Skip to content

Allow admins and org owners to change org member public status #28294

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Apr 13, 2025
Merged

Allow admins and org owners to change org member public status #28294

merged 9 commits into from
Apr 13, 2025

Conversation

Tomeamis
Copy link
Contributor

@Tomeamis Tomeamis commented Nov 29, 2023
edited
Loading

Allows admins and org owners to change org member public status.

Before, this would return Error 403: Cannot publicize another member despite the fact that the same user could make the same change through the GUI.

Fixes #28372

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 29, 2023
@github-actions github-actions bot added the modifies/api This PR adds API routes or modifies them label Nov 29, 2023
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Dec 6, 2023
@yp05327
Copy link
Contributor

yp05327 commented Feb 1, 2024

Use organization.IsOrganizationOwner or ctx.Org.Organization.IsOwnedBy?

@pull-request-size pull-request-size bot added size/S and removed size/XS labels Feb 1, 2024
@Tomeamis
Copy link
Contributor Author

Tomeamis commented Feb 1, 2024

@yp05327 Like this?

@yp05327
Copy link
Contributor

yp05327 commented Feb 2, 2024
edited
Loading

Can be simpler.

if userToPublicize.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
	isOwner, err := ctx.Org.Organization.IsOwnedBy(ctx, ctx.Doer.ID)
	if err != nil {
		ctx.Error(http.StatusInternalServerError, "IsOwnedBy", err)
		return
	}
	if !isOwner {
		ctx.Error(http.StatusForbidden, "", "Cannot publicize another member")
		return
	}
}

@Tomeamis
Copy link
Contributor Author

Tomeamis commented Feb 2, 2024

@yp05327 That is indeed better, updated. Thanks for the suggestion.

lunny
lunny reviewed Feb 2, 2024
View reviewed changes
lunny
lunny reviewed Feb 2, 2024
View reviewed changes
@wxiaoguang
Copy link
Contributor

If there could be some tests, and I could vote my approval.

@wxiaoguang
Merge branch 'main' into fix-org-member-public
e138973 
# Conflicts:
#	routers/api/v1/org/member.go
@github-actions github-actions bot added the modifies/go Pull requests that update Go code label Apr 13, 2025
@wxiaoguang
Copy link
Contributor

Added some tests in 6e9b8a9

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Apr 13, 2025
@wxiaoguang wxiaoguang added this to the 1.24.0 milestone Apr 13, 2025
@wxiaoguang wxiaoguang added the type/enhancement An improvement of existing functionality label Apr 13, 2025
@wxiaoguang wxiaoguang enabled auto-merge (squash) April 13, 2025 07:46
@wxiaoguang wxiaoguang merged commit 4dca869 into go-gitea:main Apr 13, 2025
26 checks passed
zjjhot added a commit to zjjhot/gitea that referenced this pull request Apr 14, 2025
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
91fa05b 
* giteaofficial/main: (27 commits)
  fix github migration error when using multiple tokens (go-gitea#34144)
  Add package version api endpoints (go-gitea#34173)
  Fix incorrect file links (go-gitea#34189)
  Add cache for common package queries (go-gitea#22491)
  Allow admins and org owners to change org member public status (go-gitea#28294)
  Fix span svg layout (go-gitea#34185)
  fix webhook url (go-gitea#34186)
  Optimize overflow-menu (go-gitea#34183)
  Move and rename UpdateRepository (go-gitea#34136)
  Update milestones.tmpl (go-gitea#34184)
  [skip ci] Updated translations via Crowdin
  Refactor Git Attribute & performance optimization (go-gitea#34154)
  [skip ci] Updated translations via Crowdin
  fix(go-gitea#33711): cross-publish docker images to ghcr.io (go-gitea#34148)
  refactor organization menu (go-gitea#33928)
  feat: Add sorting by exclusive labels (issue priority) (go-gitea#33206)
  Fix vertical centering of file tree icons and use entryIcon for submodules/symlinks (go-gitea#34137)
  bugfix check for alternate ssh host certificate location (go-gitea#34146)
  Cache GPG keys, emails and users when list commits (go-gitea#34086)
  Set MERMAID_MAX_SOURCE_CHARACTERS to 50000 (go-gitea#34152)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lunny lunny lunny left review comments

@wxiaoguang wxiaoguang wxiaoguang approved these changes

@a1012112796 a1012112796 a1012112796 approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code type/enhancement An improvement of existing functionality
Projects
None yet
Milestone
1.24.0
Development

Successfully merging this pull request may close these issues.

Admin cannot make org member visible via API
8 participants
@Tomeamis @yp05327 @wxiaoguang @lunny @a1012112796 @techknowlogick @GiteaBot @zencak-ica