Fix branch_protection api shows users/teams who has no readAccess

routers/api/v1/repo/branch.go

@@ -437,7 +437,7 @@ func GetBranchProtection(ctx *context.APIContext) {
 		return
 	}
 
-	ctx.JSON(http.StatusOK, convert.ToBranchProtection(ctx, bp))
+	ctx.JSON(http.StatusOK, convert.ToBranchProtection(ctx, bp, repo))
 }
 
 // ListBranchProtections list branch protections for a repo
@@ -470,7 +470,7 @@ func ListBranchProtections(ctx *context.APIContext) {
 	}
 	apiBps := make([]*api.BranchProtection, len(bps))
 	for i := range bps {
-		apiBps[i] = convert.ToBranchProtection(ctx, bps[i])
+		apiBps[i] = convert.ToBranchProtection(ctx, bps[i], repo)
 	}
 
 	ctx.JSON(http.StatusOK, apiBps)
@@ -681,7 +681,7 @@ func CreateBranchProtection(ctx *context.APIContext) {
 		return
 	}
 
-	ctx.JSON(http.StatusCreated, convert.ToBranchProtection(ctx, bp))
+	ctx.JSON(http.StatusCreated, convert.ToBranchProtection(ctx, bp, repo))
 }
 
 // EditBranchProtection edits a branch protection for a repo
@@ -959,7 +959,7 @@ func EditBranchProtection(ctx *context.APIContext) {
 		return
 	}
 
-	ctx.JSON(http.StatusOK, convert.ToBranchProtection(ctx, bp))
+	ctx.JSON(http.StatusOK, convert.ToBranchProtection(ctx, bp, repo))
 }
 
 // DeleteBranchProtection deletes a branch protection for a repo

services/convert/convert.go

@@ -105,33 +105,60 @@ func ToBranch(ctx context.Context, repo *repo_model.Repository, branchName strin
 	return branch, nil
 }
 
-// ToBranchProtection convert a ProtectedBranch to api.BranchProtection
-func ToBranchProtection(ctx context.Context, bp *git_model.ProtectedBranch) *api.BranchProtection {
-	pushWhitelistUsernames, err := user_model.GetUserNamesByIDs(ctx, bp.WhitelistUserIDs)
-	if err != nil {
-		log.Error("GetUserNamesByIDs (WhitelistUserIDs): %v", err)
-	}
-	mergeWhitelistUsernames, err := user_model.GetUserNamesByIDs(ctx, bp.MergeWhitelistUserIDs)
-	if err != nil {
-		log.Error("GetUserNamesByIDs (MergeWhitelistUserIDs): %v", err)
+// getWhitelistEntities returns the names of the entities that are in the whitelist
+func getWhitelistEntities(entities []any, whitelistIDs []int64) []string {
+	whitelistIDsMap := make(map[int64]struct{})
+	for _, id := range whitelistIDs {
+		whitelistIDsMap[id] = struct{}{}
+	}
+
+	whitelistNames := make([]string, 0)
+	for _, entity := range entities {
+		switch v := entity.(type) {
+		case *user_model.User:
+			if _, ok := whitelistIDsMap[v.ID]; ok {
+				whitelistNames = append(whitelistNames, v.Name)
+			}
+		case *organization.Team:
+			if _, ok := whitelistIDsMap[v.ID]; ok {
+				whitelistNames = append(whitelistNames, v.Name)
+			}
+		}
 	}
-	approvalsWhitelistUsernames, err := user_model.GetUserNamesByIDs(ctx, bp.ApprovalsWhitelistUserIDs)
+
+	return whitelistNames
+}
+
+// ToBranchProtection convert a ProtectedBranch to api.BranchProtection
+func ToBranchProtection(ctx context.Context, bp *git_model.ProtectedBranch, repo *repo_model.Repository) *api.BranchProtection {
+	readers, err := access_model.GetRepoReaders(ctx, repo)
 	if err != nil {
-		log.Error("GetUserNamesByIDs (ApprovalsWhitelistUserIDs): %v", err)
+		log.Error("GetRepoReaders: %v", err)
 	}
-	pushWhitelistTeams, err := organization.GetTeamNamesByID(ctx, bp.WhitelistTeamIDs)
-	if err != nil {
-		log.Error("GetTeamNamesByID (WhitelistTeamIDs): %v", err)
+
+	readersInterface := make([]any, len(readers))
+	for i, v := range readers {
+		readersInterface[i] = v
 	}
-	mergeWhitelistTeams, err := organization.GetTeamNamesByID(ctx, bp.MergeWhitelistTeamIDs)
+
+	pushWhitelistUsernames := getWhitelistEntities(readersInterface, bp.WhitelistUserIDs)
+	mergeWhitelistUsernames := getWhitelistEntities(readersInterface, bp.MergeWhitelistUserIDs)
+	approvalsWhitelistUsernames := getWhitelistEntities(readersInterface, bp.ApprovalsWhitelistUserIDs)
+
+	teamReaders, err := organization.OrgFromUser(repo.Owner).TeamsWithAccessToRepo(ctx, repo.ID, perm.AccessModeRead)
 	if err != nil {
-		log.Error("GetTeamNamesByID (MergeWhitelistTeamIDs): %v", err)
+		log.Error("Repo.Owner.TeamsWithAccessToRepo: %v", err)
 	}
-	approvalsWhitelistTeams, err := organization.GetTeamNamesByID(ctx, bp.ApprovalsWhitelistTeamIDs)
-	if err != nil {
-		log.Error("GetTeamNamesByID (ApprovalsWhitelistTeamIDs): %v", err)
+
+	teamReadersInterface := make([]any, len(teamReaders))
+	for i, v := range teamReaders {
+		teamReadersInterface[i] = v
 	}
 
+	pushWhitelistTeams := getWhitelistEntities(teamReadersInterface, bp.WhitelistTeamIDs)
+	mergeWhitelistTeams := getWhitelistEntities(teamReadersInterface, bp.MergeWhitelistTeamIDs)
+	approvalsWhitelistTeams := getWhitelistEntities(teamReadersInterface, bp.ApprovalsWhitelistTeamIDs)
+
 	branchName := ""
 	if !git_model.IsRuleNameSpecial(bp.RuleName) {
 		branchName = bp.RuleName