Browse Source

Fix panic when view profile without signin

Also fix that no matter who, still able to see organizations with private membership.
pull/2672/head
Unknwon 9 years ago
parent
commit
aa12135b97
  1. 20
      models/org.go
  2. 2
      routers/user/profile.go

20
models/org.go

@ -254,27 +254,25 @@ func IsPublicMembership(orgId, uid int64) bool {
return has
}
func getOrgsByUserID(sess *xorm.Session, userID int64) ([]*User, error) {
func getOrgsByUserID(sess *xorm.Session, userID int64, showAll bool) ([]*User, error) {
orgs := make([]*User, 0, 10)
return orgs, sess.Where("`org_user`.uid=?", userID).
if !showAll {
sess.And("`org_user`.is_public=?", true)
}
return orgs, sess.And("`org_user`.uid=?", userID).
Join("INNER", "`org_user`", "`org_user`.org_id=`user`.id").Find(&orgs)
}
// GetOrgsByUserID returns a list of organizations that the given user ID
// has joined.
func GetOrgsByUserID(userID int64) ([]*User, error) {
sess := x.NewSession()
return getOrgsByUserID(sess, userID)
func GetOrgsByUserID(userID int64, showAll bool) ([]*User, error) {
return getOrgsByUserID(x.NewSession(), userID, showAll)
}
// GetOrgsByUserIDDesc returns a list of organizations that the given user ID
// has joined, ordered descending by the given condition.
func GetOrgsByUserIDDesc(userID int64, desc string, all bool) ([]*User, error) {
sess := x.NewSession()
if !all {
sess.And("`org_user`.is_public=?", true)
}
return getOrgsByUserID(sess.Desc(desc), userID)
func GetOrgsByUserIDDesc(userID int64, desc string, showAll bool) ([]*User, error) {
return getOrgsByUserID(x.NewSession().Desc(desc), userID, showAll)
}
func getOwnedOrgsByUserID(sess *xorm.Session, userID int64) ([]*User, error) {

2
routers/user/profile.go

@ -75,7 +75,7 @@ func Profile(ctx *middleware.Context) {
ctx.Data["PageIsUserProfile"] = true
ctx.Data["Owner"] = u
orgs, err := models.GetOrgsByUserIDDesc(u.Id, "updated", ctx.User.IsAdmin || ctx.User.Id == u.Id)
orgs, err := models.GetOrgsByUserID(u.Id, ctx.IsSigned && (ctx.User.IsAdmin || ctx.User.Id == u.Id))
if err != nil {
ctx.Handle(500, "GetOrgsByUserIDDesc", err)
return

Loading…
Cancel
Save