fix: only list all users when allowed
This commit is contained in:
kolaente
Gitea
parent
3047ccfd4a
commit
9ddd7f4889
3 changed files with 51 additions and 11 deletions
|
|
@ -214,6 +214,13 @@ func TestListUsersFromList(t *testing.T) {
|
|||
testuser13, // Shared Via NamespaceUser admin
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "search for user1",
|
||||
args: args{l: &List{ID: 19, OwnerID: 7}, search: "user1"},
|
||||
wantUsers: []*user.User{
|
||||
testuser1, // Shared Via Team readonly
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -455,6 +455,31 @@ func TestListUsers(t *testing.T) {
|
|||
"discoverable_by_email": true,
|
||||
}, false)
|
||||
})
|
||||
t.Run("discoverable by exact username", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
all, err := ListUsers(s, "user7", nil)
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, all, 1)
|
||||
assert.Equal(t, int64(7), all[0].ID)
|
||||
db.AssertExists(t, "users", map[string]interface{}{
|
||||
"username": "user7",
|
||||
}, false)
|
||||
})
|
||||
t.Run("not discoverable by partial username", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
all, err := ListUsers(s, "user", nil)
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, all, 0)
|
||||
db.AssertExists(t, "users", map[string]interface{}{
|
||||
"username": "user7",
|
||||
}, false)
|
||||
})
|
||||
}
|
||||
|
||||
func TestUserPasswordReset(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -41,17 +41,25 @@ func ListUsers(s *xorm.Session, search string, opts *ListUserOpts) (users []*Use
|
|||
return
|
||||
}
|
||||
|
||||
cond := builder.Or(
|
||||
builder.Like{"username", "%" + search + "%"},
|
||||
conds := []builder.Cond{}
|
||||
|
||||
if search != "" {
|
||||
for _, queryPart := range strings.Split(search, ",") {
|
||||
conds = append(conds,
|
||||
builder.Eq{"username": queryPart},
|
||||
builder.And(
|
||||
builder.Eq{"email": search},
|
||||
builder.Eq{"email": queryPart},
|
||||
builder.Eq{"discoverable_by_email": true},
|
||||
),
|
||||
builder.And(
|
||||
builder.Like{"name", "%" + search + "%"},
|
||||
builder.Like{"name", "%" + queryPart + "%"},
|
||||
builder.Eq{"discoverable_by_name": true},
|
||||
),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
cond := builder.Or(conds...)
|
||||
|
||||
if opts.AdditionalCond != nil {
|
||||
cond = builder.And(
|
||||
|
|
|
|||
Loading…
Reference in a new issue