feat: bypass discoverability settings for external team members
This commit is contained in:
parent
3a730165bc
commit
28b913f29f
|
|
@ -49,6 +49,17 @@ func ListUsers(s *xorm.Session, search string, currentUser *User, opts *ProjectU
|
|||
|
||||
conds := []builder.Cond{}
|
||||
|
||||
// Subquery: find user IDs that share an external team with the current user
|
||||
externalTeamMemberIDs := builder.Select("tm2.user_id").
|
||||
From("team_members tm1").
|
||||
Join("INNER", "team_members tm2", "tm1.team_id = tm2.team_id").
|
||||
Join("INNER", "teams t", "t.id = tm1.team_id").
|
||||
Where(builder.And(
|
||||
builder.Eq{"tm1.user_id": currentUser.ID},
|
||||
builder.Neq{"t.external_id": ""},
|
||||
builder.Neq{"tm2.user_id": currentUser.ID},
|
||||
))
|
||||
|
||||
queryParts := strings.Split(search, ",")
|
||||
|
||||
if search != "" {
|
||||
|
|
@ -77,6 +88,14 @@ func ListUsers(s *xorm.Session, search string, currentUser *User, opts *ProjectU
|
|||
db.ILIKE("name", queryPart),
|
||||
builder.Eq{"discoverable_by_name": true},
|
||||
),
|
||||
// External team bypass: match by name or email without discoverability check
|
||||
builder.And(
|
||||
builder.In("id", externalTeamMemberIDs),
|
||||
builder.Or(
|
||||
db.ILIKE("name", queryPart),
|
||||
builder.Eq{"email": queryPart},
|
||||
),
|
||||
),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue