fix: only list all users when allowed

This commit is contained in:
kolaente 2022-08-15 22:39:41 +02:00 committed by Gitea
parent 3047ccfd4a
commit 9ddd7f4889
3 changed files with 51 additions and 11 deletions

View file

@ -214,6 +214,13 @@ func TestListUsersFromList(t *testing.T) {
testuser13, // Shared Via NamespaceUser admin testuser13, // Shared Via NamespaceUser admin
}, },
}, },
{
name: "search for user1",
args: args{l: &List{ID: 19, OwnerID: 7}, search: "user1"},
wantUsers: []*user.User{
testuser1, // Shared Via Team readonly
},
},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {

View file

@ -455,6 +455,31 @@ func TestListUsers(t *testing.T) {
"discoverable_by_email": true, "discoverable_by_email": true,
}, false) }, false)
}) })
t.Run("discoverable by exact username", func(t *testing.T) {
db.LoadAndAssertFixtures(t)
s := db.NewSession()
defer s.Close()
all, err := ListUsers(s, "user7", nil)
assert.NoError(t, err)
assert.Len(t, all, 1)
assert.Equal(t, int64(7), all[0].ID)
db.AssertExists(t, "users", map[string]interface{}{
"username": "user7",
}, false)
})
t.Run("not discoverable by partial username", func(t *testing.T) {
db.LoadAndAssertFixtures(t)
s := db.NewSession()
defer s.Close()
all, err := ListUsers(s, "user", nil)
assert.NoError(t, err)
assert.Len(t, all, 0)
db.AssertExists(t, "users", map[string]interface{}{
"username": "user7",
}, false)
})
} }
func TestUserPasswordReset(t *testing.T) { func TestUserPasswordReset(t *testing.T) {

View file

@ -41,17 +41,25 @@ func ListUsers(s *xorm.Session, search string, opts *ListUserOpts) (users []*Use
return return
} }
cond := builder.Or( conds := []builder.Cond{}
builder.Like{"username", "%" + search + "%"},
if search != "" {
for _, queryPart := range strings.Split(search, ",") {
conds = append(conds,
builder.Eq{"username": queryPart},
builder.And( builder.And(
builder.Eq{"email": search}, builder.Eq{"email": queryPart},
builder.Eq{"discoverable_by_email": true}, builder.Eq{"discoverable_by_email": true},
), ),
builder.And( builder.And(
builder.Like{"name", "%" + search + "%"}, builder.Like{"name", "%" + queryPart + "%"},
builder.Eq{"discoverable_by_name": true}, builder.Eq{"discoverable_by_name": true},
), ),
) )
}
}
cond := builder.Or(conds...)
if opts.AdditionalCond != nil { if opts.AdditionalCond != nil {
cond = builder.And( cond = builder.And(