Restricted users only see repos in orgs which their team was assigned to (#28025) (#28051)

Backport #28025 by @6543 --- *Sponsored by Kithara Software GmbH* Co-authored-by: 6543 <m.huber@kithara.com> (cherry picked from commit 073d8c50dd)
2024-11-10 20:01:24 +01:00 · 2023-11-14 23:44:46 +08:00 · 2023-11-14 23:44:46 +08:00 · c51dd2b4fd
commit c51dd2b4fd
parent e4b92a1d47
1 changed files with 5 additions and 5 deletions
--- a/models/repo/repo_list.go
+++ b/models/repo/repo_list.go
@ -652,12 +652,12 @@ func AccessibleRepositoryCondition(user *user_model.User, unitType unit.Type) bu
 				userOrgTeamUnitRepoCond("`repository`.id", user.ID, unitType),
 			)
 		}
-		cond = cond.Or(
-			// 4. Repositories that we directly own
-			builder.Eq{"`repository`.owner_id": user.ID},
+		// 4. Repositories that we directly own
+		cond = cond.Or(builder.Eq{"`repository`.owner_id": user.ID})
+		if !user.IsRestricted {
 			// 5. Be able to see all public repos in private organizations that we are an org_user of
-			userOrgPublicRepoCond(user.ID),
-		)
+			cond = cond.Or(userOrgPublicRepoCond(user.ID))
+		}
 	}

 	return cond