diff --git a/models/repo_list.go b/models/repo_list.go index a676ae5c46c..316e6d084c8 100644 --- a/models/repo_list.go +++ b/models/repo_list.go @@ -401,21 +401,26 @@ func accessibleRepositoryCondition(user *User) builder.Cond { } if user != nil { - // 2. Be able to see all repositories that we have access to - cond = cond.Or(builder.Or( + cond = cond.Or( + // 2. Be able to see all repositories that we have access to builder.In("`repository`.id", builder.Select("repo_id"). From("`access`"). Where(builder.And( builder.Eq{"user_id": user.ID}, builder.Gt{"mode": int(AccessModeNone)}))), - builder.In("`repository`.id", builder.Select("id"). - From("`repository`"). - Where(builder.Eq{"owner_id": user.ID})))) - // 3. Be able to see all repositories that we are in a team - cond = cond.Or(builder.In("`repository`.id", builder.Select("`team_repo`.repo_id"). - From("team_repo"). - Where(builder.Eq{"`team_user`.uid": user.ID}). - Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id"))) + // 3. Repositories that we directly own + builder.Eq{"`repository`.owner_id": user.ID}, + // 4. Be able to see all repositories that we are in a team + builder.In("`repository`.id", builder.Select("`team_repo`.repo_id"). + From("team_repo"). + Where(builder.Eq{"`team_user`.uid": user.ID}). + Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id")), + // 5. Be able to see all public repos in private organizations that we are an org_user of + builder.And(builder.Eq{"`repository`.is_private": false}, + builder.In("`repository`.owner_id", + builder.Select("`org_user`.org_id"). + From("org_user"). + Where(builder.Eq{"`org_user`.uid": user.ID})))) } return cond