Hide private repositories in packages (#19584)

2022-05-07 18:21:15 +02:00 · 2022-05-07 18:21:15 +02:00 · 8adba93498
commit 8adba93498
parent 38d72d40f1
8 changed files with 115 additions and 20 deletions
--- a/routers/web/user/package.go
+++ b/routers/web/user/package.go
@ -58,6 +58,23 @@ func ListPackages(ctx *context.Context) {
 		return
 	}

+	repositoryAccessMap := make(map[int64]bool)
+	for _, pd := range pds {
+		if pd.Repository == nil {
+			continue
+		}
+		if _, has := repositoryAccessMap[pd.Repository.ID]; has {
+			continue
+		}
+
+		permission, err := models.GetUserRepoPermission(ctx, pd.Repository, ctx.Doer)
+		if err != nil {
+			ctx.ServerError("GetUserRepoPermission", err)
+			return
+		}
+		repositoryAccessMap[pd.Repository.ID] = permission.HasAccess()
+	}
+
 	hasPackages, err := packages_model.HasOwnerPackages(ctx, ctx.ContextUser.ID)
 	if err != nil {
 		ctx.ServerError("HasOwnerPackages", err)
@ -72,6 +89,7 @@ func ListPackages(ctx *context.Context) {
 	ctx.Data["HasPackages"] = hasPackages
 	ctx.Data["PackageDescriptors"] = pds
 	ctx.Data["Total"] = total
+	ctx.Data["RepositoryAccessMap"] = repositoryAccessMap

 	pager := context.NewPagination(int(total), setting.UI.PackagesPagingNum, page, 5)
 	pager.AddParam(ctx, "q", "Query")
@ -157,6 +175,17 @@ func ViewPackageVersion(ctx *context.Context) {

 	ctx.Data["CanWritePackages"] = ctx.Package.AccessMode >= perm.AccessModeWrite || ctx.IsUserSiteAdmin()

+	hasRepositoryAccess := false
+	if pd.Repository != nil {
+		permission, err := models.GetUserRepoPermission(ctx, pd.Repository, ctx.Doer)
+		if err != nil {
+			ctx.ServerError("GetUserRepoPermission", err)
+			return
+		}
+		hasRepositoryAccess = permission.HasAccess()
+	}
+	ctx.Data["HasRepositoryAccess"] = hasRepositoryAccess
+
 	ctx.HTML(http.StatusOK, tplPackagesView)
 }