mirror of
https://github.com/go-gitea/gitea.git
synced 2025-01-04 09:17:43 +03:00
Merge eb387ef1f0
into d45456b1b5
This commit is contained in:
commit
375bcb2818
@ -170,6 +170,11 @@ func BuildCanSeeUserCondition(actor *User) builder.Cond {
|
||||
if !actor.IsRestricted {
|
||||
// Not-Restricted users can see public and limited users/organizations
|
||||
cond = cond.Or(builder.In("`user`.visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))
|
||||
// or private users who do follow them
|
||||
cond = cond.Or(builder.Eq{
|
||||
"`user`.visibility": structs.VisibleTypePrivate,
|
||||
"`user`.id": builder.Select("follow.user_id").From("follow").Where(builder.Eq{"follow.follow_id": actor.ID}),
|
||||
})
|
||||
}
|
||||
// Don't forget about self
|
||||
return cond.Or(builder.Eq{"`user`.id": actor.ID})
|
||||
|
72
models/user/search_test.go
Normal file
72
models/user/search_test.go
Normal file
@ -0,0 +1,72 @@
|
||||
// Copyright 2021 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package user_test
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
"code.gitea.io/gitea/models/user"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"xorm.io/builder"
|
||||
)
|
||||
|
||||
func TestBuildCanSeeUserCondition(t *testing.T) {
|
||||
assert.NoError(t, unittest.PrepareTestDatabase())
|
||||
|
||||
getIDs := func(cond builder.Cond) (ids []int64) {
|
||||
db.GetEngine(db.DefaultContext).Select("id").Table(`user`).
|
||||
Where(builder.Eq{"is_active": true}.And(cond)).Asc("id").Find(&ids)
|
||||
return ids
|
||||
}
|
||||
|
||||
getUser := func(t *testing.T, id int64) *user.User {
|
||||
user, err := user.GetUserByID(db.DefaultContext, id)
|
||||
assert.NoError(t, err)
|
||||
if !assert.NotNil(t, user) {
|
||||
t.FailNow()
|
||||
}
|
||||
return user
|
||||
}
|
||||
|
||||
// no login
|
||||
cond := user.BuildCanSeeUserCondition(nil)
|
||||
assert.NotNil(t, cond)
|
||||
ids := getIDs(cond)
|
||||
assert.Len(t, ids, 24)
|
||||
assert.EqualValues(t, []int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 24, 27, 28, 29, 30, 32, 34}, ids)
|
||||
|
||||
// normal user
|
||||
cond = user.BuildCanSeeUserCondition(getUser(t, 5))
|
||||
ids = getIDs(cond)
|
||||
assert.Len(t, ids, 28)
|
||||
assert.EqualValues(t, []int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 27, 28, 29, 30, 32, 33, 34, 36}, ids)
|
||||
|
||||
// admin
|
||||
cond = user.BuildCanSeeUserCondition(getUser(t, 1))
|
||||
assert.Nil(t, cond)
|
||||
ids = getIDs(cond)
|
||||
assert.Len(t, ids, 30)
|
||||
assert.EqualValues(t, []int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36}, ids)
|
||||
|
||||
// private user
|
||||
cond = user.BuildCanSeeUserCondition(getUser(t, 31))
|
||||
ids = getIDs(cond)
|
||||
assert.Len(t, ids, 28)
|
||||
assert.EqualValues(t, []int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 27, 28, 29, 30, 31, 32, 33, 34, 36}, ids)
|
||||
|
||||
// limited user who is followed by private user
|
||||
cond = user.BuildCanSeeUserCondition(getUser(t, 33))
|
||||
ids = getIDs(cond)
|
||||
assert.Len(t, ids, 28)
|
||||
assert.EqualValues(t, []int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 27, 28, 29, 30, 31, 32, 33, 34, 36}, ids)
|
||||
|
||||
// restricted user
|
||||
cond = user.BuildCanSeeUserCondition(getUser(t, 29))
|
||||
ids = getIDs(cond)
|
||||
assert.Len(t, ids, 2)
|
||||
assert.EqualValues(t, []int64{17, 29}, ids)
|
||||
}
|
Loading…
Reference in New Issue
Block a user