Restricted users only see repos in orgs which their team was assigned to (#28025)

6543 · web-flow · commit 5ab3782f111d · 2023-11-14T15:23:04.000+01:00
---
*Sponsored by Kithara Software GmbH*
diff --git a/models/repo/repo_list.go b/models/repo/repo_list.go
@@ -652,12 +652,12 @@ func AccessibleRepositoryCondition(user *user_model.User, unitType unit.Type) bu
 				userOrgTeamUnitRepoCond("`repository`.id", user.ID, unitType),
 			)
 		}
-		cond = cond.Or(
-			// 4. Repositories that we directly own
-			builder.Eq{"`repository`.owner_id": user.ID},
+		// 4. Repositories that we directly own
+		cond = cond.Or(builder.Eq{"`repository`.owner_id": user.ID})
+		if !user.IsRestricted {
 			// 5. Be able to see all public repos in private organizations that we are an org_user of
-			userOrgPublicRepoCond(user.ID),
-		)
+			cond = cond.Or(userOrgPublicRepoCond(user.ID))
+		}
 	}
 
 	return cond

Original file line number	Diff line number	Diff line change
`@@ -652,12 +652,12 @@ func AccessibleRepositoryCondition(user *user_model.User, unitType unit.Type) bu`
`652`	`652`	userOrgTeamUnitRepoCond("`repository`.id", user.ID, unitType),
`653`	`653`	`)`
`654`	`654`	`}`
`655`		`- cond = cond.Or(`
`656`		`- // 4. Repositories that we directly own`
`657`		- builder.Eq{"`repository`.owner_id": user.ID},
	`655`	`+ // 4. Repositories that we directly own`
	`656`	+ cond = cond.Or(builder.Eq{"`repository`.owner_id": user.ID})
	`657`	`+ if !user.IsRestricted {`
`658`	`658`	`// 5. Be able to see all public repos in private organizations that we are an org_user of`
`659`		`- userOrgPublicRepoCond(user.ID),`
`660`		`- )`
	`659`	`+ cond = cond.Or(userOrgPublicRepoCond(user.ID))`
	`660`	`+ }`
`661`	`661`	`}`
`662`	`662`
`663`	`663`	`return cond`