forgejo/release-notes/8.0.0
Gergely Nagy 9cb2aa989a
Teach activities.GetFeeds() how to avoid returning duplicates
Before explaining the fix itself, lets look at the `action` table, and
how it is populated. Data is only ever inserted into it via
`activities_model.NotifyWatchers`, which will:

- Insert a row for each activity with `UserID` set to the acting user's
  ID - this is the original activity, and is always inserted if anything
  is to be inserted at all.
- It will insert a copy of each activity with the `UserID` set to the
  repo's owner, if the owner is an Organization, and isn't the acting
  user.
- It will insert a copy of each activity for every watcher of the repo,
  as long as the watcher in question has read permission to the repo
  unit the activity is about.

This means that if a repository belongs to an organizations, for most
activities, it will have at least two rows in the table. For
repositories watched by people other than their owner, an additional row
for each watcher.

These are useful duplicates, because they record which activities are
relevant for a particular user. However, for cases where we wish to see
the activities that happen around a repository, without limiting the
results to a particular user, we're *not* interested in the duplicates
stored for the watchers and the org. We only need the originals.

And this is what this change does: it introduces an additional option to
`GetFeedsOptions`: `OnlyPerformedByActor`. When this option is set,
`activities.GetFeeds()` will only return the original activities, where
the user id and the acting user id are the same. As these are *always*
inserted, we're not missing out on any activities. We're just getting
rid of the duplicates. As this is an additional `AND` condition, it can
never introduce items that would not have been included in the result
set before, it can only reduce, not extend.

These duplicates were only affecting call sites where `RequestedRepo`
was set, but `RequestedUser` and `RequestedTeam` were not. Both of those
call sites were updated to set `OnlyPerformedByActor`. As a result,
repository RSS feeds, and the `/repos/{owner}/{repo}/activities/feeds`
API end points no longer return dupes, only the original activities.

Rather than hardcoding this behaviour into `GetFeeds()` itself, I chose
to implement it as an explicit option, for the sake of clarity.

Fixes Codeberg/Community#684, and addresses gitea#20986.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-09 18:33:33 +02:00
..
feat [UI] Allow org members to navigate between the org and the dashboard 2024-05-05 23:14:57 +05:00
fix Teach activities.GetFeeds() how to avoid returning duplicates 2024-05-09 18:33:33 +02:00
3139.md Add release note for #3139 2024-04-28 22:44:59 +02:00
3383.md Release notes for Limit database max connections by default 2024-04-27 22:03:25 +02:00
3414.md ldap: default domain name (#3414) 2024-04-26 22:38:58 +00:00
3572.md FIX gogs migration if gogs is hosted at a subpath (#3572) 2024-05-01 16:28:44 +00:00
3583.md Fix inconsistent required field (#3583) 2024-05-01 18:29:42 +00:00
3608.md [THEME] fix text selection color 2024-05-02 21:31:03 +05:00
3671.md fix(security): CVE-2024-24788 malformed DNS message 2024-05-08 14:25:08 +02:00