2 files changed, 19 insertions, 5 deletions

diff --git a/routers/repo/repo.go b/routers/repo/repo.go
index 7356f50330..bbc7cf850f 100644
--- a/routers/repo/repo.go
+++ b/routers/repo/repo.go
@@ -142,8 +142,9 @@ func MigratePost(ctx *middleware.Context, form auth.MigrateRepoForm) {
 	ctx.Data["Title"] = ctx.Tr("new_migrate")
 
 	ctxUser := ctx.User
-	if orgId := com.StrTo(ctx.Query("org")).MustInt64(); orgId > 0 {
-		org, err := models.GetUserById(orgId)
+	// Not equal means current user is an organization.
+	if form.Uid != ctx.User.Id {
+		org, err := models.GetUserById(form.Uid)
 		if err != nil && err != models.ErrUserNotExist {
 			ctx.Handle(500, "GetUserById", err)
 			return
diff --git a/routers/repo/setting.go b/routers/repo/setting.go
index 866c0cd936..24c1b13a5e 100644
--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -119,9 +119,22 @@ func SettingsPost(ctx *middleware.Context, form auth.RepoSettingForm) {
 		if ctx.Repo.Repository.Name != form.RepoName {
 			ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil)
 			return
-		} else if !ctx.Repo.Owner.ValidtePassword(ctx.Query("password")) {
-			ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
-			return
+		}
+
+		if ctx.Repo.Owner.IsOrganization() {
+			if !ctx.Repo.Owner.IsOrgOwner(ctx.User.Id) {
+				ctx.Error(404)
+				return
+			}
+			if !ctx.User.ValidtePassword(ctx.Query("password")) {
+				ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
+				return
+			}
+		} else {
+			if !ctx.Repo.Owner.ValidtePassword(ctx.Query("password")) {
+				ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), SETTINGS_OPTIONS, nil)
+				return
+			}
 		}
 
 		if err := models.DeleteRepository(ctx.Repo.Owner.Id, ctx.Repo.Repository.Id, ctx.Repo.Owner.Name); err != nil {