Skip to content

Commit

Permalink
Hide limited users if viewed by anonymous ghost (#25214) (#25220)
Browse files Browse the repository at this point in the history 
Backport #25214 by @KN4CK3R

The ghost user leads to inclusion of limited users/orgs in
`BuildCanSeeUserCondition`.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
  • Loading branch information
@GiteaBot @KN4CK3R
GiteaBot and KN4CK3R authored Jun 13, 2023
1 parent 3e9fc36 commit f64f549
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions models/packages/container/search.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,6 +262,10 @@ func GetRepositories(ctx context.Context, actor *user_model.User, n int, last st
cond = cond.And(builder.Gt{"package_property.value": strings.ToLower(last)})
}

if actor.IsGhost() {
actor = nil
}

cond = cond.And(user_model.BuildCanSeeUserCondition(actor))

sess := db.GetEngine(ctx).
Expand Down

0 comments on commit f64f549

Please sign in to comment.