diff options
author | zeripath <art27@cantab.net> | 2020-10-10 20:48:58 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-10 22:48:58 +0300 |
commit | 6f2784911fe739d3b83787b7984c1b8a2fb31690 (patch) | |
tree | 0227ef1ece90d639fe54f73ec380944b896f73fd /models | |
parent | d65cd5677af3df5d616bf48dfd4be354e23c184f (diff) | |
download | gitea-6f2784911fe739d3b83787b7984c1b8a2fb31690.tar.gz gitea-6f2784911fe739d3b83787b7984c1b8a2fb31690.zip |
Fix deadlock when deleting team user (#13092)
`models.getUserRepoPermission(...)` calls `HasOrgVisible` which
uses `models.x` potentially outside of the transaction `e` provided
as an argument to `getUserRepoPermission`.
This PR switches to use `hasOrgVisible(e, ...)`.
Fix #12983
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'models')
-rw-r--r-- | models/repo_permission.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/models/repo_permission.go b/models/repo_permission.go index 2061f9770d..7768bb6257 100644 --- a/models/repo_permission.go +++ b/models/repo_permission.go @@ -178,7 +178,7 @@ func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permiss // Prevent strangers from checking out public repo of private orginization // Allow user if they are collaborator of a repo within a private orginization but not a member of the orginization itself - if repo.Owner.IsOrganization() && !HasOrgVisible(repo.Owner, user) && !isCollaborator { + if repo.Owner.IsOrganization() && !hasOrgVisible(e, repo.Owner, user) && !isCollaborator { perm.AccessMode = AccessModeNone return } |