diff options
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | internal/context/repo.go | 19 |
2 files changed, 18 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index edf31514..91dc41b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -55,6 +55,7 @@ All notable changes to Gogs are documented in this file. - Disallow multiple tokens with same name. [#5587](https://github.com/gogs/gogs/issues/5587) [#5820](https://github.com/gogs/gogs/pull/5820) - Enable Federated Avatar Lookup could cause server to crash. [#5848](https://github.com/gogs/gogs/issues/5848) - Private repositories are hidden in the organization's view. [#5869](https://github.com/gogs/gogs/issues/5869) +- Users have access to base repository cannot view commits in forks. [#5878](https://github.com/gogs/gogs/issues/5878) - Server error when changing email address in user settings page. [#5899](https://github.com/gogs/gogs/issues/5899) - Fall back to use RFC 3339 as time layout when misconfigured. [#6098](https://github.com/gogs/gogs/issues/6098) - Unable to update team with server error. [#6185](https://github.com/gogs/gogs/issues/6185) diff --git a/internal/context/repo.go b/internal/context/repo.go index 871b35bc..c1b9ea30 100644 --- a/internal/context/repo.go +++ b/internal/context/repo.go @@ -166,11 +166,11 @@ func RepoAssignment(pages ...bool) macaron.Handler { c.Data["RepoLink"] = c.Repo.RepoLink c.Data["RepoRelPath"] = c.Repo.Owner.Name + "/" + c.Repo.Repository.Name - // Admin has super access. + // Admin has super access if c.IsLogged && c.User.IsAdmin { c.Repo.AccessMode = db.AccessModeOwner } else { - mode, err := db.UserAccessMode(c.UserID(), repo) + mode, err := db.UserAccessMode(c.UserID(), c.Repo.Repository) if err != nil { c.Error(err, "get user access mode") return @@ -178,6 +178,21 @@ func RepoAssignment(pages ...bool) macaron.Handler { c.Repo.AccessMode = mode } + // If the authenticated user has no direct access, see if the repository is a fork + // and whether the user has access to the base repository. + if c.Repo.AccessMode == db.AccessModeNone && c.Repo.Repository.IsFork { + mode, err := db.UserAccessMode(c.UserID(), c.Repo.Repository.BaseRepo) + if err != nil { + c.Error(err, "get user access mode of base repository") + return + } + // Users shouldn't have indirect access level higher than write. + if mode > db.AccessModeWrite { + mode = db.AccessModeWrite + } + c.Repo.AccessMode = mode + } + // Check access if c.Repo.AccessMode == db.AccessModeNone { // Redirect to any accessible page if not yet on it |