From f8a0b2522e7b9d54da00ed1b24c30671ce898c71 Mon Sep 17 00:00:00 2001
From: Excellencedev <ademiluyisuccessandexcellence@gmail.com>
Date: Wed, 7 Jan 2026 19:23:19 +0100
Subject: [PATCH] resolve todo

---
 routers/api/packages/api.go | 5 +++++
 services/context/package.go | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index e74857f565..ab10f8e815 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -136,6 +136,11 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
 						return
 					}
 				}
+
+				// If we have passed all checks, grant the requested access to the context
+				if ctx.Package.AccessMode < accessMode {
+					ctx.Package.AccessMode = accessMode
+				}
 			}
 		}
 
diff --git a/services/context/package.go b/services/context/package.go
index 8b722932b1..5930dd086d 100644
--- a/services/context/package.go
+++ b/services/context/package.go
@@ -101,7 +101,7 @@ func determineAccessMode(ctx *Base, pkg *Package, doer *user_model.User) (perm.A
 		return perm.AccessModeNone, nil
 	}
 
-	// TODO: ActionUser permission check
+	// ActionUser permission check is handled in reqPackageAccess to allow for repo-specific checks
 	accessMode := perm.AccessModeNone
 	if pkg.Owner.IsOrganization() {
 		org := organization.OrgFromUser(pkg.Owner)