diff options
| author | KN4CK3R <admin@oldschoolhack.me> | 2022-11-17 20:29:33 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-17 14:29:33 -0500 |
| commit | 88d5275614a82f01ddf728435803ff6000a2262e (patch) | |
| tree | b3f24770298f8533abe3d6b716bee6d7dec71c10 /models | |
| parent | 43ab9324c579a393f778d6842c577a872d0e4265 (diff) | |
| download | gitea-88d5275614a82f01ddf728435803ff6000a2262e.tar.gz gitea-88d5275614a82f01ddf728435803ff6000a2262e.zip | |
Do not allow Ghost access to limited visible user/org (#21849)
The Ghost user should not be allowed to have access to a limited visible
user/org.
Co-authored-by: Lauris BH <lauris@nix.lv>
Diffstat (limited to 'models')
| -rw-r--r-- | models/organization/org.go | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/models/organization/org.go b/models/organization/org.go index af9c1f307c..6bb982b281 100644 --- a/models/organization/org.go +++ b/models/organization/org.go @@ -458,8 +458,9 @@ func CountOrgs(opts FindOrgOptions) (int64, error) { // HasOrgOrUserVisible tells if the given user can see the given org or user func HasOrgOrUserVisible(ctx context.Context, orgOrUser, user *user_model.User) bool { - // Not SignedUser - if user == nil { + // If user is nil, it's an anonymous user/request. + // The Ghost user is handled like an anonymous user. + if user == nil || user.IsGhost() { return orgOrUser.Visibility == structs.VisibleTypePublic } |