

models/organization/org.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -429,6 +429,10 @@ func HasOrgOrUserVisible(ctx context.Context, orgOrUser, user *user_model.User)
429429
return true
430430
}
431431

432+
if orgOrUser.Visibility == structs.VisibleTypePublic {
433+
return true
434+
}
435+
432436
if (orgOrUser.Visibility == structs.VisibleTypePrivate || user.IsRestricted) && !OrgFromUser(orgOrUser).hasMemberWithUserID(ctx, user.ID) {
433437
return false
434438
}

models/perm/access/access.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ import (
1313
"code.gitea.io/gitea/models/perm"
1414
repo_model "code.gitea.io/gitea/models/repo"
1515
user_model "code.gitea.io/gitea/models/user"
16+
"code.gitea.io/gitea/modules/structs"
1617

1718
"xorm.io/builder"
1819
)
@@ -41,7 +42,12 @@ func accessLevel(ctx context.Context, user *user_model.User, repo *repo_model.Re
4142
restricted = user.IsRestricted
4243
}
4344

44-
if !restricted && !repo.IsPrivate {
45+
if err := repo.LoadOwner(ctx); err != nil {
46+
return mode, err
47+
}
48+
49+
repoIsFullyPublic := repo.Owner.Visibility == structs.VisibleTypePublic && !repo.IsPrivate
50+
if (restricted && repoIsFullyPublic) || (!restricted && !repo.IsPrivate) {
4551
mode = perm.AccessModeRead
4652
}
4753

models/repo/repo_list.go

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -642,6 +642,17 @@ func SearchRepositoryIDsByCondition(ctx context.Context, cond builder.Cond) ([]i
642642
Find(&repoIDs)
643643
}
644644

645+
func userAllPublicRepoCond(cond builder.Cond, orgVisibilityLimit []structs.VisibleType) builder.Cond {
646+
return cond.Or(builder.And(
647+
builder.Eq{"`repository`.is_private": false},
648+
// Aren't in a private organisation or limited organisation if we're not logged in
649+
builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(
650+
builder.And(
651+
builder.Eq{"type": user_model.UserTypeOrganization},
652+
builder.In("visibility", orgVisibilityLimit)),
653+
))))
654+
}
655+
645656
// AccessibleRepositoryCondition takes a user a returns a condition for checking if a repository is accessible
646657
func AccessibleRepositoryCondition(user *user_model.User, unitType unit.Type) builder.Cond {
647658
cond := builder.NewCond()
@@ -651,15 +662,8 @@ func AccessibleRepositoryCondition(user *user_model.User, unitType unit.Type) bu
651662
if user == nil || user.ID <= 0 {
652663
orgVisibilityLimit = append(orgVisibilityLimit, structs.VisibleTypeLimited)
653664
}
654-
// 1. Be able to see all non-private repositories that either:
655-
cond = cond.Or(builder.And(
656-
builder.Eq{"`repository`.is_private": false},
657-
// 2. Aren't in an private organisation or limited organisation if we're not logged in
658-
builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(
659-
builder.And(
660-
builder.Eq{"type": user_model.UserTypeOrganization},
661-
builder.In("visibility", orgVisibilityLimit)),
662-
))))
665+
// 1. Be able to see all non-private repositories
666+
cond = userAllPublicRepoCond(cond, orgVisibilityLimit)
663667
}
664668

665669
if user != nil {
@@ -683,6 +687,9 @@ func AccessibleRepositoryCondition(user *user_model.User, unitType unit.Type) bu
683687
if !user.IsRestricted {
684688
// 5. Be able to see all public repos in private organizations that we are an org_user of
685689
cond = cond.Or(userOrgPublicRepoCond(user.ID))
690+
} else {
691+
orgVisibilityLimit := []structs.VisibleType{structs.VisibleTypePrivate, structs.VisibleTypeLimited}
692+
cond = userAllPublicRepoCond(cond, orgVisibilityLimit)
686693
}
687694
}
688695

0 commit comments

Comments
 (0)