diff options
| author | a1012112796 <1012112796@qq.com> | 2022-07-15 22:21:54 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-15 15:21:54 +0100 |
| commit | 4f267ef64343f790ecbe23299effbc806f77ef6d (patch) | |
| tree | 52482a913e777913cc583f977bdb55a8a4df15f7 /modules | |
| parent | 7d20c8323a9d5d48631d7eb793dcd2d19b25f6d4 (diff) | |
| download | gitea-4f267ef64343f790ecbe23299effbc806f77ef6d.tar.gz gitea-4f267ef64343f790ecbe23299effbc806f77ef6d.zip | |
Allow access to the Public Organization Member lists with minimal permissions (#20330)
Examining Organization membership should not necessarily require sign-in if the organization is public and the members are public. Therefore we should adjust `/org/{org}/members` to not require login.
Fix #7501
Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: zeripath <art27@cantab.net>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/context/org.go | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/modules/context/org.go b/modules/context/org.go index 9f4ce485e5..d020befa40 100644 --- a/modules/context/org.go +++ b/modules/context/org.go @@ -12,6 +12,7 @@ import ( "code.gitea.io/gitea/models/perm" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/structs" ) // Organization contains organization context @@ -69,6 +70,20 @@ func HandleOrgAssignment(ctx *Context, args ...bool) { return } org := ctx.Org.Organization + + // Handle Visibility + if org.Visibility != structs.VisibleTypePublic && !ctx.IsSigned { + // We must be signed in to see limited or private organizations + ctx.NotFound("OrgAssignment", err) + return + } + + if org.Visibility == structs.VisibleTypePrivate { + requireMember = true + } else if ctx.IsSigned && ctx.Doer.IsRestricted { + requireMember = true + } + ctx.ContextUser = org.AsUser() ctx.Data["Org"] = org |