summaryrefslogtreecommitdiffstats
path: root/models/repo_permission.go
diff options
context:
space:
mode:
Diffstat (limited to 'models/repo_permission.go')
-rw-r--r--models/repo_permission.go16
1 files changed, 12 insertions, 4 deletions
diff --git a/models/repo_permission.go b/models/repo_permission.go
index 583bc8c812..25239f4dd4 100644
--- a/models/repo_permission.go
+++ b/models/repo_permission.go
@@ -168,7 +168,17 @@ func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permiss
repo.mustOwner(e)
}
- if repo.Owner.IsOrganization() && !HasOrgVisible(repo.Owner, user) {
+ var isCollaborator bool
+ if user != nil {
+ isCollaborator, err = repo.isCollaborator(e, user.ID)
+ if err != nil {
+ return perm, err
+ }
+ }
+
+ // Prevent strangers from checking out public repo of private orginization
+ // Allow user if they are collaborator of a repo within a private orginization but not a member of the orginization itself
+ if repo.Owner.IsOrganization() && !HasOrgVisible(repo.Owner, user) && !isCollaborator {
perm.AccessMode = AccessModeNone
return
}
@@ -207,9 +217,7 @@ func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permiss
perm.UnitsMode = make(map[UnitType]AccessMode)
// Collaborators on organization
- if isCollaborator, err := repo.isCollaborator(e, user.ID); err != nil {
- return perm, err
- } else if isCollaborator {
+ if isCollaborator {
for _, u := range repo.Units {
perm.UnitsMode[u.Type] = perm.AccessMode
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 01:13:07 +0000