opensourcemirror
/
git.sr.ht
mirror of https://git.sr.ht/~sircmpwn/git.sr.ht
1
0
Fork 0
Code Issues Releases Wiki Activity

api: fix join for repositories resolver 

The left join used for listing repositories has a curious issue: if you
grant access to a private repo to x people, where x > 1, this repo will
show up x times if you list your own repos via GraphQL.

To fix, add an additional join restriction: we are only interested in
ACLs for the calling user. This makes sure that at most one ACL will be
returned, hence avoiding duplicate repositories.
This commit is contained in:
Conrad Hoffmann 2023-08-09 22:53:16 +02:00 committed by Drew DeVault
parent da71f500a9
commit 490163fcd1
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/graph/schema.resolvers.go
View File

@ -1373,8 +1373,9 @@ func (r *userResolver) Repositories(ctx context.Context, obj *model.User, cursor
From(`repository repo`).
LeftJoin(`access ON (
repo.visibility != 'PUBLIC' AND
repo.id = access.repo_id
)`).
repo.id = access.repo_id AND
access.user_id = ?
)`, auth.ForContext(ctx).UserID).
Where(sq.And{
sq.Or{
sq.Expr(`? IN (access.user_id, repo.owner_id)`,