finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Do not allow organisation owners add themselves as collaborator (#20043)

Browse source 
We're already checking for repo owners, but we also need to check for
organisation owners that try to add themselves as collaborator

Closes #17966
This commit is contained in:
Wim 2022-09-28 01:25:40 +02:00 committed by GitHub
parent dabc06d13b
commit 889a41c6a8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
routers/web/repo/setting.go
View file

@ -917,6 +917,19 @@ func CollaborationPost(ctx *context.Context) {
return
}
// find the owner team of the organization the repo belongs too and
// check if the user we're trying to add is an owner.
if ctx.Repo.Repository.Owner.IsOrganization() {
if isOwner, err := organization.IsOrganizationOwner(ctx, ctx.Repo.Repository.Owner.ID, u.ID); err != nil {
ctx.ServerError("IsOrganizationOwner", err)
return
} else if isOwner {
ctx.Flash.Error(ctx.Tr("repo.settings.add_collaborator_owner"))
ctx.Redirect(setting.AppSubURL + ctx.Req.URL.EscapedPath())
return
}
}
if err = repo_module.AddCollaborator(ctx.Repo.Repository, u); err != nil {
ctx.ServerError("AddCollaborator", err)
return