Skip to content

Commit 3b1e114

Browse files
guillep2kzeripath
guillep2k
and
zeripath
authored
Prevent transferring repos to invisible orgs (#11517) (#11549)
Co-authored-by: Guillermo Prandi <[email protected]> Co-authored-by: Guillermo Prandi <[email protected]> Co-authored-by: zeripath <[email protected]>
1 parent 573a9c6 commit 3b1e114

File tree

1 file changed

+9
-0
lines changed

1 file changed

+9
-0
lines changed

routers/repo/setting.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ import (
2222
"code.gitea.io/gitea/modules/log"
2323
"code.gitea.io/gitea/modules/repository"
2424
"code.gitea.io/gitea/modules/setting"
25+
"code.gitea.io/gitea/modules/structs"
2526
"code.gitea.io/gitea/modules/timeutil"
2627
"code.gitea.io/gitea/modules/validation"
2728
"code.gitea.io/gitea/routers/utils"
@@ -379,6 +380,14 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
379380
return
380381
}
381382

383+
if newOwner.Type == models.UserTypeOrganization {
384+
if !ctx.User.IsAdmin && newOwner.Visibility == structs.VisibleTypePrivate && !ctx.User.IsUserPartOfOrg(newOwner.ID) {
385+
// The user shouldn't know about this organization
386+
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_owner_name"), tplSettingsOptions, nil)
387+
return
388+
}
389+
}
390+
382391
// Close the GitRepo if open
383392
if ctx.Repo.GitRepo != nil {
384393
ctx.Repo.GitRepo.Close()

0 commit comments

Comments
 (0)