Skip to content

Fix user visible check #21210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Sep 20, 2022
Merged

Fix user visible check #21210

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
d216367
Fix visible check
KN4CK3R Sep 19, 2022
e32a20c
Merge branch 'main' into patch-2
6543 Sep 19, 2022
218f7d9
Add tests.
KN4CK3R Sep 19, 2022
fd9fa93
Fix consistency.
KN4CK3R Sep 19, 2022
c7174c6
Fix test.
KN4CK3R Sep 19, 2022
73ede98
Merge branch 'main' into patch-2
6543 Sep 19, 2022
69bd714
Merge branch 'main' into patch-2
lunny Sep 20, 2022
5109170
Fix access fixtures.
KN4CK3R Sep 20, 2022
7bc81b4
newline
KN4CK3R Sep 20, 2022
a0041b6
And another newline
KN4CK3R Sep 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions models/fixtures/follow.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,8 @@
id: 3
user_id: 2
follow_id: 8

-
id: 4
user_id: 31
follow_id: 33
6 changes: 6 additions & 0 deletions models/fixtures/team_user.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,3 +87,9 @@
org_id: 17
team_id: 9
uid: 29

-
id: 16
org_id: 19
team_id: 6
uid: 31
18 changes: 18 additions & 0 deletions models/fixtures/user.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -590,3 +590,21 @@
avatar_email: [email protected]
num_repos: 0
is_active: true

-
id: 33
lower_name: user33
name: user33
login_name: user33
full_name: User 33 (Limited Visibility)
email: [email protected]
passwd_hash_algo: argon2
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
type: 0 # individual
salt: ZogKvWdyEx
is_admin: false
visibility: 1
avatar: avatar33
avatar_email: [email protected]
num_repos: 0
is_active: true
4 changes: 2 additions & 2 deletions models/user/user.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1267,7 +1267,7 @@ func isUserVisibleToViewerCond(viewer *User) builder.Cond {

// IsUserVisibleToViewer check if viewer is able to see user profile
func IsUserVisibleToViewer(ctx context.Context, u, viewer *User) bool {
if viewer != nil && viewer.IsAdmin {
if viewer != nil && (viewer.IsAdmin || viewer.ID == u.ID) {
return true
}

Expand Down Expand Up @@ -1306,7 +1306,7 @@ func IsUserVisibleToViewer(ctx context.Context, u, viewer *User) bool {
return false
}

if count < 0 {
if count == 0 {
// No common organization
return false
}
Expand Down
53 changes: 53 additions & 0 deletions models/user/user_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -400,3 +400,56 @@ func TestUnfollowUser(t *testing.T) {

unittest.CheckConsistencyFor(t, &user_model.User{})
}

func TestIsUserVisibleToViewer(t *testing.T) {
assert.NoError(t, unittest.PrepareTestDatabase())

user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) // admin, public
user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}) // normal, public
user20 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}) // public, same team as user31
user29 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 29}) // public, is restricted
user31 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 31}) // private, same team as user20
user33 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 33}) // limited, follows 31

test := func(u, viewer *user_model.User, expected bool) {
name := func(u *user_model.User) string {
if u == nil {
return "<nil>"
}
return u.Name
}
assert.Equal(t, expected, user_model.IsUserVisibleToViewer(db.DefaultContext, u, viewer), "user %v should be visible to viewer %v: %v", name(u), name(viewer), expected)
}

// admin viewer
test(user1, user1, true)
test(user20, user1, true)
test(user31, user1, true)
test(user33, user1, true)

// non admin viewer
test(user4, user4, true)
test(user20, user4, true)
test(user31, user4, false)
test(user33, user4, true)
test(user4, nil, true)

// public user
test(user4, user20, true)
test(user4, user31, true)
test(user4, user33, true)

// limited user
test(user33, user33, true)
test(user33, user4, true)
test(user33, user29, false)
test(user33, nil, false)

// private user
test(user31, user31, true)
test(user31, user4, false)
test(user31, user20, true)
test(user31, user29, false)
test(user31, user33, true)
test(user31, nil, false)
}