@@ -444,13 +444,19 @@ func queryOrgMembershipVisibleOrgIDs(actor *User) *builder.Builder {
444444
445445func (opts FindOrgOptions ) toConds () builder.Cond {
446446 var cond = builder .NewCond ()
447- cond = cond .And (builder .In ("`user`.`id`" , queryOrgMembershipVisibleOrgIDs (opts .Actor )))
447+
448+ // filter by user id
448449 if opts .UserID > 0 {
449450 cond = cond .And (builder .In ("`user`.`id`" ,
450451 builder .Select ("org_user.org_id" ).
451452 From ("org_user" ).
452453 Where (builder.Eq {"org_user.uid" : opts .UserID })))
453454 }
455+
456+ // make sure user set membership visible
457+ cond = cond .And (builder .In ("`user`.`id`" , queryOrgMembershipVisibleOrgIDs (opts .Actor )))
458+
459+ // return only org's actor is allowed to see
454460 if opts .Actor != nil {
455461 if ! opts .Actor .IsAdmin {
456462 cond = cond .And (builder .In ("`user`.visibility" , structs .VisibleTypePublic , structs .VisibleTypeLimited )).Or (builder .In ("`user`.`id`" ,
@@ -461,6 +467,7 @@ func (opts FindOrgOptions) toConds() builder.Cond {
461467 } else {
462468 cond = cond .And (builder.Eq {"`user`.visibility" : structs .VisibleTypePublic })
463469 }
470+
464471 return cond
465472}
466473
@@ -478,9 +485,7 @@ func FindOrgs(opts FindOrgOptions) ([]*User, error) {
478485
479486// CountOrgs returns total count organizations according options
480487func CountOrgs (opts FindOrgOptions ) (int64 , error ) {
481- return x .Join ("INNER" , "`org_user`" , "`org_user`.org_id=`user`.id" ).
482- Where (opts .toConds ()).
483- Count (new (User ))
488+ return x .Where (opts .toConds ()).Count (new (User ))
484489}
485490
486491func getOwnedOrgsByUserID (sess * xorm.Session , userID int64 ) ([]* User , error ) {
0 commit comments