Skip to content

Fix #6234 : Check organization visibility before everything else #6235

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 5, 2019
Merged

Fix #6234 : Check organization visibility before everything else #6235

merged 4 commits into from
Mar 5, 2019

Conversation

@gzsombor
Copy link
Contributor

@gzsombor gzsombor commented Mar 3, 2019
edited by lafriks
Loading

Fixing #6234

@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Mar 3, 2019
@techknowlogick techknowlogick added this to the 1.8.0 milestone Mar 3, 2019
@zeripath
Copy link
Contributor

zeripath commented Mar 3, 2019

Hmm... I think we need to formally specify what the authorisation and permission regime should be. We're getting a lot of these little fixes and although I don't think they're ending up inconsistent, I suspect edge cases are likely to be missed and we may end up with security holes.

zeripath
zeripath suggested changes Mar 3, 2019
View reviewed changes
Copy link
Contributor

@zeripath zeripath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

repo.Owner may not be loaded - therefore you need to load the owner before dereferencing it.

That is:

repo.MustOwner()

Or use:

err:=repo.GetOwner()

And handle the error.

@gzsombor
Copy link
Contributor Author

gzsombor commented Mar 4, 2019

I hope I get it right.

Having a well defined permission model would be nice - for example, it's not clear for me, if having public repositories in a private organization would make any sense. But an organization can freely switch between it's visibility settings, their repository should behave consistently after switching back and forth.

@codecov-io
Copy link

codecov-io commented Mar 4, 2019
edited
Loading

Codecov Report

Merging #6235 into master will decrease coverage by <.01%.
The diff coverage is 11.11%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #6235      +/-   ##
==========================================
- Coverage   38.84%   38.83%   -0.01%     
==========================================
  Files         355      355              
  Lines       50247    50256       +9     
==========================================
+ Hits        19518    19519       +1     
- Misses      27900    27907       +7     
- Partials     2829     2830       +1
Impacted Files Coverage Δ
modules/context/repo.go 58.4% <11.11%> (-0.89%) ⬇️
models/unit.go 0% <0%> (-14.29%) ⬇️
models/repo_list.go 67.89% <0%> (+1.05%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b257e04...e8f41b9. Read the comment docs.

@lunny
Copy link
Member

lunny commented Mar 4, 2019

I like @zeripath 's idea. I think maybe someone could add that on the docs.

@lunny
Copy link
Member

lunny commented Mar 5, 2019

But that's for another PR. @zeripath please review again.

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Mar 5, 2019
@techknowlogick techknowlogick merged commit f80caa5 into go-gitea:master Mar 5, 2019
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@techknowlogick techknowlogick techknowlogick approved these changes

+1 more reviewer

@zeripath zeripath zeripath approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug

Projects

None yet

Milestone

1.8.0

Development

Successfully merging this pull request may close these issues.

6 participants

@gzsombor @zeripath @codecov-io @lunny @techknowlogick @GiteaBot