1 files changed, 21 insertions, 4 deletions

diff --git a/models/action.go b/models/action.go
index 33d5246e..3bcf999d 100644
--- a/models/action.go
+++ b/models/action.go
@@ -498,7 +498,7 @@ func CommitRepoAction(
 	payloadSender := &api.PayloadUser{
 		UserName:  pusher.Name,
 		ID:        pusher.Id,
-		AvatarUrl: setting.AppUrl + pusher.RelAvatarLink(),
+		AvatarUrl: pusher.AvatarLink(),
 	}
 
 	switch opType {
@@ -593,12 +593,29 @@ func MergePullRequestAction(actUser *User, repo *Repository, pull *Issue) error
 }
 
 // GetFeeds returns action list of given user in given context.
-func GetFeeds(uid, offset int64, isProfile bool) ([]*Action, error) {
+// userID is the user who's requesting, ctxUserID is the user/org that is requested.
+// userID can be -1, if isProfile is true or in order to skip the permission check.
+func GetFeeds(ctxUserID, userID, offset int64, isProfile bool) ([]*Action, error) {
 	actions := make([]*Action, 0, 20)
-	sess := x.Limit(20, int(offset)).Desc("id").Where("user_id=?", uid)
+	sess := x.Limit(20, int(offset)).Desc("id").Where("user_id=?", ctxUserID)
 	if isProfile {
-		sess.And("is_private=?", false).And("act_user_id=?", uid)
+		sess.And("is_private=?", false).And("act_user_id=?", ctxUserID)
+	} else if ctxUserID != -1 {
+		ctxUser := &User{Id: ctxUserID}
+		if err := ctxUser.GetUserRepositories(userID); err != nil {
+			return nil, err
+		}
+
+		var repoIDs []int64
+		for _, repo := range ctxUser.Repos {
+			repoIDs = append(repoIDs, repo.ID)
+		}
+
+		if len(repoIDs) > 0 {
+			sess.In("repo_id", repoIDs)
+		}
 	}
+
 	err := sess.Find(&actions)
 	return actions, err
 }