[v12.0/forgejo] fix: only redirect to a new owner (organization or user) if the user has permissions to view the new owner (#9091)

**Backport: https://codeberg.org/forgejo/forgejo/pulls/9072** Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9091
2025-10-05 19:30:58 +00:00 · 2025-08-30 18:42:11 +02:00 · 2025-08-30 18:42:11 +02:00 · 5538ab29e3
commit 5538ab29e3
parent 6636550157
18 changed files with 252 additions and 67 deletions
--- a/models/user/redirect.go
+++ b/models/user/redirect.go
@ -21,7 +21,8 @@ import (

 // ErrUserRedirectNotExist represents a "UserRedirectNotExist" kind of error.
 type ErrUserRedirectNotExist struct {
-	Name string
+	Name              string
+	MissingPermission bool
 }

 // IsErrUserRedirectNotExist check if an error is an ErrUserRedirectNotExist.
@ -81,15 +82,6 @@ func GetUserRedirect(ctx context.Context, userName string) (*Redirect, error) {
 	return redirect, nil
 }

-// LookupUserRedirect look up userID if a user has a redirect name
-func LookupUserRedirect(ctx context.Context, userName string) (int64, error) {
-	redirect, err := GetUserRedirect(ctx, userName)
-	if err != nil {
-		return 0, err
-	}
-	return redirect.RedirectUserID, nil
-}
-
 // NewUserRedirect create a new user redirect
 func NewUserRedirect(ctx context.Context, ID int64, oldUserName, newUserName string) error {
 	oldUserName = strings.ToLower(oldUserName)