From c642cd0676cc4ba8e931a080c8524b29b4206792 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Sun, 17 May 2020 09:22:17 +0100
Subject: [PATCH] Allow all members of private orgs to see public repos
 (#11442)

* Allow all members of private orgs to see public repos

Fix #10144

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update models/repo_list.go

Co-authored-by: Lauris BH <lauris@nix.lv>
---
 models/repo_list.go | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/models/repo_list.go b/models/repo_list.go
index a676ae5c46..316e6d084c 100644
--- a/models/repo_list.go
+++ b/models/repo_list.go
@@ -401,21 +401,26 @@ func accessibleRepositoryCondition(user *User) builder.Cond {
 	}
 
 	if user != nil {
-		// 2. Be able to see all repositories that we have access to
-		cond = cond.Or(builder.Or(
+		cond = cond.Or(
+			// 2. Be able to see all repositories that we have access to
 			builder.In("`repository`.id", builder.Select("repo_id").
 				From("`access`").
 				Where(builder.And(
 					builder.Eq{"user_id": user.ID},
 					builder.Gt{"mode": int(AccessModeNone)}))),
-			builder.In("`repository`.id", builder.Select("id").
-				From("`repository`").
-				Where(builder.Eq{"owner_id": user.ID}))))
-		// 3. Be able to see all repositories that we are in a team
-		cond = cond.Or(builder.In("`repository`.id", builder.Select("`team_repo`.repo_id").
-			From("team_repo").
-			Where(builder.Eq{"`team_user`.uid": user.ID}).
-			Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id")))
+			// 3. Repositories that we directly own
+			builder.Eq{"`repository`.owner_id": user.ID},
+			// 4. Be able to see all repositories that we are in a team
+			builder.In("`repository`.id", builder.Select("`team_repo`.repo_id").
+				From("team_repo").
+				Where(builder.Eq{"`team_user`.uid": user.ID}).
+				Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id")),
+			// 5. Be able to see all public repos in private organizations that we are an org_user of
+			builder.And(builder.Eq{"`repository`.is_private": false},
+				builder.In("`repository`.owner_id",
+					builder.Select("`org_user`.org_id").
+						From("org_user").
+						Where(builder.Eq{"`org_user`.uid": user.ID}))))
 	}
 
 	return cond