Allow collaborators to view repo owned private org (#6965)
Handle case where an orginization is private but a user who is not a member of the orgninization has been added as a collaborator of a repo within that org Fixes #6962
This commit is contained in:
parent
d9dcd09340
commit
68a83cc5a2
3 changed files with 27 additions and 4 deletions
|
@ -92,6 +92,15 @@ func TestPrivateOrg(t *testing.T) {
|
||||||
req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
|
req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
|
||||||
session.MakeRequest(t, req, http.StatusNotFound)
|
session.MakeRequest(t, req, http.StatusNotFound)
|
||||||
|
|
||||||
|
// non-org member who is collaborator on repo in private org
|
||||||
|
session = loginUser(t, "user4")
|
||||||
|
req = NewRequest(t, "GET", "/privated_org")
|
||||||
|
session.MakeRequest(t, req, http.StatusNotFound)
|
||||||
|
req = NewRequest(t, "GET", "/privated_org/public_repo_on_private_org") // colab of this repo
|
||||||
|
session.MakeRequest(t, req, http.StatusOK)
|
||||||
|
req = NewRequest(t, "GET", "/privated_org/private_repo_on_private_org")
|
||||||
|
session.MakeRequest(t, req, http.StatusNotFound)
|
||||||
|
|
||||||
// site admin
|
// site admin
|
||||||
session = loginUser(t, "user1")
|
session = loginUser(t, "user1")
|
||||||
req = NewRequest(t, "GET", "/privated_org")
|
req = NewRequest(t, "GET", "/privated_org")
|
||||||
|
|
|
@ -9,3 +9,9 @@
|
||||||
repo_id: 4
|
repo_id: 4
|
||||||
user_id: 4
|
user_id: 4
|
||||||
mode: 2 # write
|
mode: 2 # write
|
||||||
|
|
||||||
|
-
|
||||||
|
id: 3
|
||||||
|
repo_id: 40
|
||||||
|
user_id: 4
|
||||||
|
mode: 2 # write
|
|
@ -168,7 +168,17 @@ func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permiss
|
||||||
repo.mustOwner(e)
|
repo.mustOwner(e)
|
||||||
}
|
}
|
||||||
|
|
||||||
if repo.Owner.IsOrganization() && !HasOrgVisible(repo.Owner, user) {
|
var isCollaborator bool
|
||||||
|
if user != nil {
|
||||||
|
isCollaborator, err = repo.isCollaborator(e, user.ID)
|
||||||
|
if err != nil {
|
||||||
|
return perm, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prevent strangers from checking out public repo of private orginization
|
||||||
|
// Allow user if they are collaborator of a repo within a private orginization but not a member of the orginization itself
|
||||||
|
if repo.Owner.IsOrganization() && !HasOrgVisible(repo.Owner, user) && !isCollaborator {
|
||||||
perm.AccessMode = AccessModeNone
|
perm.AccessMode = AccessModeNone
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -207,9 +217,7 @@ func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permiss
|
||||||
perm.UnitsMode = make(map[UnitType]AccessMode)
|
perm.UnitsMode = make(map[UnitType]AccessMode)
|
||||||
|
|
||||||
// Collaborators on organization
|
// Collaborators on organization
|
||||||
if isCollaborator, err := repo.isCollaborator(e, user.ID); err != nil {
|
if isCollaborator {
|
||||||
return perm, err
|
|
||||||
} else if isCollaborator {
|
|
||||||
for _, u := range repo.Units {
|
for _, u := range repo.Units {
|
||||||
perm.UnitsMode[u.Type] = perm.AccessMode
|
perm.UnitsMode[u.Type] = perm.AccessMode
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue