fix: don't show private forks in forks list

- If a repository is forked to a private or limited user/organization, the fork should not be visible in the list of forks depending on the doer requesting the list of forks. - Added integration testing for web and API route.
2024-11-02 20:55:30 +01:00 · 2024-11-02 20:55:30 +01:00 · 061abe6004
commit 061abe6004
parent 3e3ef76808
5 changed files with 88 additions and 11 deletions
--- a/routers/api/v1/repo/fork.go
+++ b/routers/api/v1/repo/fork.go
@ -56,7 +56,7 @@ func ListForks(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"

-	forks, err := repo_model.GetForks(ctx, ctx.Repo.Repository, utils.GetListOptions(ctx))
+	forks, total, err := repo_model.GetForks(ctx, ctx.Repo.Repository, ctx.Doer, utils.GetListOptions(ctx))
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "GetForks", err)
 		return
@ -71,7 +71,7 @@ func ListForks(ctx *context.APIContext) {
 		apiForks[i] = convert.ToRepo(ctx, fork, permission)
 	}

-	ctx.SetTotalCountHeader(int64(ctx.Repo.Repository.NumForks))
+	ctx.SetTotalCountHeader(total)
 	ctx.JSON(http.StatusOK, apiForks)
 }

--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@ -1232,11 +1232,8 @@ func Forks(ctx *context.Context) {
 		page = 1
 	}

-	pager := context.NewPagination(ctx.Repo.Repository.NumForks, setting.MaxForksPerPage, page, 5)
-	ctx.Data["Page"] = pager
-
-	forks, err := repo_model.GetForks(ctx, ctx.Repo.Repository, db.ListOptions{
-		Page:     pager.Paginater.Current(),
+	forks, total, err := repo_model.GetForks(ctx, ctx.Repo.Repository, ctx.Doer, db.ListOptions{
+		Page:     page,
 		PageSize: setting.MaxForksPerPage,
 	})
 	if err != nil {
@ -1244,6 +1241,9 @@ func Forks(ctx *context.Context) {
 		return
 	}

+	pager := context.NewPagination(int(total), setting.MaxForksPerPage, page, 5)
+	ctx.Data["Page"] = pager
+
 	for _, fork := range forks {
 		if err = fork.LoadOwner(ctx); err != nil {
 			ctx.ServerError("LoadOwner", err)