Do not allow organisation owners add themselves as collaborator (#20043)
We're already checking for repo owners, but we also need to check for organisation owners that try to add themselves as collaborator Closes #17966
This commit is contained in:
parent
dabc06d13b
commit
889a41c6a8
2 changed files with 14 additions and 0 deletions
|
@ -1898,6 +1898,7 @@ settings.confirm_delete = Delete Repository
|
|||
settings.add_collaborator = Add Collaborator
|
||||
settings.add_collaborator_success = The collaborator has been added.
|
||||
settings.add_collaborator_inactive_user = Can not add an inactive user as a collaborator.
|
||||
settings.add_collaborator_owner = Can not add an owner as a collaborator.
|
||||
settings.add_collaborator_duplicate = The collaborator is already added to this repository.
|
||||
settings.delete_collaborator = Remove
|
||||
settings.collaborator_deletion = Remove Collaborator
|
||||
|
|
|
@ -917,6 +917,19 @@ func CollaborationPost(ctx *context.Context) {
|
|||
return
|
||||
}
|
||||
|
||||
// find the owner team of the organization the repo belongs too and
|
||||
// check if the user we're trying to add is an owner.
|
||||
if ctx.Repo.Repository.Owner.IsOrganization() {
|
||||
if isOwner, err := organization.IsOrganizationOwner(ctx, ctx.Repo.Repository.Owner.ID, u.ID); err != nil {
|
||||
ctx.ServerError("IsOrganizationOwner", err)
|
||||
return
|
||||
} else if isOwner {
|
||||
ctx.Flash.Error(ctx.Tr("repo.settings.add_collaborator_owner"))
|
||||
ctx.Redirect(setting.AppSubURL + ctx.Req.URL.EscapedPath())
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if err = repo_module.AddCollaborator(ctx.Repo.Repository, u); err != nil {
|
||||
ctx.ServerError("AddCollaborator", err)
|
||||
return
|
||||
|
|
Loading…
Reference in a new issue