mirror of
				https://gitcode.com/gitea/gitea.git
				synced 2025-10-26 05:04:27 +08:00 
			
		
		
		
	Do not allow Ghost access to limited visible user/org (#21849)
The Ghost user should not be allowed to have access to a limited visible user/org. Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
		| @ -458,8 +458,9 @@ func CountOrgs(opts FindOrgOptions) (int64, error) { | |||||||
|  |  | ||||||
| // HasOrgOrUserVisible tells if the given user can see the given org or user | // HasOrgOrUserVisible tells if the given user can see the given org or user | ||||||
| func HasOrgOrUserVisible(ctx context.Context, orgOrUser, user *user_model.User) bool { | func HasOrgOrUserVisible(ctx context.Context, orgOrUser, user *user_model.User) bool { | ||||||
| 	// Not SignedUser | 	// If user is nil, it's an anonymous user/request. | ||||||
| 	if user == nil { | 	// The Ghost user is handled like an anonymous user. | ||||||
|  | 	if user == nil || user.IsGhost() { | ||||||
| 		return orgOrUser.Visibility == structs.VisibleTypePublic | 		return orgOrUser.Visibility == structs.VisibleTypePublic | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user
	 KN4CK3R
					KN4CK3R