Allow access to the Public Organization Member lists with minimal permissions (#20330)

Examining Organization membership should not necessarily require sign-in if the organization is public and the members are public. Therefore we should adjust `/org/{org}/members` to not require login.

Fix #7501

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: zeripath <art27@cantab.net>
This commit is contained in:
a1012112796 2022-07-15 22:21:54 +08:00 committed by GitHub
parent 7d20c8323a
commit 4f267ef643
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 11 deletions

View File

@ -12,6 +12,7 @@ import (
"code.gitea.io/gitea/models/perm" "code.gitea.io/gitea/models/perm"
user_model "code.gitea.io/gitea/models/user" user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/structs"
) )
// Organization contains organization context // Organization contains organization context
@ -69,6 +70,20 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
return return
} }
org := ctx.Org.Organization org := ctx.Org.Organization
// Handle Visibility
if org.Visibility != structs.VisibleTypePublic && !ctx.IsSigned {
// We must be signed in to see limited or private organizations
ctx.NotFound("OrgAssignment", err)
return
}
if org.Visibility == structs.VisibleTypePrivate {
requireMember = true
} else if ctx.IsSigned && ctx.Doer.IsRestricted {
requireMember = true
}
ctx.ContextUser = org.AsUser() ctx.ContextUser = org.AsUser()
ctx.Data["Org"] = org ctx.Data["Org"] = org

View File

@ -39,11 +39,6 @@ func Home(ctx *context.Context) {
org := ctx.Org.Organization org := ctx.Org.Organization
if !organization.HasOrgOrUserVisible(ctx, org.AsUser(), ctx.Doer) {
ctx.NotFound("HasOrgOrUserVisible", nil)
return
}
ctx.Data["PageIsUserProfile"] = true ctx.Data["PageIsUserProfile"] = true
ctx.Data["Title"] = org.DisplayName() ctx.Data["Title"] = org.DisplayName()
if len(org.Description) != 0 { if len(org.Description) != 0 {

View File

@ -610,6 +610,12 @@ func RegisterRoutes(m *web.Route) {
} }
// ***** START: Organization ***** // ***** START: Organization *****
m.Group("/org", func() {
m.Group("/{org}", func() {
m.Get("/members", org.Members)
}, context.OrgAssignment())
}, ignSignIn)
m.Group("/org", func() { m.Group("/org", func() {
m.Group("", func() { m.Group("", func() {
m.Get("/create", org.Create) m.Get("/create", org.Create)
@ -625,7 +631,6 @@ func RegisterRoutes(m *web.Route) {
m.Get("/pulls/{team}", user.Pulls) m.Get("/pulls/{team}", user.Pulls)
m.Get("/milestones", reqMilestonesDashboardPageEnabled, user.Milestones) m.Get("/milestones", reqMilestonesDashboardPageEnabled, user.Milestones)
m.Get("/milestones/{team}", reqMilestonesDashboardPageEnabled, user.Milestones) m.Get("/milestones/{team}", reqMilestonesDashboardPageEnabled, user.Milestones)
m.Get("/members", org.Members)
m.Post("/members/action/{action}", org.MembersAction) m.Post("/members/action/{action}", org.MembersAction)
m.Get("/teams", org.Teams) m.Get("/teams", org.Teams)
}, context.OrgAssignment(true, false, true)) }, context.OrgAssignment(true, false, true))

View File

@ -41,11 +41,9 @@
{{end}} {{end}}
<h4 class="ui top attached header df"> <h4 class="ui top attached header df">
<strong class="f1">{{.locale.Tr "org.people"}}</strong> <strong class="f1">{{.locale.Tr "org.people"}}</strong>
{{if .IsOrganizationMember}}
<div class="ui"> <div class="ui">
<a class="text grey dif ac" href="{{.OrgLink}}/members"><span>{{.Org.NumMembers}}</span> {{svg "octicon-chevron-right"}}</a> <a class="text grey dif ac" href="{{.OrgLink}}/members"><span>{{.MembersTotal}}</span> {{svg "octicon-chevron-right"}}</a>
</div> </div>
{{end}}
</h4> </h4>
<div class="ui attached segment members"> <div class="ui attached segment members">
{{$isMember := .IsOrganizationMember}} {{$isMember := .IsOrganizationMember}}