From e6f04d7910753f1f541cb7a83b39977b6700d50d Mon Sep 17 00:00:00 2001 From: Job79 Date: Wed, 5 Feb 2025 15:52:43 +0100 Subject: [PATCH 1/2] Give organisation members access to organisation feeds --- routers/web/feed/profile.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/routers/web/feed/profile.go b/routers/web/feed/profile.go index 4ec46e302a..8b1e361f73 100644 --- a/routers/web/feed/profile.go +++ b/routers/web/feed/profile.go @@ -7,6 +7,7 @@ import ( "time" activities_model "code.gitea.io/gitea/models/activities" + "code.gitea.io/gitea/models/organization" "code.gitea.io/gitea/models/renderhelper" "code.gitea.io/gitea/modules/markup/markdown" "code.gitea.io/gitea/services/context" @@ -28,12 +29,23 @@ func ShowUserFeedAtom(ctx *context.Context) { // showUserFeed show user activity as RSS / Atom feed func showUserFeed(ctx *context.Context, formatType string) { includePrivate := ctx.IsSigned && (ctx.Doer.IsAdmin || ctx.Doer.ID == ctx.ContextUser.ID) + isOrganisation := ctx.ContextUser.IsOrganization() + if ctx.IsSigned && isOrganisation && !includePrivate { + // When feed is requested by a member of the + // organization, include the private repo's the member + // has access to. + isOrgMember, err := organization.IsOrganizationMember(ctx, ctx.ContextUser.ID, ctx.Doer.ID) + if err != nil { + ctx.ServerError("IsOrganizationMember", err) + } + includePrivate = isOrgMember + } actions, _, err := feed_service.GetFeeds(ctx, activities_model.GetFeedsOptions{ RequestedUser: ctx.ContextUser, Actor: ctx.Doer, IncludePrivate: includePrivate, - OnlyPerformedBy: !ctx.ContextUser.IsOrganization(), + OnlyPerformedBy: !isOrganisation, IncludeDeleted: false, Date: ctx.FormString("date"), }) From 6a6de5c66d73123393de46160627e76270a909d2 Mon Sep 17 00:00:00 2001 From: Job79 Date: Sun, 16 Feb 2025 16:59:13 +0100 Subject: [PATCH 2/2] Add feed permission tests --- routers/web/feed/profile_test.go | 37 ++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 routers/web/feed/profile_test.go diff --git a/routers/web/feed/profile_test.go b/routers/web/feed/profile_test.go new file mode 100644 index 0000000000..307974b410 --- /dev/null +++ b/routers/web/feed/profile_test.go @@ -0,0 +1,37 @@ +package feed_test + +import ( + "testing" + + "code.gitea.io/gitea/models/unittest" + user_model "code.gitea.io/gitea/models/user" + "code.gitea.io/gitea/routers/web/feed" + "code.gitea.io/gitea/services/contexttest" + "github.com/stretchr/testify/assert" +) + +func TestMain(m *testing.M) { + unittest.MainTest(m) +} + +func TestCheckGetOrgFeedsAsOrgMember(t *testing.T) { + unittest.PrepareTestEnv(t) + ctx, resp := contexttest.MockContext(t, "org3.atom") + ctx.ContextUser = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}) + contexttest.LoadUser(t, ctx, 2) + ctx.IsSigned = true + + feed.ShowUserFeedAtom(ctx) + assert.Contains(t, resp.Body.String(), "") // Should contain 1 private entry +} + +func TestCheckGetOrgFeedsAsNonOrgMember(t *testing.T) { + unittest.PrepareTestEnv(t) + ctx, resp := contexttest.MockContext(t, "org3.atom") + ctx.ContextUser = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}) + contexttest.LoadUser(t, ctx, 5) + ctx.IsSigned = true + + feed.ShowUserFeedAtom(ctx) + assert.NotContains(t, resp.Body.String(), "") // Should not contain any entries +}