forked from Shiloh/githaven
af96286f22
The API convert.toUser function makes the incorrect assumption that full names could be rendered as is without being escaped. It therefore runs the names through markup.Sanitize which leads to a double escape of user full names. This pr stops this. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
97 lines
2.8 KiB
Go
97 lines
2.8 KiB
Go
// Copyright 2020 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package convert
|
|
|
|
import (
|
|
"code.gitea.io/gitea/models"
|
|
api "code.gitea.io/gitea/modules/structs"
|
|
)
|
|
|
|
// ToUser convert models.User to api.User
|
|
// if doer is set, private information is added if the doer has the permission to see it
|
|
func ToUser(user, doer *models.User) *api.User {
|
|
if user == nil {
|
|
return nil
|
|
}
|
|
authed := false
|
|
signed := false
|
|
if doer != nil {
|
|
signed = true
|
|
authed = doer.ID == user.ID || doer.IsAdmin
|
|
}
|
|
return toUser(user, signed, authed)
|
|
}
|
|
|
|
// ToUsers convert list of models.User to list of api.User
|
|
func ToUsers(doer *models.User, users []*models.User) []*api.User {
|
|
result := make([]*api.User, len(users))
|
|
for i := range users {
|
|
result[i] = ToUser(users[i], doer)
|
|
}
|
|
return result
|
|
}
|
|
|
|
// ToUserWithAccessMode convert models.User to api.User
|
|
// AccessMode is not none show add some more information
|
|
func ToUserWithAccessMode(user *models.User, accessMode models.AccessMode) *api.User {
|
|
if user == nil {
|
|
return nil
|
|
}
|
|
return toUser(user, accessMode != models.AccessModeNone, false)
|
|
}
|
|
|
|
// toUser convert models.User to api.User
|
|
// signed shall only be set if requester is logged in. authed shall only be set if user is site admin or user himself
|
|
func toUser(user *models.User, signed, authed bool) *api.User {
|
|
result := &api.User{
|
|
ID: user.ID,
|
|
UserName: user.Name,
|
|
FullName: user.FullName,
|
|
Email: user.GetEmail(),
|
|
AvatarURL: user.AvatarLink(),
|
|
Created: user.CreatedUnix.AsTime(),
|
|
Restricted: user.IsRestricted,
|
|
Location: user.Location,
|
|
Website: user.Website,
|
|
Description: user.Description,
|
|
// counter's
|
|
Followers: user.NumFollowers,
|
|
Following: user.NumFollowing,
|
|
StarredRepos: user.NumStars,
|
|
}
|
|
|
|
result.Visibility = user.Visibility.String()
|
|
|
|
// hide primary email if API caller is anonymous or user keep email private
|
|
if signed && (!user.KeepEmailPrivate || authed) {
|
|
result.Email = user.Email
|
|
}
|
|
|
|
// only site admin will get these information and possibly user himself
|
|
if authed {
|
|
result.IsAdmin = user.IsAdmin
|
|
result.LastLogin = user.LastLoginUnix.AsTime()
|
|
result.Language = user.Language
|
|
result.IsActive = user.IsActive
|
|
result.ProhibitLogin = user.ProhibitLogin
|
|
}
|
|
return result
|
|
}
|
|
|
|
// User2UserSettings return UserSettings based on a user
|
|
func User2UserSettings(user *models.User) api.UserSettings {
|
|
return api.UserSettings{
|
|
FullName: user.FullName,
|
|
Website: user.Website,
|
|
Location: user.Location,
|
|
Language: user.Language,
|
|
Description: user.Description,
|
|
Theme: user.Theme,
|
|
HideEmail: user.KeepEmailPrivate,
|
|
HideActivity: user.KeepActivityPrivate,
|
|
DiffViewStyle: user.DiffViewStyle,
|
|
}
|
|
}
|