From e963525c5e0a0b40825fde36e33ce31bf12df3c0 Mon Sep 17 00:00:00 2001 From: guillep2k <18600385+guillep2k@users.noreply.github.com> Date: Thu, 21 May 2020 10:48:01 -0300 Subject: [PATCH] Prevent transferring repos to invisible orgs (#11517) Co-authored-by: Guillermo Prandi --- routers/repo/setting.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/routers/repo/setting.go b/routers/repo/setting.go index 7a2db88c1f..dff13ff5b3 100644 --- a/routers/repo/setting.go +++ b/routers/repo/setting.go @@ -22,6 +22,7 @@ import ( "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/repository" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/timeutil" "code.gitea.io/gitea/modules/validation" "code.gitea.io/gitea/routers/utils" @@ -379,6 +380,14 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) { return } + if newOwner.Type == models.UserTypeOrganization { + if !ctx.User.IsAdmin && newOwner.Visibility == structs.VisibleTypePrivate && !ctx.User.IsUserPartOfOrg(newOwner.ID) { + // The user shouldn't know about this organization + ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_owner_name"), tplSettingsOptions, nil) + return + } + } + // Close the GitRepo if open if ctx.Repo.GitRepo != nil { ctx.Repo.GitRepo.Close()