diff options
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/api/v1/repo/transfer.go | 11 | ||||
| -rw-r--r-- | routers/repo/setting.go | 2 |
2 files changed, 11 insertions, 2 deletions
diff --git a/routers/api/v1/repo/transfer.go b/routers/api/v1/repo/transfer.go index 847028d106..b1271b7721 100644 --- a/routers/api/v1/repo/transfer.go +++ b/routers/api/v1/repo/transfer.go @@ -12,6 +12,7 @@ import ( "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/convert" "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/structs" api "code.gitea.io/gitea/modules/structs" repo_service "code.gitea.io/gitea/services/repository" ) @@ -53,13 +54,21 @@ func Transfer(ctx *context.APIContext, opts api.TransferRepoOption) { newOwner, err := models.GetUserByName(opts.NewOwner) if err != nil { if models.IsErrUserNotExist(err) { - ctx.Error(http.StatusNotFound, "GetUserByName", err) + ctx.Error(http.StatusNotFound, "", "The new owner does not exist or cannot be found") return } ctx.InternalServerError(err) return } + if newOwner.Type == models.UserTypeOrganization { + if !ctx.User.IsAdmin && newOwner.Visibility == structs.VisibleTypePrivate && !newOwner.HasMemberWithUserID(ctx.User.ID) { + // The user shouldn't know about this organization + ctx.Error(http.StatusNotFound, "", "The new owner does not exist or cannot be found") + return + } + } + var teams []*models.Team if opts.TeamIDs != nil { if !newOwner.IsOrganization() { diff --git a/routers/repo/setting.go b/routers/repo/setting.go index 02331c232b..e03bf556be 100644 --- a/routers/repo/setting.go +++ b/routers/repo/setting.go @@ -418,7 +418,7 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) { } if newOwner.Type == models.UserTypeOrganization { - if !ctx.User.IsAdmin && newOwner.Visibility == structs.VisibleTypePrivate && !ctx.User.IsUserPartOfOrg(newOwner.ID) { + if !ctx.User.IsAdmin && newOwner.Visibility == structs.VisibleTypePrivate && !newOwner.HasMemberWithUserID(ctx.User.ID) { // The user shouldn't know about this organization ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_owner_name"), tplSettingsOptions, nil) return |