Fix search team (#31923) (#31942)

Backport #31923 by @lunny

Fix #20658

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

diff --git a/routers/web/web.go b/routers/web/web.go
index d3a094ca789374a9660664ca1b2401e1bdb11bb2..38503a84b1303afc790628a6c68bd173cc4833dc 100644 (file)
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -879,10 +879,15 @@ func registerRoutes(m *web.Route) {
                        m.Post("/teams/{team}/action/repo/{action}", org.TeamsRepoAction)
                }, context.OrgAssignment(true, false, true))
 
+               // require admin permission
+               m.Group("/{org}", func() {
+                       m.Get("/teams/-/search", org.SearchTeam)
+               }, context.OrgAssignment(true, false, false, true))
+
+               // require owner permission
                m.Group("/{org}", func() {
                        m.Get("/teams/new", org.NewTeam)
                        m.Post("/teams/new", web.Bind(forms.CreateTeamForm{}), org.NewTeamPost)
-                       m.Get("/teams/-/search", org.SearchTeam)
                        m.Get("/teams/{team}/edit", org.EditTeam)
                        m.Post("/teams/{team}/edit", web.Bind(forms.CreateTeamForm{}), org.EditTeamPost)
                        m.Post("/teams/{team}/delete", org.DeleteTeam)