Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-04-05 12:05:18 +02:00
Code Issues Activity

update repo service to check that GroupID is owned by the repo owner when creating a new repository

Browse Source
This commit is contained in:
☙◦ The Tablet ❀ GamerGirlandCo ◦❧ 2025-08-13 20:46:30 -04:00
parent 01dace952d
commit 3bed6a4452
No known key found for this signature in database
GPG Key ID: 924A5F6AF051E87C
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
services/repository/create.go
View File

@ -5,6 +5,7 @@ package repository
import (
"bytes"
group_model "code.gitea.io/gitea/models/group"
"context"
"fmt"
"os"
@ -234,6 +235,24 @@ func CreateRepositoryDirectly(ctx context.Context, doer, owner *user_model.User,
if opts.ObjectFormatName != git.Sha1ObjectFormat.Name() && opts.ObjectFormatName != git.Sha256ObjectFormat.Name() {
return nil, fmt.Errorf("unsupported object format: %s", opts.ObjectFormatName)
}
if opts.GroupID < 0 {
opts.GroupID = 0
}
// ensure that the parent group is owned by same user
if opts.GroupID > 0 {
newGroup, err := group_model.GetGroupByID(ctx, opts.GroupID)
if err != nil {
if group_model.IsErrGroupNotExist(err) {
opts.GroupID = 0
} else {
return nil, err
}
}
if newGroup.OwnerID != owner.ID {
return nil, fmt.Errorf("group[%d] is not owned by user[%d]", newGroup.ID, owner.ID)
}
}
repo := &repo_model.Repository{
OwnerID: owner.ID,