Do not allow organisation owners add themselves as collaborator ()

We're already checking for repo owners, but we also need to check for
organisation owners that try to add themselves as collaborator

Closes 
This commit is contained in:
Wim 2022-09-28 01:25:40 +02:00 committed by GitHub
parent dabc06d13b
commit 889a41c6a8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 0 deletions
options/locale
routers/web/repo

View file

@ -1898,6 +1898,7 @@ settings.confirm_delete = Delete Repository
settings.add_collaborator = Add Collaborator
settings.add_collaborator_success = The collaborator has been added.
settings.add_collaborator_inactive_user = Can not add an inactive user as a collaborator.
settings.add_collaborator_owner = Can not add an owner as a collaborator.
settings.add_collaborator_duplicate = The collaborator is already added to this repository.
settings.delete_collaborator = Remove
settings.collaborator_deletion = Remove Collaborator

View file

@ -917,6 +917,19 @@ func CollaborationPost(ctx *context.Context) {
return
}
// find the owner team of the organization the repo belongs too and
// check if the user we're trying to add is an owner.
if ctx.Repo.Repository.Owner.IsOrganization() {
if isOwner, err := organization.IsOrganizationOwner(ctx, ctx.Repo.Repository.Owner.ID, u.ID); err != nil {
ctx.ServerError("IsOrganizationOwner", err)
return
} else if isOwner {
ctx.Flash.Error(ctx.Tr("repo.settings.add_collaborator_owner"))
ctx.Redirect(setting.AppSubURL + ctx.Req.URL.EscapedPath())
return
}
}
if err = repo_module.AddCollaborator(ctx.Repo.Repository, u); err != nil {
ctx.ServerError("AddCollaborator", err)
return