TudbuT/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Hide limited users if viewed by anonymous ghost (#25214) (#25224)

Browse source 
Backport #25214 by @KN4CK3R

The ghost user leads to inclusion of limited users/orgs in
`BuildCanSeeUserCondition`.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
This commit is contained in:
Giteabot 2023-06-13 03:26:47 -04:00 committed by GitHub
parent de6ac4bf2a
commit a9ebf911fa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
models/packages/container/search.go
View file

@ -271,6 +271,10 @@ func GetRepositories(ctx context.Context, actor *user_model.User, n int, last st
cond = cond.And(builder.Gt{"package_property.value": strings.ToLower(last)}) cond = cond.And(builder.Gt{"package_property.value": strings.ToLower(last)})
} }
if actor.IsGhost() {
actor = nil
}
cond = cond.And(user_model.BuildCanSeeUserCondition(actor)) cond = cond.And(user_model.BuildCanSeeUserCondition(actor))
sess := db.GetEngine(ctx). sess := db.GetEngine(ctx).