diff options
author | a1012112796 <1012112796@qq.com> | 2022-07-15 22:21:54 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-15 15:21:54 +0100 |
commit | 4f267ef64343f790ecbe23299effbc806f77ef6d (patch) | |
tree | 52482a913e777913cc583f977bdb55a8a4df15f7 /routers | |
parent | 7d20c8323a9d5d48631d7eb793dcd2d19b25f6d4 (diff) | |
download | gitea-4f267ef64343f790ecbe23299effbc806f77ef6d.tar.gz gitea-4f267ef64343f790ecbe23299effbc806f77ef6d.zip |
Allow access to the Public Organization Member lists with minimal permissions (#20330)
Examining Organization membership should not necessarily require sign-in if the organization is public and the members are public. Therefore we should adjust `/org/{org}/members` to not require login.
Fix #7501
Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: zeripath <art27@cantab.net>
Diffstat (limited to 'routers')
-rw-r--r-- | routers/web/org/home.go | 5 | ||||
-rw-r--r-- | routers/web/web.go | 7 |
2 files changed, 6 insertions, 6 deletions
diff --git a/routers/web/org/home.go b/routers/web/org/home.go index d565a0c242..63243a391f 100644 --- a/routers/web/org/home.go +++ b/routers/web/org/home.go @@ -39,11 +39,6 @@ func Home(ctx *context.Context) { org := ctx.Org.Organization - if !organization.HasOrgOrUserVisible(ctx, org.AsUser(), ctx.Doer) { - ctx.NotFound("HasOrgOrUserVisible", nil) - return - } - ctx.Data["PageIsUserProfile"] = true ctx.Data["Title"] = org.DisplayName() if len(org.Description) != 0 { diff --git a/routers/web/web.go b/routers/web/web.go index ae273d99e4..fbece620b1 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -611,6 +611,12 @@ func RegisterRoutes(m *web.Route) { // ***** START: Organization ***** m.Group("/org", func() { + m.Group("/{org}", func() { + m.Get("/members", org.Members) + }, context.OrgAssignment()) + }, ignSignIn) + + m.Group("/org", func() { m.Group("", func() { m.Get("/create", org.Create) m.Post("/create", bindIgnErr(forms.CreateOrgForm{}), org.CreatePost) @@ -625,7 +631,6 @@ func RegisterRoutes(m *web.Route) { m.Get("/pulls/{team}", user.Pulls) m.Get("/milestones", reqMilestonesDashboardPageEnabled, user.Milestones) m.Get("/milestones/{team}", reqMilestonesDashboardPageEnabled, user.Milestones) - m.Get("/members", org.Members) m.Post("/members/action/{action}", org.MembersAction) m.Get("/teams", org.Teams) }, context.OrgAssignment(true, false, true)) |