Fix #6234 : Check organization visibility before everything else (#6235)

* Fix #6234 : Check organization visibility before everything else * Ensure that Owner is available in the Repo
author: Zsombor <gzsombor@users.noreply.github.com> 2019-03-05 21:15:24 +0100
committer: techknowlogick <matti@mdranta.net> 2019-03-05 15:15:24 -0500
commit: f80caa5a8caefbddad78d64cc199ebd497ab8a39 (patch)
tree: 195392f28aff3922c934939736edfe41d8f46564 /modules/context
parent: b257e0456b819e4ee460acd9d1f449bd09c71ad0 (diff)
download: gitea-f80caa5a8caefbddad78d64cc199ebd497ab8a39.tar.gz
gitea-f80caa5a8caefbddad78d64cc199ebd497ab8a39.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/modules/context/repo.go b/modules/context/repo.go
index 8f4377b041..8f2622fa82 100644
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@@ -212,6 +212,17 @@ func RedirectToRepo(ctx *Context, redirectRepoID int64) {
 
 func repoAssignment(ctx *Context, repo *models.Repository) {
 	var err error
+	if err = repo.GetOwner(); err != nil {
+		ctx.ServerError("GetOwner", err)
+		return
+	}
+
+	if repo.Owner.IsOrganization() {
+		if !models.HasOrgVisible(repo.Owner, ctx.User) {
+			ctx.NotFound("HasOrgVisible", nil)
+			return
+		}
+	}
 	ctx.Repo.Permission, err = models.GetUserRepoPermission(repo, ctx.User)
 	if err != nil {
 		ctx.ServerError("GetUserRepoPermission", err)
author	Zsombor <gzsombor@users.noreply.github.com>	2019-03-05 21:15:24 +0100
committer	techknowlogick <matti@mdranta.net>	2019-03-05 15:15:24 -0500
commit	f80caa5a8caefbddad78d64cc199ebd497ab8a39 (patch)
tree	195392f28aff3922c934939736edfe41d8f46564 /modules/context
parent	b257e0456b819e4ee460acd9d1f449bd09c71ad0 (diff)
download	gitea-f80caa5a8caefbddad78d64cc199ebd497ab8a39.tar.gz gitea-f80caa5a8caefbddad78d64cc199ebd497ab8a39.zip