Fix limited user cannot view himself's profile (#21212)

lunny · web-flow · commit f66377320029 · 2022-09-20T16:00:46.000+08:00
backport #21210, fix #21206 If user and viewer are equal the method should return true. Also the common organization check was wrong as count can never be less then 0. Tests are on main branch.
diff --git a/models/user/user.go b/models/user/user.go
@@ -1265,7 +1265,7 @@ func isUserVisibleToViewerCond(viewer *User) builder.Cond {
 
 // IsUserVisibleToViewer check if viewer is able to see user profile
 func IsUserVisibleToViewer(ctx context.Context, u, viewer *User) bool {
-	if viewer != nil && viewer.IsAdmin {
+	if viewer != nil && (viewer.IsAdmin || viewer.ID == u.ID) {
 		return true
 	}
 
@@ -1304,7 +1304,7 @@ func IsUserVisibleToViewer(ctx context.Context, u, viewer *User) bool {
 			return false
 		}
 
-		if count < 0 {
+		if count == 0 {
 			// No common organization
 			return false
 		}

Original file line number	Diff line number	Diff line change
`@@ -1265,7 +1265,7 @@ func isUserVisibleToViewerCond(viewer *User) builder.Cond {`
`1265`	`1265`
`1266`	`1266`	`// IsUserVisibleToViewer check if viewer is able to see user profile`
`1267`	`1267`	`func IsUserVisibleToViewer(ctx context.Context, u, viewer *User) bool {`
`1268`		`- if viewer != nil && viewer.IsAdmin {`
	`1268`	`+ if viewer != nil && (viewer.IsAdmin \|\| viewer.ID == u.ID) {`
`1269`	`1269`	`return true`
`1270`	`1270`	`}`
`1271`	`1271`
`@@ -1304,7 +1304,7 @@ func IsUserVisibleToViewer(ctx context.Context, u, viewer *User) bool {`
`1304`	`1304`	`return false`
`1305`	`1305`	`}`
`1306`	`1306`
`1307`		`- if count < 0 {`
	`1307`	`+ if count == 0 {`
`1308`	`1308`	`// No common organization`
`1309`	`1309`	`return false`
`1310`	`1310`	`}`