From d1e67d7adefeff79c9aa5128c09eb53bd6e473a9 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Sun, 16 Aug 2020 21:27:08 +0100
Subject: Fix bug preventing transfer to private organization (#12497)

* Fix bug preventing transfer to private organization

The code assessing whether a private organization was visible to a user before
allowing transfer was incorrect due to testing membership the wrong way round

This PR fixes this issue and renames the function performing the test to be
clearer.

Further looking at the API for transfer repository - no testing was
performed to ensure that the acting user could actually see the new
owning organization.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* change IsUserPartOfOrg everywhere
---
 models/migrations/v111.go | 4 ++--
 models/org.go             | 2 +-
 models/user.go            | 8 ++++----
 3 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'models')

diff --git a/models/migrations/v111.go b/models/migrations/v111.go
index 66ff4843e5..6a94298ddc 100644
--- a/models/migrations/v111.go
+++ b/models/migrations/v111.go
@@ -148,7 +148,7 @@ func addBranchProtectionCanPushAndEnableWhitelist(x *xorm.Engine) error {
 		if user == nil {
 			hasOrgVisible = repoOwner.Visibility == VisibleTypePublic
 		} else if !user.IsAdmin {
-			isUserPartOfOrg, err := sess.
+			hasMemberWithUserID, err := sess.
 				Where("uid=?", user.ID).
 				And("org_id=?", repoOwner.ID).
 				Table("org_user").
@@ -156,7 +156,7 @@ func addBranchProtectionCanPushAndEnableWhitelist(x *xorm.Engine) error {
 			if err != nil {
 				hasOrgVisible = false
 			}
-			if (repoOwner.Visibility == VisibleTypePrivate || user.IsRestricted) && !isUserPartOfOrg {
+			if (repoOwner.Visibility == VisibleTypePrivate || user.IsRestricted) && !hasMemberWithUserID {
 				hasOrgVisible = false
 			}
 		}
diff --git a/models/org.go b/models/org.go
index 0915e7fd56..31e5cf81c9 100644
--- a/models/org.go
+++ b/models/org.go
@@ -435,7 +435,7 @@ func hasOrgVisible(e Engine, org *User, user *User) bool {
 		return true
 	}
 
-	if (org.Visibility == structs.VisibleTypePrivate || user.IsRestricted) && !org.isUserPartOfOrg(e, user.ID) {
+	if (org.Visibility == structs.VisibleTypePrivate || user.IsRestricted) && !org.hasMemberWithUserID(e, user.ID) {
 		return false
 	}
 	return true
diff --git a/models/user.go b/models/user.go
index 6bd9d18b07..1c17453930 100644
--- a/models/user.go
+++ b/models/user.go
@@ -610,12 +610,12 @@ func (u *User) IsUserOrgOwner(orgID int64) bool {
 	return isOwner
 }
 
-// IsUserPartOfOrg returns true if user with userID is part of the u organisation.
-func (u *User) IsUserPartOfOrg(userID int64) bool {
-	return u.isUserPartOfOrg(x, userID)
+// HasMemberWithUserID returns true if user with userID is part of the u organisation.
+func (u *User) HasMemberWithUserID(userID int64) bool {
+	return u.hasMemberWithUserID(x, userID)
 }
 
-func (u *User) isUserPartOfOrg(e Engine, userID int64) bool {
+func (u *User) hasMemberWithUserID(e Engine, userID int64) bool {
 	isMember, err := isOrganizationMember(e, u.ID, userID)
 	if err != nil {
 		log.Error("IsOrganizationMember: %v", err)
-- 
cgit v1.2.3