Fix #6234 : Check organization visibility before everything else (#6235)

* Fix #6234 : Check organization visibility before everything else

* Ensure that Owner is available in the Repo

Author: gzsombor

modules/context/repo.go

@@ -212,6 +212,17 @@ func RedirectToRepo(ctx *Context, redirectRepoID int64) {
 
 func repoAssignment(ctx *Context, repo *models.Repository) {
 	var err error
+	if err = repo.GetOwner(); err != nil {
+		ctx.ServerError("GetOwner", err)
+		return
+	}
+
+	if repo.Owner.IsOrganization() {
+		if !models.HasOrgVisible(repo.Owner, ctx.User) {
+			ctx.NotFound("HasOrgVisible", nil)
+			return
+		}
+	}
 	ctx.Repo.Permission, err = models.GetUserRepoPermission(repo, ctx.User)
 	if err != nil {
 		ctx.ServerError("GetUserRepoPermission", err)