tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-08-18 07:28:28 +00:00
Code Releases Activity

Only show Followers that current user can access (#20220) (#20253)

Browse Source 
Backport #20220

Users who are following or being followed by a user should only be
displayed if the viewing user can see them.

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath
2022-07-06 02:47:16 +01:00
committed by GitHub
parent 6162fb0a19
commit b42df3105d
3 changed files with 60 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
routers/api/v1/user/follower.go
View File

@@ -24,13 +24,13 @@ func responseAPIUsers(ctx *context.APIContext, users []*user_model.User) {
}
func listUserFollowers(ctx *context.APIContext, u *user_model.User) {
users, err := user_model.GetUserFollowers(u, utils.GetListOptions(ctx))
users, count, err := user_model.GetUserFollowers(ctx, u, ctx.User, utils.GetListOptions(ctx))
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserFollowers", err)
return
}
ctx.SetTotalCountHeader(int64(u.NumFollowers))
ctx.SetTotalCountHeader(count)
responseAPIUsers(ctx, users)
}
@@ -90,13 +90,13 @@ func ListFollowers(ctx *context.APIContext) {
}
func listUserFollowing(ctx *context.APIContext, u *user_model.User) {
users, err := user_model.GetUserFollowing(u, utils.GetListOptions(ctx))
users, count, err := user_model.GetUserFollowing(ctx, u, ctx.User, utils.GetListOptions(ctx))
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserFollowing", err)
return
}
ctx.SetTotalCountHeader(int64(u.NumFollowing))
ctx.SetTotalCountHeader(count)
responseAPIUsers(ctx, users)
}