fix: only list all users when allowed
This commit is contained in:
kolaente
Gitea
parent
3047ccfd4a
commit
9ddd7f4889
3 changed files with 51 additions and 11 deletions
|
|
@ -214,6 +214,13 @@ func TestListUsersFromList(t *testing.T) {
|
||||||
testuser13, // Shared Via NamespaceUser admin
|
testuser13, // Shared Via NamespaceUser admin
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "search for user1",
|
||||||
|
args: args{l: &List{ID: 19, OwnerID: 7}, search: "user1"},
|
||||||
|
wantUsers: []*user.User{
|
||||||
|
testuser1, // Shared Via Team readonly
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
|
|
||||||
|
|
@ -455,6 +455,31 @@ func TestListUsers(t *testing.T) {
|
||||||
"discoverable_by_email": true,
|
"discoverable_by_email": true,
|
||||||
}, false)
|
}, false)
|
||||||
})
|
})
|
||||||
|
t.Run("discoverable by exact username", func(t *testing.T) {
|
||||||
|
db.LoadAndAssertFixtures(t)
|
||||||
|
s := db.NewSession()
|
||||||
|
defer s.Close()
|
||||||
|
|
||||||
|
all, err := ListUsers(s, "user7", nil)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Len(t, all, 1)
|
||||||
|
assert.Equal(t, int64(7), all[0].ID)
|
||||||
|
db.AssertExists(t, "users", map[string]interface{}{
|
||||||
|
"username": "user7",
|
||||||
|
}, false)
|
||||||
|
})
|
||||||
|
t.Run("not discoverable by partial username", func(t *testing.T) {
|
||||||
|
db.LoadAndAssertFixtures(t)
|
||||||
|
s := db.NewSession()
|
||||||
|
defer s.Close()
|
||||||
|
|
||||||
|
all, err := ListUsers(s, "user", nil)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Len(t, all, 0)
|
||||||
|
db.AssertExists(t, "users", map[string]interface{}{
|
||||||
|
"username": "user7",
|
||||||
|
}, false)
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestUserPasswordReset(t *testing.T) {
|
func TestUserPasswordReset(t *testing.T) {
|
||||||
|
|
|
||||||
|
|
@ -41,17 +41,25 @@ func ListUsers(s *xorm.Session, search string, opts *ListUserOpts) (users []*Use
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
cond := builder.Or(
|
conds := []builder.Cond{}
|
||||||
builder.Like{"username", "%" + search + "%"},
|
|
||||||
builder.And(
|
if search != "" {
|
||||||
builder.Eq{"email": search},
|
for _, queryPart := range strings.Split(search, ",") {
|
||||||
builder.Eq{"discoverable_by_email": true},
|
conds = append(conds,
|
||||||
),
|
builder.Eq{"username": queryPart},
|
||||||
builder.And(
|
builder.And(
|
||||||
builder.Like{"name", "%" + search + "%"},
|
builder.Eq{"email": queryPart},
|
||||||
builder.Eq{"discoverable_by_name": true},
|
builder.Eq{"discoverable_by_email": true},
|
||||||
),
|
),
|
||||||
)
|
builder.And(
|
||||||
|
builder.Like{"name", "%" + queryPart + "%"},
|
||||||
|
builder.Eq{"discoverable_by_name": true},
|
||||||
|
),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
cond := builder.Or(conds...)
|
||||||
|
|
||||||
if opts.AdditionalCond != nil {
|
if opts.AdditionalCond != nil {
|
||||||
cond = builder.And(
|
cond = builder.And(
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue