api: fix join for repositories resolver
The left join used for listing repositories has a curious issue: if you grant access to a private repo to x people, where x > 1, this repo will show up x times if you list your own repos via GraphQL. To fix, add an additional join restriction: we are only interested in ACLs for the calling user. This makes sure that at most one ACL will be returned, hence avoiding duplicate repositories.
This commit is contained in:
parent
da71f500a9
commit
490163fcd1
|
@ -1373,8 +1373,9 @@ func (r *userResolver) Repositories(ctx context.Context, obj *model.User, cursor
|
|||
From(`repository repo`).
|
||||
LeftJoin(`access ON (
|
||||
repo.visibility != 'PUBLIC' AND
|
||||
repo.id = access.repo_id
|
||||
)`).
|
||||
repo.id = access.repo_id AND
|
||||
access.user_id = ?
|
||||
)`, auth.ForContext(ctx).UserID).
|
||||
Where(sq.And{
|
||||
sq.Or{
|
||||
sq.Expr(`? IN (access.user_id, repo.owner_id)`,
|
||||
|
|
Loading…
Reference in New Issue