finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Only show Followers that current user can access (#20220)

Browse source 
Users who are following or being followed by a user should only be
displayed if the viewing user can see them.

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2022-07-05 16:47:45 +01:00 committed by GitHub
parent ed13d7aadf
commit 45f17528a8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 58 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

8
routers/api/v1/user/follower.go
View file

@ -24,13 +24,13 @@ func responseAPIUsers(ctx *context.APIContext, users []*user_model.User) {
}
func listUserFollowers(ctx *context.APIContext, u *user_model.User) {
users, err := user_model.GetUserFollowers(u, utils.GetListOptions(ctx))
users, count, err := user_model.GetUserFollowers(ctx, u, ctx.Doer, utils.GetListOptions(ctx))
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserFollowers", err)
return
}
ctx.SetTotalCountHeader(int64(u.NumFollowers))
ctx.SetTotalCountHeader(count)
responseAPIUsers(ctx, users)
}
@ -86,13 +86,13 @@ func ListFollowers(ctx *context.APIContext) {
}
func listUserFollowing(ctx *context.APIContext, u *user_model.User) {
users, err := user_model.GetUserFollowing(u, utils.GetListOptions(ctx))
users, count, err := user_model.GetUserFollowing(ctx, u, ctx.Doer, utils.GetListOptions(ctx))
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserFollowing", err)
return
}
ctx.SetTotalCountHeader(int64(u.NumFollowing))
ctx.SetTotalCountHeader(count)
responseAPIUsers(ctx, users)
}

8
routers/web/user/profile.go
View file

@ -157,7 +157,7 @@ func Profile(ctx *context.Context) {
switch tab {
case "followers":
items, err := user_model.GetUserFollowers(ctx.ContextUser, db.ListOptions{
items, count, err := user_model.GetUserFollowers(ctx, ctx.ContextUser, ctx.Doer, db.ListOptions{
PageSize: setting.UI.User.RepoPagingNum,
Page: page,
})
@ -167,9 +167,9 @@ func Profile(ctx *context.Context) {
}
ctx.Data["Cards"] = items
total = ctx.ContextUser.NumFollowers
total = int(count)
case "following":
items, err := user_model.GetUserFollowing(ctx.ContextUser, db.ListOptions{
items, count, err := user_model.GetUserFollowing(ctx, ctx.ContextUser, ctx.Doer, db.ListOptions{
PageSize: setting.UI.User.RepoPagingNum,
Page: page,
})
@ -179,7 +179,7 @@ func Profile(ctx *context.Context) {
}
ctx.Data["Cards"] = items
total = ctx.ContextUser.NumFollowing
total = int(count)
case "activity":
ctx.Data["Feeds"], err = models.GetFeeds(ctx, models.GetFeedsOptions{
RequestedUser: ctx.ContextUser,