Fix panic when view profile without signin

Also fix that no matter who, still able to see organizations with private membership.

models/org.go

@@ -254,27 +254,25 @@ func IsPublicMembership(orgId, uid int64) bool {
 	return has
 }
 
-func getOrgsByUserID(sess *xorm.Session, userID int64) ([]*User, error) {
+func getOrgsByUserID(sess *xorm.Session, userID int64, showAll bool) ([]*User, error) {
 	orgs := make([]*User, 0, 10)
-	return orgs, sess.Where("`org_user`.uid=?", userID).
+	if !showAll {
+		sess.And("`org_user`.is_public=?", true)
+	}
+	return orgs, sess.And("`org_user`.uid=?", userID).
 		Join("INNER", "`org_user`", "`org_user`.org_id=`user`.id").Find(&orgs)
 }
 
 // GetOrgsByUserID returns a list of organizations that the given user ID
 // has joined.
-func GetOrgsByUserID(userID int64) ([]*User, error) {
-	sess := x.NewSession()
-	return getOrgsByUserID(sess, userID)
+func GetOrgsByUserID(userID int64, showAll bool) ([]*User, error) {
+	return getOrgsByUserID(x.NewSession(), userID, showAll)
 }
 
 // GetOrgsByUserIDDesc returns a list of organizations that the given user ID
 // has joined, ordered descending by the given condition.
-func GetOrgsByUserIDDesc(userID int64, desc string, all bool) ([]*User, error) {
-	sess := x.NewSession()
-	if !all {
-		sess.And("`org_user`.is_public=?", true)
-	}
-	return getOrgsByUserID(sess.Desc(desc), userID)
+func GetOrgsByUserIDDesc(userID int64, desc string, showAll bool) ([]*User, error) {
+	return getOrgsByUserID(x.NewSession().Desc(desc), userID, showAll)
 }
 
 func getOwnedOrgsByUserID(sess *xorm.Session, userID int64) ([]*User, error) {

routers/user/profile.go

@@ -75,7 +75,7 @@ func Profile(ctx *middleware.Context) {
 	ctx.Data["PageIsUserProfile"] = true
 	ctx.Data["Owner"] = u
 
-	orgs, err := models.GetOrgsByUserIDDesc(u.Id, "updated", ctx.User.IsAdmin || ctx.User.Id == u.Id)
+	orgs, err := models.GetOrgsByUserID(u.Id, ctx.IsSigned && (ctx.User.IsAdmin || ctx.User.Id == u.Id))
 	if err != nil {
 		ctx.Handle(500, "GetOrgsByUserIDDesc", err)
 		return