1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-21 12:44:49 -05:00

Fix panic when view profile without signin

Also fix that no matter who, still able to see organizations with private membership.
This commit is contained in:
Unknwon 2016-02-19 18:10:03 -05:00
parent f38d5e57dd
commit aa12135b97
2 changed files with 10 additions and 12 deletions

View file

@ -254,27 +254,25 @@ func IsPublicMembership(orgId, uid int64) bool {
return has
}
func getOrgsByUserID(sess *xorm.Session, userID int64) ([]*User, error) {
func getOrgsByUserID(sess *xorm.Session, userID int64, showAll bool) ([]*User, error) {
orgs := make([]*User, 0, 10)
return orgs, sess.Where("`org_user`.uid=?", userID).
if !showAll {
sess.And("`org_user`.is_public=?", true)
}
return orgs, sess.And("`org_user`.uid=?", userID).
Join("INNER", "`org_user`", "`org_user`.org_id=`user`.id").Find(&orgs)
}
// GetOrgsByUserID returns a list of organizations that the given user ID
// has joined.
func GetOrgsByUserID(userID int64) ([]*User, error) {
sess := x.NewSession()
return getOrgsByUserID(sess, userID)
func GetOrgsByUserID(userID int64, showAll bool) ([]*User, error) {
return getOrgsByUserID(x.NewSession(), userID, showAll)
}
// GetOrgsByUserIDDesc returns a list of organizations that the given user ID
// has joined, ordered descending by the given condition.
func GetOrgsByUserIDDesc(userID int64, desc string, all bool) ([]*User, error) {
sess := x.NewSession()
if !all {
sess.And("`org_user`.is_public=?", true)
}
return getOrgsByUserID(sess.Desc(desc), userID)
func GetOrgsByUserIDDesc(userID int64, desc string, showAll bool) ([]*User, error) {
return getOrgsByUserID(x.NewSession().Desc(desc), userID, showAll)
}
func getOwnedOrgsByUserID(sess *xorm.Session, userID int64) ([]*User, error) {

View file

@ -75,7 +75,7 @@ func Profile(ctx *middleware.Context) {
ctx.Data["PageIsUserProfile"] = true
ctx.Data["Owner"] = u
orgs, err := models.GetOrgsByUserIDDesc(u.Id, "updated", ctx.User.IsAdmin || ctx.User.Id == u.Id)
orgs, err := models.GetOrgsByUserID(u.Id, ctx.IsSigned && (ctx.User.IsAdmin || ctx.User.Id == u.Id))
if err != nil {
ctx.Handle(500, "GetOrgsByUserIDDesc", err)
return