From 5067f1dbfaa64c9893ff34dfb1931dd8c00069a6 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Fri, 16 Jan 2026 17:38:12 +0100
Subject: [PATCH] fixes

---
 routers/web/repo/setting/actions.go         | 9 ++++++---
 tests/integration/actions_job_token_test.go | 2 --
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/routers/web/repo/setting/actions.go b/routers/web/repo/setting/actions.go
index d52023d0e6..07419dee3a 100644
--- a/routers/web/repo/setting/actions.go
+++ b/routers/web/repo/setting/actions.go
@@ -150,8 +150,11 @@ func UpdateTokenPermissions(ctx *context.Context) {
 	// If checked, it means we WANT to override (opt-out of following)
 	actionsCfg.OverrideOrgConfig = ctx.FormBool("override_org_config")
 
-	// Update permission mode (only if overriding org config)
-	if actionsCfg.OverrideOrgConfig {
+	// Update permission mode (only if overriding org config OR not in an org)
+	isOrg := ctx.Repo.Repository.Owner.IsOrganization()
+	shouldUpdate := !isOrg || actionsCfg.OverrideOrgConfig
+
+	if shouldUpdate {
 		permissionMode := repo_model.ActionsTokenPermissionMode(ctx.FormString("token_permission_mode"))
 		if permissionMode == repo_model.ActionsTokenPermissionModeRestricted ||
 			permissionMode == repo_model.ActionsTokenPermissionModePermissive ||
@@ -165,7 +168,7 @@ func UpdateTokenPermissions(ctx *context.Context) {
 	}
 
 	// Update Maximum Permissions (radio buttons: none/read/write)
-	if actionsCfg.OverrideOrgConfig && actionsCfg.TokenPermissionMode == repo_model.ActionsTokenPermissionModeCustom {
+	if shouldUpdate && actionsCfg.TokenPermissionMode == repo_model.ActionsTokenPermissionModeCustom {
 		parseMaxPerm := func(name string) perm.AccessMode {
 			value := ctx.FormString("max_" + name)
 			switch value {
diff --git a/tests/integration/actions_job_token_test.go b/tests/integration/actions_job_token_test.go
index fef3962c3c..52b0c50b63 100644
--- a/tests/integration/actions_job_token_test.go
+++ b/tests/integration/actions_job_token_test.go
@@ -280,7 +280,6 @@ func TestActionsTokenPermissionsClamping(t *testing.T) {
 
 		// Set Clamping Config: Custom Mode (Default=Max), Max Code = Read
 		req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings/actions/general/token_permissions", repo.OwnerName, repo.Name), map[string]string{
-			"override_org_config":   "true",
 			"token_permission_mode": "custom",
 			"max_code":              "read",
 		})
@@ -346,7 +345,6 @@ func TestActionsTokenPackagePermission(t *testing.T) {
 
 		// Set Config: Custom Mode, Max Packages = Write, Max Code = Read
 		req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings/actions/general/token_permissions", repo.OwnerName, repo.Name), map[string]string{
-			"override_org_config":   "true",
 			"token_permission_mode": "custom",
 			"max_packages":          "write",
 			"max_code":              "read", // Ensure repo read access if needed