Fix unlisted showing (#873)

* Fix projects showing draft

* fix build

* run fmt

src/auth/checks.rs

@@ -33,8 +33,9 @@ pub async fn is_visible_project(
     project_data: &Project,
     user_option: &Option<User>,
     pool: &web::Data<PgPool>,
+    hide_unlisted: bool,
 ) -> Result<bool, ApiError> {
-    filter_visible_project_ids(vec![project_data], user_option, pool)
+    filter_visible_project_ids(vec![project_data], user_option, pool, hide_unlisted)
         .await
         .map(|x| !x.is_empty())
 }
@@ -53,11 +54,13 @@ pub async fn filter_visible_projects(
     mut projects: Vec<QueryProject>,
     user_option: &Option<User>,
     pool: &web::Data<PgPool>,
+    hide_unlisted: bool,
 ) -> Result<Vec<crate::models::projects::Project>, ApiError> {
     let filtered_project_ids = filter_visible_project_ids(
         projects.iter().map(|x| &x.inner).collect_vec(),
         user_option,
         pool,
+        hide_unlisted,
     )
     .await
     .unwrap();
@@ -74,17 +77,21 @@ pub async fn filter_visible_project_ids(
     projects: Vec<&Project>,
     user_option: &Option<User>,
     pool: &web::Data<PgPool>,
+    hide_unlisted: bool,
 ) -> Result<Vec<crate::database::models::ProjectId>, ApiError> {
     let mut return_projects = Vec::new();
     let mut check_projects = Vec::new();
 
     // Return projects that are not hidden or we are a mod of
     for project in projects {
-        if !project.status.is_hidden()
-            || user_option
-                .as_ref()
-                .map(|x| x.role.is_mod())
-                .unwrap_or(false)
+        if (if hide_unlisted {
+            project.status.is_searchable()
+        } else {
+            !project.status.is_hidden()
+        }) || user_option
+            .as_ref()
+            .map(|x| x.role.is_mod())
+            .unwrap_or(false)
         {
             return_projects.push(project.id);
         } else if user_option.is_some() {
@@ -233,6 +240,7 @@ pub async fn filter_visible_version_ids(
             .collect(),
         user_option,
         pool,
+        false,
     )
     .await?;
 

src/routes/maven.rs

@@ -92,7 +92,7 @@ pub async fn maven_metadata(
     .map(|x| x.1)
     .ok();
 
-    if !is_visible_project(&project.inner, &user_option, &pool).await? {
+    if !is_visible_project(&project.inner, &user_option, &pool, false).await? {
         return Err(ApiError::NotFound);
     }
 
@@ -286,7 +286,7 @@ pub async fn version_file(
     .map(|x| x.1)
     .ok();
 
-    if !is_visible_project(&project.inner, &user_option, &pool).await? {
+    if !is_visible_project(&project.inner, &user_option, &pool, false).await? {
         return Err(ApiError::NotFound);
     }
 
@@ -347,7 +347,7 @@ pub async fn version_file_sha1(
     .map(|x| x.1)
     .ok();
 
-    if !is_visible_project(&project.inner, &user_option, &pool).await? {
+    if !is_visible_project(&project.inner, &user_option, &pool, false).await? {
         return Err(ApiError::NotFound);
     }
 
@@ -389,7 +389,7 @@ pub async fn version_file_sha512(
     .map(|x| x.1)
     .ok();
 
-    if !is_visible_project(&project.inner, &user_option, &pool).await? {
+    if !is_visible_project(&project.inner, &user_option, &pool, false).await? {
         return Err(ApiError::NotFound);
     }
 

src/routes/updates.rs

@@ -57,7 +57,7 @@ pub async fn forge_updates(
     .map(|x| x.1)
     .ok();
 
-    if !is_visible_project(&project.inner, &user_option, &pool).await? {
+    if !is_visible_project(&project.inner, &user_option, &pool, false).await? {
         return Err(ApiError::InvalidInput(ERROR.to_string()));
     }
 

src/routes/v3/organizations.rs

@@ -85,7 +85,7 @@ pub async fn organization_projects_get(
     let projects_data =
         crate::database::models::Project::get_many_ids(&project_ids, &**pool, &redis).await?;
 
-    let projects = filter_visible_projects(projects_data, &current_user, &pool).await?;
+    let projects = filter_visible_projects(projects_data, &current_user, &pool, true).await?;
     Ok(HttpResponse::Ok().json(projects))
 }
 

src/routes/v3/projects.rs

@@ -137,7 +137,7 @@ pub async fn projects_get(
     .map(|x| x.1)
     .ok();
 
-    let projects = filter_visible_projects(projects_data, &user_option, &pool).await?;
+    let projects = filter_visible_projects(projects_data, &user_option, &pool, false).await?;
 
     Ok(HttpResponse::Ok().json(projects))
 }
@@ -164,7 +164,7 @@ pub async fn project_get(
     .ok();
 
     if let Some(data) = project_data {
-        if is_visible_project(&data.inner, &user_option, &pool).await? {
+        if is_visible_project(&data.inner, &user_option, &pool, false).await? {
             return Ok(HttpResponse::Ok().json(Project::from(data)));
         }
     }
@@ -971,7 +971,7 @@ pub async fn dependency_list(
     .ok();
 
     if let Some(project) = result {
-        if !is_visible_project(&project.inner, &user_option, &pool).await? {
+        if !is_visible_project(&project.inner, &user_option, &pool, false).await? {
             return Err(ApiError::NotFound);
         }
 
@@ -2064,7 +2064,7 @@ pub async fn project_follow(
     let user_id: db_ids::UserId = user.id.into();
     let project_id: db_ids::ProjectId = result.inner.id;
 
-    if !is_visible_project(&result.inner, &Some(user), &pool).await? {
+    if !is_visible_project(&result.inner, &Some(user), &pool, false).await? {
         return Err(ApiError::NotFound);
     }
 
@@ -2215,7 +2215,7 @@ pub async fn project_get_organization(
             ApiError::InvalidInput("The specified project does not exist!".to_string())
         })?;
 
-    if !is_visible_project(&result.inner, &current_user, &pool).await? {
+    if !is_visible_project(&result.inner, &current_user, &pool, false).await? {
         Err(ApiError::InvalidInput(
             "The specified project does not exist!".to_string(),
         ))

src/routes/v3/teams.rs

@@ -60,7 +60,7 @@ pub async fn team_members_get_project(
         .map(|x| x.1)
         .ok();
 
-        if !is_visible_project(&project.inner, &current_user, &pool).await? {
+        if !is_visible_project(&project.inner, &current_user, &pool, false).await? {
             return Err(ApiError::NotFound);
         }
         let members_data =

src/routes/v3/users.rs

@@ -69,7 +69,7 @@ pub async fn projects_list(
 
         let projects: Vec<_> =
             crate::database::Project::get_many_ids(&project_data, &**pool, &redis).await?;
-        let projects = filter_visible_projects(projects, &user, &pool).await?;
+        let projects = filter_visible_projects(projects, &user, &pool, true).await?;
         Ok(HttpResponse::Ok().json(projects))
     } else {
         Err(ApiError::NotFound)

src/routes/v3/version_file.rs

@@ -283,6 +283,7 @@ pub async fn get_projects_from_hashes(
         database::models::Project::get_many_ids(&project_ids, &**pool, &redis).await?,
         &user_option,
         &pool,
+        false,
     )
     .await?;
 

src/routes/v3/versions.rs

@@ -80,7 +80,7 @@ pub async fn version_project_get_helper(
     .ok();
 
     if let Some(project) = result {
-        if !is_visible_project(&project.inner, &user_option, &pool).await? {
+        if !is_visible_project(&project.inner, &user_option, &pool, false).await? {
             return Err(ApiError::NotFound);
         }
 
@@ -724,7 +724,7 @@ pub async fn version_list(
     .ok();
 
     if let Some(project) = result {
-        if !is_visible_project(&project.inner, &user_option, &pool).await? {
+        if !is_visible_project(&project.inner, &user_option, &pool, false).await? {
             return Err(ApiError::NotFound);
         }