diff --git a/models/org.go b/models/org.go index 58afc5cb5..4a108a80b 100644 --- a/models/org.go +++ b/models/org.go @@ -435,7 +435,7 @@ func hasOrgVisible(e Engine, org *User, user *User) bool { return true } - if (org.Visibility == structs.VisibleTypePrivate || user.IsRestricted) && !org.isUserPartOfOrg(e, user.ID) { + if (org.Visibility == structs.VisibleTypePrivate || user.IsRestricted) && !org.hasMemberWithUserID(e, user.ID) { return false } return true diff --git a/models/user.go b/models/user.go index 680c30231..dcf908de7 100644 --- a/models/user.go +++ b/models/user.go @@ -609,12 +609,12 @@ func (u *User) IsUserOrgOwner(orgID int64) bool { return isOwner } -// IsUserPartOfOrg returns true if user with userID is part of the u organisation. -func (u *User) IsUserPartOfOrg(userID int64) bool { - return u.isUserPartOfOrg(x, userID) +// HasMemberWithUserID returns true if user with userID is part of the u organisation. +func (u *User) HasMemberWithUserID(userID int64) bool { + return u.hasMemberWithUserID(x, userID) } -func (u *User) isUserPartOfOrg(e Engine, userID int64) bool { +func (u *User) hasMemberWithUserID(e Engine, userID int64) bool { isMember, err := isOrganizationMember(e, u.ID, userID) if err != nil { log.Error("IsOrganizationMember: %v", err) diff --git a/routers/api/v1/repo/transfer.go b/routers/api/v1/repo/transfer.go index 847028d10..b1271b772 100644 --- a/routers/api/v1/repo/transfer.go +++ b/routers/api/v1/repo/transfer.go @@ -12,6 +12,7 @@ import ( "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/convert" "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/structs" api "code.gitea.io/gitea/modules/structs" repo_service "code.gitea.io/gitea/services/repository" ) @@ -53,13 +54,21 @@ func Transfer(ctx *context.APIContext, opts api.TransferRepoOption) { newOwner, err := models.GetUserByName(opts.NewOwner) if err != nil { if models.IsErrUserNotExist(err) { - ctx.Error(http.StatusNotFound, "GetUserByName", err) + ctx.Error(http.StatusNotFound, "", "The new owner does not exist or cannot be found") return } ctx.InternalServerError(err) return } + if newOwner.Type == models.UserTypeOrganization { + if !ctx.User.IsAdmin && newOwner.Visibility == structs.VisibleTypePrivate && !newOwner.HasMemberWithUserID(ctx.User.ID) { + // The user shouldn't know about this organization + ctx.Error(http.StatusNotFound, "", "The new owner does not exist or cannot be found") + return + } + } + var teams []*models.Team if opts.TeamIDs != nil { if !newOwner.IsOrganization() { diff --git a/routers/repo/setting.go b/routers/repo/setting.go index 8622fd469..02a565286 100644 --- a/routers/repo/setting.go +++ b/routers/repo/setting.go @@ -381,7 +381,7 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) { } if newOwner.Type == models.UserTypeOrganization { - if !ctx.User.IsAdmin && newOwner.Visibility == structs.VisibleTypePrivate && !ctx.User.IsUserPartOfOrg(newOwner.ID) { + if !ctx.User.IsAdmin && newOwner.Visibility == structs.VisibleTypePrivate && !newOwner.HasMemberWithUserID(ctx.User.ID) { // The user shouldn't know about this organization ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_owner_name"), tplSettingsOptions, nil) return diff --git a/templates/user/profile.tmpl b/templates/user/profile.tmpl index f3cac7bef..d46504d97 100644 --- a/templates/user/profile.tmpl +++ b/templates/user/profile.tmpl @@ -53,7 +53,7 @@