Only use supported sort order for "explore/users" page (#29430)

Thanks to inferenceus : some sort orders on the "explore/users" page could list users by their lastlogintime/updatetime. It leaks user's activity unintentionally. This PR makes that page only use "supported" sort orders. Removing the "sort orders" could also be a good solution, while IMO at the moment keeping the "create time" and "name" orders is also fine, in case some users would like to find a target user in the search result, the "sort order" might help. ![image](ce5c39c1-1e86-484a-80c3-33cac6419af8) (cherry picked from commit eedb8f41297c343d6073a7bab46e4df6ee297a90)
2024-02-27 17:10:51 +08:00 · 2024-02-27 17:10:51 +08:00 · 459ee98136
commit 459ee98136
parent 997350a68d
5 changed files with 79 additions and 6 deletions
--- a/models/user/search.go
+++ b/models/user/search.go
@ -9,6 +9,7 @@ import (
 	"strings"

 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"

@ -30,6 +31,8 @@ type SearchUserOptions struct {
 	Actor         *User // The user doing the search
 	SearchByEmail bool  // Search by email as well as username/full name

+	SupportedSortOrders container.Set[string] // if not nil, only allow to use the sort orders in this set
+
 	IsActive           util.OptionalBool
 	IsAdmin            util.OptionalBool
 	IsRestricted       util.OptionalBool