mirror of
https://github.com/go-gitea/gitea
synced 2024-11-15 22:54:24 +00:00
88a03a6133
We need to make sure a user can't confirm the existence of a user with private visibility * Follow up on #21533 ### Before #### User ![image](https://user-images.githubusercontent.com/20454870/197357580-340911d7-1659-4fc9-a9f6-7ed6bc3476b4.png) #### Admin ![image](https://user-images.githubusercontent.com/20454870/197357676-a8f0ae63-8f80-4221-a9b5-b6311552910a.png) ### After #### User ![image](https://user-images.githubusercontent.com/20454870/197357536-05616edb-7821-469d-8e51-6f8cb84c1362.png) #### Admin ![image](https://user-images.githubusercontent.com/20454870/197357703-071fe984-de79-43aa-a77c-a85b046292a4.png) Signed-off-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
34 lines
952 B
Go
34 lines
952 B
Go
// Copyright 2022 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package markup
|
|
|
|
import (
|
|
"context"
|
|
|
|
"code.gitea.io/gitea/models/user"
|
|
gitea_context "code.gitea.io/gitea/modules/context"
|
|
"code.gitea.io/gitea/modules/markup"
|
|
)
|
|
|
|
func ProcessorHelper() *markup.ProcessorHelper {
|
|
return &markup.ProcessorHelper{
|
|
IsUsernameMentionable: func(ctx context.Context, username string) bool {
|
|
mentionedUser, err := user.GetUserByName(ctx, username)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
giteaCtx, ok := ctx.(*gitea_context.Context)
|
|
if !ok {
|
|
// when using general context, use user's visibility to check
|
|
return mentionedUser.Visibility.IsPublic()
|
|
}
|
|
|
|
// when using gitea context (web context), use user's visibility and user's permission to check
|
|
return user.IsUserVisibleToViewer(giteaCtx, mentionedUser, giteaCtx.Doer)
|
|
},
|
|
}
|
|
}
|