Store read access in access for team repo's (#20275) (#20276)

Backport #20275

Currently when a Team has read access to a organization's non-private repository, their access(in the `access` table) won't be stored in the database. This cause issues for code that rely on read access being stored, like retrieving all users who have read permission to that repository(even though this is confusing as this doesn't include all registered users). So from now-on if we see that the repository is owned by a organization don't increase the `minMode` to write permission.

Resolves #20083
tokarchuk/v1.17
Gusted 2 years ago committed by GitHub
parent 5e5ff77ed7
commit d371ced49d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 8
      models/perm/access/access.go

@ -86,7 +86,13 @@ func updateUserAccess(accessMap map[int64]*userAccess, user *user_model.User, mo
// FIXME: do cross-comparison so reduce deletions and additions to the minimum? // FIXME: do cross-comparison so reduce deletions and additions to the minimum?
func refreshAccesses(ctx context.Context, repo *repo_model.Repository, accessMap map[int64]*userAccess) (err error) { func refreshAccesses(ctx context.Context, repo *repo_model.Repository, accessMap map[int64]*userAccess) (err error) {
minMode := perm.AccessModeRead minMode := perm.AccessModeRead
if !repo.IsPrivate { if err := repo.GetOwner(ctx); err != nil {
return fmt.Errorf("GetOwner: %v", err)
}
// If the repo isn't private and isn't owned by a organization,
// increase the minMode to Write.
if !repo.IsPrivate && !repo.Owner.IsOrganization() {
minMode = perm.AccessModeWrite minMode = perm.AccessModeWrite
} }

Loading…
Cancel
Save