Closed
Description
- Gitea version (or commit ref): 1.3.3
- Git version: 2.11.0
- Operating system: Debian Stretch
- Database (use
[x]):- PostgreSQL
- MySQL
- MSSQL
- SQLite
- Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant
- Log gist:
Description
We are using the Gitea API to manage teams, team members and team repositories. The workflow is as follows:
- Create users, organizations and organization repositories
- Create a new team for an organization with
readpermission - Add existing users to the team
- Add existing repositories to the team
When we are done, the WebUI displays the team settings as expected and also lists team members as well as the team's repositories. However, if a team member with read permission wants to clone a team repository she gets a 'permission denied' error. When the user tries to view the repo in the WebUI a 404 error is shown.
It seems that the read permissions are not properly propagated internally when the API is used to manage teams.
We found the following workaround:
- Login as root
- Open
https://gitea.example.com/org/MYORG/teams/MYTEAM/edit - Do not modify anything in the forms
- Hit the
Update Settingsbutton
After the workaround team members can access their repository just as the permission system indicates.
We hit #3600 while trying to automate the workaround via the API.