mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-09-19 09:15:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: do visibility check for user redirect lookup

Browse source
This commit is contained in:
Gusted 2025-08-21 16:20:05 +02:00 committed by Earl Warren
commit 4019b99217
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
9 changed files with 50 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

5
services/context/org.go
View file

@ -16,6 +16,7 @@ import (
"forgejo.org/modules/markup/markdown"
"forgejo.org/modules/setting"
"forgejo.org/modules/structs"
redirect_service "forgejo.org/services/redirect"
)
// Organization contains organization context
@ -48,13 +49,13 @@ func GetOrganizationByParams(ctx *Context) {
ctx.Org.Organization, err = organization.GetOrgByName(ctx, orgName)
if err != nil {
if organization.IsErrOrgNotExist(err) {
redirectUserID, err := user_model.LookupUserRedirect(ctx, orgName)
redirectUserID, err := redirect_service.LookupUserRedirect(ctx, ctx.Doer, orgName)
if err == nil {
RedirectToUser(ctx.Base, orgName, redirectUserID)
} else if user_model.IsErrUserRedirectNotExist(err) {
ctx.NotFound("GetUserByName", err)
} else {
ctx.ServerError("LookupUserRedirect", err)
ctx.ServerError("LookupRedirect", err)
}
} else {
ctx.ServerError("GetUserByName", err)

5
services/context/repo.go
View file

@ -35,6 +35,7 @@ import (
"forgejo.org/modules/setting"
"forgejo.org/modules/util"
asymkey_service "forgejo.org/services/asymkey"
redirect_service "forgejo.org/services/redirect"
"github.com/editorconfig/editorconfig-core-go/v2"
)
@ -477,12 +478,12 @@ func RepoAssignment(ctx *Context) context.CancelFunc {
return nil
}
if redirectUserID, err := user_model.LookupUserRedirect(ctx, userName); err == nil {
if redirectUserID, err := redirect_service.LookupUserRedirect(ctx, ctx.Doer, userName); err == nil {
RedirectToUser(ctx.Base, userName, redirectUserID)
} else if user_model.IsErrUserRedirectNotExist(err) {
ctx.NotFound("GetUserByName", nil)
} else {
ctx.ServerError("LookupUserRedirect", err)
ctx.ServerError("LookupRedirect", err)
}
} else {
ctx.ServerError("GetUserByName", err)

5
services/context/user.go
View file

@ -9,6 +9,7 @@ import (
"strings"
user_model "forgejo.org/models/user"
redirect_service "forgejo.org/services/redirect"
)
// UserAssignmentWeb returns a middleware to handle context-user assignment for web routes
@ -68,12 +69,12 @@ func userAssignment(ctx *Base, doer *user_model.User, errCb func(int, string, an
contextUser, err = user_model.GetUserByName(ctx, username)
if err != nil {
if user_model.IsErrUserNotExist(err) {
if redirectUserID, err := user_model.LookupUserRedirect(ctx, username); err == nil {
if redirectUserID, err := redirect_service.LookupUserRedirect(ctx, doer, username); err == nil {
RedirectToUser(ctx, username, redirectUserID)
} else if user_model.IsErrUserRedirectNotExist(err) {
errCb(http.StatusNotFound, "GetUserByName", err)
} else {
errCb(http.StatusInternalServerError, "LookupUserRedirect", err)
errCb(http.StatusInternalServerError, "LookupRedirect", err)
}
} else {
errCb(http.StatusInternalServerError, "GetUserByName", err)