cerc-io/gitea
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix limited user cannot view himself's profile (#21212)

Browse Source 
backport #21210, fix #21206

If user and viewer are equal the method should return true.
Also the common organization check was wrong as count can never be less then 0.

Tests are on main branch.
This commit is contained in:
Lunny Xiao 2022-09-20 16:00:46 +08:00 committed by GitHub
parent a28677273b
commit f663773200
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
models/user/user.go
View File

@ -1265,7 +1265,7 @@ func isUserVisibleToViewerCond(viewer *User) builder.Cond {
// IsUserVisibleToViewer check if viewer is able to see user profile
func IsUserVisibleToViewer(ctx context.Context, u, viewer *User) bool {
if viewer != nil && viewer.IsAdmin {
if viewer != nil && (viewer.IsAdmin || viewer.ID == u.ID) {
return true
}
@ -1304,7 +1304,7 @@ func IsUserVisibleToViewer(ctx context.Context, u, viewer *User) bool {
return false
}
if count < 0 {
if count == 0 {
// No common organization
return false
}