From 3039891a15a795ee145bf33bbd1a7b196e60d888 Mon Sep 17 00:00:00 2001
From: Umar Getagazov <umar@handlerug.me>
Date: Fri, 10 Mar 2023 16:54:29 +0000
Subject: [PATCH] api: prevent repos with ACL from being duplicated

Only join with access entries if the second condition of the OR
condition in the WHERE clause (i.e. `repo.visibility = 'PUBLIC') is
false, which prevents WHERE from short-circuiting for every row.
---
 api/graph/schema.resolvers.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/api/graph/schema.resolvers.go b/api/graph/schema.resolvers.go
index c6ec4fb..f2410f8 100644
--- a/api/graph/schema.resolvers.go
+++ b/api/graph/schema.resolvers.go
@@ -1369,7 +1369,10 @@ func (r *userResolver) Repositories(ctx context.Context, obj *model.User, cursor
 		query := database.
 			Select(ctx, repo).
 			From(`repository repo`).
-			LeftJoin(`access ON repo.id = access.repo_id`).
+			LeftJoin(`access ON (
+				repo.visibility != 'PUBLIC' AND
+				repo.id = access.repo_id
+			)`).
 			Where(sq.And{
 				sq.Or{
 					sq.Expr(`? IN (access.user_id, repo.owner_id)`,
-- 
2.38.4