Fix commits pushed with deploy keys not shown in dashboard (#24521)

Zettat123 · web-flow · commit 29637b03b297 · 2023-05-10T04:14:58.000Z
Fix #21324 In the current logic, if the `Actor` user is not an admin user, all activities from private organizations won't be shown even if the `Actor` user is a member of the organization. As mentioned in the issue, when using deploy key to make a commit and push, the activity's `act_user_id` will be the id of the organization so the activity won't be shown to non-admin users because the visibility of the organization is private. https://github.com/go-gitea/gitea/blob/55a57177600028ba8e4a480a08f1ee4d69d219d6/models/activities/action.go#L490-L503 This PR improves this logic so the activities of private organizations can be shown.
diff --git a/models/activities/action.go b/models/activities/action.go
@@ -494,12 +494,27 @@ func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) {
 			).From("`user`"),
 		))
 	} else if !opts.Actor.IsAdmin {
-		cond = cond.And(builder.In("act_user_id",
-			builder.Select("`user`.id").Where(
-				builder.Eq{"keep_activity_private": false}.
-					And(builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))).
-				Or(builder.Eq{"id": opts.Actor.ID}).From("`user`"),
-		))
+		uidCond := builder.Select("`user`.id").From("`user`").Where(
+			builder.Eq{"keep_activity_private": false}.
+				And(builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))).
+			Or(builder.Eq{"id": opts.Actor.ID})
+
+		if opts.RequestedUser != nil {
+			if opts.RequestedUser.IsOrganization() {
+				// An organization can always see the activities whose `act_user_id` is the same as its id.
+				uidCond = uidCond.Or(builder.Eq{"id": opts.RequestedUser.ID})
+			} else {
+				// A user can always see the activities of the organizations to which the user belongs.
+				uidCond = uidCond.Or(
+					builder.Eq{"type": user_model.UserTypeOrganization}.
+						And(builder.In("`user`.id", builder.Select("org_id").
+							Where(builder.Eq{"uid": opts.RequestedUser.ID}).
+							From("team_user"))),
+				)
+			}
+		}
+
+		cond = cond.And(builder.In("act_user_id", uidCond))
 	}
 
 	// check readable repositories by doer/actor
